e25da7724db0945d80b2d5d156de6e5e74ca015137a5d978e7d3bee0b47160fc

Analysis

max time kernel
141s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 23:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

067b0f880d322032555d8bfcac8947f7.exe
Size

114KB
MD5

067b0f880d322032555d8bfcac8947f7
SHA1

97c0690049ebe39aed918a95a5dfc5061366fc37
SHA256

e25da7724db0945d80b2d5d156de6e5e74ca015137a5d978e7d3bee0b47160fc
SHA512

7b065a1641485dea95c67190035b778670154d48043da0a29fa245e4b41903d7115bf0829d9b1929837029ac2497b47644ff8400768e75630509859c4fbc10e5
SSDEEP

3072:+KrpqYLBsBMbbNWgg5d3h5A/28Q4h/tT:Tp9CDgKhy/tV

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3056	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
1752	sbd.EXE

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1752 set thread context of 2084	1752	sbd.EXE	29

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\sbd.EXE	067b0f880d322032555d8bfcac8947f7.exe
File created	C:\Windows\sbd.EXE	067b0f880d322032555d8bfcac8947f7.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B211FFA1-A6DC-11EE-B9E8-EE9A2FAC8CC3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410079605"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1956	067b0f880d322032555d8bfcac8947f7.exe
Token: SeDebugPrivilege	1752	sbd.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2084	iexplore.exe
2084	iexplore.exe
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE
2056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1752	1956	067b0f880d322032555d8bfcac8947f7.exe	28
PID 1956 wrote to memory of 1752	1956	067b0f880d322032555d8bfcac8947f7.exe	28
PID 1956 wrote to memory of 1752	1956	067b0f880d322032555d8bfcac8947f7.exe	28
PID 1956 wrote to memory of 1752	1956	067b0f880d322032555d8bfcac8947f7.exe	28
PID 1752 wrote to memory of 2084	1752	sbd.EXE	29
PID 1752 wrote to memory of 2084	1752	sbd.EXE	29
PID 1752 wrote to memory of 2084	1752	sbd.EXE	29
PID 1752 wrote to memory of 2084	1752	sbd.EXE	29
PID 1752 wrote to memory of 2084	1752	sbd.EXE	29
PID 1956 wrote to memory of 3056	1956	067b0f880d322032555d8bfcac8947f7.exe	30
PID 1956 wrote to memory of 3056	1956	067b0f880d322032555d8bfcac8947f7.exe	30
PID 1956 wrote to memory of 3056	1956	067b0f880d322032555d8bfcac8947f7.exe	30
PID 1956 wrote to memory of 3056	1956	067b0f880d322032555d8bfcac8947f7.exe	30
PID 2084 wrote to memory of 2056	2084	iexplore.exe	32
PID 2084 wrote to memory of 2056	2084	iexplore.exe	32
PID 2084 wrote to memory of 2056	2084	iexplore.exe	32
PID 2084 wrote to memory of 2056	2084	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\067b0f880d322032555d8bfcac8947f7.exe
"C:\Users\Admin\AppData\Local\Temp\067b0f880d322032555d8bfcac8947f7.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\sbd.EXE
  C:\Windows\sbd.EXE
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1752
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2084
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2056
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\067b0f880d322032555d8bfcac8947f7.exe"
  2⤵
  - Deletes itself
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af0ac98fda427044f6104818847601be

SHA1
457f49ca49fbf554775966a226d2e2304979dcf5

SHA256
de32f3bdb2af266c41aa39525a134b9ddf5ed1ff211383a79372c24fb6275bc4

SHA512
b1f2b8a2766153484e96a96a60954f959e21b5b087e1b1f94e88d1d6fd342a359dd540eb2873088f0c4ab7000e844d260cd70c4b0111aad0a0c3176cb814f461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a512e9d20f1089b4db9172501513d3a

