3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9

Analysis

max time kernel
42s
max time network
38s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01/03/2023, 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
Size

20KB
MD5

4bd60f1b3463985964e0c1a4a5b2dd14
SHA1

440008219d6a344936cb49206b79664dd333a307
SHA256

3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9
SHA512

4c9666f0e9b36cb6a995bf2d4341b8e6fd17bfddd32658f83379da08912207569dce45f64d76c5c557abf8359b31a90bcdd907f4cda8c0128a8d481b2b7875d1
SSDEEP

48:yqS3foSm+p47EF9YS1GYFzf3sFzRpP4oyl1vgclVKsKtN:1SXp47I9YSEgzkzzP4oynP

Score

10^/10

evasion trojan

Malware Config

Signatures

UAC bypass 3 TTPs 3 IoCs

evasion trojan

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0"	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1520	k4.exe
1284	Process not Found

Loads dropped DLL 4 IoCs

pid	Process
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1112	mmc.exe
1284	Process not Found
1284	Process not Found

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 33	1112	mmc.exe
Token: SeIncBasePriorityPrivilege	1112	mmc.exe
Token: 33	1112	mmc.exe
Token: SeIncBasePriorityPrivilege	1112	mmc.exe
Token: SeLoadDriverPrivilege	1520	k4.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1112	mmc.exe
1112	mmc.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 624	1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe	30
PID 1108 wrote to memory of 624	1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe	30
PID 1108 wrote to memory of 624	1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe	30
PID 1108 wrote to memory of 624	1108	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe	30
PID 624 wrote to memory of 1540	624	cmd.exe	31
PID 624 wrote to memory of 1540	624	cmd.exe	31
PID 624 wrote to memory of 1540	624	cmd.exe	31
PID 624 wrote to memory of 1540	624	cmd.exe	31
PID 1112 wrote to memory of 1520	1112	mmc.exe	33
PID 1112 wrote to memory of 1520	1112	mmc.exe	33
PID 1112 wrote to memory of 1520	1112	mmc.exe	33

System policy modification 1 TTPs 3 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0"	3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe

C:\Users\Admin\AppData\Local\Temp\3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe
"C:\Users\Admin\AppData\Local\Temp\3f9b441a175a193c1cabb3a9ec897659e0ec44dcdef27bf4e3b6a172a97d50d9.exe"
1⤵
- UAC bypass
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1108
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:/Users/Public/Documents/2022060128.vbe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:624
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\2022060128.vbe"
    3⤵
    PID:1540

C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe -Embedding
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Users\Public\Documents\k4.exe
  "C:\Users\Public\Documents\k4.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\setting.ini

Filesize
13B

MD5
0500175d0546cf7641d4bbb386acf5d8

SHA1
525881f9d3f19477f7560609e0806dacfada99c9

SHA256
a3bf48d17c8f3537b3b459ae7fcf9c554771c3a5523d0de7c229fe12ca93ce22

SHA512
21243c4ae3cfe932f483e887bc55f75df2db18623ecc52e5e016b3aba645fa8de2d0b428a7518b4a28842166b6769537ac4937772380a051836301a24a01782d

Download Submit
C:\Users\Class.dll

Filesize
900KB

MD5
7e43b8e8db51e99ed8dd5fa78899c1f0

SHA1
12aafcd74f64a9df87e5a2a32091e0ae8d1ba205

SHA256
ffb05670c59ee21b82df879323f36ea1a93a65851994b7735561ed68e9012d99

SHA512
cb079548b68471032af232b25ee4692c34e80eedb9c58c71b18b1a72d80bab5feb44ed27e5d0d12b742eebfed9639f8003322ddd1a6158a6cb9966770a95d794

Download Submit
C:\Users\Public\Documents\2022060128.vbe

Filesize
178B

MD5
19dcd917cf91e2f9bc6fef28a04adb08

SHA1
715c433ca6bc8df6def5adfe14320e28a4bf7052

SHA256
0db905ac801366af61ffdd829ecb3a89bcefc9538059ca37ea62161a6d4ca74e

SHA512
40df6373bfe3d859d43920d2d6ecc554272028374d4188b43e9d05435863ee99c43e0595d4c8be9198cc5da72093176d86029a414f9020aba264a5daa36e0a0c

Download Submit
C:\Users\Public\Documents\2022060128.vbe

Filesize
178B

MD5
19dcd917cf91e2f9bc6fef28a04adb08

SHA1
715c433ca6bc8df6def5adfe14320e28a4bf7052

SHA256
0db905ac801366af61ffdd829ecb3a89bcefc9538059ca37ea62161a6d4ca74e

SHA512
40df6373bfe3d859d43920d2d6ecc554272028374d4188b43e9d05435863ee99c43e0595d4c8be9198cc5da72093176d86029a414f9020aba264a5daa36e0a0c

