a1082d01ede1f5fa700be2420ec96047a699d0579c15ddb2f54233a24ac3a7e9

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
Size

179KB
MD5

8e0e472d93c3ebeb725099bc1bbe0a9a
SHA1

7229e11205e794c75a65587bcef040ed345b3322
SHA256

0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d
SHA512

74a63a29a6ea5cfd2f7983b9828dd7a78b3d16072f5e044e795404eb67a2178ac091e15c9a29bafa7b9e7426c6aa709697cb9705ff25f7e40c9597ad1758eda3
SSDEEP

3072:2Rb6HWdU1NByFMuIBRC0eXLfQzueFsB0yxfWolUJFMXNsz5SkE+pbt8ICjGs:IbeBRmXLP0yJAJFMXNXyC

Score

8^/10

evasion ransomware spyware stealer

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Drops startup file 1 IoCs

Processes:

0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 64 IoCs

Processes:

0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

description	ioc	process
File created	C:\Users\Public\Downloads\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Favorites\Links for United States\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\Videos\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\D2NLQ5QT\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Music\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Searches\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Favorites\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Pictures\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\Libraries\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Saved Games\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\Music\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\Documents\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\Pictures\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Documents\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\Desktop\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\Videos\Sample Videos\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Favorites\Links\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\Music\Sample Music\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\2C0UXHXX\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2OAODBY\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Videos\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Public\Recorded TV\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\All Users\Microsoft\Windows\Ringtones\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6B1YPUZ\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Contacts\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Desktop\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONB28SUK\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\Downloads\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\O0N2L68Z\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
File created	C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\ZZBGI5OF\desktop.ini	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wallpaper.bmp"	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2140 2040 WerFault.exe 0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

pid	pid_target	process	target process
2140	2040	WerFault.exe	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

Modifies Control Panel 2 IoCs

evasion

Processes:

0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\Desktop\WallpaperStyle = "1"	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\Desktop\TileWallpaper = "0"	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

description pid process

Token: SeDebugPrivilege 2040 0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

description	pid	process
Token: SeDebugPrivilege	2040	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

description	pid	process	target process
PID 2040 wrote to memory of 2140	2040	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe	WerFault.exe
PID 2040 wrote to memory of 2140	2040	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe	WerFault.exe
PID 2040 wrote to memory of 2140	2040	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe	WerFault.exe
PID 2040 wrote to memory of 2140	2040	0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
"C:\Users\Admin\AppData\Local\Temp\0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe"
1⤵
- Drops startup file
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 1528
  2⤵
  - Program crash
  PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs

Filesize
1.0MB

MD5
ed90ea3c480cedd49b1ea9d09bc3594b

SHA1
987f6ce7b5d2432167cfcf129f800bc4e42d50d5

SHA256
2ccd2fecb70615bd21d3d7517b12271e5523642c5efeb443a7354a98c1bae860

SHA512
8deeeefeaa2542dc55da5cc6d184fd20c2b9f751903daf01db30ae0431d43eac3df90fad02f18012cfd7349ef230e2dcf7c42e2d3524f594572686048fef35eb

Download Submit
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi

Filesize
140KB

MD5
5c8d1f25fa219557d1258b9c93783fd9

SHA1
359eabd8c7884b4893f59238191b5ed570cdd6ca

SHA256
7a35ddc1a8df5ddb55f282800693da33646e05670f4aab082e01913e5a75ac14

SHA512
0ae2fb4c4ad1134084ea7b49c920c17909ce93b426a820d9f2fe5a8667c8d9520741e14dfcc62eee5b00c59c1561a846f9da6d1eb716246a0fe424d1ff3278fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db-journal

Filesize
16B

MD5
b4a9117719656f6534c921c67700dbf0

SHA1
56773c00a1bfebecaeb06b25d2e3845181e45f82

SHA256
edb9e310ffb5d1a7a341d906812a1ac785a20e2e527bafb5ffcc048bca37931a

SHA512
8838b686a4865db8e523add549790ce1df8fcfb15c775fa4836ac05dc2ae7f2620c8761c9e8fe0859ed2570d0821fdc5626dee43db4d3e703b14cea5128e00de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
32B

MD5
9746006aa6d195a3127df78872c132cf

SHA1
ecf53b5877c444510e14247abfdf98c55a472e0b

SHA256
e22729824fb6f814ad34623be79fc79dcff8a63a2e3721e7110a0140227eda91

SHA512
cda4ebbf069cf710b9f90d3f380705f70ee86f5fd1e8da51088c37ffe9df56bb6f464f30cc3b49a4aefa67b944846a953fe6ebec95ab07d54b6b3900adb9e9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~\MSNBC News~.feed-ms

Filesize
28KB

MD5
2446adb6de3aba5b4532d296a43eaf9a

SHA1
64b60ebeafd6927f5bb90cd643d5da5bc88dd369

SHA256
e04aae2d2594422cbe8d45c6968808ad0b9915338e1bc6efd5caa330c7384e08

SHA512
c532801438721f4a19e177990b80353466068841e683884aa1580ef81099949b9a032623411547334a51213dd0c1cba5d566a1ee0040b5a2f4889b79a65ecd60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite

Filesize
48KB

MD5
9cde1ffa6a9edbf32b8d5d044a4f693c

SHA1
07e7dc1fdf1dca37b8957888ca28fd407a3da580

SHA256
6ff6c8760d35dc1fec9b6b58251e81898eadfbe4967ac3727a7e3c41842fde4c

SHA512
7a3cc0a04ce7370c35a73ac29ef8290caabda976da2b707d839816a85315d240b6dd3395ab9f0a2092924e7ee88afa214bbf1d0c3ca808e678268111802b8c98

Download Submit
memory/2040-0-0x0000000001310000-0x0000000001344000-memory.dmp

Filesize
208KB

Download
memory/2040-1-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-2-0x0000000001180000-0x00000000011C0000-memory.dmp

Filesize
256KB

Download
memory/2040-415-0x0000000074550000-0x0000000074C3E000-memory.dmp

Filesize
6.9MB

Download
memory/2040-416-0x0000000001180000-0x00000000011C0000-memory.dmp

Filesize
256KB

Download