42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 10:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Size

1.0MB
MD5

f4d0f9cc9b9feb6ab64870007bb73571
SHA1

93e665ae9ecde5b8eb4d49d70b662cca0f03a947
SHA256

42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69
SHA512

091a65f2e6d4177684bb168839ac451c8fb66d92aea1f6b689aa06c24433e12d02b0d787d3b9ec18f3379c072cc2964aefb57327f4057d23d69542ac0f75a620
SSDEEP

24576:ceRKWJCRIHZ3NBnQOrPHXyJ8LApDg/bKVYOZg3oqP9:ciKcy4Z3QmP9LqGEgYm

Score

7^/10

collection spyware stealer

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apple-music-converter.vbs	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe

Loads dropped DLL 1 IoCs

pid	Process
2900	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Accesses Microsoft Outlook profiles 1 TTPs 35 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key opened	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2080 set thread context of 2900	2080	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe	28

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2900	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
2900	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
2900	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2080	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
Token: SeDebugPrivilege	2900	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2900	2080	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe	28
PID 2080 wrote to memory of 2900	2080	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe	28
PID 2080 wrote to memory of 2900	2080	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe	28
PID 2080 wrote to memory of 2900	2080	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe	28
PID 2080 wrote to memory of 2900	2080	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe	28
PID 2080 wrote to memory of 2900	2080	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe	28
PID 2080 wrote to memory of 2900	2080	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe	28

outlook_office_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe

C:\Users\Admin\AppData\Local\Temp\42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
"C:\Users\Admin\AppData\Local\Temp\42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe"
1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
  C:\Users\Admin\AppData\Local\Temp\42fe9e8874329ce4c5815c11a02c4ee12155785f1ef933f9045e8614dddf6f69.exe
  2⤵
  - Loads dropped DLL
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - outlook_office_path
  - outlook_win_path
  PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Costura\1485B29524EF63EB83DF771D39CCA767\64\sqlite.interop.dll

Filesize
1.7MB

MD5
02f50a23e31d1f21aa21ae52faf3c05a

SHA1
5b21234729dedfa1b456138872ef2a046b9ee86f

SHA256
5f0e72e1839db4aa41f560e0a68c7a95c9e1656bc2f4f4ff64803655d02e5272

SHA512
bc2fcca125506d9b762df4e9df24a907b9e554d857e705945ae252e7e6b50dada043ef0e69828b780ac9b569053fcf912c27a770469a80f1f6094c146afdb9b0

Download Submit
memory/2080-0-0x0000000000EB0000-0x0000000000FBE000-memory.dmp

Filesize
1.1MB

Download
memory/2080-1-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2080-2-0x0000000002800000-0x0000000002908000-memory.dmp

Filesize
1.0MB

Download
memory/2080-3-0x0000000002610000-0x0000000002690000-memory.dmp

Filesize
512KB

Download
memory/2080-4-0x000000001C090000-0x000000001C186000-memory.dmp

Filesize
984KB

Download
memory/2080-5-0x0000000000920000-0x000000000096C000-memory.dmp

Filesize
304KB

Download
memory/2080-15-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2900-8-0x0000000140000000-0x00000001400D0000-memory.dmp

Filesize
832KB

Download
memory/2900-9-0x0000000140000000-0x00000001400D0000-memory.dmp

Filesize
832KB

Download
memory/2900-10-0x0000000140000000-0x00000001400D0000-memory.dmp

Filesize
832KB

Download
memory/2900-11-0x000007FFFFFDF000-0x000007FFFFFE0000-memory.dmp

Filesize
4KB

Download
memory/2900-13-0x0000000140000000-0x00000001400D0000-memory.dmp

Filesize
832KB

Download
memory/2900-18-0x000000001BAE0000-0x000000001BBE8000-memory.dmp

Filesize
1.0MB

Download
memory/2900-17-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

Filesize
9.9MB

Download
memory/2900-19-0x000000001BA60000-0x000000001BAE0000-memory.dmp

Filesize
512KB

Download
memory/2900-20-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-21-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-23-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-27-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-25-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-29-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-31-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-33-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-35-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-37-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-39-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-41-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-43-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-45-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-47-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-49-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-51-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-53-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-55-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-57-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-59-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-61-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-63-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-65-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-67-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-69-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-71-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-73-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-75-0x000000001BAE0000-0x000000001BBE4000-memory.dmp

Filesize
1.0MB

Download
memory/2900-669-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

Filesize
9.9MB

Download
memory/2900-846-0x000000001BA60000-0x000000001BAE0000-memory.dmp

Filesize
512KB

Download
memory/2900-2206-0x00000000025C0000-0x000000000265E000-memory.dmp

Filesize
632KB

Download
memory/2900-2207-0x000000001D130000-0x000000001D33E000-memory.dmp

Filesize
2.1MB

Download
memory/2900-2212-0x000000001C0C0000-0x000000001C12C000-memory.dmp

Filesize
432KB

Download
memory/2900-2213-0x0000000000DB0000-0x0000000000DD5000-memory.dmp

Filesize
148KB

Download
memory/2900-2214-0x000000001BA60000-0x000000001BAE0000-memory.dmp

Filesize
512KB

Download
memory/2900-2215-0x000000001C2C0000-0x000000001C33A000-memory.dmp

Filesize
488KB

Download
memory/2900-2218-0x000007FEF5340000-0x000007FEF5D2C000-memory.dmp

Filesize
9.9MB

Download