Overview

overview

10

Static

static

10

2024-06-24...ry.exe

windows7-x64

10

2024-06-24...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-06-2024 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-06-24_558083340ab1deb29d6ec5ac959c7c1e_destroyer_wannacry.exe

  • Size

    26KB

  • MD5

    558083340ab1deb29d6ec5ac959c7c1e

  • SHA1

    d4102d270a9e09741896bb2f473257d3911ec168

  • SHA256

    3c4c1c5b2e0fd02097afcc2e847c6f4808fb1d4ccae4dbfd58749992dea3eadf

  • SHA512

    e23dd209d654facd57566adade5c04f7a32200619b8da157acbabe31d16cbe0c38c76b84e3ae04f689dfbc29973ac00e0c0916cc2a355d6f32b716fc9076ac15

  • SSDEEP

    384:RtWZPzzxAm1vM56qlx7fbChvLKeGS2NinUlPOy5o91clSw282vp:Y7zxAmwHrTmeeGSSiyho9oSB82R

Score
10/10
chaosdefense_evasionevasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 3 IoCs
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • Deletes backup catalog 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Disables Task Manager via registry modification
    evasion
  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 48 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 34 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-24_558083340ab1deb29d6ec5ac959c7c1e_destroyer_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-24_558083340ab1deb29d6ec5ac959c7c1e_destroyer_wannacry.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Users\Admin\AppData\Roaming\svchost.exe
      "C:\Users\Admin\AppData\Roaming\svchost.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops desktop.ini file(s)
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Windows\system32\vssadmin.exe
          vssadmin delete shadows /all /quiet
          4⤵
          • Interacts with shadow copies
          PID:2436
        • C:\Windows\System32\Wbem\WMIC.exe
          wmic shadowcopy delete
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3032
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Windows\system32\bcdedit.exe
          bcdedit /set {default} bootstatuspolicy ignoreallfailures
          4⤵
          • Modifies boot configuration data using bcdedit
          PID:2756
        • C:\Windows\system32\bcdedit.exe
          bcdedit /set {default} recoveryenabled no
          4⤵
          • Modifies boot configuration data using bcdedit
          PID:2792
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2804
        • C:\Windows\system32\wbadmin.exe
          wbadmin delete catalog -quiet
          4⤵
          • Deletes backup catalog
          PID:2824
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Roaming\read.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2716
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:212
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2588
  • C:\Windows\system32\wbengine.exe
    "C:\Windows\system32\wbengine.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2952
  • C:\Windows\System32\vdsldr.exe
    C:\Windows\System32\vdsldr.exe -Embedding
    1⤵
      PID:304
    • C:\Windows\System32\vds.exe
      C:\Windows\System32\vds.exe
      1⤵
        PID:612

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Adobe\Updater6\read.html
        Filesize

        5B

        MD5

        8e8d2bdd461b3db1a25d25b8678968b3

        SHA1

        729f0c9707612f55c186205460987aaadffefc61

        SHA256

        68cc373452950aca274fb88a401d848743e1ce56d49de25cbe75709bff28f57d

        SHA512

        48ec79a83329e27c33332896bc5d0aac749524ca79b14442440b6fb017b78766df5a959c9a689c029986adfb5570b2f04b4d8e5a703d89408e9520e0e40b671a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        2f2d946e738998c5589f8e31eb7001d0

        SHA1

        51e90fbce48690d8e0ae7cf8438d9340bf1ea059

        SHA256

        eb66d627cf53ceac5ba386cab83fd399e6049bd1b8d28be1a3a14495f48f7367

        SHA512

        372cf190218080264980e1deaabdccf0078853d938ab4ba977e03ae88e26eb371ff269f28aa7bce7efbac22bc5239eb5d7b951fded45c0beca4df807ce4e6492

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        fabf7d1be91458f447e9b75b049def3f

        SHA1

        b41f3c9861abd6d49fb874cd2891459633d4ce9d

        SHA256

        6eecdf55da931fd3a3d1d6243877be0a53f340e01a503333320ce63b387f971e

        SHA512

        bdcbb03e7038391fcd8684d9b2ee7f707ca6aa842839b700b37966de0088f326e752b614ad848bc07d3d8521f091efabb48ddb886f38c9b2f407412e15640951

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        415a4cf96ea911a7fe2f59e628cb2ae3

        SHA1

        1fa8912b5b69d4ade840000ef463b17261ed05bc

        SHA256

        bbc8a9a0005a5105f7afa9d73a2f652ae554766f6c851e73036f84cf2eaa1301

        SHA512

        6746bb5255c977ec40ffc3540940ee46b60fb7a243d2014bf06d4dc21316a1ce615e9cea15f2eba03b858733faff21d07ea3df87f6b8fd131e2b2d12088bfd32

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        d567428eeb5300ce8c9d967ae63919db

