Overview

overview

10

Static

static

5

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    300s
  • max time network
    297s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-04-2024 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fed5cdf2646fce20a5a7445cf6f34a0194834969d026b56dab39b88b368856cf.exe

  • Size

    896KB

  • MD5

    288830b6d6bb6b4ba822c6e83baf1360

  • SHA1

    d23a08d6e7312b3b8334470b2bb9734c6e1117c2

  • SHA256

    fed5cdf2646fce20a5a7445cf6f34a0194834969d026b56dab39b88b368856cf

  • SHA512

    3914f89f647257b4fa7a008ad3b414d252986c42a63ab8005b2f93e0d5b1306d664f911dcd1bda1acd1cdd95a01b03d93b92803b13827ecc36c4039f0cdefbbf

  • SSDEEP

    12288:uqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgagTx:uqDEvCTbMWu7rQYlBQcBiT6rprG8a4x

Score
10/10
googlephishing

Malware Config

Signatures

  • Detected google phishing page
    phishinggoogle
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fed5cdf2646fce20a5a7445cf6f34a0194834969d026b56dab39b88b368856cf.exe
    "C:\Users\Admin\AppData\Local\Temp\fed5cdf2646fce20a5a7445cf6f34a0194834969d026b56dab39b88b368856cf.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1468
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4420
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:756
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3076
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3576
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4140
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2960
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:3572
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:3428
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:1328
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:2844

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZDIGHWMN\edgecompatviewlist[1].xml
    Filesize

    74KB

    MD5

    d4fc49dc14f63895d997fa4940f24378

    SHA1

    3efb1437a7c5e46034147cbbc8db017c69d02c31

    SHA256

    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

    SHA512

    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4RJHRD2W\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9CQ30U3Z\4Kv5U5b1o3f[1].png
    Filesize

    610B

    MD5

    a81a5e7f71ae4153e6f888f1c92e5e11

    SHA1

    39c3945c30abff65b372a7d8c691178ae9d9eee0

    SHA256

    2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e

    SHA512

    1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\G3WQW9EW\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    e4631530ca2d3fdd6a35f596669e54e7

    SHA1

    68d9ab4969b7609ee8a93fa2ae766c9781748d37

    SHA256

    9e7216e6a933186a53c67090fe23f1849f1b3036897eddfed00313bef9370fb7

    SHA512

    dd58af9d8cb5e508e4d04872cb477f1cf9c04c68db87ccae04820fe351362296c5572b45ab416c08d41cb97374ceec3b0b0d28dfed750267622c5bf4dd79dad2

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    4KB

    MD5

    1bfe591a4fe3d91b03cdf26eaacd8f89

    SHA1

    719c37c320f518ac168c86723724891950911cea

    SHA256

    9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

    SHA512

    02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_C0E9A060DFB4E460CC3576DA89FF9A7C
    Filesize

    471B

    MD5

    bc281a09d3e949376c8e2dbdb0f82a3f

    SHA1

    c87b2987c450a8b07484d7772f3a0a5c52e99818

    SHA256

    674a69dd0079032ff724774bb9427aca3210977262c1ea0c5fe2bfdc8f1a3052

    SHA512

    96615636865ce92f856c476f84664fd81b8fdd6b87c10bc9ad1a99c5f98213bc57db9c31bec747cfcdfc9afc4115dade8eb8bbbf64b8c0bf45b341517bf8f58d

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    ac89a852c2aaa3d389b2d2dd312ad367

    SHA1

    8f421dd6493c61dbda6b839e2debb7b50a20c930

    SHA256

    0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

    SHA512

    c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_9E23C1D3BC042F285396F92A9773D1F3
    Filesize

    471B

    MD5

    7d7e784f655eb849f188f2ff7b62513b

    SHA1

    0cab55085edd877b2f4fb48c6c5c02a45d3f2e7d

    SHA256

    d5af2542ad112462b260c73499fa73845e28df8ba121a9751fb1ae436b3d0f0a

    SHA512

    85c5c9b9b5c8fe99c721b754ec5dcb9de93439e8063ce6d9eee60fe8a5ac5e1b464ee60d95976c923313833770de9c14bbdf35fb67cdfcdb0abb9b1cedd68196

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    de8185969710c9d8c0862042d6a68645

    SHA1

    0c02486826909ce0b6b9a2f29be143919cdeb0c4

    SHA256

    3e265efc342f95274ccdfdca88f61c69f97f87101a5fe64590f8e7295a5acb23

    SHA512

    e1c088d6f97ec2e3b39af7e750c2eda425f3ad64172a9adcf5199726de9f4c14a0c25592eb210ec0e40b27a875b2a15dbadde1770c96d4491b14f9e81c6dcdf0

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    24227b97aa4438d4b2b0aeeecea4f37b

    SHA1

    ed7a927096fd91cc860a7bfeb48ceeece4afbbc0

    SHA256

    10002b812066cf822a77a8c27ad57a0dcab66e02af18dfa1dc1925141c94043b

    SHA512

    f997196ddb33e099f4899f3a8fb69d7cb92d28d40738521dff18e4933fe875e4d03e53c53a3d049a5457521e340f2ae39248f0af5b0936a48d55be2a74b931c0

