7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41

Analysis

max time kernel
189s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe
Size

328KB
MD5

a040b827312449d198d20f8cb5839250
SHA1

65d705b45a6065e3cc8e7301a9530cb803a5ad2e
SHA256

7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41
SHA512

28494468d3478d1f24639772d0cf634dc4b810689ae632c9f205ee59849305cab565d76afd4b3a046e814fdf8b981aa035c26d78bd3ee341a1ea75b5cf043ee4
SSDEEP

6144:uPeyxTQccBOsvO4SIA1AT+UBiPVCi55bdbP9GwCUKMCux:uPbZBgvJAmTs9C+hGaCk

Score

8^/10

aspackv2 persistence upx

Malware Config

Signatures

ASPack v2.12-2.42 16 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000c0000000054a8-55.dat	aspack_v212_v242
behavioral1/files/0x000c0000000054a8-57.dat	aspack_v212_v242
behavioral1/files/0x0007000000014b77-63.dat	aspack_v212_v242
behavioral1/files/0x0007000000014b77-64.dat	aspack_v212_v242
behavioral1/files/0x00090000000149ab-73.dat	aspack_v212_v242
behavioral1/files/0x00090000000149ab-74.dat	aspack_v212_v242
behavioral1/files/0x0006000000014bad-80.dat	aspack_v212_v242
behavioral1/files/0x0006000000014bad-81.dat	aspack_v212_v242
behavioral1/files/0x0006000000014c95-86.dat	aspack_v212_v242
behavioral1/files/0x0006000000014c95-87.dat	aspack_v212_v242
behavioral1/files/0x0006000000014f93-92.dat	aspack_v212_v242
behavioral1/files/0x0006000000014f93-93.dat	aspack_v212_v242
behavioral1/files/0x000600000001504d-97.dat	aspack_v212_v242
behavioral1/files/0x000600000001504d-98.dat	aspack_v212_v242
behavioral1/files/0x0006000000015329-103.dat	aspack_v212_v242
behavioral1/files/0x0006000000015329-104.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
2012	4731782d.exe

Sets DLL path for service in the registry 2 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Nwsapagent\Parameters\ServiceDll = "C:\\Windows\\system32\\Nwsapagent.dll"	4731782d.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SRService\Parameters\ServiceDll = "C:\\Windows\\system32\\SRService.dll"	4731782d.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\FastUserSwitchingCompatibility\Parameters\ServiceDll = "C:\\Windows\\system32\\FastUserSwitchingCompatibility.dll"	4731782d.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Ias\Parameters\ServiceDll = "C:\\Windows\\system32\\Ias.dll"	4731782d.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Irmon\Parameters\ServiceDll = "C:\\Windows\\system32\\Irmon.dll"	4731782d.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Nla\Parameters\ServiceDll = "C:\\Windows\\system32\\Nla.dll"	4731782d.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Ntmssvc\Parameters\ServiceDll = "C:\\Windows\\system32\\Ntmssvc.dll"	4731782d.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\NWCWorkstation\Parameters\ServiceDll = "C:\\Windows\\system32\\NWCWorkstation.dll"	4731782d.exe

UPX packed file 39 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c0000000054a8-55.dat	upx
behavioral1/files/0x000c0000000054a8-57.dat	upx
behavioral1/memory/2012-58-0x0000000000F60000-0x0000000000FAD000-memory.dmp	upx
behavioral1/memory/2012-59-0x0000000000F60000-0x0000000000FAD000-memory.dmp	upx
behavioral1/memory/1996-60-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral1/memory/2012-62-0x0000000000F60000-0x0000000000FAD000-memory.dmp	upx
behavioral1/files/0x0007000000014b77-63.dat	upx
behavioral1/files/0x0007000000014b77-64.dat	upx
behavioral1/memory/1964-67-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1964-66-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1964-68-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/files/0x00090000000149ab-73.dat	upx
behavioral1/files/0x00090000000149ab-74.dat	upx
behavioral1/memory/1108-77-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1108-76-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1108-78-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1996-79-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral1/files/0x0006000000014bad-80.dat	upx
behavioral1/files/0x0006000000014bad-81.dat	upx
behavioral1/memory/1640-83-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1640-84-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1640-85-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/files/0x0006000000014c95-86.dat	upx
behavioral1/files/0x0006000000014c95-87.dat	upx
behavioral1/memory/964-89-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/964-90-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/964-91-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/files/0x0006000000014f93-92.dat	upx
behavioral1/files/0x0006000000014f93-93.dat	upx
behavioral1/files/0x000600000001504d-97.dat	upx
behavioral1/files/0x000600000001504d-98.dat	upx
behavioral1/memory/1916-100-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1916-101-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1916-102-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/files/0x0006000000015329-103.dat	upx
behavioral1/files/0x0006000000015329-104.dat	upx
behavioral1/memory/1968-107-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1968-106-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx
behavioral1/memory/1968-108-0x0000000074AC0000-0x0000000074B0D000-memory.dmp	upx

