f1426748d5ba9911439c4b60a54924894d1e4103a4a68118b83bbbceaaf599cb

Analysis

max time kernel
431s
max time network
432s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19/08/2024, 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Triggerbot.exe
Size

656KB
MD5

0ed08c554058692eb2ab10ff7f91deba
SHA1

597e8857f10e45717272824270bf7e9e154c2fb4
SHA256

f1426748d5ba9911439c4b60a54924894d1e4103a4a68118b83bbbceaaf599cb
SHA512

244b538eb1c757e0aa5206ea49adeef9a40e6b18f38ab887d367f0f166fa655aadec3db27c0d72a2f888ddc1d5141e7f89c9a3ce261e63009a20779652faf9a6
SSDEEP

6144:exmtZoAkWJEZ1mGyFQlQ7ckn/Uo+dW03T7b+iq+FvnSsxAXboBnK5dka2UdnCeta:jDXMZ6GQ6ov2m+UtbVkGDvAd10oh

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Triggerbot.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
984	msedge.exe
984	msedge.exe
5028	msedge.exe
5028	msedge.exe
664	msedge.exe
664	msedge.exe
3124	identity_helper.exe
3124	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 5028	1704	Triggerbot.exe	82
PID 1704 wrote to memory of 5028	1704	Triggerbot.exe	82
PID 5028 wrote to memory of 248	5028	msedge.exe	83
PID 5028 wrote to memory of 248	5028	msedge.exe	83
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 2800	5028	msedge.exe	84
PID 5028 wrote to memory of 984	5028	msedge.exe	85
PID 5028 wrote to memory of 984	5028	msedge.exe	85
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86
PID 5028 wrote to memory of 4100	5028	msedge.exe	86

C:\Users\Admin\AppData\Local\Temp\Triggerbot.exe
"C:\Users\Admin\AppData\Local\Temp\Triggerbot.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/popsiclez/Triggerbot
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb8f113cb8,0x7ffb8f113cc8,0x7ffb8f113cd8
    3⤵
    PID:248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
    3⤵
    PID:2800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
    3⤵
    PID:4100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:3856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:1600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:2780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
    3⤵
    PID:4212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:664
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
    3⤵
    PID:760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14839162975780165667,9271370435835721584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
    3⤵
    PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
00a033f161b3a0ae64c2d76d7644a00d

SHA1
675f066d646101ebad48346c180227b07e168c9e

SHA256
090496ebe83443265626a55f3a2b314830a9953cc200431a222bbfadd34d67c2

SHA512
0e7085b6683c1487b299b5ada62b236196bd0e66e60db04a70b23b454c6e93ccab0da08f437a14c7cd9a7334971a3f341aa5d3d8639df8875671b5e235a0b3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
406d40f57c41b87d19b999ebfe5296fc

SHA1
7d6ce47afbb25a87565cebdaf0a1a2f4af4bfc10

SHA256
0d179bd1f38ad65839441984c85dac651e393eb75c561885911cb8cce8be6974

SHA512
a763d98c4e196a8f81244761848a52ab25cf2b4dcc91ff8a977828a7f3639f05248463828221b575942a4c99dc5b720703339e4cb59e11a301fefa6236e660fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c25a910181bd9b9aaad8d955f898f835

SHA1
b6da17b40d56ca083c45a3bdd706ddc1d5d1e393

SHA256
af9646e8f33b39cd945e7307863184d247a145a0faddaa5a0b23af9f85dccf41

SHA512
23e346d31e9fa16f1a3c6cd969d007547eb22d451861cd70868b400dc07226e868e7c6c9feb792e9eeabb0dbb219585f22c04592824687d1f7d5c3bbd376486a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f32d78d5d9972ec65ba8af52e5b8d535

SHA1
3a4a81f80b5c9a682a3711921f1dfc116e5caa2c

SHA256
6d1c2f8842e1b7fcd987f58e372f84bbf903ba8008a49157a477050fc14a3371

SHA512
c79b2341fd3b07fc4cf0cf049139e4ea9bdd0c3fb08670986af90d35e4646598dcef3982485f1616546680c491b98e2e5e7da2a048136e2b3ec10444bf8abc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84b68733ecbbd0acc768d4e611b6767f

SHA1
ed799b75665b6c2482bad0e82490f8e19cf53eff

SHA256
91dbffe973dea8350cd3aba071526c9acad1cb1a6f5a070e06a55efd7fd88f10

SHA512
9b51dc04427040afcbdc556608665e10b51e12cb369113a434bb7f6ba75fa7b5d189dbcfca672344c1b1814bda2d2e01deae39a4c09e459960deb674abf4176b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
220d03a15f3d5282bcd1e8679155fdff

SHA1
b02522c98434ee351e7d3544b80e1170826f22ba

SHA256
012a7d0f653e15fe48f52efe70907d935af3d663dbf3eaffad0dc9afecfc0642

SHA512
4ef3b6869839d0f6c280e9bd9e9d0858fa0c26fb73e03f0191c9d47fc776c9ca8ea816bcb70adf0e19607d253c38ace694450abd2c29492d50533aabfbad19b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd08956dc698618432db1b2d30106829

SHA1
b1810bebb7e14bf8a4ea4b74198ed99596302b02

SHA256
a3db3eb8341dbfbf4088e54d93819ead2d493f3f8082336067f011f0d42df036

SHA512
244abfa7dfa1ce08b565b89b1b145402db12e3205139a7c3e056faee4d67745103d76e6fa6f34bdef9bf0681064c16366a70941fbc92b3eac3a4e4561ded213e

Download Submit
memory/1704-0-0x0000000074E4E000-0x0000000074E4F000-memory.dmp

Filesize
4KB

Download
memory/1704-10-0x0000000074E40000-0x00000000755F1000-memory.dmp

Filesize
7.7MB

Download
memory/1704-9-0x0000000074E4E000-0x0000000074E4F000-memory.dmp

Filesize
4KB

Download
memory/1704-8-0x0000000074E40000-0x00000000755F1000-memory.dmp

Filesize
7.7MB

Download
memory/1704-7-0x0000000005400000-0x0000000005414000-memory.dmp

Filesize
80KB

Download
memory/1704-6-0x0000000005770000-0x00000000058BE000-memory.dmp

Filesize
1.3MB

Download
memory/1704-5-0x00000000053B0000-0x00000000053BA000-memory.dmp

Filesize
40KB

Download
memory/1704-4-0x0000000074E40000-0x00000000755F1000-memory.dmp

Filesize
7.7MB

Download
memory/1704-3-0x0000000005430000-0x00000000054C2000-memory.dmp

Filesize
584KB

Download
memory/1704-2-0x0000000005940000-0x0000000005EE6000-memory.dmp

Filesize
5.6MB

Download
memory/1704-1-0x0000000000840000-0x00000000008EA000-memory.dmp

Filesize
680KB

Download
memory/1704-339-0x0000000074E40000-0x00000000755F1000-memory.dmp

Filesize
7.7MB

Download