067e651b1d79aa932f0903718dfe0c9d60d55e5dc6aac5a8c2799ed546b45a74

Analysis

max time kernel
2640s
max time network
2600s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.6 virusRB.zip
Size

24.2MB
MD5

c9d3e530958e4fb52d19a56a69bc838c
SHA1

6e0b785508bab8d7650bbe671a24f00449b2643a
SHA256

067e651b1d79aa932f0903718dfe0c9d60d55e5dc6aac5a8c2799ed546b45a74
SHA512

4c2ef732cb7aced02920c23995e9a7f3887f4bed99ddb5d99128b4587676e8f98fb0a54a355227decc8420dd2a08f59ffa34a0a1930bccb696c41d568ca8f3ed
SSDEEP

393216:myapqgXFeuBc9Q+F+vZ5+dh9QCLMu7kjOscAKbD2b2lh5eNYJkY29QEH4J:myfgXDBYQwYZYhkjxKhT5eXPQEYJ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2252	XWorm V5.6.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	XWorm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	XWorm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	XWorm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
4704	msedge.exe
4704	msedge.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2252	XWorm V5.6.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	4016	7zFM.exe
Token: 35	4016	7zFM.exe
Token: SeSecurityPrivilege	4016	7zFM.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4016	7zFM.exe
4016	7zFM.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
2252	XWorm V5.6.exe
2252	XWorm V5.6.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
2252	XWorm V5.6.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 4704	2252	XWorm V5.6.exe	98
PID 2252 wrote to memory of 4704	2252	XWorm V5.6.exe	98
PID 4704 wrote to memory of 2496	4704	msedge.exe	99
PID 4704 wrote to memory of 2496	4704	msedge.exe	99
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 4620	4704	msedge.exe	100
PID 4704 wrote to memory of 2860	4704	msedge.exe	101
PID 4704 wrote to memory of 2860	4704	msedge.exe	101
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102
PID 4704 wrote to memory of 2472	4704	msedge.exe	102

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6 virusRB.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3568

C:\Users\Admin\Desktop\XWorm V5.6 virusRB\XWorm V5.6.exe
"C:\Users\Admin\Desktop\XWorm V5.6 virusRB\XWorm V5.6.exe"
1⤵
- Executes dropped EXE
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Toxicvirusmain
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd422746f8,0x7ffd42274708,0x7ffd42274718
    3⤵
    PID:2496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6196936013357901261,12697118723658658051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:4620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6196936013357901261,12697118723658658051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6196936013357901261,12697118723658658051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6196936013357901261,12697118723658658051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:4456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6196936013357901261,12697118723658658051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:3632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6196936013357901261,12697118723658658051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
    3⤵
    PID:2928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c730297b68673aa78334ee2ba6b498cd

SHA1
c6c2eaf8b42f4e0ea9f1cce865824db1db295c60

SHA256
e13e8ede2270a08fd1d26d70f3c5c3dd7d6a7a9d8cdb660ef0930334faada3f0

SHA512
7b8b90dfc874bf34febe52b83aa0cfbf0d11d06524a1d1a54104c5d009f02e747de9c36722079487c07659f70e736248420c0ba2587164d4a65289b9efacd235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
442B

MD5
45bc064bad46cd4ac6e41637294605b2

SHA1
6933149026b37c31a007720636f5d4edf088faf6

SHA256
758235265f3a3834ca961f22b4e7a58ea46f19f47f9af26e7f38ebad0b6dbea1

SHA512
04289a7bbd05baccddb2c97cfc5ebccfa85ecb5ef8e9d0ad5669dc17cb1e1ef822da043d5c509531eb6e84d151a96417881fe5bd9db01079a5a5831d1e3b34f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f932c9a957d65c8f1c39a8a4a3bc834c

SHA1
710fbc2849c69c0b8a576f351301a19ed3c44126

SHA256
163782cc5b33588c24b72ab02e736e16dceb7c1458d8677a1ecee68cb3a49d89

SHA512
51c407e7f9cbde5384e860ad70a6c1b5003a43b28a6b9cc89ea4e2831942660db0eaa21d2fc7a368bac4aa1c9366106e69cb1dde79ac3f7d5c851567af3d39c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff7e81ee37214ae954af6e631275e65a