Loads dropped DLL 7 IoCs

pid	Process
1964	svchost.exe
1108	svchost.exe
1640	svchost.exe
964	svchost.exe
288	svchost.exe
1916	svchost.exe
1968	svchost.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Ntmssvc.dll	4731782d.exe
File opened for modification	C:\Windows\SysWOW64\NWCWorkstation.dll	4731782d.exe
File opened for modification	C:\Windows\SysWOW64\Nwsapagent.dll	4731782d.exe
File opened for modification	C:\Windows\SysWOW64\SRService.dll	4731782d.exe
File opened for modification	C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll	4731782d.exe
File opened for modification	C:\Windows\SysWOW64\Ias.dll	4731782d.exe
File opened for modification	C:\Windows\SysWOW64\Irmon.dll	4731782d.exe
File opened for modification	C:\Windows\SysWOW64\Nla.dll	4731782d.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2012	4731782d.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1996	7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1996	7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2012	1996	7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe	27
PID 1996 wrote to memory of 2012	1996	7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe	27
PID 1996 wrote to memory of 2012	1996	7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe	27
PID 1996 wrote to memory of 2012	1996	7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe	27
PID 1996 wrote to memory of 2012	1996	7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe	27
PID 1996 wrote to memory of 2012	1996	7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe	27
PID 1996 wrote to memory of 2012	1996	7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe	27

C:\Users\Admin\AppData\Local\Temp\7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe
"C:\Users\Admin\AppData\Local\Temp\7429eb005eb74b63a6789ce5c2d4aa83ff267dc38b88eea29d5fa5a88d50cf41.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1996
- C:\4731782d.exe
  C:\4731782d.exe
  2⤵
  - Executes dropped EXE
  - Sets DLL path for service in the registry
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2012

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1964

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
PID:112

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1108

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1640

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:964

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:288

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1916

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\4731782d.exe

Filesize
237KB

MD5
fb944d77d3d01823a0b92c463bbffb35

SHA1
8645a56fd3c1d05b9abc7e70ca8cb08612fa1fc9

SHA256
64762f2ef3f6b4426b22e962f5afc3572f22ab1c9e124cf7e38ce808e79291da

SHA512
11c37efab11283d5e140ac0c05de13ed82874f98368e15ebf9b49b92f92e58d41510b8dc34130eedbfe29e0e0f55914ff0555a9d003348969ed1876686e60346

Download Submit
C:\4731782d.exe

Filesize
237KB

MD5
fb944d77d3d01823a0b92c463bbffb35

SHA1
8645a56fd3c1d05b9abc7e70ca8cb08612fa1fc9

SHA256
64762f2ef3f6b4426b22e962f5afc3572f22ab1c9e124cf7e38ce808e79291da

SHA512
11c37efab11283d5e140ac0c05de13ed82874f98368e15ebf9b49b92f92e58d41510b8dc34130eedbfe29e0e0f55914ff0555a9d003348969ed1876686e60346

Download Submit
\??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\??\c:\windows\SysWOW64\irmon.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\??\c:\windows\SysWOW64\nla.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\??\c:\windows\SysWOW64\ntmssvc.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\??\c:\windows\SysWOW64\nwcworkstation.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\??\c:\windows\SysWOW64\nwsapagent.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\??\c:\windows\SysWOW64\srservice.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\Windows\SysWOW64\Irmon.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\Windows\SysWOW64\NWCWorkstation.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\Windows\SysWOW64\Nla.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\Windows\SysWOW64\Ntmssvc.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\Windows\SysWOW64\Nwsapagent.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
\Windows\SysWOW64\SRService.dll

Filesize
237KB

MD5
84e1e3a949758176b8c2691701eaff78

SHA1
9848b8da4093a20c6ab1844f73cd87bace185159

SHA256
ad555d76151b274b9497bd33ba19ed38a6b27b57071afdd153c9db76d5a4cb32

SHA512
60d8a0ec7b763a31ea241740b3e96eb54da18742076062193a66b4f56da9a3886ff0a670ecff66f34f6508a24bd76ac5d7b7995d5a77cb22e4f13bb177ff114d

Download Submit
memory/964-91-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/964-90-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/964-89-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1108-78-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1108-77-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1108-76-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1640-84-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1640-85-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1640-83-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1916-102-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1916-100-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1916-101-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1964-66-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1964-67-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1964-68-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1968-108-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1968-106-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1968-107-0x0000000074AC0000-0x0000000074B0D000-memory.dmp

Filesize
308KB

Download
memory/1996-60-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/1996-61-0x00000000000F0000-0x000000000013D000-memory.dmp

Filesize
308KB

Download
memory/1996-79-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2012-59-0x0000000000F60000-0x0000000000FAD000-memory.dmp

Filesize
308KB

Download
memory/2012-69-0x00000000023B0000-0x00000000063B0000-memory.dmp

Filesize
64.0MB

Download
memory/2012-56-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/2012-58-0x0000000000F60000-0x0000000000FAD000-memory.dmp

Filesize
308KB

Download
memory/2012-62-0x0000000000F60000-0x0000000000FAD000-memory.dmp

Filesize
308KB

Download
memory/2012-70-0x00000000023B0000-0x00000000063B0000-memory.dmp

Filesize
64.0MB

Download