Overview

overview

10

Static

static

3

2024-09-30...er.exe

windows7-x64

10

2024-09-30...er.exe

windows10-2004-x64

10

Resubmissions

21-11-2024 11:50

241121-nzm5bswnfj 10

30-09-2024 10:26

240930-mgybxazdrj 10

Analysis

  • max time kernel
    121s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 11:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-09-30_522e839f0581331b49e657ed1b7d07be_globeimposter.exe

  • Size

    53KB

  • MD5

    522e839f0581331b49e657ed1b7d07be

  • SHA1

    96c0693071dadaec7ab413468cd1692641a876fa

  • SHA256

    87a9cf743545b76277e88442e784f0dda6701fb10abfba6c0adc75feaec3de28

  • SHA512

    47ae3120496d56a0796269dd08b9d5a6cae6732fa9b591a2507531e05402154b8529ca5b4616d04df92cca2596a39c330a45b8fb92f49fde3cd99df900e73fd2

  • SSDEEP

    768:lTH9vuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5vvVv:feytM3alnawrRIwxVSHMweio3Z

Score
10/10
globeimposterdefense_evasiondiscoverypersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Public\Music\Sample Music\how_to_back_files.html

Ransom Note
<html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-align: center; float: top; padding: 15px; display: block; background: #81bef7; color: #DFDFDF; word-break: break-all; } .tabs .content { background: #f5f5f5; /*text-align: center;*/ color: #000000; padding: 25px 15px; font-size: 15px; font-weight: 400; line-height: 20px; } .tabs .content a { color: #df0130; font-size: 23px; font-style: italic; text-decoration: none; line-height: 35px; } .tabs .content .text{ padding: 25px; line-height: 1.2; } </style> <body> <div class="tabs1"> <div class="head" ><b>Your personal ID:</b></div> <div class="identi"> <span style="width:1000px; color: #ffffff; font-size: 10px;">��������������83 B2 BD 6C B2 11 22 35 BF 1B A0 6D 41 49 B9 C1 7D F2 34 C9 7E 0B 2C 3F 95 07 51 64 76 CE CC BD DC 18 FF FB 78 B0 C4 15 B6 4C AD BF D7 71 E7 37 3D 75 8C 9E 33 6C 72 53 8D DC F9 45 A5 C7 28 D4 5C 56 DE 76 F1 48 7A 8F A1 0B 97 F4 CB A4 D5 6E 4B 2F DA 91 32 ED 95 C1 61 DC E5 40 C8 16 55 1D 0C B7 32 7D 59 86 36 37 21 F5 3E B7 DB A3 71 3F 4A 07 C0 56 55 1F 42 F3 FA 13 2A 8B AE 80 BF 21 63 88 96 A1 FA F3 4E 23 78 64 3F B1 12 49 3E 4B 6A 39 E6 58 06 EC 29 1F 21 33 D2 7B B6 DB FC DD BA 37 CA 51 EE 38 7C FC 11 C3 1F 22 26 6C A8 83 3D 8C 0D 36 91 24 50 5A 21 91 FF 3E 7C 02 10 4A 87 04 86 7E AD B2 B1 89 22 00 30 20 C0 69 2B FC E6 DE 83 72 89 A1 30 F8 B2 D5 4C EE 33 FC 35 E7 38 59 5B F8 1E 07 46 3A 1A 5C BC 38 21 72 03 63 C2 DF 77 D2 91 0B 28 FA AA 50 15 CC 2D D1 77 B3 </span> <br> <!-- !!! dont changing this !!! --> </div> </div> <!-- --> <div class="tabs"> <!--tab--> <div class="tab"> <div id="tab-content1" class="content"> <div class="text"> <!--text data --> <b>/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\</b><br> <b>All your important files have been encrypted!</b><br><br> <hr> Your files are safe! Only modified. (RSA+AES)<br><br> ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br> WILL PERMANENTLY CORRUPT IT.<br> DO NOT MODIFY ENCRYPTED FILES.<br> DO NOT RENAME ENCRYPTED FILES.<br><br> No software available on internet can help you. We are the only ones able to<br> solve your problem.<br><br> We gathered highly confidential/personal data. These data are currently stored on<br> a private server. This server will be immediately destroyed after your payment.<br> If you decide to not pay, we will release your data to public or re-seller.<br> So you can expect your data to be publicly available in the near future..<br><br> We only seek money and our goal is not to damage your reputation or prevent<br> your business from running.<br><br> You will can send us 2-3 non-important files and we will decrypt it for free<br> to prove we are able to give your files back.<br><br> <!--text data --> <hr> <b>Contact us for price and get decryption software.</b><br><br> <hr> <b>email:</b><br> <a href="[email protected] ">[email protected] </a> <br> <a href="[email protected] ">[email protected] </a> <br> <p>* To contact us, create a new free email account on the site: <a href="https://protonmail.com">protonmail.com <br> <b> IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br> <p>* <a href<a href<b> </div> </div> </div> <!--tab--> <b> <b> <b> <span style="font-size: 22px"></span> </b><br><br> </b><br> <!--text data --> </div> </div> <!--tab--> </div> </div> </body> </html> ��������

