f9dec0eced7162e3f19fd45ada870078e955b758e2364b97c19c41bb7405c881

Analysis

max time kernel
120s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5393432e826b15fb8cdc1824d29e535c.exe
Size

40KB
MD5

5393432e826b15fb8cdc1824d29e535c
SHA1

c55eaa54e87e0d4c5fe7eacf148e7c80bb641711
SHA256

f9dec0eced7162e3f19fd45ada870078e955b758e2364b97c19c41bb7405c881
SHA512

f101521b38125a1e643e54e6ba0edce52754eac515657eb2fe062f85784815e557e642518a7ea8c682364afe7468e3513ff422c1b72ff117899235b7c8933f9b
SSDEEP

768:GUdc8DoPnnDEQC1gyYxFGMlOMywGvwftEWpc7L1sGaXY0F2kG0TZiBI:lDOB5lOnjWid58EQZ0I

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
2756	msedge.exe
2756	msedge.exe
4172	identity_helper.exe
4172	identity_helper.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe
2756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 2756	3708	5393432e826b15fb8cdc1824d29e535c.exe	94
PID 3708 wrote to memory of 2756	3708	5393432e826b15fb8cdc1824d29e535c.exe	94
PID 2756 wrote to memory of 1600	2756	msedge.exe	93
PID 2756 wrote to memory of 1600	2756	msedge.exe	93
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 3104	2756	msedge.exe	103
PID 2756 wrote to memory of 1644	2756	msedge.exe	97
PID 2756 wrote to memory of 1644	2756	msedge.exe	97
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96
PID 2756 wrote to memory of 2200	2756	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\5393432e826b15fb8cdc1824d29e535c.exe
"C:\Users\Admin\AppData\Local\Temp\5393432e826b15fb8cdc1824d29e535c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.orkut.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
    3⤵
    PID:2200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:4788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    PID:5012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:3104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
    3⤵
    PID:4584
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4172
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 /prefetch:8
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
    3⤵
    PID:4884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
    3⤵
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
    3⤵
    PID:3664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
    3⤵
    PID:2532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4033300721039324123,9216587463077651692,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3860
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\5393432e826b15fb8cdc1824d29e535c.bat
  2⤵
  PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x7c,0x108,0x7ff8d5b646f8,0x7ff8d5b64708,0x7ff8d5b64718
1⤵
PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:4788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:4884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1213f80c52133f70587931f2d18947af

SHA1
058d17ebec8e9c54eae207b22b3da7642619593b

SHA256
5682ed418eb846535f6aa56631ce3db04eae71ca6c36f94c4ba064e8053875ba

SHA512
3f8c0730cf880945798c0c856f3a5c4b4a09b4346a0ddec7fb9c64a15c49c240aac9b9a26348374370b5971233c86b54c5aa3c91c59850b9245d402d963f17a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
885B

MD5
a1bbeed56371fb8d7607a4ff7a160230

SHA1
877b27941b1bc732c3f3eacc10bebe2490b83120

SHA256
7fafa39acb3fb4471dc4e215036d9a8da2a0d000a6b9ad16d255932cd1ef6c6e

SHA512
0739172eb8dc8cba0aad089e7dffc997bdb24e9a5f182f1f1072fc0b72e92bad9f0f611dbe9dcb127a111a7ffc2328d539c09f3fda89807e4647ba50b620d1cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
61d3f86b1de1be655fef45f1ea4afa77

SHA1
f39c474b99963daf08d3e5813a18c7ec3e2758a4

SHA256
800246f48a305329ed8b35690f268788c8999e1e2ba786c640c1d0159a74bfdc

SHA512
56eb30d1b4c08fe204dac7d2444bad618f0ade8c88572aed0ccaa8ea47930fdedb3a3d67dc0e8aabfb3573773bb707e6bb1b5fafe0588a25ffe00d4c224dadce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9683da1a02be63f1bee7b6f437c5cde3

SHA1
c2564ff7047c728b3bec777af12e51c604f2e5b9

SHA256
efdc04ed9ed80cf7a88220601c64a2eff543d933326b15cd6167283c9fec2f9d

SHA512
d3ef1b78c86d0e96cbf98e3dd049053c94bf866d081e3f11a98bcb1745153db56046662b8e85a8b55643d6f246b010cf1f35467b32f6195d2484e4aa179ed553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e872d19344a0eba271cfae06e20e5cc3

SHA1
7130f2211957a65e4bb8ec2f45ef1239093a4875

SHA256
b9e4423ca253aef163f64d8312c2dfa7d9af651c99fc2d34f2d5fa3f34942dcc

SHA512
8318eb47f8565aa182ed2d1e5d1b2061452f507d5e9992b1a9106cb440784283d1677ab7c04019af005ced342212949109b92f68254249b7f0de1274c469e869

Download Submit
C:\Users\Admin\AppData\Local\Temp\5393432e826b15fb8cdc1824d29e535c.bat

Filesize
254B

MD5
29bc5f9bb28f7e68359a7ed0c2884f75

SHA1
726f95c55bf2b76a204d42446d58dde41797e61c

SHA256
f332de54b9c3b2d0d052470ad9d0c3536f897b04914f602604c9a7dc615bc4c9

SHA512
8d2ff7ba0a46e2842c76f5a4ee113b528d304f99cb64fdd0a3980e01a98d307ff71d65505dba649f58c9583341e6eec26df187aa7a83e7b8050ae268e3c3f965

Download Submit
memory/3708-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3708-1-0x0000000002160000-0x0000000002162000-memory.dmp

Filesize
8KB

Download
memory/3708-56-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download