SHA1
fde5887e1bd1dd84b0f231f3be0baddd3a2e0fa5

SHA256
0204eb797a83ff6773d57ee7e8a48ffd126ce4af676b677abf84f3da30f99f36

SHA512
c4ad1895040bae12204b97aa3a46faaa4bcc4fc70a2adfaccda0a0d7381e19824acfe81e57c77505bc60c9b771108792972b6b6214b34ff00dfd7f51ea4eb92e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfaf7d975db10bc344ecc9e55c4bfe45

SHA1
1f9a78f329628aa4e0ef231d5ab96ce1dc47d8ff

SHA256
32ceb960cef1be3679279c31a466207854c988bf37e311e4e64d23d4172da6dc

SHA512
210e60475e5f381fcc6753976f432dffddce7423a2bbe257138765cc84e461e74730cd105478479d444319896f2eeb1f2a3992019e26d02532b454034970ebb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
853e5b5c02a530e55fd647f4180e17de

SHA1
565d20c3435969e4d491cd7d02833610b49cc406

SHA256
32a8b8835918e4bc3df1d524c9ad66a15d35afcd0aa6d257f528f13501d224ad

SHA512
12bd6321b38a76eb3f62e7e973e5dbdc61e3354ee92e980d6a96973ee793afebf9058bbe82ef8930ff4ff1e0bd21ec9d9a64096cc43ad06e1b9b7c00fc255001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe40f1b9f1534c1f82e74ea49d8ab3ee

SHA1
bd89779ffebc6d286432082f04d89f7cfdf42656

SHA256
d344efb313a711d7738bc937267507caff4d8b33e3f0b5fd95c00b7871569bd8

SHA512
14a204e89347f5b1a714fe53e09aa2a4b2bd2e1de059733f0706f68ee2c272fcbf9aee4ceb9ed9ea215b000eee99524d3c6e6a975618388213b24e3ac57c7b90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc362cea45fdfd31fbd925fd7a1e9cbb

SHA1
a237a67dde59c11044badf5767d865378ea3e609

SHA256
56d52ffa6da549158436e88b058ea20f8d4a47334282b9fc6d1fa0e6236e7a4d

SHA512
835c6d7c58db02ca8e3c24141584b17fd4f8325cc2451e09b3c830e3e024fbbf26d52977bfae1215e9d9164e9974fcb7ea691ce751f8b75d39123829af18be20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a42370041065041fc7e92c0c2fc1bc57

SHA1
f9e2bca0e58cb5bacc1a71c8db99f29a974fb61f

SHA256
f73aaff53c1c6b000b859c95e4d14d0baede85855ddc0980d1205b65ea3bc6da

SHA512
1c96669be54d03b5e5ee657628c70680c4b16e9431fb01d5f4d735855c8ab6eb8d60f654c565638f3bfd81883afd83725820f6cf2276fee845eaf6dcf66cae7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b1f55678a412208da0a27e9dd61d49a

SHA1
37035e21349d3d22c9280979f2d2f0a785c1d2bd

SHA256
99d0c545f5577cee1b2b3f927916a91bf753e16689b050e1f3caae7baf2ace73

SHA512
5a56352b55be17771ec880cd9cd8c5513227f5957938c5647271b794f79ed3ae20c037620271793dd2315391b241336fb18f818362683c9620412b6d9efb281e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c47f0b9888aa61b80006e12d7a03127a

SHA1
18823550d57934142eb42c91c30434a340df91df

SHA256
28391ab71a41cb648d4d66403220e0ccc1a500cae9467d98723449173dd390e9

SHA512
f3242764abc873345cad87ad38d99943d13fb9a82e6028677d89d5fb5add0fc29814acccdf1afe876bfc53f5f3b2e4350c730a1806d86da9fe04c013eb678f5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0425f356237e72dbb15e154a757c217

SHA1
31a563cb94718401e8c9bafabf9d20e778f79359

SHA256
f5ce038267b74f4c4b03d4ea04740337e698baca8e37aea92667e61f1d26946d

SHA512
5952638e468a8d70f1c0663c10df7e40ba2b0d199e39849f8eb5645c1bdbc9a83b235586f1eeb1c805c49645aa7f4a5be98e32e32fb52a98965ffee2abcc5068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1caa3648baebfe69af7b14f2fb2c67a8

