Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://send.vis.ee/...

windows10-1703-x64

6

Analysis

  • max time kernel
    47s
  • max time network
    153s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08/05/2024, 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://send.vis.ee/download/c482a15825fd40fa/#E7jZPkRfi1aoVn4zikx6Yg

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in Windows directory 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: MapViewOfSection 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://send.vis.ee/download/c482a15825fd40fa/#E7jZPkRfi1aoVn4zikx6Yg"
    1⤵
      PID:2040
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3044
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • NTFS ADS
      PID:616
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4336
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4248
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2660
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:2116
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2720
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4416
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:2792
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:3892
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:3080
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:5304

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
        Filesize

        4KB

        MD5

        1bfe591a4fe3d91b03cdf26eaacd8f89

        SHA1

        719c37c320f518ac168c86723724891950911cea

        SHA256

        9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

        SHA512

        02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7BUKSPQ\edgecompatviewlist[1].xml
        Filesize

        74KB

        MD5

        d4fc49dc14f63895d997fa4940f24378

        SHA1

        3efb1437a7c5e46034147cbbc8db017c69d02c31

        SHA256

        853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

        SHA512

        cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9FZ0PIKU\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js
        Filesize

        289B

        MD5

        9085e17b6172d9fc7b7373762c3d6e74

        SHA1

        dab3ca26ec7a8426f034113afa2123edfaa32a76

        SHA256

        586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

        SHA512

        b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\E50OKCZC\4TQ6xhX_0XDFyLdFRS-kPhFXirA.br[1].js
        Filesize

        7KB

        MD5

        fbf143b664d512d1fa7aeeeba787129c

        SHA1

        f827b539ae2992d7667162dc619cc967985166d9

        SHA256

        e162ccd10a34933d736008eb0bc6b880c4e783cf81f944bca7311bf5f3cd4aff

        SHA512

        109ec6433329f001c9239c3298a10e414522f21be2a3d7b8a9eb0b0767322eaad1fdf8f5b11edb1f42882b4e75ae71bef7fe786716407c8efad4feacb3dcf348

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\Z01F333H\discord[1].xml
        Filesize

        13B

        MD5

        c1ddea3ef6bbef3e7060a1a9ad89e4c5

        SHA1

        35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

        SHA256

        b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

        SHA512

        6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\XV0RF7AW\www.bing[1].xml
        Filesize

        1KB

        MD5

        cd806eabd1e9e61205e7d5834a35daac

        SHA1

        49c88501520507f16e1335a21d2be742174cf558

        SHA256

        10a77e29d7f575bd5029365febdad631afb1da3a5fd30b3eb57e628eb79b5ce6

        SHA512

        80f309af25c4a0ff636671c030a105f00eccbe0b14efc65434e2a03f805eb73057fecf0732e264391cec45453c63b0e36abf9e0ed00d38f63e38f19bca5b8cb0

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ZE1UE95Z\www.msn[1].xml
        Filesize

        484B

        MD5

        be8b0861d414159a550d558c02c37403

        SHA1

        919b28e601a0c57c49805dbfd6417a031edb95b2

        SHA256

        c32e49fccf252495539ebadd9fb5ebb8a765e616d2c502337b3173315dc1d534

        SHA512

        24449c00dda0d9892f2d97f07a5c91e9297e6f2eca99d93b2b3baa67240cfcbedb8a410a7b7c3d0f7f11b752aaf643ad2850da398daf9cfac93116927663cee2

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\09QMEPRI\favicon[1].ico
        Filesize

        14KB

        MD5

        699171b240ab8c0a3235774930169015

        SHA1

        dabd8627ed8282abf2572eef287de9bd33c27f66

        SHA256

        9a0910087c6326100343c8ec32cea30f5fc8afa3e9b271525d85bf3bc9d3c244

        SHA512

        1378574f40942df2e889247b3489d68699c395c343c8eba23ef358731986014747f29634e5b91acdb819809a302c83b27175fe62e4e5bb862fe686f7c8123e3a

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2MA0OUKE\favicon[1].ico
        Filesize

        758B

        MD5

        84cc977d0eb148166481b01d8418e375

        SHA1

        00e2461bcd67d7ba511db230415000aefbd30d2d

        SHA256

        bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

        SHA512

        f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4LTFSF38\favicon-trans-bg-blue-mg[1].ico
        Filesize

        4KB

        MD5

        30967b1b52cb6df18a8af8fcc04f83c9

        SHA1

        aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

        SHA256

        439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

        SHA512

        7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8HCSSPZX\favicon[1].ico
        Filesize

        4KB

        MD5

        da597791be3b6e732f0bc8b20e38ee62

        SHA1

        1125c45d285c360542027d7554a5c442288974de

        SHA256

        5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

        SHA512

        d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\cf8ch26\imagestore.dat
        Filesize

        28KB

        MD5

        9a24eea2b387743c1431a193774d1d41

        SHA1

        d41bbdbb7d606f55e29dff3027b9d496c11221f1

        SHA256

        5dd897083d7e4d2e77eaa8324bfeb259f2a97de68f5fe7d60af495fc515e8f64

        SHA512

        12b7d7df4ffe73353a728f35b4899f59c8ed5dfbbfea7c622e2526ad4df83c47a4e55a66991c9d217d1513f50d17e635883bd9805cbeb9d19c52e6c2aa322aee

