1b018de4863476c4c081d10b04adab1e299901aaf025b319ae7ea53d7788ae0b

Analysis

max time kernel
83s
max time network
103s
platform
windows7_x64
resource
win7-20220901-es
resource tags

arch:x64arch:x86image:win7-20220901-eslocale:es-esos:windows7-x64systemwindows
submitted
03/01/2023, 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Zoom_Effect_Manager_2.0.1-x64_setup.exe
Size

20.3MB
MD5

c2caa9cfa358ff85da6330bc0bd7ca15
SHA1

352a98d7ebdd7339be5f696fd75deafa29fcbc37
SHA256

1b018de4863476c4c081d10b04adab1e299901aaf025b319ae7ea53d7788ae0b
SHA512

162cc0c0ad2e3a21c06fb818d835682493150c4fde093da96b36d85ef8aa519179e48e7cc6fb52bf2efaf8069d85a74b6e601ce39c1a15dd46ef7370be19a805
SSDEEP

393216:NqDHJ1hgs++AJ3d2zH0qVn3QnBAtnqum6JS5X18iWRJC8SJ:NuHJ1hg7J3Mj0qV3QU/mR/DWD2

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1320	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
1828	Zoom Effect Manager 2.exe

Loads dropped DLL 9 IoCs

pid	Process
1324	Zoom_Effect_Manager_2.0.1-x64_setup.exe
1268	Process not Found
1268	Process not Found
1268	Process not Found
1268	Process not Found
1320	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
1828	Zoom Effect Manager 2.exe
1828	Zoom Effect Manager 2.exe
1828	Zoom Effect Manager 2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Zoom Effect Manager 2\license\is-EJGIT.tmp	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File opened for modification	C:\Program Files\Zoom Effect Manager 2\libcrypto-1_1-x64.dll	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File opened for modification	C:\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File created	C:\Program Files\Zoom Effect Manager 2\data\is-TVG4L.tmp	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File created	C:\Program Files\Zoom Effect Manager 2\is-D9FK6.tmp	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File opened for modification	C:\Program Files\Zoom Effect Manager 2\unins000.dat	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File created	C:\Program Files\Zoom Effect Manager 2\unins000.dat	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File created	C:\Program Files\Zoom Effect Manager 2\data\is-JM69P.tmp	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File created	C:\Program Files\Zoom Effect Manager 2\data\is-6FHA5.tmp	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File created	C:\Program Files\Zoom Effect Manager 2\is-U3EBQ.tmp	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File created	C:\Program Files\Zoom Effect Manager 2\is-2HH0D.tmp	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File created	C:\Program Files\Zoom Effect Manager 2\license\is-G6NN8.tmp	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File opened for modification	C:\Program Files\Zoom Effect Manager 2\libssl-1_1-x64.dll	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File created	C:\Program Files\Zoom Effect Manager 2\is-UGPN9.tmp	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
File created	C:\Program Files\Zoom Effect Manager 2\data\is-0S026.tmp	Zoom_Effect_Manager_2.0.1-x64_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1832	1828	WerFault.exe	30

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1828	Zoom Effect Manager 2.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1320	Zoom_Effect_Manager_2.0.1-x64_setup.tmp
1320	Zoom_Effect_Manager_2.0.1-x64_setup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1320	Zoom_Effect_Manager_2.0.1-x64_setup.tmp

