Overview

overview

10

Static

static

URLScan

urlscan

https://github.com/a...

windows10-2004-x64

10

Analysis

  • max time kernel
    244s
  • max time network
    265s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-01-2023 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/aw1456810/Microsoft/raw/main/Microsoft%20Office%20LTSC%202021%20Professional%20Plus%20%20Standard%20%2B%20Visio%20%2B%20Project%2016.0.14332.20435%20(2022.12).zip

Score
10/10
raccoon4ee4e2ee5aa36d394f5d44408a602375discoveryspywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

4ee4e2ee5aa36d394f5d44408a602375

C2

http://168.119.60.182/

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com/aw1456810/Microsoft/raw/main/Microsoft%20Office%20LTSC%202021%20Professional%20Plus%20%20Standard%20%2B%20Visio%20%2B%20Project%2016.0.14332.20435%20(2022.12).zip
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4808
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe02a4f50,0x7fffe02a4f60,0x7fffe02a4f70
      2⤵
        PID:1520
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1672 /prefetch:2
        2⤵
          PID:3652
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2036 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4284
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2340 /prefetch:8
          2⤵
            PID:4632
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
            2⤵
              PID:3448
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
              2⤵
                PID:1464
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4300 /prefetch:8
                2⤵
                  PID:1548
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4692 /prefetch:8
                  2⤵
                    PID:3364
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:708
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5408 /prefetch:8
                    2⤵
                      PID:916
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1868
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4984 /prefetch:8
                      2⤵
                        PID:2116
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4936 /prefetch:8
                        2⤵
                          PID:2528
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4952 /prefetch:8
                          2⤵
                            PID:4464
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                            2⤵
                              PID:5012
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3996
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1564 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3332
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2796 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3452
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1592 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4684
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2364 /prefetch:8
                              2⤵
                                PID:2388
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5508 /prefetch:8
                                2⤵
                                  PID:2944
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1572 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4236
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3864
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4828 /prefetch:8
                                  2⤵
                                    PID:2720
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3756 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5008
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,16606141810153783822,16686278696947690855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
                                    2⤵
                                      PID:4644
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4484
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:3344
                                      • C:\Program Files\7-Zip\7zFM.exe
                                        "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Microsoft Office LTSC 2021 Professional Plus Standard + Visio + Project 16.0.14332.20435 (2022.12).zip"
                                        1⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious behavior: GetForegroundWindowSpam
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of FindShellTrayWindow
                                        PID:4388
                                        • C:\Users\Admin\AppData\Local\Temp\7zO42146D68\Microsoft Office LTSC 2021 Professional Plus Standard + Visio + Project 16.0.14332.20435 (2022.12).exe
                                          "C:\Users\Admin\AppData\Local\Temp\7zO42146D68\Microsoft Office LTSC 2021 Professional Plus Standard + Visio + Project 16.0.14332.20435 (2022.12).exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:1720

                                      Network

                                      MITRE ATT&CK Matrix ATT&CK v6

                                      Initial Access

                                      Execution

                                      Persistence

                                      Privilege Escalation

                                      Defense Evasion

                                      Credential Access

                                      Credentials in Files

                                      2
                                      T1081

                                      Discovery

                                      Query Registry

                                      2
                                      T1012

                                      System Information Discovery

                                      1
                                      T1082

                                      Lateral Movement

                                      Collection

                                      Data from Local System

                                      2
                                      T1005

                                      Exfiltration

                                      Command and Control

                                      Web Service

                                      1
                                      T1102

                                      Impact

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\LocalLow\mozglue.dll
                                        Filesize

                                        612KB

                                        MD5

                                        f07d9977430e762b563eaadc2b94bbfa

                                        SHA1

                                        da0a05b2b8d269fb73558dfcf0ed5c167f6d3877

                                        SHA256

                                        4191faf7e5eb105a0f4c5c6ed3e9e9c71014e8aa39bbee313bc92d1411e9e862

                                        SHA512

                                        6afd512e4099643bba3fc7700dd72744156b78b7bda10263ba1f8571d1e282133a433215a9222a7799f9824f244a2bc80c2816a62de1497017a4b26d562b7eaf

                                        Download Submit
                                      • C:\Users\Admin\AppData\LocalLow\nss3.dll
                                        Filesize