Signatures

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter
  • Globeimposter family
    globeimposter
  • Renames multiple (7272) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-09-30_522e839f0581331b49e657ed1b7d07be_globeimposter.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-09-30_522e839f0581331b49e657ed1b7d07be_globeimposter.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\2024-09-30_522e839f0581331b49e657ed1b7d07be_globeimposter.exe > nul
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:1864
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\how_to_back_files.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:348
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:348 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e5fd7fa6caa4dc23abd1b1e59b4e231

    SHA1

    5b4e38b589493ff6b47aa4d8771428ea0f07d146

    SHA256

    833f8fca04236dff076a8ff01a59b2904e8341a2736557a815799317f2895541

    SHA512

    d4a0c994c44ff3696babf258ba597c34979557b18b2e1bf44845325b9469e9cbefdd71cbb93abd3f2ae9e85f94886f5f77670fdba68135c6675bedd1ae9e1d90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b8385df10761f214f4f772c25383b6e

    SHA1

    9a6d6edc57c8254d43386f7dab1e8a40806bf9d9

    SHA256

    d11363745a043a1f1e8735dc28edb1ff80afbb7912ed2a88d54ed183312b71d2

    SHA512

    e57ef3349d7c69c7b294ad98851d3aec204d7023b740b249d5b9c90847b0adc272619ddcf4bd02dd7aa3cce7e8499edf1a2b3861593ec30a867d430b1e7ff27d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c971b7a1a2eb84a24fde8071cba5887f

    SHA1

    628905d3e3143762cd6a84b410743ba043dc675f

    SHA256

    56539612246f5db27271749a6019f255cc9c9f8604ec78080188cf452f7ea787

    SHA512

    e43c35b5689ff87f42fb405e31c63d661389ce1c5eafbf003fc69208e59cde87e5827b74ff7eae83503e2b3e03f73486f867d574cc2b2d64d31078ef439acaf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d2a963e353cf1083508ae618d57e4ce

    SHA1

    443bc95b7ead4dd91efabc72216007ab4d25f8d7

    SHA256

    f11f138c048f61b48a2e0f3853e61de0c7c5a4f994f174b86109517e4f3f9b65

    SHA512

    093633062c13726f32278a78b68d08e975e4754872eac661f192447a64626b12a5db37a246ec64af99cb0fb65923f8b1075b7fae561d9e0290542bf71831c4bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2677767c065a40077f04930af3ca0b97

    SHA1

    eaf866ec63445627f89ece4b3f7b4c382950dbd6

    SHA256

    f0741ad50a22bd2a79a7ce21582f30014211b6b0087a8ef5d6dcca1b6e64f3ba

    SHA512

    b6b46f29725a770dc92f887eb6db12b2517b82c56e167ae3eddd05568b99786c41bd79bf7f36dcd0638dc4dd507ff1165c069782e921315617c79e71a3635d01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f842165f84f8f1ff3f8853837acb0b3b