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1828	Zoom Effect Manager 2.exe
1828	Zoom Effect Manager 2.exe
1828	Zoom Effect Manager 2.exe
1828	Zoom Effect Manager 2.exe
1828	Zoom Effect Manager 2.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1320	1324	Zoom_Effect_Manager_2.0.1-x64_setup.exe	28
PID 1324 wrote to memory of 1320	1324	Zoom_Effect_Manager_2.0.1-x64_setup.exe	28
PID 1324 wrote to memory of 1320	1324	Zoom_Effect_Manager_2.0.1-x64_setup.exe	28
PID 1324 wrote to memory of 1320	1324	Zoom_Effect_Manager_2.0.1-x64_setup.exe	28
PID 1324 wrote to memory of 1320	1324	Zoom_Effect_Manager_2.0.1-x64_setup.exe	28
PID 1324 wrote to memory of 1320	1324	Zoom_Effect_Manager_2.0.1-x64_setup.exe	28
PID 1324 wrote to memory of 1320	1324	Zoom_Effect_Manager_2.0.1-x64_setup.exe	28
PID 1320 wrote to memory of 1828	1320	Zoom_Effect_Manager_2.0.1-x64_setup.tmp	30
PID 1320 wrote to memory of 1828	1320	Zoom_Effect_Manager_2.0.1-x64_setup.tmp	30
PID 1320 wrote to memory of 1828	1320	Zoom_Effect_Manager_2.0.1-x64_setup.tmp	30
PID 1320 wrote to memory of 1828	1320	Zoom_Effect_Manager_2.0.1-x64_setup.tmp	30

C:\Users\Admin\AppData\Local\Temp\Zoom_Effect_Manager_2.0.1-x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\Zoom_Effect_Manager_2.0.1-x64_setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Users\Admin\AppData\Local\Temp\is-0SBML.tmp\Zoom_Effect_Manager_2.0.1-x64_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0SBML.tmp\Zoom_Effect_Manager_2.0.1-x64_setup.tmp" /SL5="$70132,20458927,958976,C:\Users\Admin\AppData\Local\Temp\Zoom_Effect_Manager_2.0.1-x64_setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1320
- - C:\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe
    "C:\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of SetWindowsHookEx
    PID:1828
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1828 -s 1072
      4⤵
      Program crash
      PID:1832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
68.1MB

MD5
3f76df46d681df439db813049780dd68

SHA1
cae92b187ae959bed949ed6300593f6e1b042462

SHA256
a88a0aeef09ae6e438e3c051dbcf9c80a2f9957c7c9237cfee9cef8037b53ca2

SHA512
f7644a9353e029ca1e3ac12d054d4483540832330ced3d416d8db03a0570218843c76bad926ca6f131f59bf451236d39a2bc6679fa58b8ba7481354e102c7df9

Download Submit
C:\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
23.8MB

MD5
a6d20bdc957a357777f91fae89e17a27

SHA1
48ddb2309031ebb9421779a5ecf151f3b949471f

SHA256
e8b7a803cfec1cdf88d4677b85cc95554057c164ed3d89b70aa7fb3700f82bca

SHA512
28673c315c375645f7579e94089f8923c1e1e2026603b7f8506f5748f395e495b3e0d1356312db2601a8db335b9deb286f60486c59caa599628cbd0ac835f7eb

Download Submit
C:\Program Files\Zoom Effect Manager 2\data\common_zdl1.dat

Filesize
24KB

MD5
f383cf156ffe7fdaf555f36765f50906

SHA1
33b4b3e4240317b4cfab4b8a6f912c2a82cc3a24

SHA256
1065e688ecb09b69896b5d737735ee1c2cc8a2ede8c21f133f751a89c99dfb29

SHA512
5f068029b71f7bade4c97e4249b6a4645549fea9bc6bc9a7ca5fa918d23d694e82050b648ef18575b72c4459f59a181e8e6f506a36895acf20c8f21bc400194b

Download Submit
C:\Program Files\Zoom Effect Manager 2\data\drums_zdl1.dat

Filesize
441KB

MD5
9055779901034ffc6e1d3b30a20c9216

SHA1
f6f9e8df3a29f56db4b0d95d1c728c7251f86777

SHA256
13cb438c87c973f58784b832226da83f5566214cc61ef678a63d1e8350e77265

SHA512
8ceaa15a30d979603a3bf5286562875c93abc35d1354d47055bd14c8153e264e8f21848713ab883dcb1fb3d651a392e8c10a80ba251f8dbf7e66cd1a056030d7

Download Submit
C:\Program Files\Zoom Effect Manager 2\data\effects_zdl1.dat

Filesize
2.3MB

MD5
ec664e1a8b2982f5092327290b80ef00

SHA1
ef7f7bccfe3b9d5c7fcab44a0550c62266c95080

SHA256
a71f65db54aca2e3f0ba48a93b12b05ef032c381ba34a4f0529da46c69c2b26e

SHA512
9b84a7f2398d677a38a588e12f218f1db4ceb6cd87fff90652ece9c8259d12621aa3be1d0a8d8cd4c002a5081fc36dad7555f61fe97721f01b14189788ca4f2f

