0c334c808c3f5b3dbbaa07847b370a84c0228af53005cb6420a3151a32ddd015

Resubmissions

14/02/2023, 18:11

230214-wstyasee8t 7

14/02/2023, 18:03

230214-wm3cgsfb33 1

14/02/2023, 17:47

230214-wdbheaed7s 6

Analysis

max time kernel
905s
max time network
908s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14/02/2023, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3cf52689d6f1e14cb5465a71f0ee7021abcb23748357402db53fb04df020da5
Size

1.5MB
MD5

f14c3274dad7bfc80b5ca15d99c10927
SHA1

622c7a39c64ce43edcdc6bb316b446244c00879a
SHA256

f3cf52689d6f1e14cb5465a71f0ee7021abcb23748357402db53fb04df020da5
SHA512

23382ec77a1a22ed0df5972c4487972adf8b38cb1b4eeca52e63e5cd8e23620830456bc253d48cbb650e88f151050c72334025848a267a8af95f6c3085bb491e
SSDEEP

49152:Do8eGalAsGPnBprM8Pvzo8b3kjQORxshYmkrM8PvP:k8eGjssnBnvU8b0jQORx4YHvP

Score

7^/10

Malware Config

Signatures

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk	ONENOTE.EXE
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk	ONENOTE.EXE

Loads dropped DLL 1 IoCs

pid	Process
768	Setup.exe

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BUSINESS.ONE	ONENOTE.EXE
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\DESIGNER.ONE	ONENOTE.EXE
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\PLANNERS.ONE	ONENOTE.EXE
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\ACADEMIC.ONE	ONENOTE.EXE
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\BLANK.ONE	ONENOTE.EXE

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	ONENOTE.EXE

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\MenuExt	ONENOTE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	ONENOTE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	ONENOTE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	ONENOTE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar	ONENOTE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	ONENOTE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	ONENOTE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	ONENOTE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	ONENOTE.EXE

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.0\0\win32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONENOTE.EXE\\3"	ONENOTE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	ONENOTE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E2E1511D-502D-4BD0-8B3A-8A89A05CDCAE}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	ONENOTE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4A6D-83F1-098E366C709C}\1.0\ = "Microsoft OneNote 12.0 Object Library"	ONENOTE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2A7EE29-8BF6-4A6D-83F1-098E366C709C}\1.0\0\win32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONENOTE.EXE\\2"	ONENOTE.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0EA692EE-BB50-4E3C-AEF0-356D91732725}\1.0\ = "Microsoft OneNote 14.0 Object Library"	ONENOTE.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	676	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	676	AUDIODG.EXE
Token: 33	676	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	676	AUDIODG.EXE
Token: 33	1892	ONENOTEM.EXE
Token: SeIncBasePriorityPrivilege	1892	ONENOTEM.EXE
Token: 33	1892	ONENOTEM.EXE
Token: SeIncBasePriorityPrivilege	1892	ONENOTEM.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1892	ONENOTEM.EXE

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1892	ONENOTEM.EXE

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1620	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE
1924	ONENOTE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1892	1620	ONENOTE.EXE	40
PID 1620 wrote to memory of 1892	1620	ONENOTE.EXE	40
PID 1620 wrote to memory of 1892	1620	ONENOTE.EXE	40
PID 1620 wrote to memory of 1892	1620	ONENOTE.EXE	40
PID 1924 wrote to memory of 1060	1924	ONENOTE.EXE	45
PID 1924 wrote to memory of 1060	1924	ONENOTE.EXE	45
PID 1924 wrote to memory of 1060	1924	ONENOTE.EXE	45
PID 1924 wrote to memory of 1060	1924	ONENOTE.EXE	45

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\f3cf52689d6f1e14cb5465a71f0ee7021abcb23748357402db53fb04df020da5
1⤵
PID:1972

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x154
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:676

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE" "C:\Users\Admin\AppData\Local\Temp\f3cf52689d6f1e14cb5465a71f0ee7021abcb23748357402db53fb04df020da5.one"
1⤵
- Drops startup file
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
  /tsr
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1892

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE" "C:\Users\Admin\AppData\Local\Temp\f3cf52689d6f1e14cb5465a71f0ee7021abcb23748357402db53fb04df020da5.one"
1⤵
- Drops startup file
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
  /tsr
  2⤵
  PID:1060

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding
1⤵
- Loads dropped DLL
PID:768

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e521f6159b3842d66d1d149c19337794

