Analysis

  • max time kernel
    104s
  • max time network
    102s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-06-2024 01:11

General

  • Target

    https://recognise-env-js.onrender.com/

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://recognise-env-js.onrender.com/"
    1⤵
      PID:1396
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3768
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:656
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4836
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1660
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:1344
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3836
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:372
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1240
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.0.863923629\1711785591" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edd7a853-a68e-4b4e-ae37-918b45539c36} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 1796 2a80dbf6958 gpu
          3⤵
            PID:4192
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.1.1917406861\1452757883" -parentBuildID 20221007134813 -prefsHandle 2132 -prefMapHandle 2128 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cf467d7-a86d-42cd-836c-5820c2d35f3c} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 2152 2a80dafc858 socket
            3⤵
              PID:1904
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.2.1930805461\1152159230" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 2900 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {837c18b8-9385-4b6d-82e2-f341f9b6741e} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 3036 2a811dc4858 tab
              3⤵
                PID:4952
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.3.540661949\153900046" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d137637f-c8c7-4a88-8836-3de676a2607e} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 3532 2a802b66858 tab
                3⤵
                  PID:4844
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.4.902270095\1285386742" -childID 3 -isForBrowser -prefsHandle 4332 -prefMapHandle 4328 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6257d37b-b348-4c9a-adc8-77b235d45c14} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 4344 2a813c9cb58 tab
                  3⤵
                    PID:5408
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.5.1675682023\2079172809" -childID 4 -isForBrowser -prefsHandle 4800 -prefMapHandle 4804 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91232000-d969-4e15-a4af-61b8fc846882} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 4824 2a814851858 tab
                    3⤵
                      PID:5732
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.6.1982282419\1826823891" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd883ecc-05db-42cb-ab67-50ac991239fe} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 4956 2a814854e58 tab
                      3⤵
                        PID:5740
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.7.264885893\838800795" -childID 6 -isForBrowser -prefsHandle 5156 -prefMapHandle 5160 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88655b0a-9630-48fe-a98c-540b477a8c3f} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 5240 2a814851e58 tab
                        3⤵
                          PID:5748
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1240.8.552920513\1476388261" -childID 7 -isForBrowser -prefsHandle 5496 -prefMapHandle 5484 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcfc4b25-02d2-4845-8369-c4545bc12d31} 1240 "\\.\pipe\gecko-crash-server-pipe.1240" 5188 2a80dee8958 tab
                          3⤵
                            PID:3060

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

                        Filesize

                        74KB

                        MD5

                        d4fc49dc14f63895d997fa4940f24378

                        SHA1

                        3efb1437a7c5e46034147cbbc8db017c69d02c31

                        SHA256

                        853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                        SHA512

                        cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CEA1GCAC\warmup[2].gif

                        Filesize

                        43B

                        MD5

                        325472601571f31e1bf00674c368d335

                        SHA1

                        2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

                        SHA256

                        b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

                        SHA512

                        717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                        Filesize

                        4KB

                        MD5

                        1bfe591a4fe3d91b03cdf26eaacd8f89

                        SHA1

                        719c37c320f518ac168c86723724891950911cea

                        SHA256

                        9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

                        SHA512

                        02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DS69HDT5\suggestions[1].en-US

                        Filesize

                        17KB

                        MD5

                        5a34cb996293fde2cb7a4ac89587393a

                        SHA1

                        3c96c993500690d1a77873cd62bc639b3a10653f

                        SHA256

                        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                        SHA512

                        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFEF508CA1AA07B20C.TMP

                        Filesize

                        16KB

                        MD5

                        44ded3b42521a69532b952908219daf4

                        SHA1

                        4e2f57a05df4e2ba856d5f6bae793294ba040c04

                        SHA256

                        a5ee210f74f0f651e0471845ac20b1b4d336a6474e306504206584aec86a8fde

                        SHA512

                        039e110d9c3ee92ad4947dd307d12cea967f9e02c1965e1d65f722eda45ba8f9c7d1ee010822b21561e0fc998954f5be481fface155b5055806eb0c8fb1312c1