SHA1
077cdde17ec9b92046cc52ff915f1cf08bb99520

SHA256
504c799e6742a2b3b053ab2d7bb302e787c0d51a9b7de6fde62fa99ab14c953f

SHA512
4e1a2d4feb4cfe599cb3a7e60bca75967a922124bf3adb4c0e264a26308bbebc74fc75ca511e930a5609c9e0d3b7e6d822822a70c14f19b38375dd7672191ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7b5e83a76349092434a075abd738b870

SHA1
14fed00fbfa2ff03ecba5515ee6bffac2c8040b7

SHA256
9440f7e99df11ef71cd0bd6f74d7565cff1bb5fb0e1494d4e22ad7ff7f96099a

SHA512
db282d7cc86ae06b6e4f27fc4d494ac22e6b02d77e9f0e3c32a4f0126b7210082551fc2f1e7a789bac9b3d94926b6a5107e8f8aae7744da5fcc51a11a6ffc2e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE0BF186AF\XWorm V5.6 virusRB\Icons\icon (15).ico

Filesize
361KB

MD5
e3143e8c70427a56dac73a808cba0c79

SHA1
63556c7ad9e778d5bd9092f834b5cc751e419d16

SHA256
b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188

SHA512
74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6 virusRB\GeoIP.dat

Filesize
1.2MB

MD5
8ef41798df108ce9bd41382c9721b1c9

SHA1
1e6227635a12039f4d380531b032bf773f0e6de0

SHA256
bc07ff22d4ee0b6fafcc12482ecf2981c172a672194c647cedf9b4d215ad9740

SHA512
4c62af04d4a141b94eb3e1b0dbf3669cb53fe9b942072ed7bea6a848d87d8994cff5a5f639ab70f424eb79a4b7adabdde4da6d2f02f995bd8d55db23ce99f01b

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6 virusRB\Guna.UI2.dll

Filesize
1.9MB

MD5
bcc0fe2b28edd2da651388f84599059b

SHA1
44d7756708aafa08730ca9dbdc01091790940a4f

SHA256
c6264665a882e73eb2262a74fea2c29b1921a9af33180126325fb67a851310ef

SHA512
3bfc3d27c095dde988f779021d0479c8c1de80a404454813c6cae663e3fe63dc636bffa7de1094e18594c9d608fa7420a0651509544722f2a00288f0b7719cc8

Download Submit
C:\Users\Admin\Desktop\XWorm V5.6 virusRB\XWorm V5.6.exe

Filesize
14.6MB

MD5
fc56e4f2fb861658d0834fd2c0d07961

SHA1
5a59412e91fd9f57b34995918c5f4e67d4255173

SHA256
cec4cfcbc261a013a5883f73c16a5f53ed552487de58642b96b129ef6a1da421

SHA512
6be5f93b1e288c5c2b7ab4f12592031e82567ea79609d9017c53573019bca1b66c53b5729ab36a29024db2daa97e8420bc3de43b0a68717ea0e7ba7e7856cb6b

Download Submit
memory/2252-244-0x00007FFD46F50000-0x00007FFD47A11000-memory.dmp

Filesize
10.8MB

Download
memory/2252-243-0x000001C374060000-0x000001C374254000-memory.dmp

Filesize
2.0MB

Download
memory/2252-241-0x000001C358320000-0x000001C3591BE000-memory.dmp

Filesize
14.6MB

Download
memory/2252-240-0x00007FFD46F53000-0x00007FFD46F55000-memory.dmp

Filesize
8KB

Download
memory/2252-373-0x00007FFD46F53000-0x00007FFD46F55000-memory.dmp

Filesize
8KB

Download
memory/2252-374-0x00007FFD46F50000-0x00007FFD47A11000-memory.dmp

Filesize
10.8MB

Download