7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730

Analysis

max time kernel
153s
max time network
168s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
Size

38KB
MD5

404a330a5a675d3a6c957a7843f8f599
SHA1

3ab5ab65e8cbb64545e1585e1f1e03b1c19b84df
SHA256

7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730
SHA512

27fa5135218114885f9e4600b9d0743c1d6c20517c1cb4fd2cc3d09174ae4a109b5564fbb2199ab1f8b0bb6ec0530e611142cd89820acdb950bbb551d3bfb019
SSDEEP

768:/8Thu61vFi/7u4CFgHdgDCgKEmSy0aIGdBT8:0k6Ro/7DVHeC7EBy0avdBT8

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/748-54-0x0000000000400000-0x000000000044D000-memory.dmp	upx
behavioral1/files/0x0007000000005c50-56.dat	upx
behavioral1/memory/748-58-0x0000000000400000-0x000000000044D000-memory.dmp	upx
behavioral1/memory/1948-60-0x0000000000400000-0x000000000044D000-memory.dmp	upx

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
File opened for modification	C:\Windows\SysWOW64\7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe

Suspicious behavior: MapViewOfSection 43 IoCs

pid	Process
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
Token: SeDebugPrivilege	1948	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
Token: SeIncBasePriorityPrivilege	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 368	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	5
PID 748 wrote to memory of 368	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	5
PID 748 wrote to memory of 368	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	5
PID 748 wrote to memory of 368	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	5
PID 748 wrote to memory of 368	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	5
PID 748 wrote to memory of 368	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	5
PID 748 wrote to memory of 368	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	5
PID 748 wrote to memory of 376	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	4
PID 748 wrote to memory of 376	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	4
PID 748 wrote to memory of 376	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	4
PID 748 wrote to memory of 376	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	4
PID 748 wrote to memory of 376	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	4
PID 748 wrote to memory of 376	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	4
PID 748 wrote to memory of 376	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	4
PID 748 wrote to memory of 416	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	3
PID 748 wrote to memory of 416	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	3
PID 748 wrote to memory of 416	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	3
PID 748 wrote to memory of 416	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	3
PID 748 wrote to memory of 416	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	3
PID 748 wrote to memory of 416	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	3
PID 748 wrote to memory of 416	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	3
PID 748 wrote to memory of 464	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	2
PID 748 wrote to memory of 464	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	2
PID 748 wrote to memory of 464	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	2
PID 748 wrote to memory of 464	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	2
PID 748 wrote to memory of 464	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	2
PID 748 wrote to memory of 464	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	2
PID 748 wrote to memory of 464	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	2
PID 748 wrote to memory of 480	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	1
PID 748 wrote to memory of 480	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	1
PID 748 wrote to memory of 480	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	1
PID 748 wrote to memory of 480	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	1
PID 748 wrote to memory of 480	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	1
PID 748 wrote to memory of 480	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	1
PID 748 wrote to memory of 480	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	1
PID 748 wrote to memory of 488	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	8
PID 748 wrote to memory of 488	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	8
PID 748 wrote to memory of 488	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	8
PID 748 wrote to memory of 488	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	8
PID 748 wrote to memory of 488	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	8
PID 748 wrote to memory of 488	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	8
PID 748 wrote to memory of 488	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	8
PID 748 wrote to memory of 584	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	25
PID 748 wrote to memory of 584	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	25
PID 748 wrote to memory of 584	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	25
PID 748 wrote to memory of 584	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	25
PID 748 wrote to memory of 584	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	25
PID 748 wrote to memory of 584	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	25
PID 748 wrote to memory of 584	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	25
PID 748 wrote to memory of 660	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	24
PID 748 wrote to memory of 660	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	24
PID 748 wrote to memory of 660	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	24
PID 748 wrote to memory of 660	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	24
PID 748 wrote to memory of 660	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	24
PID 748 wrote to memory of 660	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	24
PID 748 wrote to memory of 660	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	24
PID 748 wrote to memory of 732	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	23
PID 748 wrote to memory of 732	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	23
PID 748 wrote to memory of 732	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	23
PID 748 wrote to memory of 732	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	23
PID 748 wrote to memory of 732	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	23
PID 748 wrote to memory of 732	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	23
PID 748 wrote to memory of 732	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	23
PID 748 wrote to memory of 796	748	7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe	9

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:480

C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
1⤵
PID:464
- C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
  2⤵
  PID:796
- - C:\Windows\system32\Dwm.exe
    "C:\Windows\system32\Dwm.exe"
    3⤵
    PID:1320
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k netsvcs
  2⤵
  PID:856
- - \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    wmiadap.exe /F /T /R
    3⤵
    PID:1112
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
  2⤵
  PID:644
- C:\Windows\system32\sppsvc.exe
  C:\Windows\system32\sppsvc.exe
  2⤵
  PID:1680
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
  2⤵
  PID:1532
- C:\Windows\system32\taskhost.exe
  "taskhost.exe"
  2⤵
  PID:1180
- C:\Windows\System32\spoolsv.exe
  C:\Windows\System32\spoolsv.exe
  2⤵
  PID:108
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k NetworkService
  2⤵
  PID:292
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k LocalService
  2⤵
  PID:832
- C:\Windows\System32\svchost.exe
  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
  2⤵
  PID:732
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k RPCSS
  2⤵
  PID:660
- C:\Windows\system32\svchost.exe
  C:\Windows\system32\svchost.exe -k DcomLaunch
  2⤵
  PID:584
- C:\Windows\SysWOW64\7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
  C:\Windows\SysWOW64\7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  PID:1948

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:416

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:376

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
PID:368
- C:\Windows\system32\lsm.exe
  C:\Windows\system32\lsm.exe
  2⤵
  PID:488

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1368
- C:\Users\Admin\AppData\Local\Temp\7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe
  "C:\Users\Admin\AppData\Local\Temp\7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe"
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730.exe

Filesize
38KB

MD5
404a330a5a675d3a6c957a7843f8f599

SHA1
3ab5ab65e8cbb64545e1585e1f1e03b1c19b84df

SHA256
7bef85c2bc63bf2a341ddacbf4d7d2f66afe7fc0a4ce227749f0961c0e167730

SHA512
27fa5135218114885f9e4600b9d0743c1d6c20517c1cb4fd2cc3d09174ae4a109b5564fbb2199ab1f8b0bb6ec0530e611142cd89820acdb950bbb551d3bfb019

Download Submit
memory/748-54-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/748-55-0x0000000074FB1000-0x0000000074FB3000-memory.dmp

Filesize
8KB

Download
memory/748-58-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/748-59-0x000000007EF90000-0x000000007EF9C000-memory.dmp

Filesize
48KB

Download
memory/1948-60-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download