Download Submit
C:\Users\Public\Documents\k4.exe

Filesize
892KB

MD5
33e29221e2825001d32f78632217d250

SHA1
9122127fc91790a1edb78003e9b58a9b00355ed5

SHA256
65d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d

SHA512
01d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93

Download Submit
C:\Users\Public\Documents\k4.exe

Filesize
892KB

MD5
33e29221e2825001d32f78632217d250

SHA1
9122127fc91790a1edb78003e9b58a9b00355ed5

SHA256
65d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d

SHA512
01d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93

Download Submit
C:\Users\Public\Documents\nnm.lnk

Filesize
1KB

MD5
a0f63fb66b28ebb350ec2d349e2d227b

SHA1
2d4c88e3b973d2f43c7c5246cb03bbbda3030a6b

SHA256
9754145aa75a07444aeeb0ef3a7acdeb2254edf1212cb9b3b52c633e7ae0c1e9

SHA512
6c69f1788b0ea7979d0462de84f336edd9c0b80e8c33a724079c33f5c10f87bce29b34b8aebc20011def6ee93b827ccfded73f55bbcc521da842d76476a89e2a

Download Submit
\Users\Class.dll

Filesize
900KB

MD5
7e43b8e8db51e99ed8dd5fa78899c1f0

SHA1
12aafcd74f64a9df87e5a2a32091e0ae8d1ba205

SHA256
ffb05670c59ee21b82df879323f36ea1a93a65851994b7735561ed68e9012d99

SHA512
cb079548b68471032af232b25ee4692c34e80eedb9c58c71b18b1a72d80bab5feb44ed27e5d0d12b742eebfed9639f8003322ddd1a6158a6cb9966770a95d794

Download Submit
\Users\Public\Documents\k4.exe

Filesize
892KB

MD5
33e29221e2825001d32f78632217d250

SHA1
9122127fc91790a1edb78003e9b58a9b00355ed5

SHA256
65d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d

SHA512
01d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93

Download Submit
\Users\Public\Documents\k4.exe

Filesize
892KB

MD5
33e29221e2825001d32f78632217d250

SHA1
9122127fc91790a1edb78003e9b58a9b00355ed5

SHA256
65d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d

SHA512
01d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93

Download Submit
\Users\Public\Documents\k4.exe

Filesize
892KB

MD5
33e29221e2825001d32f78632217d250

SHA1
9122127fc91790a1edb78003e9b58a9b00355ed5

SHA256
65d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d

SHA512
01d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93

Download Submit
\Users\Public\Documents\k4.exe

Filesize
892KB

MD5
33e29221e2825001d32f78632217d250

SHA1
9122127fc91790a1edb78003e9b58a9b00355ed5

SHA256
65d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d

SHA512
01d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93

Download Submit
memory/1108-502-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-510-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-477-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-471-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-478-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-479-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-481-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-482-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-480-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-483-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-485-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-484-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-487-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-486-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-488-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-489-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-490-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-492-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-491-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-493-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-494-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-495-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-496-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-497-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-498-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-500-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-499-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-501-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-475-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-503-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-504-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-505-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-506-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-507-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-508-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-476-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-509-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-511-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-512-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-513-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-514-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-515-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-516-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-517-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-519-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-518-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-520-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-523-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-521-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-522-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-525-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-524-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-526-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-527-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-528-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-529-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-530-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-532-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-531-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-533-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-1490-0x0000000003360000-0x0000000003460000-memory.dmp

Filesize
1024KB

Download
memory/1108-1492-0x00000000034A0000-0x0000000003621000-memory.dmp

Filesize
1.5MB

Download
memory/1108-4853-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-4858-0x0000000003870000-0x0000000003971000-memory.dmp

Filesize
1.0MB

Download
memory/1108-474-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-473-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-472-0x0000000003750000-0x0000000003861000-memory.dmp

Filesize
1.1MB

Download
memory/1108-65-0x00000000771C0000-0x0000000077207000-memory.dmp

Filesize
284KB

Download
memory/1108-64-0x0000000010000000-0x00000000100E1000-memory.dmp

Filesize
900KB

Download
memory/1108-4887-0x0000000003360000-0x0000000003460000-memory.dmp

Filesize
1024KB

Download
memory/1108-4888-0x0000000003630000-0x00000000036D1000-memory.dmp

Filesize
644KB

Download