hxxps://imoib[.]ru/training/course/1115

Analysis

max time kernel
31s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
01/03/2023, 11:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://imoib.ru/training/course/1115

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133221480142834182"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4064	chrome.exe
4064	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe
Token: SeShutdownPrivilege	4064	chrome.exe
Token: SeCreatePagefilePrivilege	4064	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe
4064	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4964	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 448	4064	chrome.exe	84
PID 4064 wrote to memory of 448	4064	chrome.exe	84
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 2116	4064	chrome.exe	85
PID 4064 wrote to memory of 4452	4064	chrome.exe	86
PID 4064 wrote to memory of 4452	4064	chrome.exe	86
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87
PID 4064 wrote to memory of 2064	4064	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://imoib.ru/training/course/1115
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6f2c9758,0x7fff6f2c9768,0x7fff6f2c9778
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:2
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5196 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:8
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3888 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5192 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1788,i,8213730624327664379,12538914135552959523,131072 /prefetch:8
  2⤵
  PID:1800

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4276

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4964

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
56KB

MD5
eac3e9e31b3d1530dd82d2f86b857826

SHA1
909344515aa194c50eb90bc0f80e7440c0bfbac9

SHA256
9e651ecbfe861c3ef5481f88cafc7de9e646664e91d4b408ee8ee7c7b9b5b230

SHA512
31ed19bd736eaebafc54ab20b90da0a5caf1dccf9cbad5b593159658947f622a8f188e1bfe6f899905963c0fb46ecad467a9dc204157c9ae24c567b093a82905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
ece6c4bcbad0dd2e314d8514f98b39f3

SHA1
ed876cc759c002dfaba927104711853a78421032

SHA256
705ca34ada3da4966677562983d7688c90e5c39d0f173dfb66ac059144f426dd

SHA512
42db3c6ee0160dbab10d9f61446917aad1b0de60b7386c8e5d5f2eae5e027146cb68a507a7e774a19f08bed765071521c14d1ac943cace73e59950efe3d5495c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
694b818b6929bc84ae262fb46744c026

SHA1
3a9758a5ded7b9936b9b28f9ecefb411658aceec

SHA256
7cd7d69bab17983c71eebed66b62fa9a251a90604cc5b4267e31f8dc91fd23fc

SHA512
d04f5f9c89aaf824440e092e0314415ed60d483856f537d2d24511648aae9290c74d219141cf36c68f9c2e10ecf22687988463ec0b3cedc8cddc4eb37c2c36d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f06b8ec94ca793d2b4c4ad72b5dd68dd

SHA1
325cbdee378fe138570d40679a5974a5cd250c57

SHA256
77d8bf0e62988fc28776332371288826cd2e9272896f044852048da0027e531c

SHA512
2d5fada8a0440c7f6c2cb432a10af0f49dea0cb12cf45012aaab29211c40a88806001b6e386a3ce29591a559b5dea8d89ebaa291181806f5e8560dca16782ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4590b6ecf8e62bbd382f74f603791bdc

SHA1
5927b530ad4c7cd36e9138b8461d00c1f8d9e6da

SHA256
f170e7e97808a1439bd522ea98aa1b864cf30c4fde2da81c692a90009bb54db3

SHA512
05eaf95aaa6bd2f38cde75021009ef45de5e5901f451fc0d98ee028153d2044a096b8021f7fb3d5eaf784e1858dbed951ad0e2740cadd9ee6e40ad907fd02e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
141KB

MD5
2a1e220a3931feeb5c85b9b566ede697

SHA1
54eab87a159188805e9b44813f28c171f417106f

SHA256
aa5fef32b0f7ec41155c9cb78f33867a05417034a2b843381a86907e7d0799e8

SHA512
1645d9922a0a99628bfb820171b58b6d92fe16fe1bbe4ca37e92537145a31abe7648d175d39afdcfaa2df5c537ff30542287fe0c1d5db11fc9c962f69e90a4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/1140-188-0x00007FFF8CC10000-0x00007FFF8CC11000-memory.dmp

Filesize
4KB

Download
memory/1140-189-0x00007FFF8D320000-0x00007FFF8D321000-memory.dmp

Filesize
4KB

Download
memory/2116-136-0x00007FFF8DC70000-0x00007FFF8DC71000-memory.dmp

Filesize
4KB

Download