SHA1
44aebf292f58eab062ca1105ed578390d46c1e23

SHA256
f589a9569705b312c677f64bffea9d669b46ba3f9d83fb4b611459b0095a4f8a

SHA512
43b7d1fb48d8213479f661bcb5d207b10767103d6e627d0310e332915d50503c194e1edfe30af93db56b1b16ef83cc6716ae6cfbc21395483ed0318943374c21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eba3456ba6dcbf2fcabb8d053729b43d

SHA1
25479cf6fc0daa096c1796c7c98b553b32096615

SHA256
5f064730cd14651055b5a9af4706a07ff26d78138005badec987c4d5a17c6060

SHA512
902e4622016857a21fec4eb6c6b2fe5ad76cbd50e0853f8bc4b4b948fb8aaf9d3f29397c16e999681f0691057f0feacf530701aa11de18443549610f79ff8140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4883b09442f2efd2c0034b1eb56fbfab

SHA1
27a34b9f43fbcde69ed22594f0fe8be200f8ca15

SHA256
6b64701e3c010d36cd11b456c1821ba426ab475efc41329686ee6242bfeb0811

SHA512
18a069b0e08366084bb37e640a5269d97a39caef5327b1e72e7c84b512ab9c3608e5aecfc78a521f039fa88ffff784e3737a5effb7987486d2b1414414d18303

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecb8f70f502a2ff587547246fef83d33

SHA1
77822ca1679e842ebacde87a94f998b1af4553fc

SHA256
42a964452f3b7755713d57692e72189293f196f633f80d57ddb2441ebf7e803a

SHA512
cf44e9a91f7620a50eaf983ea7a9cc07119cd0bba1bb73ddc4b8f95276d5c958aaccf838064f9a0a8d50e98da682ac599a2a7462fafe51de1fed584a873a23d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd3b97e928fb8259e00a499e1602484b

SHA1
70a51cd4a168c9beb3e33d1aa580e4874cbc0dc6

SHA256
435bb8150d76550afd440c00939c81ac5690ab32a5fbcfd1818f250a68ae531f

SHA512
bb1d8c84a265fd0af970164a62dd3fef842eb1d356b0a258ba1f1aa6d17981e1408b9b9522db1329bbf320b59234b276afa7c12aa8b375e0005638637aef73cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f025bada9214e6d6e778df49456b3192

SHA1
d6f2c61576116e443e91950bcf620e95c3593f00

SHA256
2e36de71e59f071af6882878b054653fbc0c401571cd9f429260fa68cbcbfc5f

SHA512
5b45c30d4db9e1c1b56633817adc77f0c2dd38329133a2d2ce2d1754e98a01cace2d4199947846451f1d005e9bc6a26310f046af2d61af24accb0c40ca85cd2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02572194ac1671a8a378ccad008934d0

SHA1
146baf4c32f94977c75c360cde77cf657e26aaaa

SHA256
2e5afefd8538ca8147fa09767fc6f2be189e377e7cb5e802719929c2b602eabc

SHA512
97c34c605d06140147aba8c4ad6d77c785904c60c81570819d46b676688ef848b66f420610c1e7bb3fd14f89eb3a35bb8fc70f7363c03e31bc0c12893be36524

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAF36.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB80F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Windows\sbd.EXE

Filesize
114KB

MD5
067b0f880d322032555d8bfcac8947f7

SHA1
97c0690049ebe39aed918a95a5dfc5061366fc37

SHA256
e25da7724db0945d80b2d5d156de6e5e74ca015137a5d978e7d3bee0b47160fc

SHA512
7b065a1641485dea95c67190035b778670154d48043da0a29fa245e4b41903d7115bf0829d9b1929837029ac2497b47644ff8400768e75630509859c4fbc10e5

Download Submit
memory/1752-9-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/1752-13-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/1956-0-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/1956-14-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/1956-7-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1956-12-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2084-11-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download