a3913a8ba006adc3367096cd0907ba827c80a390306e0dfc4c2be61e61d8668a

Analysis

max time kernel
109s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2022 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3913a8ba006adc3367096cd0907ba827c80a390306e0dfc4c2be61e61d8668a.exe
Size

2.2MB
MD5

6e745542df9733f0c4ef1386254e7f1a
SHA1

aeb17ddeb13d1d8c7fec3e21ad14ef5f9f610b48
SHA256

a3913a8ba006adc3367096cd0907ba827c80a390306e0dfc4c2be61e61d8668a
SHA512

e8868f92ebebd37a9a16cc78466b086599678c91fc7fd832b323286c414902c827a4e18e313f5a1cf99d78d25be2dea92cbbec09f0f9d71097168bfa71a31d13
SSDEEP

49152:cIYxWDHhJylc0R5x4D8ogdmyshvqMT5DGSFeFnhGH+H42MpXq:2oDP70/eYmyscoDpunhGH+H42H

Score

8^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 2 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x0008000000022e2a-137.dat	aspack_v212_v242
behavioral2/files/0x0008000000022e2a-138.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
4008	2.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4008-149-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-152-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-151-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-154-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-153-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-156-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-158-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-160-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-162-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-164-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-166-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-168-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-170-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-172-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-174-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-176-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-178-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-180-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-182-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-184-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-186-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-188-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-190-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-192-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-194-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx
behavioral2/memory/4008-212-0x00000000026C0000-0x00000000026FD000-memory.dmp	upx

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	a3913a8ba006adc3367096cd0907ba827c80a390306e0dfc4c2be61e61d8668a.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation	WScript.exe

Loads dropped DLL 15 IoCs

pid	Process
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\superecTuLGZ.sys	2.exe
File created	C:\Windows\SysWOW64\ESPI11.dll	2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings	a3913a8ba006adc3367096cd0907ba827c80a390306e0dfc4c2be61e61d8668a.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe
4008	2.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 4820	3472	a3913a8ba006adc3367096cd0907ba827c80a390306e0dfc4c2be61e61d8668a.exe	85
PID 3472 wrote to memory of 4820	3472	a3913a8ba006adc3367096cd0907ba827c80a390306e0dfc4c2be61e61d8668a.exe	85
PID 3472 wrote to memory of 4820	3472	a3913a8ba006adc3367096cd0907ba827c80a390306e0dfc4c2be61e61d8668a.exe	85
PID 4820 wrote to memory of 360	4820	WScript.exe	86
PID 4820 wrote to memory of 360	4820	WScript.exe	86
PID 4820 wrote to memory of 360	4820	WScript.exe	86
PID 4820 wrote to memory of 2616	4820	WScript.exe	88
PID 4820 wrote to memory of 2616	4820	WScript.exe	88
PID 4820 wrote to memory of 2616	4820	WScript.exe	88
PID 2616 wrote to memory of 4008	2616	cmd.exe	90
PID 2616 wrote to memory of 4008	2616	cmd.exe	90
PID 2616 wrote to memory of 4008	2616	cmd.exe	90

C:\Users\Admin\AppData\Local\Temp\a3913a8ba006adc3367096cd0907ba827c80a390306e0dfc4c2be61e61d8668a.exe
"C:\Users\Admin\AppData\Local\Temp\a3913a8ba006adc3367096cd0907ba827c80a390306e0dfc4c2be61e61d8668a.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1.vbs"
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:4820
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c 1.exe
    3⤵
    PID:360
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c 2.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\2.exe
      2.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of SetWindowsHookEx
      PID:4008

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.exe\ESpeechEngine.fne

Filesize
176KB

MD5
cf081a911a261d5e403dd642ab611ead

SHA1
b5a435cfd39ab7d5bc5576f7952c0a698afddf03

SHA256
3df7046ce26a66e1f7e1254840c2d27a2112954c930ee4ed8343f7b6f29ef522

SHA512
ed41104553165c1fb81daaa6b5f9843a2881689d97df223a2c634add5b2f5186bcdef1568c38cf3453d67c83edc3498707ab5fb0c18dc375b9e04f08d45c0bbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe\ESpeechEngine.fne

Filesize
176KB

MD5
cf081a911a261d5e403dd642ab611ead

SHA1
b5a435cfd39ab7d5bc5576f7952c0a698afddf03

SHA256
3df7046ce26a66e1f7e1254840c2d27a2112954c930ee4ed8343f7b6f29ef522

SHA512
ed41104553165c1fb81daaa6b5f9843a2881689d97df223a2c634add5b2f5186bcdef1568c38cf3453d67c83edc3498707ab5fb0c18dc375b9e04f08d45c0bbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe\HtmlView.fne

Filesize
224KB

MD5
5de3e6de5001ba45853c1824babe0774

SHA1
ce238d98ad066e53810e5872168bc84fc4f325cf

SHA256
5aa45b6024eae73a509041d0e532afef7a4a7fb5fb7e5efce29ff04313a6977e

SHA512
3b9945f6671c47cad49ab7e43ee24e430e3ce1b4d761604246c69aea9f4b8449a3133e8a7c8cf9f851e99525e7deedac414381a86f4d95faa80a471b7cb209db