    SHA1

    7695ef8753f4b658e7cbfdc430493c52b0df9cd3

    SHA256

    c58f64302d5546a8b3d27f25223831ecc1cb5bc91035858034b997a638e639ab

    SHA512

    7acf744bcc7c38e9b3fbe4a27544ea15f16f46a06035d5ac4737fbcea817b3655a508aa3ca313b92d7cc4b07ec12ba7de4abe5681f3fa4b99c78d4f14a9d11b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79dece027b640c704d03ac209d4abe75

    SHA1

    6fa3f5541c0be4b816da6a0c8aadd1a2d141977a

    SHA256

    1bfd0d7ed5aefba20298adcd7c837d09f4f38601a37489f8d08ce459507aa7ae

    SHA512

    e210c83862646272915ca305b3896bc483f2b9bc0c032d7acbf2f92bc3c94fb2c40c08079e22d8798b0b35978ce23ec7d97d31aff3f606eb5c85aff663b1b587

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9dff24d72e9c164e3cee20e1a4b87c2

    SHA1

    f604202bc3fa1bc8fca3cdca5ceea05281a38c99

    SHA256

    9883f88665f58c0c9a2c7bdf1b5faed15d4c77b2912aaf559d4c3bf6e2ad62e6

    SHA512

    65661355495957edb3accf22c434df7a716eedea2af959945fdd66182a979446ec6de2f6cf9b0a5fcf71bab0334ceafe9e57a02a513f40226ea8f6917ac9164a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cfd3eb866ed59d5956983a0585cb574d

    SHA1

    c99a7fa9d85e3d9d92ab7acbd2eb96f8d734a124

    SHA256

    87003e69a4bac5c741536cab5ac3ec993d43621a20caaa573b89767ec379d74a

    SHA512

    b9842dc44d73c581382e37a0a6a6d6b835f611d548ebca0829295f4816c528966a3db5bf1bf59530849b29d908b9cd07ff0dfa67c964fcb16617cd94678d3f3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69211bff636b7c8f2b24c8fbeeefad2e

    SHA1

    b882a34f35c0770f03732f62d556f4fce07d6041

    SHA256

    52225d52f7250ef8ed6e09aa190585635012b2135da595fb6627a28679b693fb

    SHA512

    e63aa2e77854c2b38a09491a8958a246446ade3376d2c83753e7e6a5e880cfc098a1067e5a3849e17c5c1a8170fdab2e415e2a741c77714bf6a982d9f464cfd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b56d6f747e91500b4115e405158086a

    SHA1

    ab755ea03543be2e2faefec50796f61dfc178d16

    SHA256

    8bbcf2cc0ae0be49a1c8156a40f6041210133b6f91891214a2bdda2a98245f26

    SHA512

    723f32a7f6a9112db45e30df0d7db64b7ee66e39d9d18aef8976c5601be57ea339e0386f22e967f14bb5bdb95a7cedac360b2097811200c99a74cd50892c110f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ab3bef852b43a05f46ac7327924564c

    SHA1

    c06603ca328e0e75d3a4891aa27083ea9b7ea5a1

    SHA256

    796f3f577e1be9f20d377d04b61654f570de6cf433929ed15ef76be278735754

    SHA512

    b2983448861d88e533030c72c8e1589cd22cf21c8acf5f8ba5559b6ee826005d962f2bc3fc8a84bdae3e9c00bf0ebe968f0222fd4c844330ee725029b54585f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8234e6e0da29d2d92c53d088dc4d916

    SHA1

    4056e5420efdbba23678473fe3d6333f43a35241

    SHA256

    75287e3ba68b6e02728b95f40b96271bde7f06375a9f522181950799d499ce5a

    SHA512

    37c20a893b1b4a8bc328864106aa45009bce834ce6895c77c03ea08ca4bbae0db1e3d3b42a5c9fdc9df0d5c7af3c072a0a23e3d0f40c4bbba9c479b67f0e1f4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bbdd983da9bbd9a74bca9bca961630a