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    338B

    MD5

    d5bae9b548cd0d11c5ded2e8b93dd3c2

    SHA1

    369c8381466e92fe85832138677c1fa576c43e3a

    SHA256

    dd3535f917c873b407040c44e8fc8e008893e0ac303e7ae2941f014c38832c07

    SHA512

    6a82fbe69c36b799530a2ed2ff37fab7e38e532f9c8d7dcbc015ab64951267523c855b0d547e054d88e7a1934e9a894c693135a0f2209378f719efafc0815b51

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    Filesize

    338B

    MD5

    be30a7e68c6dcdac4ae254f1167fa5ab

    SHA1

    07ff588a3084ce56446abc5cb7cea5305cb8a4fd

    SHA256

    da8314315e0ca3154faeca951cbca39daf861ff4b4d1f39105fef2d384be49e6

    SHA512

    d734c45fe0a057f5816500de28e80202cf5f637bcad99161b61178f86d2dc7e33fe1daaa84537611191e0a22eee40dc8591f51b0808727b8188caae983543589

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_C0E9A060DFB4E460CC3576DA89FF9A7C
    Filesize

    406B

    MD5

    0796213d26696fb26a4322f16c198334

    SHA1

    caa224418955e2a28bab6f32bd625dba0bdebff2

    SHA256

    e301bdab5323795d70ee4ab2d838436a3cd52e14eb37b4824377c2fd029b33fe

    SHA512

    75fe1e601170072ee7f57d98fff11fdcf6215949f4be2a0f9186486dc6bd001d5980211af622d00a227ed7bd88e3756d2583ff06124f2a294fd0d3473ff23296

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    810d6305483d83c9035ff6057ef3c88a

    SHA1

    0c0492832af10392ae4bc2b60768b79a55430c6e

    SHA256

    3af40871ba220632b2cbaba99c7c6c58cc738f7aa353f3ccd79c2e9d5ae6098d

    SHA512

    91626417ab5dbe8b4ecc6a2ab7507f1f8a8aaed8193595a9601ab74471add03ebf6f81fbaa4e1e2ddf08f1e27f4f128d70a779296a7721b744646598577103c6

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    dcb2df5947829f143ec5d3a863a29f2f

    SHA1

    e5b6c412209f1ebb4b6b2d98623e132003c6e6e3

    SHA256

    f4223571a5e93048d8a4d74a3799f0a722486ade4751fe48dedd16d9585082dc

    SHA512

    b68eafaa425bf79832ce88d35cb9d59eabaecbe1cfec02935937b0e995753a5704efd6becb185fbe3fd143f6f2e685544365f036a4a1339df06e7004adaa1e5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_9E23C1D3BC042F285396F92A9773D1F3
    Filesize

    406B

    MD5

    9a9e32b5b6f6281b9631b362612e95f4

    SHA1

    c69d41d1cf028ca4a5febb63c7199281cc76ce8f

    SHA256

    cd12a5bccc641365536fb0b7e9191ce2db6e5a75241ba6c7fe5913dc38eb9983

    SHA512

    b1437537348e44c434c588593e287e3ccd24a4e958013daf379addf62f5797634e515ff320a506a2c2564ee9286f85c3af5ced2ba9b04c45cd383945188f27f5

    Download Submit
  • memory/2960-217-0x0000018A7D800000-0x0000018A7D820000-memory.dmp
    Filesize

    128KB

    Download
  • memory/2960-363-0x0000018200020000-0x0000018200022000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-103-0x0000018A6C2E0000-0x0000018A6C2E2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-105-0x0000018A7C710000-0x0000018A7C712000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-107-0x0000018A7C7D0000-0x0000018A7C7D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-150-0x0000018A7D120000-0x0000018A7D220000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2960-218-0x0000018A7DA80000-0x0000018A7DAA0000-memory.dmp
    Filesize

    128KB

    Download
  • memory/2960-221-0x0000018A7DD00000-0x0000018A7DE00000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2960-289-0x0000018A7D490000-0x0000018A7D492000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-318-0x0000018A7F570000-0x0000018A7F670000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/2960-325-0x0000018A7D890000-0x0000018A7D892000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-329-0x0000018A7E5E0000-0x0000018A7E5E2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-334-0x0000018A7F2C0000-0x0000018A7F2C2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-337-0x0000018A7F2E0000-0x0000018A7F2E2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-354-0x0000018A7D300000-0x0000018A7D302000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-394-0x0000018200170000-0x0000018200172000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-372-0x00000182000D0000-0x00000182000D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-375-0x00000182000F0000-0x00000182000F2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-378-0x0000018200110000-0x0000018200112000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-381-0x0000018200130000-0x0000018200132000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2960-388-0x0000018200160000-0x0000018200162000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4140-168-0x0000028D250E0000-0x0000028D250E2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4140-152-0x0000028D250A0000-0x0000028D250A2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4140-164-0x0000028D250D0000-0x0000028D250D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4420-0-0x0000020BDD820000-0x0000020BDD830000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4420-204-0x0000020BE40F0000-0x0000020BE40F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4420-205-0x0000020BE4100000-0x0000020BE4101000-memory.dmp
    Filesize

    4KB

    Download
  • memory/4420-35-0x0000020BDC9F0000-0x0000020BDC9F2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/4420-16-0x0000020BDE000000-0x0000020BDE010000-memory.dmp
    Filesize

    64KB

    Download