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe\HtmlView.fne

Filesize
224KB

MD5
5de3e6de5001ba45853c1824babe0774

SHA1
ce238d98ad066e53810e5872168bc84fc4f325cf

SHA256
5aa45b6024eae73a509041d0e532afef7a4a7fb5fb7e5efce29ff04313a6977e

SHA512
3b9945f6671c47cad49ab7e43ee24e430e3ce1b4d761604246c69aea9f4b8449a3133e8a7c8cf9f851e99525e7deedac414381a86f4d95faa80a471b7cb209db

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe\eNetIntercept.fne

Filesize
156KB

MD5
39b7dad10ceea9c6739f3a6c28b659b5

SHA1
b006e80c16822162bd91261341ca71fc1c177e95

SHA256
3c60c2495437fa98b106ff71acf0e29a8cfa15fc9d72d9573bb3fdf1f9d2a7e2

SHA512
e545ef6f8fd32a6b1061d4690e58bc328df65cf153bcb728c44058d501a91067510fc6dfe23f2651e26f30abcb648330f229e36a32522eaf0f3d12a3ab65602b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe\eNetIntercept.fne

Filesize
156KB

MD5
39b7dad10ceea9c6739f3a6c28b659b5

SHA1
b006e80c16822162bd91261341ca71fc1c177e95

SHA256
3c60c2495437fa98b106ff71acf0e29a8cfa15fc9d72d9573bb3fdf1f9d2a7e2

SHA512
e545ef6f8fd32a6b1061d4690e58bc328df65cf153bcb728c44058d501a91067510fc6dfe23f2651e26f30abcb648330f229e36a32522eaf0f3d12a3ab65602b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe\iext.fnr

Filesize
216KB

MD5
f91cfe6df71fbbbe56ddf70247ab9b49

SHA1
6d6e25569bca49c19f2a4b07675194a1bf055eb4

SHA256
7169863abd2e9a59ae706235224222754c44eea12a4304f6ac426ac4a89688a9

SHA512
841a0632b0bca43d590f72602a0161e04c77e1e881d5bd6d294edab4f9c5577bb8e46f15dd6a0c831e5774fa53e449397146d57b8575ea04506a64f3842490aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe\iext.fnr

Filesize
216KB

MD5
f91cfe6df71fbbbe56ddf70247ab9b49

SHA1
6d6e25569bca49c19f2a4b07675194a1bf055eb4

SHA256
7169863abd2e9a59ae706235224222754c44eea12a4304f6ac426ac4a89688a9

SHA512
841a0632b0bca43d590f72602a0161e04c77e1e881d5bd6d294edab4f9c5577bb8e46f15dd6a0c831e5774fa53e449397146d57b8575ea04506a64f3842490aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe\krnln.fnr

Filesize
1.0MB

MD5
4b30dbe1a79b2b7572ff637cb3765ced

SHA1
b08eba0e9bdb62d426db8d2b3d451152a56f79a1

SHA256
4208bdf90e97398a452d459d89562bda361bc6e911a385c4e31481a776f69e6d

SHA512
40e99c4a9d160a734a1675d75209dd88c7389c95cf0d0b6101f7e9edb2f3ebfe85e7170f0f4bae8a2e9533048bd5ecd414797b02ef257aecd90431f0c29ccfce

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe\shell.fne

Filesize
60KB

MD5
97d57d2e349f2afbe6c40baa679f6281

SHA1
e9ee8998a6cc9cbc109da0cf741d8803a3762a82

SHA256
944fa12ee12b4c008f6ea52cfd6e4b7ce1719a419fb77a65fd0c432160ecc699

SHA512
fc3149e1b49680bbb8346769d8cc1c4cecb035636464686412cd0242d6eb52316b171f8b15fed218ebe7850c84a2d4a134dbdb3693c5c369863aabaed66b9d88

Download Submit
C:\Users\Admin\AppData\Local\Temp\.exe\shell.fne

Filesize
60KB

MD5
97d57d2e349f2afbe6c40baa679f6281

SHA1
e9ee8998a6cc9cbc109da0cf741d8803a3762a82

SHA256
944fa12ee12b4c008f6ea52cfd6e4b7ce1719a419fb77a65fd0c432160ecc699

SHA512
fc3149e1b49680bbb8346769d8cc1c4cecb035636464686412cd0242d6eb52316b171f8b15fed218ebe7850c84a2d4a134dbdb3693c5c369863aabaed66b9d88

Download Submit
C:\Users\Admin\AppData\Local\Temp\1.vbs

Filesize
98B

MD5
519bc6ba1dee20d7b8ec37d6a8e93cad

SHA1
d82348921cd64d006d096765434180ba66c81e12

SHA256
85e8d49f9921b5352c2e1f5300d26776683b98798cbb5572b6a520c4f6ed8467

SHA512
2ae1d66c7c5cffd053ef1cd8a220f8e268d8c24e11288aca142f4b1a28577e201ecd7898eb2e8c65d6b1f766eef6f6f99066380e0aae0c616854ab43662a0dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.exe

