Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://gemini-deskt...

windows10-2004-x64

8

Resubmissions

10-01-2025 03:28

250110-d1vwfszqbt 8

10-01-2025 03:26

250110-dzcy9aspfr 8

08-01-2025 04:07

250108-epr6vswjcl 8

08-01-2025 03:43

250108-d94vqaspcw 10

Analysis

  • max time kernel
    114s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2025 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gemini-desktop.com/download/gemini.exe

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gemini-desktop.com/download/gemini.exe
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4376
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffddf746f8,0x7fffddf74708,0x7fffddf74718
      2⤵
        PID:1788
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        2⤵
          PID:3300
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1596
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
          2⤵
            PID:2060
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
            2⤵
              PID:844
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
              2⤵
                PID:4872
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
                2⤵
                  PID:3032
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4000
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
                  2⤵
                    PID:2600
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
                    2⤵
                      PID:2452
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
                      2⤵
                        PID:4428
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                        2⤵
                          PID:8
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4112 /prefetch:8
                          2⤵
                            PID:4784
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
                            2⤵
                              PID:3524
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 /prefetch:8
                              2⤵
                                PID:4040
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
                                2⤵
                                  PID:1980
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
                                  2⤵
                                    PID:5092
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
                                    2⤵
                                      PID:5052
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
                                      2⤵
                                        PID:1632
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
                                        2⤵
                                          PID:4576
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,9179979294170682708,14556022954791835231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:2812
                                        • C:\Users\Admin\Downloads\gemini.exe
                                          "C:\Users\Admin\Downloads\gemini.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • System Location Discovery: System Language Discovery
                                          PID:1804
                                          • C:\Users\Admin\AppData\Local\Temp\is-A20LR.tmp\gemini.tmp
                                            "C:\Users\Admin\AppData\Local\Temp\is-A20LR.tmp\gemini.tmp" /SL5="$5025E,107203419,761856,C:\Users\Admin\Downloads\gemini.exe"
                                            3⤵
                                            • Executes dropped EXE
                                            • System Location Discovery: System Language Discovery
                                            PID:3348
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:2572
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:5044
                                          • C:\Windows\System32\rundll32.exe
                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                            1⤵
                                              PID:2396

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              bffcefacce25cd03f3d5c9446ddb903d

                                              SHA1

                                              8923f84aa86db316d2f5c122fe3874bbe26f3bab

                                              SHA256

                                              23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

                                              SHA512

                                              761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              d22073dea53e79d9b824f27ac5e9813e

                                              SHA1

                                              6d8a7281241248431a1571e6ddc55798b01fa961

                                              SHA256

                                              86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

                                              SHA512

                                              97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              404B

                                              MD5

                                              3ef288aa54f3d28085b58da35cf6f49c

                                              SHA1

                                              c8fdeb8852ed1268847762f60cd56cc1e4aed04d

                                              SHA256

                                              43d806a80e83d4120fe0dda4225194960fe2b6129ba78a7a4235f7be7ed9216d

                                              SHA512

                                              bea4a908762484319620d7c0f7414d090ab6855a74c702946301fc14138b7702838f72a7970c906447ef303e305353d744ca8efcf6ffcd0b1cfe3f146a860e5a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              714e921c09d70f3f759d3cf6105dcbac

                                              SHA1

                                              43f3dc2afad9781c9c103990615e53a28b9d1fe5

                                              SHA256

                                              ba5d8de2a4f212c9fdc4df0ce132ef7e734887d7cc4d311ba580dcc35826c589

                                              SHA512

                                              8ca175a061188399c415222c83354f43dda31da280a58a36420f36f0eb37314dec3ee0bce711c33698871a7509e6726b56198ff8d19aeaf956fbf73ae1791919

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              4ae2af9a1e4817e8fa00807a6f453920

                                              SHA1

                                              df0320968a896b64ac3c8a1f62f49f548fe41606

                                              SHA256

                                              40ee07086f4a013ea5d11683212b8316130a26f8d1f9efb02db9400c7eb9355b

                                              SHA512

                                              ef2c984cd3c1a547e4d88d234bde0af11b8309d74b6ed03ccd0a17fce2185c440b1211a8ab29aa170fb35e94203c08bac41169281fe3809850a7c2a49f3533b6

