65f6db133f2f42cfc1ce369cf2329d9cd3e8a3f49eb0f079f920ef33fd0d183c

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tesseract-ocr-w64-setup-5.3.0.20221222.exe
Size

50.9MB
MD5

bbf73aaf410fa8dfa25ce6b3cfffefa9
SHA1

0174f12f8113de61b06384dff42bedf57cb46520
SHA256

65f6db133f2f42cfc1ce369cf2329d9cd3e8a3f49eb0f079f920ef33fd0d183c
SHA512

7bcb98dea5514fecda7201e21bae3c01cbf2bc2d90793afe2acb0887afa575f42aa85ac0bc949643ae9b9b46238b75efd1c9da310a8293cd638e47dc195383e9
SSDEEP

1572864:QwIkIiUsP9WGQDiYN+1I0dDHS9XsmQtN3TkKqW29OhIx:al2P9WdY1I0dbS9ZQjTkKqWMOSx

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 4 IoCs

Processes:

tesseract-ocr-w64-setup-5.3.0.20221222.exe

pid	process
1288	tesseract-ocr-w64-setup-5.3.0.20221222.exe
1288	tesseract-ocr-w64-setup-5.3.0.20221222.exe
1288	tesseract-ocr-w64-setup-5.3.0.20221222.exe
1288	tesseract-ocr-w64-setup-5.3.0.20221222.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 4680 firefox.exe
Token: SeDebugPrivilege 4680 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

4680 firefox.exe
4680 firefox.exe
4680 firefox.exe
4680 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4680 firefox.exe
4680 firefox.exe
4680 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4680 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	4680	firefox.exe
Token: SeDebugPrivilege	4680	firefox.exe

pid	process
4680	firefox.exe
4680	firefox.exe
4680	firefox.exe
4680	firefox.exe

pid	process
4680	firefox.exe
4680	firefox.exe
4680	firefox.exe

pid	process
4680	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 4680	4332	firefox.exe	firefox.exe
PID 4680 wrote to memory of 4200	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 4200	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 648	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3156	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3156	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3156	4680	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\tesseract-ocr-w64-setup-5.3.0.20221222.exe
"C:\Users\Admin\AppData\Local\Temp\tesseract-ocr-w64-setup-5.3.0.20221222.exe"
1⤵
- Loads dropped DLL
PID:1288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4332

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.0.2064284945\372408065" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {834c1d4e-0326-4189-b065-9d6192bc7bf9} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 1916 152103e7558 gpu
3⤵
PID:4200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.1.838233209\1291074063" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {105bdd79-f04f-4667-afd6-4d699a12a28f} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 2316 15203572858 socket
3⤵
PID:648

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.2.141034038\222204512" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2972 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dade392b-671a-4446-8599-1c7b0343cfc7} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 2884 152141d9458 tab
3⤵
PID:3156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.3.6910526\725987454" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0591f15-4386-452b-9513-0183c607b0e1} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 3500 15203571c58 tab
3⤵
PID:3024

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.4.488894478\1708583312" -childID 3 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70bacd0c-3e16-4ece-8d7c-50ca6161b8eb} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 4012 15203561658 tab
3⤵
PID:4804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.6.1714768119\2069613585" -childID 5 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea31bdf0-b354-4b3b-afba-6c77ce2767ec} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5168 152164e6d58 tab
3⤵
PID:4308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.5.740649572\1619178139" -childID 4 -isForBrowser -prefsHandle 4876 -prefMapHandle 4744 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac834be4-6257-42ac-af60-53e9e2c3e8ae} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5008 15215d55e58 tab
3⤵
PID:3976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.7.1563361696\1931931460" -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ea766de-e4f5-4a83-b600-081c2ca3ef78} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5400 1521655ab58 tab
3⤵
PID:1312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4680.8.1891831065\1290724195" -childID 7 -isForBrowser -prefsHandle 5812 -prefMapHandle 5824 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c3ea78b-3fc2-43fe-80f5-0e21a4f35269} 4680 "\\.\pipe\gecko-crash-server-pipe.4680" 5836 15212b4a658 tab
3⤵
PID:3736

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
Filesize
151KB

MD5
fc225406f7ee6714c0f273f43009f3c1

SHA1
0de6b67c70456b4cb902652bda3459489397d8b7

SHA256
65364f1ed2f5f2c5d4bed20bc6323518cb731a7e232fdc0c22dfd57571708d1e

SHA512
f8c99c3f4bf2c770ada9b5495826ec5bde1ebf6244fb4951b7a29e06312153ab17098bd8e7acc5dd262f89687efb575108e03c538a6d03559b5364b50cf242e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi7788.tmp\LangDLL.dll
Filesize
8KB