Filesize
2.1MB

MD5
9725d931b46fba4d84960b992b531408

SHA1
da0f16c3e9ada79c5fc50964a34afe6a8fe05645

SHA256
14a7666867d6eda74a107a496360fe16fc722fd7a68ad3c95878e60cdce0f109

SHA512
884aef765c42fad42b0b18aa4bea00ae7c4e1ea2cdd256cdfe5f86c339973f31103fdc94a3fb35a9c36976cd731f1475e7f8a2f3dea15d1b6a0db28ffdc33b41

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.exe

Filesize
2.1MB

MD5
9725d931b46fba4d84960b992b531408

SHA1
da0f16c3e9ada79c5fc50964a34afe6a8fe05645

SHA256
14a7666867d6eda74a107a496360fe16fc722fd7a68ad3c95878e60cdce0f109

SHA512
884aef765c42fad42b0b18aa4bea00ae7c4e1ea2cdd256cdfe5f86c339973f31103fdc94a3fb35a9c36976cd731f1475e7f8a2f3dea15d1b6a0db28ffdc33b41

Download Submit
C:\Windows\SysWOW64\ESPI11.dll

Filesize
120KB

MD5
c3adbb35a05b44bc877a895d273aa270

SHA1
8afe20d8261d217fd23ccfe53bd45ad3bec82d2d

SHA256
b2b2ea9737587313d420bde96a42063c002a83e35d9f987f8ec0d5d4d96c262c

SHA512
614dc24e3368047d68e2833ecdf9cda1f5ef290fc74287769a70df46bfa937386ce2e1332b3bada0f7e54b470ecdfe7c8bbd4ec3fa1c815f52993bb7edb93afc

Download Submit
C:\Windows\SysWOW64\ESPI11.dll

Filesize
120KB

MD5
c3adbb35a05b44bc877a895d273aa270

SHA1
8afe20d8261d217fd23ccfe53bd45ad3bec82d2d

SHA256
b2b2ea9737587313d420bde96a42063c002a83e35d9f987f8ec0d5d4d96c262c

SHA512
614dc24e3368047d68e2833ecdf9cda1f5ef290fc74287769a70df46bfa937386ce2e1332b3bada0f7e54b470ecdfe7c8bbd4ec3fa1c815f52993bb7edb93afc

Download Submit
C:\Windows\SysWOW64\ESPI11.dll

Filesize
120KB

MD5
c3adbb35a05b44bc877a895d273aa270

SHA1
8afe20d8261d217fd23ccfe53bd45ad3bec82d2d

SHA256
b2b2ea9737587313d420bde96a42063c002a83e35d9f987f8ec0d5d4d96c262c

SHA512
614dc24e3368047d68e2833ecdf9cda1f5ef290fc74287769a70df46bfa937386ce2e1332b3bada0f7e54b470ecdfe7c8bbd4ec3fa1c815f52993bb7edb93afc

Download Submit
C:\Windows\SysWOW64\ESPI11.dll

Filesize
120KB

MD5
c3adbb35a05b44bc877a895d273aa270

SHA1
8afe20d8261d217fd23ccfe53bd45ad3bec82d2d

SHA256
b2b2ea9737587313d420bde96a42063c002a83e35d9f987f8ec0d5d4d96c262c

SHA512
614dc24e3368047d68e2833ecdf9cda1f5ef290fc74287769a70df46bfa937386ce2e1332b3bada0f7e54b470ecdfe7c8bbd4ec3fa1c815f52993bb7edb93afc

Download Submit
memory/360-134-0x0000000000000000-mapping.dmp

Download
memory/2616-135-0x0000000000000000-mapping.dmp

Download
memory/4008-170-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-192-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-162-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-164-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-166-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-168-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-213-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/4008-172-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-174-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-176-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-178-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-180-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-182-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-184-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-186-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-188-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-190-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-160-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-194-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-158-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-197-0x0000000002860000-0x00000000028A4000-memory.dmp

Filesize
272KB

Download
memory/4008-156-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-153-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-154-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-201-0x00000000028F0000-0x000000000292B000-memory.dmp

Filesize
236KB

Download
memory/4008-151-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-205-0x0000000004970000-0x0000000004985000-memory.dmp

Filesize
84KB

Download
memory/4008-152-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-208-0x0000000004CC0000-0x0000000004CE1000-memory.dmp

Filesize
132KB

Download
memory/4008-149-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4008-147-0x00000000025A0000-0x00000000025CF000-memory.dmp

Filesize
188KB

Download
memory/4008-139-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/4008-136-0x0000000000000000-mapping.dmp

Download
memory/4008-212-0x00000000026C0000-0x00000000026FD000-memory.dmp

Filesize
244KB

Download
memory/4820-132-0x0000000000000000-mapping.dmp

Download