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

                        Filesize

                        9KB

                        MD5

                        88ff213d8a6ced54b259c2ae67a442c3

                        SHA1

                        253187953f0b7758d2334b4f3a0b882e08d1fa7d

                        SHA256

                        fceb1ecdfcaaef5d22fe6f7ebdd0c5180039ced3e398aea9735d9195026f1b15

                        SHA512

                        bbb589aae28be3a2ae19f6ea8fb28d1adca21c5708546ecd3f9fcb30b6fba50aa6c8f1723e5cd788a1ba5708b73b76f5c03a61be3fb708f5458e8b6b81c6b24b

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\b05afe5e-10b1-49bf-b3cb-cee55cb2e992

                        Filesize

                        734B

                        MD5

                        801515366daf0cb61b021ef15eed4a4b

                        SHA1

                        8a525512039c1b21c8ae08615bf89ec7733ce779

                        SHA256

                        62b7f3c26c9619eec0f58f8357c764f8120d05c920134692d4ae4482d8b513b4

                        SHA512

                        e4c9eaccd4a9fba91738b8821c9ed3706a7248cf0bcd60ad0c87fd3255bf201903bc20c7e2ef363f94ca6034626d8e7bb9b7475a41c89cb08d1bdf53ce7d5ca0

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

                        Filesize

                        6KB

                        MD5

                        b797beeda4af709a112c09c7455ff985

                        SHA1

                        e76be77197dc176f7959791d0f921c470280582b

                        SHA256

                        91e4b1c58b60a6125e193cff498876b41dd045bab9f66521f82b7bdd4a443ba3

                        SHA512

                        c798ce7fd42124fc2c548b642c37e40af73067691c0ac477f343102ddd6a7357b0ca76dd5c3ac876c0ea4f1be7cced1763092bbd80c36d502a73d3cc30320e8f

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

                        Filesize

                        6KB

                        MD5

                        ca9961ee8797ba53335b04d309353664

                        SHA1

                        812d5040af80bb50848d0f6728251fcad669b243

                        SHA256

                        40c0aab192b33bf63cb115c6cf31b612f679205a8606608da953c8ba7945d5c5

                        SHA512

                        ae66aa102590c95d5157a4e59e89ebc14ea529da6363e953f65f73129e9498379a5ef71bd4b4e60cee81ef20dc26b5dfec43ea4749752abc0adb95573b6338c2

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

                        Filesize

                        6KB

                        MD5

                        c0a3fc47639d143e5d32e487a74fcb00

                        SHA1

                        97506bd7e6f9f468bedd295b9fad50cd235f0edd

                        SHA256

                        881cda300476dfb831e1346c73858d372d8acb64940d83fb2fdbd9814c74c8f0

                        SHA512

                        99703daa2a8085f4dde62b08a44c3bf5cac40957a821b5ae47634f599dd3a1fce468c1170354c5e1a58c8fd69fce9c52213b456bfdcae0a275ef5db492468d6e

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

                        Filesize

                        1KB

                        MD5

                        e21e315f22f23c30b1554970eda983cd

                        SHA1

                        5f4a84e0b8fb72257d6490b428232a1339a3a147

                        SHA256

                        565733d8de36912ebe973cfe24fad02701797c0a62a0483eac35d3f2a2abc2a1

                        SHA512

                        225794b7f71e1b97d7843625ab230c1bc92747fe15075dfb59360fae5fbf0ca2c76af27622ec41a0212d2f822c1c0e22178215e231e2e981201c08330cf1bc1e

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

                        Filesize

                        1KB

                        MD5

                        738bf2a55e498d85e1646d1bca258883

                        SHA1

                        1c1ea1806583b131d60c1ddc90ce3150131302e3

                        SHA256

                        3d162f5abc61c0d11b503f285f2273576e5255c7a6fd053aad41f5d19cea8015

                        SHA512

                        a99d16776aeb77b91456f833169a2bb2e6131bd776f61f18958a05ae7e3f75e275d3be2b1282c00eac893b16a0c2346b7391d9298e4c2fc1b6e6166409fae2c8