Download Submit
C:\Program Files\Zoom Effect Manager 2\data\icons_zdl1.dat

Filesize
276KB

MD5
9b4e2f24d3c83bd498a75fc7578e2f93

SHA1
0768f431c8d5b4f93d78eea4eaa19bbf408a5cc4

SHA256
6410146081dcfeeb6f082340e2851d9635509645fa962b16d443357622aabc1a

SHA512
f9c87da55d8f0a3107df32ae83ddf750f566f849d2e3f337f0dd60313ef420da28fa8df1662477e2180feacfb20995fa27ba7b3197f40a2f50b3ba21e7d67dce

Download Submit
C:\Program Files\Zoom Effect Manager 2\libcrypto-1_1-x64.dll

Filesize
3.3MB

MD5
40c35ef50157db726b079c2285870b31

SHA1
a4faa8702ea1b739f4c796a1072b4aa7a143fa4f

SHA256
e71d2505c6d3671f562675174623e4189df7f1e46a2a185128b6c1c8f7c9a4d2

SHA512
ce2f70175cf63a9ba97bffb2eda424ccfc580e33b44ccbefa4fbd14246b292b8e40af269c6e743e8d679b35f15181548cedf6b5eea5c339c53ca4082019f5edc

Download Submit
C:\Program Files\Zoom Effect Manager 2\libssl-1_1-x64.dll

Filesize
669KB

MD5
33f866289738fded378b710b0f6d5c51

SHA1
63b5ecab5b3e5b21f4186bb475070ea61c48b80a

SHA256
408474afb7b94f3f3a3c7618f55444bd543dc69862d5c8765c9de71e52ea1949

SHA512
085683be1ec84c2eb5461069fccae9980ee1e40bc5a10a67e21b5e4a00a8d1a0ec4f6dd9209794f9e8e66b754b9c03506eb04a6db0f45d57a5ff626e9902236e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0SBML.tmp\Zoom_Effect_Manager_2.0.1-x64_setup.tmp

Filesize
3.1MB

MD5
245f61a2418dbafa67413a98408c9155

SHA1
228003e1d4b3a305a0c131064105f9ca505803fa

SHA256
61e2e6f38f33c9aa4eafe9dbec0dc66991a34d36f0d00e9da518d2f0ffef25b8

SHA512
36c726c7c68057ee35a5957b6e2cbda90e7b89db1a51b8c8c2266345823e482b987039e2c93790aeff22e3ed4e6b68cd467f3a4bc850508d5d3cedaaa67475b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0SBML.tmp\Zoom_Effect_Manager_2.0.1-x64_setup.tmp

Filesize
3.1MB

MD5
245f61a2418dbafa67413a98408c9155

SHA1
228003e1d4b3a305a0c131064105f9ca505803fa

SHA256
61e2e6f38f33c9aa4eafe9dbec0dc66991a34d36f0d00e9da518d2f0ffef25b8

SHA512
36c726c7c68057ee35a5957b6e2cbda90e7b89db1a51b8c8c2266345823e482b987039e2c93790aeff22e3ed4e6b68cd467f3a4bc850508d5d3cedaaa67475b4

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
68.1MB

MD5
3f76df46d681df439db813049780dd68

SHA1
cae92b187ae959bed949ed6300593f6e1b042462

SHA256
a88a0aeef09ae6e438e3c051dbcf9c80a2f9957c7c9237cfee9cef8037b53ca2

SHA512
f7644a9353e029ca1e3ac12d054d4483540832330ced3d416d8db03a0570218843c76bad926ca6f131f59bf451236d39a2bc6679fa58b8ba7481354e102c7df9