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NMWE4ITS\VBR_CHEATS_-_FREE_VERSION[1].zip
        Filesize

        8KB

        MD5

        2db15a3aeaf9094e3748a8c89d6c8e2b

        SHA1

        f0df592b5df58aac8f010972e66ec05d7bd3054e

        SHA256

        6fdfcc006dd985752dea0564a8d59b7e82540217912e1c7a7e4e45feac7b72ec

        SHA512

        767376404489d50c77aacf1036b87284036d50f314accf464b64d59b26c073e36d1a05bc8cff0a190e8a43bff9658fe73c3434700cb69863bce8dbdc61095d4b

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
        Filesize

        717B

        MD5

        822467b728b7a66b081c91795373789a

        SHA1

        d8f2f02e1eef62485a9feffd59ce837511749865

        SHA256

        af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

        SHA512

        bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
        Filesize

        313B

        MD5

        0429e71f8a70605581535441c9957c73

        SHA1

        374e133e804a7093dcdfcade5587ab1a96512ece

        SHA256

        aec9599f8e40ec899839ab0bad0c50ab7dd7ac73af8496495c44df31c299fb7d

        SHA512

        436a0c74a8bbe3e800bc271a7d3e872f843dc51868919a647d57693212a1179a64598b9b6092e63a8f2a55d8ca3335ce93ffc1a136568c1fc944377b0cd1643c

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
        Filesize

        192B

        MD5

        82c9594e92ee1032a70506052307d703

        SHA1

        99ea386894424d505f37d007be456233f7099ec4

        SHA256

        2e06ac018796f94b5d052c3b050647f49b5269eaad39111dcace07e90fa9e12d

        SHA512

        8f5c2b9fe8697c4a30400aa72a395dd362e8a1866c189b299606b2e5f57711de2dd3b3ecbb3bfe8bdcca2a90b654e7bac32f9b8629d220f518513433f2a54c39

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
        Filesize

        404B

        MD5

        8917a83ca5265d788fd0b7ededd25a59

        SHA1

        6a4224ddd6b91678f64d35bcf9a44511866d2406

        SHA256

        bdd69d400a1c89fe225e030095b01918c41dda17b73aca97e4ebfc214921d45f

        SHA512

        f272114fbf445127bd998aeea364a8d1cc8aa557bb77e3620113d5d8276f1950d1de6edc285402dcb8bdc840b806160d5b58bd2620d46b0ee62a6cae2f3e3223

        Download Submit

      • C:\Users\Admin\Downloads\VBR_CHEATS_-_FREE_VERSION.zip.93bxb1f.partial
        Filesize

        543KB

        MD5

        b9eda964cb5274c3ed7da73c1beeac88

        SHA1

        22c8b7874a4d489613b89900d827a4a93c59d176

        SHA256

        1660e510211c1e25d310774619fd962b8889dc55c263a548b73442f1ed3f11c5

        SHA512

        ef48cdbd7c01aec7281c80b86b5cc15e90ef01ca6355ff2808c83ee02d0af32e88003a92f43a113af56af8924f1a0d243ead9ae2da7add3791ff6a4cf287cddd

        Download Submit

      • memory/2660-172-0x00000207F7BF0000-0x00000207F7BF2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-370-0x00000207E6240000-0x00000207E6242000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-266-0x00000207F7F30000-0x00000207F7F32000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-268-0x00000207F7F70000-0x00000207F7F72000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-332-0x00000207E65B0000-0x00000207E65B2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-73-0x00000207F7AC0000-0x00000207F7AC2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-338-0x00000207F79D0000-0x00000207F79D2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-340-0x00000207F8170000-0x00000207F8172000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-257-0x00000207F7EE0000-0x00000207F7EE2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-166-0x00000207F7B90000-0x00000207F7B92000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-176-0x00000207F8590000-0x00000207F8592000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-83-0x00000207E6AC0000-0x00000207E6AC2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-374-0x00000207E6AB0000-0x00000207E6AB2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-372-0x00000207E6280000-0x00000207E6282000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-376-0x00000207F7CC0000-0x00000207F7CC2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-75-0x00000207F7AE0000-0x00000207F7AE2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-87-0x00000207F7A30000-0x00000207F7A32000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-168-0x00000207F7BB0000-0x00000207F7BB2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-85-0x00000207F7A10000-0x00000207F7A12000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-170-0x00000207F7BD0000-0x00000207F7BD2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-80-0x00000207F7C50000-0x00000207F7C52000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2660-78-0x00000207F7E00000-0x00000207F7E02000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3044-199-0x000002118E020000-0x000002118E021000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3044-1-0x0000021187130000-0x0000021187140000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3044-198-0x000002118E010000-0x000002118E011000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3044-35-0x00000211845B0000-0x00000211845B2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3044-16-0x0000021187220000-0x0000021187230000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4248-43-0x000001E0A2200000-0x000001E0A2300000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/4416-419-0x00000212E2900000-0x00000212E2A00000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/4416-388-0x00000212D1D00000-0x00000212D1E00000-memory.dmp

        Filesize

        1024KB

        Download