0fa807337a3c638aad78d9b50eaae632907291f5fffca08951bc0f27d929189a

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2023, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DF.exe
Size

528KB
MD5

0580e3884493d1157a00e694a844a728
SHA1

85492026c18fa2e41ed2eab90e94a6a1979a972d
SHA256

0fa807337a3c638aad78d9b50eaae632907291f5fffca08951bc0f27d929189a
SHA512

cb23316a4228ca8a58f3ed94f69c27af7c197072cde11716fa8bba0799f68bf7c355526c70a3e8d04a5553040a9647eb4cf649be54508b956f90616bf0742ca8
SSDEEP

6144:2m7CZCyTCxUcy9qk0oQk3vFwQuyxMgYjYlEg3KwDe2heh3a1kWazQYoc164:Z7yRSyQSdBi+lDeQehTWajhP

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies registry class 32 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Music"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 54003100000000007c57947a100071686134554e00003e0009000400efbe7c57947a7c57947a2e0000000d32020000000800000000000000000000000000000021b30f00710068006100340055004e00000016000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 78003100000000007c57947a11004d7573696300640009000400efbe874fdb497c57957a2e000000fd0500000000010000000000000000003a000000000021b30f004d007500730069006300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380030003300000014000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000007b579b8b1100557365727300640009000400efbe874f77487c578b7a2e000000c70500000000010000000000000000003a0000000000bee7730055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\NodeSlot = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 7c003100000000007c57937a11005075626c69630000660009000400efbe874fdb497c57957a2e000000f80500000000010000000000000000003c0000000000fb524b005000750062006c0069006300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003600000016000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3028534956-1709433221-1313273668-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1260	explorer.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
228	DF.exe
228	DF.exe
228	DF.exe
228	DF.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	228	DF.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1260	explorer.exe
1260	explorer.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 4240	228	DF.exe	90
PID 228 wrote to memory of 4240	228	DF.exe	90

C:\Users\Admin\AppData\Local\Temp\DF.exe
"C:\Users\Admin\AppData\Local\Temp\DF.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:228
- C:\Windows\explorer.exe
  C:\Windows\explorer.exe C:\Users\Public\Music\qha4UN
  2⤵
  PID:4240

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\UAUDTD\CWCWFWF.exe

Filesize
13.7MB

MD5
2534a393218539bfe7bb298c6e24d69d

SHA1
dafa37cda232c109f7de33ca12a358d2f1c60d58

SHA256
a405c93e9913843d2f67be9c49b6553ad4c4a2fae122af63c04c6350b9a72a93

SHA512
cfc1f3053e7a6d78406201e89e76a4519267ad191cbf94862bf0f2db4c52c8f802094e3b33f706766b9de8ada1f0f9b7c98d6ba916fbe402bde7816c9da861a6

Download Submit
C:\Users\Admin\AppData\Roaming\7N7Q7\Embarcaderophi.lnk

Filesize
797B

MD5
b143b23b51751fecdae42c4de9958e45

SHA1
a3afcb45fe594524c21e6bfd69bf8ee963ecbbc4

SHA256
2e01630ecec3de1a750714e7a5d3a18d49bea0adeb86ff45783c1ebd513b3ede

SHA512
4af4399262d65e99c039c51051c302272e5f46a963018428572bb4c82b0bb872460b081dce87dcca0d9d3c399686fc92690a06c15eec21e3ef116c8ae7ff31d3

Download Submit
C:\Users\Admin\AppData\Roaming\7N7Q7\Ovof.exe

Filesize
105KB

MD5
6b8ebc942fe392c669b0b21bc8f83a03

SHA1
18fb9645a7365ae17b8386e47bec0b5ba6f5122f

SHA256
e5a35deff01c93f658ab8c4192570ad9ae5ffaa4f5f6d1b4db99f176bf5bdbe7

SHA512
0953d528c5d07b22fa0a969c98d569cf68e58450e1fc0179ddb2068cb4c429d23044a71005fd0daebe7e0c896c5a7598c5329e4c040be9099dfb1e62a2686589

Download Submit
C:\Users\Public\DTDTCW

Filesize
11.7MB

MD5
ae207973403b8722422b1d98102fc4d7

SHA1
74da121a94bb951ee75ef5b70e308fcfddcc172e

SHA256
81a0efe1271ef303599ff5f6edbca9974b1ec607aa323c827744e2c426b07936

SHA512
25ebcda952d89cb7bada384634ea60d0d44f1c20b5c8aabf5d5ccddfe1ffed2c968a8dffd22e1060762a1ce72cb4e474a9eb0b92e1ca7463f5677f283b54cf2f