SHA1
b8660a5ba16a7b5638e675867f22e2c6c19dc440

SHA256
cbd80709494bd1be7b826ad11ecf96e2cc4a0d0e0d7ef51c8127773f8c852f5a

SHA512
f6e7ee8964a9391b64badb7089b728f5ee73454c91bd32f83ec5cdbcc8c433f22cf474747d65674d57f31f08de2d415375ac9e8954ee8c3d6d1e18a15b1d4c48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79364a504a40f37a09daa75ae3d38287

SHA1
eb88dccfcd5bbcf51bf7ab531134de7d1e87c026

SHA256
a184124001e5bf71c567191784933b2686c344555d34dfc80c800a8816d31c37

SHA512
cad98ce0bf711dbe8caba8f821b0c8bc900edb2fd01988154d759b3ee8e69b190dcdc18e8c593b99e748c8440cd931bbb498a3ec0aff60b7d4ac9eaf56c26e14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce85cb805df8d9183d8dc6e6aa29b5aa

SHA1
f24ed6926df3e2ebc2c00d30be0b104f01fd91e2

SHA256
d05018965a4380ac80b93704d3744f466c4c8bd8fc806d7c5ca514704a3b0e4f

SHA512
3d8aeaad9a394e324a64b7086137b86011fc7e51181438bf34c844ae153d51e78ac372a798fb408e6f9de4077cd499accf590d065457b1b9487f617d7ca79663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache.onecache

Filesize
20.0MB

MD5
3d2bf4f0a0ad5d7650f00f4f2a441eea

SHA1
8a1998c82a2e9a29c54cec6b16dc611476c8b9e8

SHA256
34f1f0b2d21d3514d434f25a29f7d67941e908f1088b6166fcf5db9debbc5272

SHA512
8da4f70c0c3c54dd2cef802faaaa211536fd8e5f239ea62478b6b389ce36afcaf50d50074d695fab7ae8d3c9906bf943e3c1c31dd5134b998e5161c3949af99c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\03809a07-348b-48cc-b08d-f7b8472c133c.png

Filesize
5KB

MD5
64abf26631e44fc132402dac390ee4bc

SHA1
4bdd6ab584488cfbfcfa07a46e9f9e2975e390cf

SHA256
6c44be83448651ec7e0fd053be9832f33c2849011fbf59ce7cea6718651c68a2

SHA512
f6bbe0bc85b027d56d69f13f536cd57c397e0163ecd265890c9382ee74aeb6f118fc256ad232ce9f8e19227adfcd13f53451f770d652d8dcc5d1a7b8d687c1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\1e81fb27-0aa3-4b11-a764-0d9e7e3272ea.png

Filesize
10KB

MD5
d673f8d09e4d1f642262770a3c8cc9ce

SHA1
90aa1668423298a6c1b0d582d7dc783ad20a42d7

SHA256
926735f7f083511fa2e535b13eea70997ef00f814b231e611c54e5c1e3c9d0d7

SHA512
a044aec4cd11d269848c738e7ace01e1fa93e9547a8667685699fabd142d8c5f7fbe978f5597dbcc82735203ea7458fc9c788f4fed05b53463101d140700fb9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\62e3dfa2-4350-445b-8693-d1d04a74543c.png

Filesize
37KB

MD5
c5c4a733b642fa42d9f94c8d47306ab8

SHA1
9ae2873256eb2d8b516039c94c0db2ca438935fa

SHA256
a4c554387c99e9011b5b62a117ce0e6998ca41386065cbe7961be3c027bbbf6c

SHA512
89bb814affacf7479ad155df646d3e6dc17ea34f14621842b4bd8a9be35ab42a962ebae41f407954df2e3b971a35cafa8e24dfed46e6acca4992d5f7e4f10b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\7dceec06-0991-43f4-8af3-601c0ebeb910.png

Filesize
163KB

MD5
07570999070082eb2c331fd142e52c38

SHA1
dc6d4c3ce8891dfa0db3091d10ea4042053f44e7

SHA256
8f83217424c1d50df4b5e5aea78ac01be6c5ad3e30d8f35ef74658a2c7529960

SHA512
7caa540b0e9c519e36bdaf3a84d8aad61f9c9134aa4d8af05d23dfaef60c5185e664e62fe78366e650a0d5c52b86be8760a18ecfd04545ceaaa2872b4c630f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\a507cd65-0038-49e4-8cdb-b6082f566351.png

Filesize
10KB

MD5
6366cb8aac9ca1668c70e9de4bc79388

SHA1
78b1ebd6669c67f4279e8d2baea229eb2fc71178

SHA256
21e68aaa77e4c5877b0ee5169347fe546cacde09bf8f432ecd72d1a69663bd3a

SHA512
cdf9a5f93e7c000eab511ab7bf6f6a6ba45e22ac34ecc2f24ea9cc591edc5c3a00b2ac121cf5664979577557bba55109e03f4005b0b0cdc475d3a75b3a3fef54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\b2a67a4a-c116-4c88-9fd1-c5b9a23d7929.png