MD5
2ac83ff9f2eb44ee250e2007423f7784

SHA1
d7fe9e3db03a24b603a4a61ec287fa2c1073d364

SHA256
1f9ef3943d58dd80a774a5a81578b48bc90f494025e71f6e40ef7def3a06ddf2

SHA512
0aebd903e1a77bec0fac7a1f2ad88e57b9bcb07b351907164f4e674150f1c02807b7667b6fc04fd1e5b27607bbfa87cc179b03f10762b4bb781a3dfbed6c97bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi7788.tmp\System.dll
Filesize
31KB

MD5
dab726bff7cb0f079d232b2c4d0efd8d

SHA1
4d0ebe0facbb66c9c03e3f6b5beb411cb75d9ec9

SHA256
9d46463e1925bf29cd86c7a56ccf540f1eeef3cb50064a222b84703436cd7e8c

SHA512
6aa6097777afdcb073b8fc8ace1a244ac9215ec152720d8b4a32f6196181b135a900491c7fea72bf1df9ed69e51b90cd21eca4ed902d8503d0b1b04c162a2162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi7788.tmp\UserInfo.dll
Filesize
7KB

MD5
d45e6d34a3db2f350fa56b066962c8fe

SHA1
354987e974561a9ee397877432cbb35363ac4e67

SHA256
67ae64f52d6d84407820d09304fb12f5808e8caf332f6092bd0a722ec5977894

SHA512
e0bf5810a74f447a04c16625e21e6aae1cf65886d26cef0ed747c8ec4b107229573ad58ee5fbc2c034c6d16d7cb71ce4534515ff843457cb37b7490f44657b8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi7788.tmp\modern-wizard.bmp
Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi7788.tmp\nsDialogs.dll
Filesize
14KB

MD5
494c8f9c6a5fc302e8b50f05ef9aeb8c

SHA1
75fe258210f0989a7afaecd42e45841d076dc8b8

SHA256
e9ab864697d454cd4a85abf38ec4236ee56ddd0c59f9422ae1e774b9487f132d

SHA512
363780eeded89bd720addb11ef42893d13852fe1c446305cbda73cf994da6848338458f2da4eafa42857533e6fc30e24f6db3b36df5f7cc51b9307010ddfa401

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
51506a7656ca5cbf32a607927f2a6c02

SHA1
2f9bb3ba5d72e60c1c846ffe2762b84bd633f653

SHA256
eaee65e722f9faaeec11641cc69c13c14d8e7cc179129a925d2f1aa030cacff0

SHA512
987fe6746a5ff041c402ece0905eda43f92d3a3a67ea2e38bbfa361a28f14854f6c0e80a31d07c310c5b9dcddd48341dbcd0121e8af8b3e7d0727eafaf8e84cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
fae872dab7a8e3581d11023f82999766

SHA1
a6b460d8218e65f22235c580c4561dc62834ce44

SHA256
e845dd3063004e29a1c24ef0940eb2ad7bea4e3e372c9c1322ae8bb4f6029bff

SHA512
b6849fff78a7c03dacfcf65e74f3c8aa052f1b73f4c8d7207397a42a02fc0997e98f8fc48fcfda9857345ded6d67a377880a5da6b5a67deee5d6ef5e06935b59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
Filesize
6KB

MD5
1984b45f201f1fd79d2154406648433b

SHA1
42f082dc6d4d43333688690bf4dfa7c7f8b618ab

SHA256
000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

SHA512
e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
1fefc1cd174cd5ea531bbb3285ed1503

SHA1
4eae77221d0a78437c8b5399add5e7b57aa3526f

SHA256
523165c83614a149279833a43535e827f6a27c8e07eb5c5a2062ea3667322c80

SHA512
97388b52242afb7c1a4c7edd53f59b10fe94bfb23ccafd488f616f3b7339e079a85eced650d88673cdcf38966b55d3c1932b8f20b7a8e31f0337930953e38b52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
a143f20ea5c753713a27b108fc1d94d8

SHA1
ac08274b16faeec1f9c6eb048850531057a912cc

SHA256
fdd71abcec2cdf0dd07b5ff65066928c9c8d43cca95af0f2da814fa691f71b67

SHA512
98472b9f31c11add5477b352fe83343b34f5de557daf5bdd47e37e4658a391101a9cc4bcba8db5880961f02112641c4b949e75be55fb0bc8178e3b379b4b89f9

Download Submit
memory/1288-158-0x0000000074C80000-0x0000000074C90000-memory.dmp

Filesize
64KB

Download
memory/1288-137-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1288-197-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1288-159-0x0000000074630000-0x000000007463C000-memory.dmp

Filesize
48KB

Download
memory/1288-138-0x0000000074C80000-0x0000000074C90000-memory.dmp

Filesize
64KB

Download
memory/1288-157-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download