        SHA1

        1dcab689e4ca0285d2d883bf8f719dca5a1b5618

        SHA256

        c8049f4840a66eccdab05a50be757c8aaf33578f3bd3dd0b621a16c44f69d06a

        SHA512

        46988e8678a478580a93457687e14d748de0428361c2bb5969e0c0c446e21153c122fa839907fc5da229c4fe07d37dc8664982b8ad6aa5b024ddd307a4a8a1e0

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        00558387b846e5fc4ca1e85aa81135dc

        SHA1

        3c3b942f56707ed97a36c976181e6cf906cfa55a

        SHA256

        15937664d4338509c07455527e398c6815f90b8d8f436b9b38c3cbf0ba2b0678

        SHA512

        ea9b74be8258f9c8e13fe33a0c733e1290b8fbcc99d2485fa76a7e806a909838ad3bf6eeb57805ba14ffd112bd57342901a6d0a76c660e1527d7400f2c7f4e24

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        a8bd242bdf68a0641e09eabf47402090

        SHA1

        19d5257db0b9da1e8186c7d1957c1d4f60ff279a

        SHA256

        d4f657fbc744142f144d41eb0d9b7caf94f4547d78e9ac6504d118432b383188

        SHA512

        48de3349b674025efb00e5fe73f4adf768a8939c8f6035261b561a27b696cc355107d1dc00bdd636e8e82af0744d0f19f85f7d0ca3607904a2e3069d23f6c088

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        e54821508c960e9fb7856f08f3bc4ede

        SHA1

        f833e6339e679d107d6e5fd783b3f57500e35938

        SHA256

        f9e7af552c4bbf902e74294b350f4d18dd2c943223c47cd7a3ca187e74cd318c

        SHA512

        3ac052a98ddbf879d57f959a8dd9b4d2a845cf08f9b1f0908a1e036dc18388aedfa866bee04dcffbdcb4fe77435a14b86a42e5c7228f97f7d627c1b96d1540c0

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        835a94c5cba3fae01bc81580878a7077

        SHA1

        7c41df18a9060d3b5c1dd4011acb01e41851b67f

        SHA256

        f8511da2f2dcf1b5b93d3816fae013908873c06df90079679a6b3cc0b38a9af3

        SHA512

        0d76852bea5a9920674cccdfa28c9812d8b4803576598039c904c6c96929ac079deeae9c7205a29ef861ec54e9173f4aed614b3bd3c404171ac186da22a5244a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        92d378c81c6cb416fac44b6a094aafd9

        SHA1

        7eb916619ac4b0eaa85b0843d735715ef1f9ee29

        SHA256

        47385e28220621fd7ccb3322d4bf1647c7399ea4d1677d4a579613b47f9bfd78

        SHA512

        c5b4ab55663362ed7a122ab1f0c74c2f9936d4edb2292f12c8030455c8f2b9688742be0d3b0d3596e41430f1d4c2a5609b26c6781c760d234ef529dbb0ab074c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        a2bbd9be62a7b8aa16ae7b54ad2374ee

        SHA1

        ad3f596edefc8ced8bf56b1cdf3df293daed905e

        SHA256

        2327224663537b983e646f18f86c7c1f8b7d1a31ccf44800db381b96a95fa0f8

        SHA512

        9a629fb5554558bdef3381a434d27465886d84305e85726376c5f95641428d60315219624655aee1a2e1267169d8dc54ca9acdd2006d68ab331418f83b20af00

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        efe1d561dc3fcdc30f98a0743c08d9d4

        SHA1

        3d52b9d74990cbc85476c6d5de447861a4a62b7a

        SHA256

        38ab1a2797197d97c5e9b5bee09e7dc56e91d00d4923c33403227e33da1947d9

        SHA512

        6846717989b426345d2a6eedba96de3f099286f221996d7e7897eadc299e5bfb1e0188b5d6caa01a3290310ac6f1faa52f8df28db0b7abdf10ad053abe1f5d97

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        5a0f241115bd6c4198ed54fefd9ae06b

        SHA1

        0a0b429b7b559eee55bc57d0b2a75793c159d80f

        SHA256

        db74ea604f99fb15dfc46627a5acd8335b4f3348675fbf89cbd37399df21e4a7

        SHA512

        c0a41a5a4f9a664daf8a92e19684793b28476ec47b9da11c0cc0fb691f017f838b4da71a800e18d1602daf1e92f571797b5632cd59e855a4b77ba91c39124e82

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        13d10bf0f98351e94fab556343258b32

        SHA1

        fb28e3a6a4dd0068b38ac456dedf41e0614622b6

        SHA256

        bbe86fce3cbb2ad31f68d60c6d44901727f89f4badfd281f29ea849d265108cd

        SHA512

        2a57e595cda4207118f836a3aaf3d894c1258a6ee9aae92e38cb952520d9f953badd3606fcb9dbd11fa87480d71e824843ddf387d7911d680abfd6860377b4ac

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        d8b7a6f309335d330948c0f1ecf619bb

