oski | 71efc8fc1dede4f96e837043ad3cbd38a65bd530ce71ae4d44ddc29843fab70b

Analysis

max time kernel
32s
max time network
40s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2023 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Oski Cracked.exe
Size

3.9MB
MD5

2bd0e61c45d352697c5e16437d8055b0
SHA1

0b9b24d396a50c2dc13d73e1f2d57c1891de3f31
SHA256

71efc8fc1dede4f96e837043ad3cbd38a65bd530ce71ae4d44ddc29843fab70b
SHA512

80044d4ece73637328e9b456c3127be02ecc9cea4b12fee65a884fed0266187aec58e6906c652face3b6125d59b9fa10303f02e1d8bfa33dbccb62fd2bc2b73d
SSDEEP

98304:EJCbuSMburCaMZh0yEKj+WRvrY1dcZ048HV/bFy8jJ7:mmMbuQZlFY7KsZPN

Score

10^/10

oski infostealer

Malware Config

Signatures

Oski
Oski is an infostealer targeting browser data, crypto wallets.
infostealer oski
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 20 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Oski Cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Oski Cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings	Oski Cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Oski Cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Oski Cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Oski Cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Oski Cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Oski Cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Oski Cracked.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Oski Cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Oski Cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Oski Cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Oski Cracked.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Oski Cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Oski Cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Oski Cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Oski Cracked.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Oski Cracked.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Oski Cracked.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Oski Cracked.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1428	Oski Cracked.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 2432	1428	Oski Cracked.exe	99
PID 1428 wrote to memory of 2432	1428	Oski Cracked.exe	99
PID 2432 wrote to memory of 4300	2432	msedge.exe	100
PID 2432 wrote to memory of 4300	2432	msedge.exe	100
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 3772	2432	msedge.exe	102
PID 2432 wrote to memory of 740	2432	msedge.exe	104
PID 2432 wrote to memory of 740	2432	msedge.exe	104
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103
PID 2432 wrote to memory of 832	2432	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\Oski Cracked.exe
"C:\Users\Admin\AppData\Local\Temp\Oski Cracked.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://t.me/lenskiyteamoff
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffffe846f8,0x7fffffe84708,0x7fffffe84718
    3⤵
    PID:4300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17980775851261947897,7820941420014946796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:3772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17980775851261947897,7820941420014946796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
    3⤵
    PID:832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17980775851261947897,7820941420014946796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17980775851261947897,7820941420014946796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
    3⤵
    PID:4004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17980775851261947897,7820941420014946796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
    3⤵
    PID:4992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17980775851261947897,7820941420014946796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
    3⤵
    PID:5036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17980775851261947897,7820941420014946796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
    3⤵
    PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
2035525081cf4bf458eac299bbf49e1b

SHA1
615c86b7d4cb1ece5716bd8bf2d39650d833c92d

SHA256
e0273d6f4794cc94e2cb3294836a3db6d04d675579f39ec51b60530265d0b297

SHA512
3550e448e7b944499213c5d916706800aa236cb2623d5b0e4406a626b5abb4e3e30c8971a7f10af149c198f008b6751e99135684562f5378eb239bb284f85c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
242B

MD5
e384a795d1e597feb0a5bebd13dcde50

SHA1
7ce66637789b61ae163c1de62dc996a99cdef796

SHA256
42a6ef02d02be95231cee980c97d4398ac167e7264a5cf838b3e3a2ad2a3380b

SHA512
36f58ca4b73ed5fdfd9b2557d09203189dc9cb3db29ee9716f89bb75a8f6d1c32cca67e597dfefb3b9074be0a024ba51ff40d8024439ccbb16d17316abc2215c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82fdb05797ffb3b47c6e0ef7170eb912

SHA1
1418b5aed44d79b086b843183e03e0fbb7b2f464

SHA256
cf90c474905504069d4b9e7f985f6acb17a983189a88a09f69d2f7b3e3a03164

SHA512
fb5103d624df6dd4d286579a511c0c2400639a61b769c55b9b1d8628ffd3b6047af954af14776a5444dabf973e7b9fb8f09756beb874c0f4a4edec9a974a4fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
225e077e6794f30c44b6730fd1785b8a

SHA1
97a25fe6a5829aecc7ff2e427ad43a862e2337e8

SHA256
b2c096740773b219a176834cab40fefddc2d5b5f7ec79361b142de601e0b8f2a

SHA512
ddfd86f684cfb0530281f84cb4b8813194e527fb9e7db68b5a4dfbb5ee0c968d55032b72eb8254c8b3412a4179b2db0a90431064a6ee163439998ea150e840a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
403af9a5db3d8b9aec51f732c4df1ede

SHA1
324a9249df52e60dfb8441398879014c5ff033c7

SHA256
074c15c1e9edb00fc44c07caca83d530598bade7db08e49949b32dd4a2df1354

SHA512
083390f86f5f1acf2d35ce462c806a0ebcb0cc6fb3634b40ec89e7966ea7cf03538d9522bf62fa9f89498ba094d30dba82783ef2d7ce596cebace0cfe33267aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3c8549811309a9a300d6602f42aa0333

SHA1
d749ce08a6c53138b9033d24a734d9b9cf52164d

SHA256
1e23de1f6d044c3845050b06605fc536c4d3b42c5179928a45c46e4ecff3e0a7

SHA512
e2a59b3d6e21c6f870435d50303b872529382d0a48c8d9fe4798e28f38a04cbf2ee01efb446155e8eb75a7ed5212522270518f154d331c856935974c68f9dd1e

Download Submit
memory/1428-4-0x00007FF801750000-0x00007FF802211000-memory.dmp

Filesize
10.8MB

Download
memory/1428-10-0x0000000001A10000-0x0000000001A20000-memory.dmp

Filesize
64KB

Download
memory/1428-8-0x0000000001A10000-0x0000000001A20000-memory.dmp

Filesize
64KB

Download
memory/1428-7-0x0000000001A10000-0x0000000001A20000-memory.dmp

Filesize
64KB

Download
memory/1428-6-0x0000000001A10000-0x0000000001A20000-memory.dmp

Filesize
64KB

Download
memory/1428-5-0x0000000001A10000-0x0000000001A20000-memory.dmp

Filesize
64KB

Download
memory/1428-0-0x0000000000E30000-0x0000000001226000-memory.dmp

Filesize
4.0MB

Download
memory/1428-3-0x000000001BFA0000-0x000000001C3BC000-memory.dmp

Filesize
4.1MB

Download
memory/1428-2-0x00007FF81DC20000-0x00007FF81DCDE000-memory.dmp

Filesize
760KB

Download
memory/1428-1-0x00007FF801750000-0x00007FF802211000-memory.dmp

Filesize
10.8MB

Download
memory/1428-152-0x0000000001A10000-0x0000000001A20000-memory.dmp

Filesize
64KB

Download