bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb

Analysis

max time kernel
170s
max time network
173s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 14:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Size

286KB
MD5

8815b0d1affae52d7ef12b4d5e33aa94
SHA1

7e602402ab652e01681d65adcf9f73346a3db711
SHA256

bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb
SHA512

ef021b30df0b5209a9711daf439976aec59b42835c08df4b2828a86957f3af99be49fd9231f88ac5d74920c453e437ce5a08243aedc0152b8ac8a005d5de7374
SSDEEP

6144:4xvFzscSrTJdQvITcs2u3R+xMMdJT0hjWM0Ltf4faB5RaBe:8vFzscSrTJd3xfSxJujWMSf8aBWw

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2044	hoqu.exe

Deletes itself 1 IoCs

pid	Process
1032	cmd.exe

Loads dropped DLL 2 IoCs

pid	Process
1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\Currentversion\Run	hoqu.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\Currentversion\Run	hoqu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\Igtyzamoh = "C:\\Users\\Admin\\AppData\\Roaming\\Qacymy\\hoqu.exe"	hoqu.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1112 set thread context of 1032	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	29

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Privacy	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\4D451207-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe
2044	hoqu.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Token: SeSecurityPrivilege	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Token: SeSecurityPrivilege	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Token: SeSecurityPrivilege	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Token: SeSecurityPrivilege	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Token: SeSecurityPrivilege	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Token: SeSecurityPrivilege	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Token: SeSecurityPrivilege	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Token: SeSecurityPrivilege	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Token: SeSecurityPrivilege	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
Token: SeManageVolumePrivilege	1316	WinMail.exe
Token: SeSecurityPrivilege	1032	cmd.exe
Token: SeSecurityPrivilege	1032	cmd.exe
Token: SeSecurityPrivilege	1032	cmd.exe
Token: SeSecurityPrivilege	1032	cmd.exe
Token: SeSecurityPrivilege	1032	cmd.exe
Token: SeSecurityPrivilege	1032	cmd.exe
Token: SeSecurityPrivilege	1032	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1316	WinMail.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 2044	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	27
PID 1112 wrote to memory of 2044	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	27
PID 1112 wrote to memory of 2044	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	27
PID 1112 wrote to memory of 2044	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	27
PID 2044 wrote to memory of 1156	2044	hoqu.exe	14
PID 2044 wrote to memory of 1156	2044	hoqu.exe	14
PID 2044 wrote to memory of 1156	2044	hoqu.exe	14
PID 2044 wrote to memory of 1156	2044	hoqu.exe	14
PID 2044 wrote to memory of 1156	2044	hoqu.exe	14
PID 2044 wrote to memory of 1228	2044	hoqu.exe	13
PID 2044 wrote to memory of 1228	2044	hoqu.exe	13
PID 2044 wrote to memory of 1228	2044	hoqu.exe	13
PID 2044 wrote to memory of 1228	2044	hoqu.exe	13
PID 2044 wrote to memory of 1228	2044	hoqu.exe	13
PID 2044 wrote to memory of 1256	2044	hoqu.exe	12
PID 2044 wrote to memory of 1256	2044	hoqu.exe	12
PID 2044 wrote to memory of 1256	2044	hoqu.exe	12
PID 2044 wrote to memory of 1256	2044	hoqu.exe	12
PID 2044 wrote to memory of 1256	2044	hoqu.exe	12
PID 2044 wrote to memory of 1112	2044	hoqu.exe	19
PID 2044 wrote to memory of 1112	2044	hoqu.exe	19
PID 2044 wrote to memory of 1112	2044	hoqu.exe	19
PID 2044 wrote to memory of 1112	2044	hoqu.exe	19
PID 2044 wrote to memory of 1112	2044	hoqu.exe	19
PID 2044 wrote to memory of 1316	2044	hoqu.exe	28
PID 2044 wrote to memory of 1316	2044	hoqu.exe	28
PID 2044 wrote to memory of 1316	2044	hoqu.exe	28
PID 2044 wrote to memory of 1316	2044	hoqu.exe	28
PID 2044 wrote to memory of 1316	2044	hoqu.exe	28
PID 1112 wrote to memory of 1032	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	29
PID 1112 wrote to memory of 1032	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	29
PID 1112 wrote to memory of 1032	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	29
PID 1112 wrote to memory of 1032	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	29
PID 1112 wrote to memory of 1032	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	29
PID 1112 wrote to memory of 1032	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	29
PID 1112 wrote to memory of 1032	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	29
PID 1112 wrote to memory of 1032	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	29
PID 1112 wrote to memory of 1032	1112	bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe	29
PID 2044 wrote to memory of 1644	2044	hoqu.exe	30
PID 2044 wrote to memory of 1644	2044	hoqu.exe	30
PID 2044 wrote to memory of 1644	2044	hoqu.exe	30
PID 2044 wrote to memory of 1644	2044	hoqu.exe	30
PID 2044 wrote to memory of 1644	2044	hoqu.exe	30
PID 2044 wrote to memory of 564	2044	hoqu.exe	31
PID 2044 wrote to memory of 564	2044	hoqu.exe	31
PID 2044 wrote to memory of 564	2044	hoqu.exe	31
PID 2044 wrote to memory of 564	2044	hoqu.exe	31
PID 2044 wrote to memory of 564	2044	hoqu.exe	31
PID 2044 wrote to memory of 1200	2044	hoqu.exe	32
PID 2044 wrote to memory of 1200	2044	hoqu.exe	32
PID 2044 wrote to memory of 1200	2044	hoqu.exe	32
PID 2044 wrote to memory of 1200	2044	hoqu.exe	32
PID 2044 wrote to memory of 1200	2044	hoqu.exe	32
PID 2044 wrote to memory of 1544	2044	hoqu.exe	33
PID 2044 wrote to memory of 1544	2044	hoqu.exe	33
PID 2044 wrote to memory of 1544	2044	hoqu.exe	33
PID 2044 wrote to memory of 1544	2044	hoqu.exe	33
PID 2044 wrote to memory of 1544	2044	hoqu.exe	33
PID 2044 wrote to memory of 1896	2044	hoqu.exe	34
PID 2044 wrote to memory of 1896	2044	hoqu.exe	34
PID 2044 wrote to memory of 1896	2044	hoqu.exe	34
PID 2044 wrote to memory of 1896	2044	hoqu.exe	34
PID 2044 wrote to memory of 1896	2044	hoqu.exe	34
PID 2044 wrote to memory of 976	2044	hoqu.exe	35

