jigsaw | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

Analysis

max time kernel
70s
max time network
71s
platform
windows10-1703_x64
resource
win10-20231220-de
resource tags

arch:x64arch:x86image:win10-20231220-delocale:de-deos:windows10-1703-x64systemwindows
submitted
14-02-2024 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jigsaw.exe
Size

283KB
MD5

2773e3dc59472296cb0024ba7715a64e
SHA1

27d99fbca067f478bb91cdbcb92f13a828b00859
SHA256

3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
SHA512

6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
SSDEEP

6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX

Score

10^/10

jigsaw persistence ransomware

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Renames multiple (237) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Executes dropped EXE 1 IoCs

pid	Process
5088	drpbx.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	jigsaw.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	drpbx.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\AUTHORS.txt	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-180_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File created	C:\Program Files\ConvertToSave.mpeg.fun	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\fb_blank_profile_portrait.png	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	drpbx.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\BuildInfo.xml	drpbx.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe\logo.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_2017.131.1904.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-150_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File created	C:\Program Files\OutRepair.mpg.fun	drpbx.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\Registry.dat	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe\logo.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	drpbx.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml	drpbx.exe
File opened for modification	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\256x256.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_2015.7906.42257.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\AppxManifest.xml	drpbx.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.fun	drpbx.exe
File opened for modification	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-100_kzf8qxf38zg5c\AppxManifest.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	drpbx.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.fun	drpbx.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.fun	drpbx.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.fun	drpbx.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml	drpbx.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-140_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_1.0.454.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000\Software\Microsoft\Internet Explorer\GPU	PaintStudio.View.exe

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-1775739321-368907234-981748298-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content	PaintStudio.View.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2240	PaintStudio.View.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
4784	mspaint.exe
4784	mspaint.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2240	PaintStudio.View.exe
Token: SeDebugPrivilege	2240	PaintStudio.View.exe
Token: SeDebugPrivilege	2240	PaintStudio.View.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4784	mspaint.exe
2240	PaintStudio.View.exe
2240	PaintStudio.View.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 5088	2168	jigsaw.exe	74
PID 2168 wrote to memory of 5088	2168	jigsaw.exe	74

C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
"C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:5088

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ConnectTrace.jpg" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4784

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
235B

MD5
5b30cf30fbc412293abf39f6c2f32a1c

SHA1
ff0b75e6b785c663956849158643198b4306ae1e

SHA256
faa5357bac02392f30315d456a3aecf20bc7bf935a2a0338c321e3edb784d3e2

SHA512
d9ede880b31b4a1eb28ff341463c6b554282912dc2233c7b14c9b8db4df9ffc2789c2205c1b5d33e057c4e50ab69e42f3ed39e97729986b7f0768614f5ba7b57

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

Filesize
2KB

MD5
404a3ec24e3ebf45be65e77f75990825

SHA1
1e05647cf0a74cedfdeabfa3e8ee33b919780a61

SHA256
cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2

SHA512
a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

Download Submit
memory/2168-13-0x00007FF9E0020000-0x00007FF9E09C0000-memory.dmp

Filesize
9.6MB

Download
memory/2168-2-0x0000000002BC0000-0x0000000002BF8000-memory.dmp

Filesize
224KB

Download
memory/2168-4-0x000000001C410000-0x000000001C4AC000-memory.dmp

Filesize
624KB

Download
memory/2168-1-0x0000000002CA0000-0x0000000002CB0000-memory.dmp

Filesize
64KB

Download
memory/2168-0-0x00007FF9E0020000-0x00007FF9E09C0000-memory.dmp

Filesize
9.6MB

Download
memory/2168-5-0x00007FF9E0020000-0x00007FF9E09C0000-memory.dmp

Filesize
9.6MB

Download
memory/2168-3-0x000000001BEA0000-0x000000001C36E000-memory.dmp

Filesize
4.8MB

Download
memory/5088-17-0x0000000002F70000-0x0000000002F78000-memory.dmp

Filesize
32KB

Download
memory/5088-20-0x000000001F610000-0x000000001F660000-memory.dmp

Filesize
320KB

Download
memory/5088-16-0x00007FF9E0020000-0x00007FF9E09C0000-memory.dmp

Filesize
9.6MB

Download
memory/5088-15-0x0000000002FF0000-0x0000000003000000-memory.dmp

Filesize
64KB

Download
memory/5088-14-0x00007FF9E0020000-0x00007FF9E09C0000-memory.dmp

Filesize
9.6MB

Download
memory/5088-321-0x00007FF9E0020000-0x00007FF9E09C0000-memory.dmp

Filesize
9.6MB

Download
memory/5088-323-0x0000000002FF0000-0x0000000003000000-memory.dmp

Filesize
64KB

Download
memory/5088-324-0x00007FF9E0020000-0x00007FF9E09C0000-memory.dmp

Filesize
9.6MB

Download