d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8

Analysis

max time kernel
153s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2022, 04:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
Size

273KB
MD5

1d96091dc25660ac8989193299659be7
SHA1

bc95772709ad585d528e43de2af29ed0bb628841
SHA256

d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8
SHA512

8c47793a478b0aaf12353ee1f1b2883c0a64eba1511889d33a6782e47f0ac8755dc3b594f2a74820f155243f215f015eb216ef62b6500a8fe9cc0d9cbe0baaa2
SSDEEP

3072:U+vMJOW7ySZS3XbhbbzPZEhIUejpSvA+jJwktRCoWvgDcephDZhAzN0V:6GSAHNbbdsjDIcHWvg4efvA

Score

8^/10

ransomware

Malware Config

Signatures

Modifies extensions of user files 6 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File created	C:\Users\Admin\Pictures\CompressGrant.png.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Users\Admin\Pictures\ExpandCompare.raw.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Users\Admin\Pictures\ExportConnect.crw.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Users\Admin\Pictures\ReceiveStep.tiff.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Users\Admin\Pictures\ReceiveStep.tiff	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Users\Admin\Pictures\RepairRead.raw.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\desktop.ini	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXE8SharedExpat.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_asym.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt58.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv58.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\pe.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Acrofx32.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt58.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\logsession.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_ecc.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Res.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RDCNotificationClient.appx	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIB.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\BIBUtils.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Onix32.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RTC.der.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ahclient.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt40.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeLinguistic.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\CoolType.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ScCore.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ACE.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\JP2KLib.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Microsoft.VCLibs.x86.14.00.appx.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AXSLE.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Microsoft.VCLibs.x86.14.00.appx	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFPrevHndlr.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroSup64.dll	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base.dll.clay	HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe

C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe
"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan-Ransom.MSIL.Gen.gen-d1a6bd542d3570297f37ef478a638a2c7e04645cfb66fef1abe8210aa41c48a8.exe"
1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3136-132-0x0000000000B10000-0x0000000000B5A000-memory.dmp

Filesize
296KB

Download
memory/3136-133-0x0000000005A20000-0x0000000005FC4000-memory.dmp

Filesize
5.6MB

Download
memory/3136-134-0x0000000005510000-0x00000000055A2000-memory.dmp

Filesize
584KB

Download
memory/3136-135-0x00000000056B0000-0x00000000056BA000-memory.dmp

Filesize
40KB

Download