Overview

overview

7

Static

static

3

Zorara.zip

windows10-ltsc 2021-x64

7

Resubmissions

26-11-2024 19:09

241126-xtsx3a1nfj 10

26-11-2024 19:08

241126-xs64asvmcw 7

Analysis

  • max time kernel
    45s
  • max time network
    46s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    26-11-2024 19:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Zorara.zip

  • Size

    498KB

  • MD5

    935eca784190b019bddfcbd9977c9416

  • SHA1

    7dc1869d79a110f7394afe4b93c06b586185139d

  • SHA256

    6d11d8339ed8917190ba15dfbdf12c46d0a9d90b4b680edf54a8c65585e76e74

  • SHA512

    624f2b2348a4ab37855cd238b244d99f9dfdf4cfd7c8bfb2e55ad72aeee161db1d8a9e961e6e31f6be5f52a0f9c0562f49e484dc9763540c7c45ea819a9cdae3

  • SSDEEP

    12288:UmCAJEZ64ZZnv7zOCcf+X/N4mUiRvyPqBmKUU+zSy:Uc4ZZvOPBi5/BmKUBWy

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 29 IoCs
  • Loads dropped DLL 29 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Zorara.zip"
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4324
  • C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Application.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:976
    • C:\Users\Admin\Desktop\luajit.exe
      luajit.exe cfg.txt
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2316
      • C:\Windows\SYSTEM32\schtasks.exe
        schtasks /create /sc daily /st 13:09 /f /tn WindowsDefenderScheduledScan_ODA3 /tr ""C:\Users\Admin\AppData\Local\ODA3\ODA3.exe" "C:\Users\Admin\AppData\Local\ODA3\cfg.txt""
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1732
      • C:\Windows\SYSTEM32\schtasks.exe
        schtasks /create /sc daily /st 13:09 /f /tn Setup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1052
      • C:\Users\Admin\AppData\Roaming\Games\x86\Application.exe
        "C:\Users\Admin\AppData\Roaming\Games\x86\Application.exe"
        3⤵
          PID:2868
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4504
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3364
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3692
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4496
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2104
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1068
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2368
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2408
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3096
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1064
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4676
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2300
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Application.bat"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2188
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2124
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4692
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1904
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4812
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:456
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1268
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4604
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4292
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4308
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3284
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2840
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:3276
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4568
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2576
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4032
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2260
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3136
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4824
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3104
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3476
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4320
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4480
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1188
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3140
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4620
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4088
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1076
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Application.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4508
      • C:\Users\Admin\Desktop\luajit.exe
        luajit.exe cfg.txt
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3624
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2940
    • C:\Users\Admin\Desktop\luajit.exe
      "C:\Users\Admin\Desktop\luajit.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:384

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Desktop\Application.bat
      Filesize

      1KB

      MD5

      1f886633d8933efe74279e6519035ac2

      SHA1

      e0b8ed8660b546dbe6a6cd6808d8ea33569647ea

      SHA256

      c8bd116c303dbf8c8f539a8353a180a1b5b51d771c820ef176359bf0f194e49e

      SHA512

      766a3452dc1265defb8168c87d8e187c33f42bfc936aaa061678fc23093a6ca10e32c06038f4e8127c53fddf1c2994550e01e059e4581c6ab6513e2a178a63c4

      Download Submit

    • C:\Users\Admin\Desktop\cfg.txt
      Filesize

      220KB

      MD5

      02c099ed621a95bd3d10ba5df143c137

      SHA1

      714b1f835cbafc55ce8ea4b8a65d855c652536b4

      SHA256

      be27274aef2547575ee05db27a1f40054190c5cc7e36d1da6936fe6d8478f22b

      SHA512

      4c3b5d9164b5ee51bb6bf08767de6e92cd706f34ce8e8ef44b007a8e92aac80d1c6df6ab3aa3e4329d9789207e0ebc3fc51474660c53aa8d98e6d3ccc2cc7896

      Download Submit

    • C:\Users\Admin\Desktop\lua51.dll
      Filesize

      479KB

      MD5

      47885ad50b2f52aec010ea4416a99ffd

      SHA1

      19953daea1f663c1521deaeccff656cc110d6f8e

      SHA256

      88c5bfba7b487bc311d7bd5877f7ee7a7f8dae8347e19079c00ed79625055f67

      SHA512

      19476a1491d9321bb6cd2428ee1e0cb354e12fe27d43162f6bbe7765c8b24d185ce48f890ce6c7b1cd441b3cfce196f6304bdf2223e853d88e2b3272ac7a05a9

      Download Submit

    • C:\Users\Admin\Desktop\luajit.exe
      Filesize

      288KB

      MD5

      e9563030420846d2c54f73b4f5515ae6

      SHA1

      ba4ce71542fc4e52a4d4b464d825100e76da8c1d

      SHA256

      726ec4876adc426ecc8b9b575e4a64962e19ed112d76bca84dbbbdb96c4c4dd9

      SHA512

      d71b90a75151e336e2418636a86ea11ebfdf1e67134db437b5ad66f8b468da0810ca86f56c2171c2e32152c7a0eaa857c6d7d6dc10fd0a1a116499bd9c2ed0de

      Download Submit

    • memory/2316-29-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-78-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-101-0x000001A0C5AC0000-0x000001A0C5AC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2316-100-0x000001A0C5AC0000-0x000001A0C5AC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2316-99-0x000001A0C5AC0000-0x000001A0C5AC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2316-98-0x000001A0C58A0000-0x000001A0C58A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2316-77-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-76-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-75-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-74-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-73-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-72-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-71-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-70-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-69-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-68-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-67-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-66-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-65-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-64-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-63-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-62-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-61-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-60-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-59-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-58-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-57-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-56-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-55-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-54-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-53-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-52-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-51-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-50-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-49-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-48-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-47-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-46-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-45-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-44-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-43-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-42-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-28-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-27-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-26-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-25-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-24-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-41-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-40-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-23-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-39-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-38-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-37-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-22-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-36-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-35-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-21-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-34-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-33-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-32-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-20-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-31-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-30-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-19-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-18-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-17-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-16-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-15-0x00007FFEF8120000-0x00007FFEF8130000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2316-283-0x000001A0C5AC0000-0x000001A0C5AC1000-memory.dmp

      Filesize

      4KB

      Download