Overview

overview

10

Static

static

10

FNExternal.exe

windows7-x64

10

FNExternal.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/03/2025, 03:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FNExternal.exe

  • Size

    86KB

  • MD5

    7dc43a52c140117ec3a23b8f78496f0f

  • SHA1

    1c7c2697d12df0398fcb089853a1b5789f3ae887

  • SHA256

    820d57a6faa4134e63df8bba8638792b55a7fe3c77559812706cd7de4da189b6

  • SHA512

    95898e739ead059e06531367a0c5ca5c630ed1f16a2a2c36cada8b7a94d4fe81f7486ab7ef720da1ae09169c08fc32aa64fb4a5554a5779095400582bcaaf3be

  • SSDEEP

    1536:N20YwopvrUvr0wMTwjqWJZiCbJVjWTDpJO960azDAOuymZp+X:BYZpAvgwMm5iCbJCSO5mZ8X

Score
10/10
xwormrattrojan

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:37044

design-ears.gl.at.ply.gg:37044
Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\FNExternal.exe
    "C:\Users\Admin\AppData\Local\Temp\FNExternal.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1480
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4384
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4400
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4308
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 27356 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {105e3896-da22-460f-9174-22d3bda3d816} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" gpu
          3⤵
            PID:464
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2424 -prefsLen 27234 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd1956cf-8ed9-433c-9dce-419d1a1392d1} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" socket
            3⤵
              PID:1668
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2940 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed6b5b1c-eb0b-4ba3-af03-fe3c940f99ef} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" tab
              3⤵
                PID:1332
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4004 -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 32608 -prefMapSize 244628 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e93a7786-ccdd-4449-9861-50cfb054c6a4} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" tab
                3⤵
                  PID:2092
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4712 -prefMapHandle 4704 -prefsLen 32608 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee2e0d2-f065-45d4-ab98-21a70e0158bc} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" utility
                  3⤵
                  • Checks processor information in registry
                  PID:5460
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5252 -childID 3 -isForBrowser -prefsHandle 5272 -prefMapHandle 5220 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e444325-a9b9-4f83-96ce-ec2639d51a34} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" tab
                  3⤵
                    PID:6016
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5368 -childID 4 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f6ec5de-befb-4b07-b57d-2b396ff30570} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" tab
                    3⤵
                      PID:6036
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5704 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e5ebe1c-002e-4b29-8baa-f8395a0967c4} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" tab
                      3⤵
                        PID:6056
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3980 -childID 6 -isForBrowser -prefsHandle 1772 -prefMapHandle 3844 -prefsLen 28044 -prefMapSize 244628 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da6b2be4-7580-4b51-ad7d-80e7be3cf639} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" tab
                        3⤵
                          PID:3544
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6376 -childID 7 -isForBrowser -prefsHandle 6320 -prefMapHandle 6360 -prefsLen 28044 -prefMapSize 244628 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed678c63-b087-43be-887b-d261f6b61c4d} 4308 "\\.\pipe\gecko-crash-server-pipe.4308" tab
                          3⤵
                            PID:2880

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\58tontji.default-release\activity-stream.discovery_stream.json
                        Filesize

                        22KB

                        MD5

                        1f3601e4a90bab1b930fcdd21e974090

                        SHA1

                        db72f822d14e68438efdceda10d8064bda969456

                        SHA256

                        4e4b6c47db6d4885c27ef0948cab40b1e08996b716634cf43dbddecad3044054

                        SHA512

                        bd955bfefafd4d8c0dfd23fb06bbeb84914c3650b6baf7e29f0b2839493f616f2a1b6cb6060e2b2ae7c86e3144ffe46c8cf6600250efa0fd6b2b21316ef78c27

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\58tontji.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                        Filesize

                        15KB

                        MD5

                        96c542dec016d9ec1ecc4dddfcbaac66

                        SHA1

                        6199f7648bb744efa58acf7b96fee85d938389e4

                        SHA256

                        7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                        SHA512

                        cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                        Filesize

                        479KB

                        MD5

                        09372174e83dbbf696ee732fd2e875bb

                        SHA1

                        ba360186ba650a769f9303f48b7200fb5eaccee1

                        SHA256

                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                        SHA512

                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                        Filesize

                        13.8MB

                        MD5

                        0a8747a2ac9ac08ae9508f36c6d75692

                        SHA1

                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                        SHA256