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
68.1MB

MD5
3f76df46d681df439db813049780dd68

SHA1
cae92b187ae959bed949ed6300593f6e1b042462

SHA256
a88a0aeef09ae6e438e3c051dbcf9c80a2f9957c7c9237cfee9cef8037b53ca2

SHA512
f7644a9353e029ca1e3ac12d054d4483540832330ced3d416d8db03a0570218843c76bad926ca6f131f59bf451236d39a2bc6679fa58b8ba7481354e102c7df9

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
68.1MB

MD5
3f76df46d681df439db813049780dd68

SHA1
cae92b187ae959bed949ed6300593f6e1b042462

SHA256
a88a0aeef09ae6e438e3c051dbcf9c80a2f9957c7c9237cfee9cef8037b53ca2

SHA512
f7644a9353e029ca1e3ac12d054d4483540832330ced3d416d8db03a0570218843c76bad926ca6f131f59bf451236d39a2bc6679fa58b8ba7481354e102c7df9

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
68.1MB

MD5
3f76df46d681df439db813049780dd68

SHA1
cae92b187ae959bed949ed6300593f6e1b042462

SHA256
a88a0aeef09ae6e438e3c051dbcf9c80a2f9957c7c9237cfee9cef8037b53ca2

SHA512
f7644a9353e029ca1e3ac12d054d4483540832330ced3d416d8db03a0570218843c76bad926ca6f131f59bf451236d39a2bc6679fa58b8ba7481354e102c7df9

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
68.1MB

MD5
3f76df46d681df439db813049780dd68

SHA1
cae92b187ae959bed949ed6300593f6e1b042462

SHA256
a88a0aeef09ae6e438e3c051dbcf9c80a2f9957c7c9237cfee9cef8037b53ca2

SHA512
f7644a9353e029ca1e3ac12d054d4483540832330ced3d416d8db03a0570218843c76bad926ca6f131f59bf451236d39a2bc6679fa58b8ba7481354e102c7df9

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
24.2MB

MD5
fde044fd9a5e2d70777c7341953cbe8b

SHA1
af0c1267731a3fac30405fc4d403821224c35f9d

SHA256
f1f14a5a5bca7720fcbaaced5ed796f90c8fe65d6081e2d2090f02063cd864d4

SHA512
5c6e4cde0446aafcd0808083e911732dda775552f7962958a79771df701f80645dcfc2c990d3344023d7ab7182711ddda4c035770878aa8ad6808cdfeff369f2

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
22.6MB

MD5
3a5e8dd0cae34f0fb519ec6c48f4c422

SHA1
7247d03c3e862f4c897b9f5f9a69968a4cbfbe2c

SHA256
edb5b76db89218775d56c5ba16d6783a0b864c585fcb05708899d7d3e4dddfc7

SHA512
38269828b503e1e20cdad7992946a978e2d435c6f747594536c7e83b05ec36f0b4876556fe20a3da12b359bd4fd4c7c9083615468e0f5773423dbd98347d7b44

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
22.6MB

MD5
30863b3cf64de86beb391653e98ac012

SHA1
492c375e10328705aeb54f5cdc9296c165c42371

SHA256
e49c1941f1f59545b2ed2d9c7308301322f5bc798761ba3d49b8d60ee76d93be

SHA512
b8e007d95ca0b72d15d87f1cbb9e79797ee4f37d7f9e86bad80643c3dc31d1a9583d68cc7961ca21f788dd18c9e602cff7d97aa326ab45c6bb3216ae322f225c

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
11.3MB

MD5
197d4991d9eaad9651b567682c4f99a8

SHA1
5e814fdfff6853e84114ffb3a13bd583fc018b66

SHA256
15f41b5356809fbc9fdf36df40cf27953d7e6abbd1b8cb574efc933345288625

SHA512
3256ff2b720d1554090ee80ea6dd9a9e799b341f4e1fcba2c3b00c447d25117c818d885b0aaa8d1d49668b658a44d95c9ad6e1991152ee2ff0b36ee100db48c2

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
21.8MB

MD5
d68d413c0736f6711ee9cf7939cd5096

SHA1
228b55b506c236eada05eaf3ed5a67b6464543de

SHA256
06920225867c6fcbc73dd931a8655b3c5c12a0546803a534309e950917dd5f91

SHA512
f84df8cf3db71341dad71b237b2b1205d6689c621bddb9d5d3099f9d9f796377036dfafa428782864eae0eff26a9a9164592b299dd7643c57a40fc2040dee55b