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              08f44f8b48fb06006a37bd88c701aa62

                                              SHA1

                                              157f65cbdcf703eb59459f626ebe5dde3ba83e10

                                              SHA256

                                              d633a0e137751d73e221f343c79e3028263f35839591ee4b80bc163f95281dbf

                                              SHA512

                                              570f917176de0601bb7d7506cc9da8b649f90aac7c27d497df3a72807071c7d540d7cedc9dc25d1976350b79cf95ffc29048f0521206ef0d311ddd73eb0cdad0

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              9acf904261b2cb6d2ea1b272b41b840c

                                              SHA1

                                              8bfa1ec0fa94bd1e3e0dd3c7f9b9bf44a8194962

                                              SHA256

                                              f00826c012c6d711aa9f551062ee5759f027e5b313307e9b76d3467e9e5b6d2d

                                              SHA512

                                              7592d62e5d0e82ff8bf43bca5cd71276f46eac5e36d8a32af4ba3b9d371b63c686c3741a68a63e32b4dcfd47c72d24299c64dadfd7a72cfeb17ddc0b06d25d85

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              6752a1d65b201c13b62ea44016eb221f

                                              SHA1

                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                              SHA256

                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                              SHA512

                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              10KB

                                              MD5

                                              d9aab6be946ce956621c67e3b3ed5ef7

                                              SHA1

                                              acac33d3f9bec87c3307481e63e5058ec6a699f8

                                              SHA256

                                              6e7697c3c28c4bac32e22616c1a14222dbb486f3ca447dccae9d83205754d55f

                                              SHA512

                                              c16fd09e1919fbb5963170da117961c4da9dade193fddc112034619d0184bd9cc1d36a7c036c617f7343c5bc27b396d5ecd7f7f20b6d2df5450eb4f418ce3fce

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              817a9d68e3d0115680b30c9ba0e5688c

                                              SHA1

                                              b4f46aaf734a15b75aa50c4f76f67a438098bf0c

                                              SHA256

                                              facf0c9cce5d0c195335ba248c7ebf49560b863e1fd899352616beb320ecbcf7

                                              SHA512

                                              9986cd4b13cd0f872bd652a3b20ed954ea1651655c1fe328e8ddd42fe62ba7e16abdcb4f38db78fe44a53688bbc38c0059ca14665c8b5b7354cba1b187b99bb9

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              543f27bae7debc016305a1fda8e5db00

                                              SHA1

                                              168c33bd3a1076eaf6645f1a47b78fc02aa06768

                                              SHA256

                                              b80ce0f7565d6c4a10e44b5440cd6c3562955fa270ecde0f3bfffed8a44fb477

                                              SHA512

                                              76e111e20f5d8ed742edcc4be2d89b6b9c4d065a293d6f2c1bea3b96b44c402122029a28fd58380da5fa7684ddeff74c2fbff31eb83062465e9f4d3516714dfa

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Temp\is-A20LR.tmp\gemini.tmp
                                              Filesize

                                              2.9MB

                                              MD5

                                              9e3d21ba2007d8f2d178a26c21ced9f0

                                              SHA1

                                              cf39a2f89bc9d72404b74d19b48938f4ae3ee0fa

                                              SHA256

                                              21a8d0d1ac67a892e8d2e4f04e5fae2683bc43e384ef6d9ee6005ddea1b966a1

                                              SHA512

                                              295c7dc56c943b76fdc07a3505a081de21c2c8860b034c77780d8257ac8008fbeaa9240524ce08b2a6bb13530f780b669ebc5d8c5ebd6b0be840d7549bed76b6

                                              Download Submit

                                            • memory/1804-194-0x0000000000400000-0x00000000004C8000-memory.dmp

                                              Filesize

                                              800KB

                                              Download

                                            • memory/1804-306-0x0000000000400000-0x00000000004C8000-memory.dmp

                                              Filesize

                                              800KB

                                              Download

                                            • memory/3348-305-0x0000000000400000-0x00000000006FB000-memory.dmp

                                              Filesize

                                              3.0MB

                                              Download