                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                        SHA512

                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\AlternateServices.bin
                        Filesize

                        10KB

                        MD5

                        1086ae75d2ac00c4ef0bfbcdaa93e710

                        SHA1

                        94721d209d8450a86d27dcd59d7394c6cbd1fcfc

                        SHA256

                        225b45ba16bc7146c7fa4c9251562039e0b169c2aa7b2fe4dc4e626c4ce72d83

                        SHA512

                        0ebfa0e19cbfc6272a70d712414512a37833b598edc18b5f290d8b662ec3757a90573fc29d1f2f7035400430a6f90eb91641c3b2251618f336146ebe17731310

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        21KB

                        MD5

                        493bd9403a731587b7740c78d2e11a64

                        SHA1

                        ac8a31541b51c2642eb482027f28ee3f74c4dd7c

                        SHA256

                        7106bf8c98eddcb16fad59abd9a78fa20a83bf302c20170ef5249eab02e0250f

                        SHA512

                        f40201fa5feadc0a063a489686b53a34e606fc6941a1e6eef75831f0fa72436fa17e86b41b1ba0b2753c8beae7a913d761a58515db5e2b3948408fe95a408e19

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        22KB

                        MD5

                        b5f4b0b6caa7edcbd2a154fbc694bf67

                        SHA1

                        f587ad0c63cccdd36fa49f59547a057bdcd63b31

                        SHA256

                        a0872d6aaccb3b7bae910272c37d7a3274928b90103a245f73df8b7bef2d2f44

                        SHA512

                        d6995b9e324730d43ffed50824fb2ce2f8c95b183e8cee2e180a3271bf74b5fbe74b68b0c5208afa3e2f4c4952648314a97ad064d65c8754d83a4b5d6e2cc7df

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        22KB

                        MD5

                        97c2f6f40e4b26372c1570a21f599bd6

                        SHA1

                        89c3b7bacd7b780bcedfeb304b8c51bded6f443d

                        SHA256

                        2dbfdef812717a45d2e1dcac14769588d896175b95cf40ce71ec3fbeb89d6125

                        SHA512

                        b75a8333bfea660e40227e150c5c5ab210bbd2b1b79465a8530392acc79c76e2267ed0cbff98140cf5b6db47ab1242bbf79b565d010e8fb64a9cc753d0ce1f19

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\datareporting\glean\pending_pings\1193a938-a03f-4e27-a6fb-d94c23b7efaa
                        Filesize

                        659B

                        MD5

                        6d5c120a89c49c5876f28abfe0e5847f

                        SHA1

                        c974c69918e99cb8ea977f57a185f3d9eae3cbbb

                        SHA256

                        96b7fd5efbcae4cc23377c38074aacde3a59a5c6e977d64ce601c57cc263ad9a

                        SHA512

                        3739ee92cb6d4f8dce85d1648227f530dd8352f3328f30deb2d86107b08a5f2f05601bd0b0be15dc00fd8963d116aa7ecbd229db34343ded236ed2dd924fc3c0

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\datareporting\glean\pending_pings\b8a18e94-d828-4cb3-b873-4f9b2e3059b0
                        Filesize

                        982B

                        MD5

                        1219df0ace9b99201fd6a98cfb2085f5

                        SHA1

                        1a02449ce1ccf1f45a6fdc12cc9dbab8acf72bfc

                        SHA256

                        7971adc4878e57e96887ea883818f7c7aa0db7bd2bacdbbd6bfb2401cf39bfbf

                        SHA512

                        33bbfbbb01df7b181c91991ebe3a80186037e1023087e01b772e62b3e053e318c314e0eff1c761f9975767f5ff5fde1489e48c9514f59fdbcc878a7965a0597e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                        Filesize

                        1.1MB

                        MD5

                        842039753bf41fa5e11b3a1383061a87

                        SHA1

                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                        SHA256

                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                        SHA512

                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                        Filesize

                        116B

                        MD5

                        2a461e9eb87fd1955cea740a3444ee7a

                        SHA1

                        b10755914c713f5a4677494dbe8a686ed458c3c5

                        SHA256

                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                        SHA512

                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                        Filesize

                        372B

                        MD5

                        bf957ad58b55f64219ab3f793e374316

                        SHA1

                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                        SHA256

                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                        SHA512