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

                        Filesize

                        1KB

                        MD5

                        0361cb48957b130855d9e1d1710574df

                        SHA1

                        73b593ef77b4612d385f374c7152116a0c1d0e1e

                        SHA256

                        75cd23485e9ca53dde06d15ec056b2fc1e4bca075bdad99b6cd8ace5fab58ce1

                        SHA512

                        efae5a479c545545695e3796303bb7b3f5efd58af59d07158e0a32b62d2a63c775660b4161fee92dc88d6de33832ab5070e55596bd4938b6e20702a15162383f

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

                        Filesize

                        1KB

                        MD5

                        00e2b7377bba2930008bd7c8988b0dfd

                        SHA1

                        02a2f226bc91b2810257183518625a7ca2e40d92

                        SHA256

                        e4f3ac787b713613ebff22f4037ca9a3b7188c0d084096fbd7f455bf44155d8f

                        SHA512

                        d9b814bb5ba0a02f95387651d50e6a573a1ec1d76d5d164135cd6b31c3f352605e4dd158769c3ae83b3de4a188996cebe9d2e07ebeaf16f71edcb99d3483b323

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                        Filesize

                        184KB

                        MD5

                        731c0e733fe1e3123d366af7c8e578ae

                        SHA1

                        9756304ea773dd9cd96e5996dc79de2ed6a9ae9c

                        SHA256

                        8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359

                        SHA512

                        d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

                      • memory/1344-74-0x000001946A0E0000-0x000001946A0E2000-memory.dmp

                        Filesize

                        8KB

                      • memory/1344-59-0x0000019459E80000-0x0000019459E82000-memory.dmp

                        Filesize

                        8KB

                      • memory/1344-64-0x0000019459ED0000-0x0000019459ED2000-memory.dmp

                        Filesize

                        8KB

                      • memory/1344-62-0x0000019459EB0000-0x0000019459EB2000-memory.dmp

                        Filesize

                        8KB

                      • memory/1344-109-0x000001946A8B0000-0x000001946A8B2000-memory.dmp

                        Filesize

                        8KB

                      • memory/1344-72-0x000001946A0C0000-0x000001946A0C2000-memory.dmp

                        Filesize

                        8KB

                      • memory/1344-70-0x000001946A0A0000-0x000001946A0A2000-memory.dmp

                        Filesize

                        8KB

                      • memory/3768-35-0x00000263E4160000-0x00000263E4162000-memory.dmp

                        Filesize

                        8KB

                      • memory/3768-352-0x00000263EDDF0000-0x00000263EDDF1000-memory.dmp

                        Filesize

                        4KB

                      • memory/3768-0-0x00000263E6C20000-0x00000263E6C30000-memory.dmp

                        Filesize

                        64KB

                      • memory/3768-455-0x00000263E5E10000-0x00000263E5E12000-memory.dmp

                        Filesize

                        8KB

                      • memory/3768-458-0x00000263E41E0000-0x00000263E41E1000-memory.dmp

                        Filesize

                        4KB

                      • memory/3768-462-0x00000263E3DF0000-0x00000263E3DF1000-memory.dmp

                        Filesize

                        4KB

                      • memory/3768-16-0x00000263E6D20000-0x00000263E6D30000-memory.dmp

                        Filesize

                        64KB

                      • memory/3768-351-0x00000263EDDE0000-0x00000263EDDE1000-memory.dmp

                        Filesize

                        4KB

                      • memory/3836-176-0x000001E8F22A0000-0x000001E8F22C0000-memory.dmp

                        Filesize

                        128KB

                      • memory/3836-181-0x000001E8F2570000-0x000001E8F2590000-memory.dmp

                        Filesize

                        128KB