Download Submit
C:\Users\Public\Music\qha4UN\3TNGxq.lnk

Filesize
1006B

MD5
8a351ebc74eb67a9eff359f8424d4c5f

SHA1
4a27d0245eab731b4211c29a09c4b1e8dcab81e9

SHA256
a41a14d950bc73b5700d0753af87b1f991c78d28b842d0fd42b2f9902257a9b1

SHA512
978587b6805f04f677c9045d1a27db4a3811931ac247078feed90489630467d6f96d2700c885daec2d7d6b464a0f154b311c231a4eff27d98a2f8325de1fc47b

Download Submit
C:\Users\Public\Music\qha4UN\4OEyoh.url

Filesize
67B

MD5
96226f32eba92c5008a959537cbd3637

SHA1
1bf754f4ba8b77886907424f1ed77db6ef44e831

SHA256
7d3865e8bdd3ace8951a5346e50ff9e46abccaaa97fb5cc3dac6f03ac7535f4f

SHA512
5a90998b02bb016d49ce4fb0730089adc92023dbea45009b2ed9cf0293423e9c991c358db10593575cb9832e67e97d7376c5c79b1f2a8f1f4cf617c390cb87ac

Download Submit
C:\Users\Public\Music\qha4UN\Aqka4X.lnk

Filesize
1006B

MD5
fddab7e0dbafa62f4ae47e867e30b355

SHA1
c25e13a9e815466b6e3b2bf217e98fa04df3dd0d

SHA256
84a48b835dbfc9af38598d5114a17506edd436e9814c56be0df8f54994e292bb

SHA512
6b769ca79e5b4977455dcbccee46339e55477ae9afaf3bf6bc9c03f233d1265199d9eb9ebe465e4afcdcbabf5551a4b4b3dbb7be5d66ff8f6426a8d7bf102d19

Download Submit
C:\Users\Public\Music\qha4UN\NHxqka.lnk

Filesize
1006B

MD5
a4dfcafec289f3b93746862542a3bd98

SHA1
7f733dbf399ec24d81516e73d734fbf2c995c2cf

SHA256
16825c5c3a5f4a2f07516b072283532831eb3fd5a0ef5346db96ab17a8c44990

SHA512
bf8ccf5acbf2082f809b9406e7dc79d8a1e9349c1bdf82718172a80bc223118d37ddcc5f12fcef220f2f2fc504c06c8c58a0b524ae91bee7acdf547f10e172bd

Download Submit
C:\Users\Public\Music\qha4UN\RIBvle.url

Filesize
67B

MD5
96226f32eba92c5008a959537cbd3637

SHA1
1bf754f4ba8b77886907424f1ed77db6ef44e831

SHA256
7d3865e8bdd3ace8951a5346e50ff9e46abccaaa97fb5cc3dac6f03ac7535f4f

SHA512
5a90998b02bb016d49ce4fb0730089adc92023dbea45009b2ed9cf0293423e9c991c358db10593575cb9832e67e97d7376c5c79b1f2a8f1f4cf617c390cb87ac

Download Submit
C:\Users\Public\Music\qha4UN\UOEyoh.lnk

Filesize
1006B

MD5
29c06ed015e7c3d99735735174010ebc

SHA1
41ad90fa5e9e41e26266951983232796901894b3

SHA256
125dc60c15d3c383c6d69a382b867e57f28e75889ac48b2d6289a295835b4266

SHA512
0af02490d8ca38c0001fc78c15c1814276dbdcc44386175837245baf4e1307648b7ce21e1414fc7007c9721725d2fb7d4803e1e815144b172fd139f3c275328f

Download Submit
C:\Users\Public\Music\qha4UN\a1UKEx.url

Filesize
67B

MD5
96226f32eba92c5008a959537cbd3637

SHA1
1bf754f4ba8b77886907424f1ed77db6ef44e831

SHA256
7d3865e8bdd3ace8951a5346e50ff9e46abccaaa97fb5cc3dac6f03ac7535f4f

SHA512
5a90998b02bb016d49ce4fb0730089adc92023dbea45009b2ed9cf0293423e9c991c358db10593575cb9832e67e97d7376c5c79b1f2a8f1f4cf617c390cb87ac

Download Submit
C:\Users\Public\Music\qha4UN\a1UKEx.url

Filesize
67B

MD5
96226f32eba92c5008a959537cbd3637

SHA1
1bf754f4ba8b77886907424f1ed77db6ef44e831

SHA256
7d3865e8bdd3ace8951a5346e50ff9e46abccaaa97fb5cc3dac6f03ac7535f4f

SHA512
5a90998b02bb016d49ce4fb0730089adc92023dbea45009b2ed9cf0293423e9c991c358db10593575cb9832e67e97d7376c5c79b1f2a8f1f4cf617c390cb87ac