        SHA1

        950e2f953f12f063b111ab1e40943d68ef457a88

        SHA256

        6e69c0aa26dbb93434a61ab0a259a1c653687de9ae4862b1e0fea43ade577d65

        SHA512

        eb23da1df720ec70c7d00581416c5d698cfdb124643dfae9cdf74eab33888e728e29c8b5a0ae4581c2cc649c0a07fa4cbdc5581f7cd1bbda54e16cfef93409bf

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        6613b0c76a6e3e05b2b1ad97888a3516

        SHA1

        71d37ebe0698524a301e58b576ff46c564c56606

        SHA256

        de2741e0c6a0e6ed77c80f84be20d58d9163d91ad9786302a12895505356a752

        SHA512

        0fb8edfda1ddbb8f7ac103002f720be31a7d67ae7cae69c531547fbb6e86dd612547e450da61d488c1f1d70da273ec6448cfd991866310ee42f2a30fef7209e7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        e30e602c238b287015f52d2643073653

        SHA1

        5a957c179eb4540cb41c7f00b90772bdb85e28c5

        SHA256

        a880866e0a5e95c49095084d7983c8e52b7b90c70bf6ab09449cef956e5faaf6

        SHA512

        48fd148f2a9f57b9ec0e5eb9891cbe82128c9f75d27d2c34f86f8005ecca0a15fcf3cb6e6c96a803a5a54b00ffa9867691c25ee62646d36d0d9d6993118807f7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        d4351b7f0f3f7eddb6f7113acd9a3dfb

        SHA1

        86982ca780edd6eb4feadcf8a9ecad67dca384e9

        SHA256

        95b8bdc59cac4a14f6bf2087db4e7dc8cebc5d1352106295c89f1341845a1790

        SHA512

        94551ec9435dd49346454f08f83c729699e0da4411eaec275999a5ec60bffdc8dcc684f5d46c02dc0a8724ceba82b218dc79360bbe3444b23faf84aca2a10251

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        171c2ea540b655cfab6fda659dc419f3

        SHA1

        0c257555e6aba281fe3e059f3a4f067aa3e7d7fe

        SHA256

        56e3c949798c161ff97ca7e61d188e6ed532b53f5989661a67a3bcaf18ad3984

        SHA512

        9001b668f661b7c92122d76683fcbd5e2dd8f7e7574fef0e6ac9ef0680b1e1b446356890dabdb9f495d8e7dd577b93b6449019fe577848850c6d1e333fbfb80e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        f2ca34840f577df6b9ef2abf3ef78421

        SHA1

        08cdf5744205d4cab2b7962f6f04763b8a64e9a0

        SHA256

        c008cdab9c10ddda327876e561078d2920d76bed684d4dad8c6591fd989ab48e

        SHA512

        c2779d63f7eadfdada7cca90c670d992a84338239857017085811f7b781928c522ccce3c5b77fb59479b0c47bb349744442f99a46b3634b5b0387d8c2ccfe133

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab4ECD.tmp
        Filesize

        65KB

        MD5

        ac05d27423a85adc1622c714f2cb6184

        SHA1

        b0fe2b1abddb97837ea0195be70ab2ff14d43198

        SHA256

        c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

        SHA512

        6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab4F9B.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar4FB0.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • C:\Users\Admin\AppData\Roaming\svchost.exe
        Filesize

        26KB

        MD5

        558083340ab1deb29d6ec5ac959c7c1e

        SHA1

        d4102d270a9e09741896bb2f473257d3911ec168

        SHA256

        3c4c1c5b2e0fd02097afcc2e847c6f4808fb1d4ccae4dbfd58749992dea3eadf

        SHA512

        e23dd209d654facd57566adade5c04f7a32200619b8da157acbabe31d16cbe0c38c76b84e3ae04f689dfbc29973ac00e0c0916cc2a355d6f32b716fc9076ac15

        Download Submit

      • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
        Filesize

        1B

        MD5

        d1457b72c3fb323a2671125aef3eab5d

        SHA1

        5bab61eb53176449e25c2c82f172b82cb13ffb9d

        SHA256

        8a8de823d5ed3e12746a62ef169bcf372be0ca44f0a1236abc35df05d96928e1

        SHA512

        ca63c07ad35d8c9fb0c92d6146759b122d4ec5d3f67ebe2f30ddb69f9e6c9fd3bf31a5e408b08f1d4d9cd68120cced9e57f010bef3cde97653fed5470da7d1a0

        Download Submit

      • memory/2768-1-0x0000000000830000-0x000000000083C000-memory.dmp

        Filesize

        48KB

        Download

      • memory/2768-7-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2768-11-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2768-0-0x000007FEF5FA3000-0x000007FEF5FA4000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2852-1367-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2852-8-0x00000000012D0000-0x00000000012DC000-memory.dmp

        Filesize

        48KB

        Download

      • memory/2852-10-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2852-9-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp

        Filesize

        9.9MB

        Download