    SHA1

    a2ab1da053eebb545d4f94a1eaea741c0c58e405

    SHA256

    57c332ecb70654dcf8b8b4d059994957817d66e63a35cd5eab1b16d85e7b9817

    SHA512

    15b4285e86a369aca3f9b7976e28c16edcbf9d1e05916a19b78663105c51742fc7d2aae12dc0074bdb9eb68b359ff404e2231f5caf5ca8762f884ee245652a14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2d6b465178359d1bafe7ba976d82afe

    SHA1

    e0eac40a0ae1104d23f9c825f47b54684d8e7bd0

    SHA256

    16fb76c7123672c53796abf77422f53dd442cec643068ef3f2ec464d11cae472

    SHA512

    8d0c9cbb2b87355bddab474320002b4dbd7a2091191cbb7550c9cd540d42eb82b0f62c9f94ac82e8424e7e6cf240d76f9b61f999150c4151134c956422af8d13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64eb798fa7ca1508bd074c208d18bacd

    SHA1

    9a70184fd52f979d8c889a82603321f08357b2de

    SHA256

    99559aa3acf9a4e9560e0155f229198473d4c6cd82c65f9d81c4c5929d9d2b36

    SHA512

    5a5a3db462694112a0cd69512473654e835f2d7a359fe5628c95d70fc79c29f50e58a72082aaa2d3fd56dbf18f9c05a75470832b17abf4a437bfa144b9a1b8ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b39c1e1ab6226b332d62160cc01ba10

    SHA1

    b4e545003ff11ae6dd76677559bf57283513a740

    SHA256

    5f410729c5a52ae792a677e95100cb01b5e333d890138725bd20c2568a95279d

    SHA512

    07556311a89d3bb7de9ad1aeb8b6c22ae19e541a1522722275a62d50e1c0e33d1abdb4b2b80c6b17df8e00da831a9e05985f2ecd7a2d74d50c2a4c486cfbfe03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f70d9b792b78dcff14b8a1198b8d4e6

    SHA1

    0a9bc72c835fe116255f61f61f436228e1cd8ab5

    SHA256

    98a0d6dd1c7902837ca057129d0a0fdef2362674d48ada23e8604748b90c2bac

    SHA512

    0a7c0a77aca010cb5924506d052e634e1f676b7fc049c506f9a7c55f4d837870c880f3fa664ff9330ba019992c003b399cf232dac1121d78dbb7faabe4290e2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12997fb13296980177575cf9918a10ce

    SHA1

    ae593c810ee951387c4e7fa50ba7a24d84431e3d

    SHA256

    0ddef519bf71486e5d54a6027be7d649a6f56a04a61f205d2c1504f94a397abe

    SHA512

    865eb8b1da1281de8839ea12691a27e997dbdc6fdba7d21edda9638cc3faabf303b88d0c81c28d00f7a889dc66b33a93875312a2bfccb60743867953cda5c53d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a59851e179bcce2689dbe0f141f8350a

    SHA1

    a87c2f62b6c9822f9f4688f2c9144a486de52476

    SHA256

    a3853951ea86f2caa36f0c311c17ea4f581410a34f09150ecd069e5630f32a1d

    SHA512

    a61f4d4b6266bf2f28435076cbb21bd5d3503290c23a35651b18ea52429d5118382440d863d331207e066641ddc05f75eb3643480c35da8002f8a463da555752

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabECE1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEDCE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Public\Music\Sample Music\how_to_back_files.html
    Filesize

    4KB

    MD5

    774596c7a1c5ceabe539ce01032c75df

    SHA1

    3da3ce94430dc62317dc8a9705066ccdfe1102ed

    SHA256

    1f26ec76cfb6e0bd272ff61233f054bd86437608609a84f1465dd360de76188b

    SHA512

    b8b9c452ae8963b06e6216bd48961f26948328eda44bba3b316b73096bdb2c643292f514ef3bb03248284f68b751a3bc972636fb0e8ce473a999b6507c3099ad

    Download Submit

  • memory/1272-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1272-1091-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download