Download Submit
C:\Users\Public\Music\qha4UN\d4XRHA.url

Filesize
67B

MD5
96226f32eba92c5008a959537cbd3637

SHA1
1bf754f4ba8b77886907424f1ed77db6ef44e831

SHA256
7d3865e8bdd3ace8951a5346e50ff9e46abccaaa97fb5cc3dac6f03ac7535f4f

SHA512
5a90998b02bb016d49ce4fb0730089adc92023dbea45009b2ed9cf0293423e9c991c358db10593575cb9832e67e97d7376c5c79b1f2a8f1f4cf617c390cb87ac

Download Submit
C:\Users\Public\Music\qha4UN\ga0UND.url

Filesize
67B

MD5
96226f32eba92c5008a959537cbd3637

SHA1
1bf754f4ba8b77886907424f1ed77db6ef44e831

SHA256
7d3865e8bdd3ace8951a5346e50ff9e46abccaaa97fb5cc3dac6f03ac7535f4f

SHA512
5a90998b02bb016d49ce4fb0730089adc92023dbea45009b2ed9cf0293423e9c991c358db10593575cb9832e67e97d7376c5c79b1f2a8f1f4cf617c390cb87ac

Download Submit
C:\Users\Public\Music\qha4UN\jd6XQH.url

Filesize
67B

MD5
96226f32eba92c5008a959537cbd3637

SHA1
1bf754f4ba8b77886907424f1ed77db6ef44e831

SHA256
7d3865e8bdd3ace8951a5346e50ff9e46abccaaa97fb5cc3dac6f03ac7535f4f

SHA512
5a90998b02bb016d49ce4fb0730089adc92023dbea45009b2ed9cf0293423e9c991c358db10593575cb9832e67e97d7376c5c79b1f2a8f1f4cf617c390cb87ac

Download Submit
C:\Users\Public\Music\qha4UN\k1UKEx.lnk

Filesize
1006B

MD5
17127c60d400c61a546c6794f0c392f7

SHA1
c53a4f965ce873feb7558638d2932847787bdd50

SHA256
8f6628533e458dae0a0e3d1b3e5ac9f2c15e9191f2ed6cc9bf79e2f929a285aa

SHA512
cf78340284550e3cadf08445905dc30d00d7355f620f7c808ac6bf1bb57e9b98bb604f4f6570607fd96890a7c1241575e76b95db02f34e639d7c8ba1268537ce

Download Submit
C:\Users\Public\Music\qha4UN\qga0TN.url

Filesize
67B

MD5
96226f32eba92c5008a959537cbd3637

SHA1
1bf754f4ba8b77886907424f1ed77db6ef44e831

SHA256
7d3865e8bdd3ace8951a5346e50ff9e46abccaaa97fb5cc3dac6f03ac7535f4f

SHA512
5a90998b02bb016d49ce4fb0730089adc92023dbea45009b2ed9cf0293423e9c991c358db10593575cb9832e67e97d7376c5c79b1f2a8f1f4cf617c390cb87ac

Download Submit
C:\Users\Public\Music\qha4UN\t93TNG.lnk

Filesize
1006B

MD5
b1ef5081c072bf2962ee20e77552e657

SHA1
59ac829a8efd1e0a6498a84575934fc9627bdc62

SHA256
5a1c4e6e4c96924b1417bb9594e58e110b49a4dfc50b48b4e269a047acb2036d

SHA512
4ac2f8f8ac7edfcf4f2186cdd85b160050c690426e4b616016dbb7a20164d014b9fa08eb0e0433f2f84d58abc4b45366a0c2dc59143796979dffbaf578ec58a6

Download Submit
C:\Users\Public\Music\qha4UN\zsmc6W.lnk

Filesize
1006B

MD5
0b017188ac4fa9bbc3d7530ae2bea678

SHA1
1d34ba1c77610027849eaca8c01027d97f3d4a10

SHA256
4cb848468555d96fcf56d8d3e8437dd701a7e5e582e6addd92aa15d58ef14eb4

SHA512
11cd91d6032da27abb32e97628c48524113b44e1901fbd5ef18715020f5dbf89c3e85775b36484eb9548794bb62111421f9474dbe3351f1f3d93bab60d80e90c

Download Submit
memory/228-48-0x0000000004F20000-0x0000000004F46000-memory.dmp

Filesize
152KB

Download
memory/228-0-0x0000000010000000-0x0000000010032000-memory.dmp

Filesize
200KB

Download
memory/228-6-0x0000000004BA0000-0x0000000004C61000-memory.dmp

Filesize
772KB

Download
memory/228-15-0x0000000004C70000-0x0000000004CE3000-memory.dmp

Filesize
460KB

Download