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1256
- C:\Users\Admin\AppData\Local\Temp\bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe
  "C:\Users\Admin\AppData\Local\Temp\bc200c6ddc4d67ae074ea296e078610048c787804a34b031f089154479ff66cb.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1112
- - C:\Users\Admin\AppData\Roaming\Qacymy\hoqu.exe
    "C:\Users\Admin\AppData\Roaming\Qacymy\hoqu.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2044
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpb939c17b.bat"
    3⤵
    - Deletes itself
    - Suspicious use of AdjustPrivilegeToken
    PID:1032

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1228

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1156

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1534490390-1401835681-5805828371978415027494939609530693522138043534-251906749"
1⤵
PID:1644

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:564

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1200

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1544

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1896

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:976

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpb939c17b.bat

Filesize
307B

MD5
f1b4f95e328997f8458e4fc5bd451066

SHA1
2eb723a63a2d43cafb9e34edc0f547242bc6219f

SHA256
d758f671cacb48f18c9c18ecdf637fceef1e703f83be172271ecbaa96efcf88e

SHA512
0850bd6feea6289fb176d3d218f2a74e81c18df272d31fb39f072e352dfa7d29994b07ca993006ad27fce5edb61f7128eb1258318efcb50f359307857eb6a3d4

Download Submit
C:\Users\Admin\AppData\Roaming\Giidux\irel.ypu

Filesize
4KB

MD5
1c80f8328a7cf9808eff72e2a44ad7be

SHA1
ae00d3fb7ef7d904e91a5e6d93416555041e42fc

SHA256
1501c4c1e105ee6d0430ccbfb3cd3a651a192a3bee30d2a0972ce1f893c54d2b

SHA512
e5b81be370c37660b2ed4f5286ac42d7f90e0e6fe806ff9d2d52c1900ecce84dbb601c94df1c42d85a68ecde1bdfb85e75aefe516b57fd089416d993a5a675fa

Download Submit
C:\Users\Admin\AppData\Roaming\Qacymy\hoqu.exe

Filesize
286KB

MD5
c9955d8679f35772aef3c92b51da5bd3

SHA1
07381702f56290fa61df4b7b7a571782b9e0541f

SHA256
dbdae99b23d00dc2d2b75b8c202b353bbb6b0d0872d86c6715410385043591b8

SHA512
75822282c4d4a83383c19cc1fc4adac3419f8aa2d719be5bd0033693b772a0af10a67c7afe5542e20cbb3ec1360a25027b23d3f20acc972e32484087be665185

Download Submit
C:\Users\Admin\AppData\Roaming\Qacymy\hoqu.exe

Filesize
286KB

MD5
c9955d8679f35772aef3c92b51da5bd3

SHA1
07381702f56290fa61df4b7b7a571782b9e0541f

SHA256
dbdae99b23d00dc2d2b75b8c202b353bbb6b0d0872d86c6715410385043591b8

SHA512
75822282c4d4a83383c19cc1fc4adac3419f8aa2d719be5bd0033693b772a0af10a67c7afe5542e20cbb3ec1360a25027b23d3f20acc972e32484087be665185