                                        1.9MB

                                        MD5

                                        f67d08e8c02574cbc2f1122c53bfb976

                                        SHA1

                                        6522992957e7e4d074947cad63189f308a80fcf2

                                        SHA256

                                        c65b7afb05ee2b2687e6280594019068c3d3829182dfe8604ce4adf2116cc46e

                                        SHA512

                                        2e9d0a211d2b085514f181852fae6e7ca6aed4d29f396348bedb59c556e39621810a9a74671566a49e126ec73a60d0f781fa9085eb407df1eefd942c18853be5

                                        Download Submit
                                      • C:\Users\Admin\AppData\LocalLow\sqlite3.dll
                                        Filesize

                                        1.0MB

                                        MD5

                                        dbf4f8dcefb8056dc6bae4b67ff810ce

                                        SHA1

                                        bbac1dd8a07c6069415c04b62747d794736d0689

                                        SHA256

                                        47b64311719000fa8c432165a0fdcdfed735d5b54977b052de915b1cbbbf9d68

                                        SHA512

                                        b572ca2f2e4a5cc93e4fcc7a18c0ae6df888aa4c55bc7da591e316927a4b5cfcbdda6e60018950be891ff3b26f470cc5cce34d217c2d35074322ab84c32a25d1

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                        Filesize

                                        111KB

                                        MD5

                                        635476ba97179ed1f65a51937106839d

                                        SHA1

                                        ea307b7bd87ac7f359dcd5fe7d3ade5646be0453

                                        SHA256

                                        26dd430db65f5799fb07bd3880e0535ea2af947813adcd58a87024915abb94fd

                                        SHA512

                                        1126868312114d86c47d4791fc1c49e99e7664308fd5cf8832af5c023817e863557cd523423db6c7b599e77f1f96a66ceea1a68914addb6f18d4049ce2d39881

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Temp\7zO42146D68\Microsoft Office LTSC 2021 Professional Plus Standard + Visio + Project 16.0.14332.20435 (2022.12).exe
                                        Filesize

                                        361.8MB

                                        MD5

                                        734122c3d13b7b8e116b6b1789a1cc92

                                        SHA1

                                        9b73cddb4f918b6f21faa6934798694df83e467f

                                        SHA256

                                        6a0e71072fb7e6a2ead20b2741c8088941ce2a59a9709954c3b492e5d491b14e

                                        SHA512

                                        e33c357bbb84f557f24eed4e9ac2f08f5c798fbd74ef172f1dfcabe7e88722c10be34e18180f390bdc9a6192067d6fc660657b1d6b34027a5566a2e13c903764

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Temp\7zO42146D68\Microsoft Office LTSC 2021 Professional Plus Standard + Visio + Project 16.0.14332.20435 (2022.12).exe
                                        Filesize

                                        367.4MB

                                        MD5

                                        77cc459acf572f454372598d286c5ec6

                                        SHA1

                                        e741113391277a746190dfe7556ce966688fdbd2

                                        SHA256

                                        75340b9c71224d8523d002901bf7b860d6bf6d2b57c21ebf54ba6381f18ec0e4

                                        SHA512

                                        8e616f02cad2bd3ba66018f3b1c0e8b38bf3bcb4e5f58da938a64e20027c6e8f6a1f0810ecaf5951ccb9074fb782425f11127059c48dbdac04cb4b6309099884

                                        Download Submit
                                      • C:\Users\Admin\Downloads\Microsoft Office LTSC 2021 Professional Plus Standard + Visio + Project 16.0.14332.20435 (2022.12).zip
                                        Filesize

                                        6.7MB

                                        MD5

                                        6e183f94962d291e6eee07859dcb2f49

                                        SHA1

                                        0f6f21dc150c4d4f07b2a2b40c89a81b51d0d1f6

                                        SHA256

                                        71bbddc9090ce297bac71cd9af048508edd0314698a83e03cecc4edf11331d8c

                                        SHA512

                                        c8f900b42715db5973b9dd794c13b379381ef0e13665060fa409d2eb80a48dcd38f4e87f6d52d99ee08094c3650b2fbcaef55a7c672e76bba8fc8071023e4220

                                        Download Submit
                                      • \??\pipe\crashpad_4808_XIQNACKYCQACWXHW
                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        Download Submit
                                      • memory/1720-134-0x0000000000000000-mapping.dmp
                                        Download
                                      • memory/1720-137-0x0000000000400000-0x0000000000DAF000-memory.dmp
                                        Filesize

                                        9.7MB

                                        Download
                                      • memory/1720-143-0x0000000000400000-0x0000000000DAF000-memory.dmp
                                        Filesize

                                        9.7MB

                                        Download
                                      • memory/1720-144-0x0000000000400000-0x0000000000DAF000-memory.dmp
                                        Filesize

                                        9.7MB

                                        Download