Filesize
68KB

MD5
fabf6770b25c633a748ed6f3342f06e0

SHA1
a22a7059247b42cb63ec30720e1cf845e998ea02

SHA256
bd5d1f97a3f38c3a7ca63106d48d5a26aaf18aa4fb9ebf7439a0d8af0fbfed75

SHA512
e18f27b0c360ad7f82616341cdc4194aacd140a94061b11b5c9145f2bf2cabfafa3b0072a08fa1f32296b1a0e2221a4933c8bf2f59668221e70b786a64083eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\bb4e150b-7e2a-4556-81dd-590d7ab07dda.png

Filesize
9KB

MD5
dce030379821650125df797b9b3d4f29

SHA1
84dd28941e9d06d7de009d039a838394945be43f

SHA256
accfedb156a89607216ac18dd30aafb953b375b42c03b5e3e690d62d8e96a8ed

SHA512
abacc91ef043e3de767662923027af9cc496d4d801f34f4a5adcea01474709ea437d1019f9552a5287a13b571569f0cf2ed8c20ca53ef574a80a9b3e0ced1183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\e29a7eaf-32ad-400c-9927-05c358358ffc.png

Filesize
45KB

MD5
168af03dd94b6421cae3c621ce2de984

SHA1
6dd0c8e6ee2d6e6778219715bf1c90dafeedf25c

SHA256
9839be2d8c2ca55d4d7798e531ef9fab6dbdad6fd3892f36c7b09b3e46f99799

SHA512
c58f7625342ca1e6dcfa9cb41529d1464e39a44515e87292c2a9c9ca3dfd0176b74ef62ad952a1a121715e23349baaae1d2b1ed8e2448fd61142e77c5127183f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache_Files\e51cf594-e321-4d1c-88e7-df9cde80904c.png

Filesize
11KB

MD5
4628e2021534f066014ea107a7f3246f

SHA1
55aa9cb9fd939c4d9c36e4cafbea10dc79c0dd6c

SHA256
49090a3e4f6a8e39b0b09f6f5534e2ac1908f426253d92f6091dd5bceb692b05

SHA512
7860a8786784ed5d0da1919cf1b2aceb59d9516fae1fe16010f5458f8b526e9643c1080ce26472a368b5ac41af7dba3c80f4ab7bfb26bb4b4c21448f96185638

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat

Filesize
23KB

MD5
f8728e08c056028c92111f4228098ca6

SHA1
43d866ae254558649a9cdca985d75d153dc3a92e

SHA256
372f219e1d05a57e198fac02082b3913effc31e85fd78154dd9680f4d6ffe5f3

SHA512
39c37e1e5118f8a221dbed6f94b9b5c27e28c84754ae53e1621ceea940d9727db55f830a1b2823d6a8cdfe2c91e3332884f2f7356959bcb3f28d6302c9b2a79f

Download Submit
\Users\Admin\AppData\Local\Temp\Setup00000300\OSETUP.DLL

Filesize
5.5MB

MD5
fcc38158c5d62a39e1ba79a29d532240

SHA1
eca2d1e91c634bc8a4381239eb05f30803636c24

SHA256
e51a5292a06674cdbbcea240084b65186aa1dd2bc3316f61ff433d9d9f542a74

SHA512
0d224474a9358863e4bb8dacc48b219376d9cc89cea13f8d0c6f7b093dd420ceb185eb4d649e5bd5246758419d0531922b4f351df8ad580b3baa0fab88d89ec7

Download Submit
memory/1020-54-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp

Filesize
8KB

Download
memory/1620-61-0x000000007338D000-0x0000000073398000-memory.dmp

Filesize
44KB

Download
memory/1620-58-0x000000007338D000-0x0000000073398000-memory.dmp

Filesize
44KB

Download
memory/1620-57-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download
memory/1620-56-0x000000007338D000-0x0000000073398000-memory.dmp

Filesize
44KB

Download
memory/1620-55-0x00000000723A1000-0x00000000723A3000-memory.dmp

Filesize
8KB

Download
memory/1924-76-0x0000000071A4D000-0x0000000071A58000-memory.dmp

Filesize
44KB

Download
memory/1924-62-0x0000000070A61000-0x0000000070A63000-memory.dmp

Filesize
8KB

Download
memory/1924-65-0x0000000071A4D000-0x0000000071A58000-memory.dmp

Filesize
44KB

Download
memory/1924-86-0x0000000071A4D000-0x0000000071A58000-memory.dmp

Filesize
44KB

Download