Download Submit
\Users\Admin\AppData\Roaming\Qacymy\hoqu.exe

Filesize
286KB

MD5
c9955d8679f35772aef3c92b51da5bd3

SHA1
07381702f56290fa61df4b7b7a571782b9e0541f

SHA256
dbdae99b23d00dc2d2b75b8c202b353bbb6b0d0872d86c6715410385043591b8

SHA512
75822282c4d4a83383c19cc1fc4adac3419f8aa2d719be5bd0033693b772a0af10a67c7afe5542e20cbb3ec1360a25027b23d3f20acc972e32484087be665185

Download Submit
\Users\Admin\AppData\Roaming\Qacymy\hoqu.exe

Filesize
286KB

MD5
c9955d8679f35772aef3c92b51da5bd3

SHA1
07381702f56290fa61df4b7b7a571782b9e0541f

SHA256
dbdae99b23d00dc2d2b75b8c202b353bbb6b0d0872d86c6715410385043591b8

SHA512
75822282c4d4a83383c19cc1fc4adac3419f8aa2d719be5bd0033693b772a0af10a67c7afe5542e20cbb3ec1360a25027b23d3f20acc972e32484087be665185

Download Submit
memory/1032-117-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-262-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-128-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-116-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-114-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-124-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-118-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-126-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-248-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-134-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-132-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1032-130-0x0000000000050000-0x0000000000089000-memory.dmp

Filesize
228KB

Download
memory/1112-122-0x00000000004D0000-0x0000000000509000-memory.dmp

Filesize
228KB

Download
memory/1112-121-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1112-83-0x00000000004D0000-0x0000000000509000-memory.dmp

Filesize
228KB

Download
memory/1112-84-0x00000000004D0000-0x0000000000509000-memory.dmp

Filesize
228KB

Download
memory/1112-85-0x00000000004D0000-0x0000000000509000-memory.dmp

Filesize
228KB

Download
memory/1112-86-0x00000000004D0000-0x0000000000509000-memory.dmp

Filesize
228KB

Download
memory/1112-87-0x00000000004D0000-0x0000000000509000-memory.dmp

Filesize
228KB

Download
memory/1112-55-0x0000000001E20000-0x0000000001F20000-memory.dmp

Filesize
1024KB

Download
memory/1112-56-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1112-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download
memory/1112-105-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1112-104-0x00000000004D0000-0x000000000051A000-memory.dmp

Filesize
296KB

Download
memory/1156-65-0x0000000001DB0000-0x0000000001DE9000-memory.dmp

Filesize
228KB

Download
memory/1156-63-0x0000000001DB0000-0x0000000001DE9000-memory.dmp

Filesize
228KB

Download
memory/1156-67-0x0000000001DB0000-0x0000000001DE9000-memory.dmp

Filesize
228KB

Download
memory/1156-66-0x0000000001DB0000-0x0000000001DE9000-memory.dmp

Filesize
228KB

Download
memory/1156-68-0x0000000001DB0000-0x0000000001DE9000-memory.dmp

Filesize
228KB

Download
memory/1228-73-0x0000000000120000-0x0000000000159000-memory.dmp

Filesize
228KB

Download
memory/1228-71-0x0000000000120000-0x0000000000159000-memory.dmp

Filesize
228KB

Download
memory/1228-74-0x0000000000120000-0x0000000000159000-memory.dmp

Filesize
228KB

Download
memory/1228-72-0x0000000000120000-0x0000000000159000-memory.dmp

Filesize
228KB

Download
memory/1256-80-0x0000000002990000-0x00000000029C9000-memory.dmp

Filesize
228KB

Download
memory/1256-79-0x0000000002990000-0x00000000029C9000-memory.dmp

Filesize
228KB

Download
memory/1256-77-0x0000000002990000-0x00000000029C9000-memory.dmp

Filesize
228KB

Download
memory/1256-78-0x0000000002990000-0x00000000029C9000-memory.dmp

Filesize
228KB

Download
memory/1316-89-0x000007FEF60F1000-0x000007FEF60F3000-memory.dmp

Filesize
8KB

Download
memory/1316-88-0x000007FEFB871000-0x000007FEFB873000-memory.dmp

Filesize
8KB

Download
memory/1316-110-0x00000000047C0000-0x00000000047F9000-memory.dmp

Filesize
228KB

Download
memory/1316-90-0x0000000000460000-0x0000000000470000-memory.dmp

Filesize
64KB

Download
memory/1316-96-0x0000000001EC0000-0x0000000001ED0000-memory.dmp

Filesize
64KB

Download
memory/1316-108-0x00000000047C0000-0x00000000047F9000-memory.dmp

Filesize
228KB

Download
memory/1316-109-0x00000000047C0000-0x00000000047F9000-memory.dmp

Filesize
228KB

Download
memory/1316-111-0x00000000047C0000-0x00000000047F9000-memory.dmp

Filesize
228KB

Download
memory/2044-103-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2044-102-0x0000000000640000-0x0000000000740000-memory.dmp

Filesize
1024KB

Download
memory/2044-263-0x0000000000640000-0x0000000000740000-memory.dmp

Filesize
1024KB

Download
memory/2044-264-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download