Download Submit
\Program Files\Zoom Effect Manager 2\Zoom Effect Manager 2.exe

Filesize
21.4MB

MD5
8486d425205bfbabd63e5dbe1fb4c66b

SHA1
a84a384498f3ad70b9932fac0f86b1a3c7ae49d1

SHA256
4df7f116a6f13ac31237296e1a54c9262a1edb6d90cb343db152c249379074ca

SHA512
ed22b0a9edfe073428e7965bcc6c441e2372a28830651cceb4185ff5ea73ff9feccd841717b68809d668f191530f0d9fb2eba3acc2f876dbcaefa82b18b4258e

Download Submit
\Program Files\Zoom Effect Manager 2\libcrypto-1_1-x64.dll

Filesize
3.3MB

MD5
40c35ef50157db726b079c2285870b31

SHA1
a4faa8702ea1b739f4c796a1072b4aa7a143fa4f

SHA256
e71d2505c6d3671f562675174623e4189df7f1e46a2a185128b6c1c8f7c9a4d2

SHA512
ce2f70175cf63a9ba97bffb2eda424ccfc580e33b44ccbefa4fbd14246b292b8e40af269c6e743e8d679b35f15181548cedf6b5eea5c339c53ca4082019f5edc

Download Submit
\Program Files\Zoom Effect Manager 2\libcrypto-1_1-x64.dll

Filesize
3.3MB

MD5
40c35ef50157db726b079c2285870b31

SHA1
a4faa8702ea1b739f4c796a1072b4aa7a143fa4f

SHA256
e71d2505c6d3671f562675174623e4189df7f1e46a2a185128b6c1c8f7c9a4d2

SHA512
ce2f70175cf63a9ba97bffb2eda424ccfc580e33b44ccbefa4fbd14246b292b8e40af269c6e743e8d679b35f15181548cedf6b5eea5c339c53ca4082019f5edc

Download Submit
\Program Files\Zoom Effect Manager 2\libssl-1_1-x64.dll

Filesize
669KB

MD5
33f866289738fded378b710b0f6d5c51

SHA1
63b5ecab5b3e5b21f4186bb475070ea61c48b80a

SHA256
408474afb7b94f3f3a3c7618f55444bd543dc69862d5c8765c9de71e52ea1949

SHA512
085683be1ec84c2eb5461069fccae9980ee1e40bc5a10a67e21b5e4a00a8d1a0ec4f6dd9209794f9e8e66b754b9c03506eb04a6db0f45d57a5ff626e9902236e

Download Submit
\Users\Admin\AppData\Local\Temp\is-0SBML.tmp\Zoom_Effect_Manager_2.0.1-x64_setup.tmp

Filesize
3.1MB

MD5
245f61a2418dbafa67413a98408c9155

SHA1
228003e1d4b3a305a0c131064105f9ca505803fa

SHA256
61e2e6f38f33c9aa4eafe9dbec0dc66991a34d36f0d00e9da518d2f0ffef25b8

SHA512
36c726c7c68057ee35a5957b6e2cbda90e7b89db1a51b8c8c2266345823e482b987039e2c93790aeff22e3ed4e6b68cd467f3a4bc850508d5d3cedaaa67475b4

Download Submit
memory/1320-62-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/1324-55-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1324-61-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1324-54-0x0000000076B51000-0x0000000076B53000-memory.dmp

Filesize
8KB

Download
memory/1324-72-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1828-87-0x000000000B980000-0x000000000B98A000-memory.dmp

Filesize
40KB

Download
memory/1828-88-0x000000000B980000-0x000000000B98A000-memory.dmp

Filesize
40KB

Download
memory/1828-74-0x0000000005480000-0x0000000005680000-memory.dmp

Filesize
2.0MB

Download
memory/1828-71-0x0000000005040000-0x0000000005480000-memory.dmp

Filesize
4.2MB

Download