                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                        Filesize

                        17.8MB

                        MD5

                        daf7ef3acccab478aaa7d6dc1c60f865

                        SHA1

                        f8246162b97ce4a945feced27b6ea114366ff2ad

                        SHA256

                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                        SHA512

                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\prefs-1.js
                        Filesize

                        10KB

                        MD5

                        3b67b80959e419e2c1987039cffb8a63

                        SHA1

                        40cbbdc1121a6ffed27177c1a5b0893516bf5c08

                        SHA256

                        f8b59f0fb2e34fee1f120a680138c1f90760a6fd27c4aa2d3c9eb1e886b14ce8

                        SHA512

                        293c5ce707cb8a61fcd9743c2ea858b452d928bbf67feb28e204f74dabf4a304f430183cafa821bbafc0999664ba07bfaec80ab10ea9127683b88f9298bf9652

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\prefs.js
                        Filesize

                        9KB

                        MD5

                        20e0eefa86b43511a67839ea96222eab

                        SHA1

                        6aeb20a2ad109b48ca2fdc97ee4de36d946c4277

                        SHA256

                        2621606d360c43771b9a436018688c3443099e0613ef7c108a73f02b4c0e4930

                        SHA512

                        1254b4ac9bd51bdcea42e69067340081d0951de7de86ee48536f8657c954864504ca6710644edbb239c5995f7276484fe75b2ff8f158d1fdd10876ed6c35e4c4

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\prefs.js
                        Filesize

                        9KB

                        MD5

                        0598b85887b70e6390997cc96da0a334

                        SHA1

                        49ed82005df0adcd27966dd45f37b1dfd632b59f

                        SHA256

                        b8b8a385917ba48443ce2e94cf57fbcf65622f75d7a996bda4ac34b9b5a4f274

                        SHA512

                        19731ca10601399f1a7cfa468e5d9bc50a1f35cf455bb4cfaf288807adb71c49d1353a1ef5ffa8e62ed7c27f730802f1a1f45f8a533ed303e09e5f18be736ba7

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        1KB

                        MD5

                        b31e05f78ef6fa101fb48110baed5676

                        SHA1

                        01cc3168b5c7a9d40441d2943716eb27be4f2e81

                        SHA256

                        daf521385f3dcdd3a76ea0eab172848cf671376de2805e39f415123a272304e5

                        SHA512

                        4c8b2acfdcf50d64536365f6e81097c531a64a06facdf4c6753e612a86315c5d06909f05fbfd722abd49ae986695a17df1e35513d87cb4fa28a6f3fa0ea7a7ec

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        4KB

                        MD5

                        c7aba7544bc1634923432e89e4d61cbb

                        SHA1

                        46a211b03d4bdb6662fb3644713c9f4b9ba98d77

                        SHA256

                        0f3de3ad91316ac00ea34d74e2a942191ecb9cf7ec383d5c852f575164b4c03f

                        SHA512

                        389c4c8f009aa52cfccc251bf2c5f95404d4e1301ba49b175c9f9abfb4b81534f5ff4316062d8f49c0c272dd78dc9bd1482f5e6cbf6d3b0e58d57a3f8e55f28e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\58tontji.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        14KB

                        MD5

                        e57cbc00bbb1e6265b4651aaf6b3371e

                        SHA1

                        1abe6d2e2e46362acf421882eecceaa936d1515c

                        SHA256

                        750583763bba4d2b89d02673105a60a1b1203e104c98a735e854785ab9569735

                        SHA512

                        09400caefe3f5baf41479f9ffe62d935fd68aef41357fde932ce89b3370c8113eefca15b8144a37344f68bb9e155565e36fe6d432b4ce275e7531e99b21545fe

                        Download Submit

                      • memory/1480-3-0x00007FFBD7890000-0x00007FFBD8351000-memory.dmp

                        Filesize

                        10.8MB

                        Download

                      • memory/1480-1-0x00000000000D0000-0x00000000000EC000-memory.dmp

                        Filesize

                        112KB

                        Download

                      • memory/1480-2-0x00007FFBD7890000-0x00007FFBD8351000-memory.dmp

                        Filesize

                        10.8MB

                        Download

                      • memory/1480-0-0x00007FFBD7893000-0x00007FFBD7895000-memory.dmp

                        Filesize

                        8KB

                        Download