a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3

Analysis

max time kernel
162s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 19:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Size

270KB
MD5

0e7aaa4713ed146784164163c89062c0
SHA1

83b6a0f9e75d2712296695fe390cf0ec97fad664
SHA256

a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3
SHA512

ef65ea4411ac11eb2f9655baba5a53677b28dedc9c02db2c625de5fa6b7f10b209dc4549ade89c73854bd9cee86ff8ae8d5b8a025914fb6b82e00b0dbd54c18f
SSDEEP

6144:bb2BRvEm8iIeqZUKRm1J0XhWqoDTUEaBMio8P:gRvEm8iIeNWiJ0XhWl0EKTP

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1428	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\vcmgcd32.dll	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
File created	C:\Windows\SysWOW64\vcmgcd32.dl_	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SYSTEM.INI	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentUserInput"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\VersionIndependentProgID	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\ = "{D6589123-FC70-11D0-AC94-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\0\win32\ = "C:\\Windows\\msagent\\AgtCtl15.tlb"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\LocalServer32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C89-7B81-11D0-AC5F-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentPropertySheet"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ = "IAgentExt"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib\Version = "2.0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\FLAGS\ = "0"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\ = "IAgentBalloonEx"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1428	a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe

C:\Users\Admin\AppData\Local\Temp\a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe
"C:\Users\Admin\AppData\Local\Temp\a0e1ff0c4cbda4f297b52f847b8ab58b0b970e1313a5232919464db01b52a7b3.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\vcmgcd32.dll

Filesize
36KB

MD5
ae22ca9f11ade8e362254b452cc07f78

SHA1
4b3cb548c547d3be76e571e0579a609969b05975

SHA256
20cbcc9d1e6bd3c7ccacbe81fd26551b2ccfc02c00e8f948b9e9016c8b401db6

SHA512
9e1c725758a284ec9132f393a0b27b019a7dde32dc0649b468152876b1c77b195abc9689b732144d8c5b4d0b5fcb960a3074264cab75e6681932d3da2a644bc1

Download Submit
memory/1428-133-0x0000000001000000-0x0000000001046000-memory.dmp

Filesize
280KB

Download
memory/1428-134-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download