Overview

overview

10

Static

static

8

9ce2381590...14.exe

windows7-x64

10

9ce2381590...14.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    188s
  • max time network
    185s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2022 11:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ce2381590c3096b7d6eba0cbd100b9d37097a89c95d87027398662b863af414.exe

  • Size

    42KB

  • MD5

    9601004aa8ff3878128edbdf014fa699

  • SHA1

    d35aa3a612ae9e3dc57daaa6a452f44cf642e62d

  • SHA256

    9ce2381590c3096b7d6eba0cbd100b9d37097a89c95d87027398662b863af414

  • SHA512

    8dab3f8bd706e9c20272f22c947bb63a3df342fd5df61227d3ee2842f22526686d69f5d3debb4f5967a16427fe9b6e8b18c24c95416476b6f8c801b48d556468

  • SSDEEP

    768:gSz0/XBwayCUOwV3TNZHdrPeqzEWvpbPwSMX6+w6pqZxLdeVgol9D88888888882:BzOCay4wV339rPjzbpLwRJ9pSdoIb

Score
10/10
aspackv2evasionpersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 8 IoCs
    persistence
  • Modifies visibility of file extensions in Explorer 2 TTPs 4 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 4 IoCs
    evasion
  • ASPack v2.12-2.42 18 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 12 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 29 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ce2381590c3096b7d6eba0cbd100b9d37097a89c95d87027398662b863af414.exe
    "C:\Users\Admin\AppData\Local\Temp\9ce2381590c3096b7d6eba0cbd100b9d37097a89c95d87027398662b863af414.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\recycled\SVCHOST.EXE
      C:\recycled\SVCHOST.EXE :agent
      2⤵
      • Modifies WinLogon for persistence
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1968
      • C:\recycled\SVCHOST.EXE
        C:\recycled\SVCHOST.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:3560
      • C:\recycled\SPOOLSV.EXE
        C:\recycled\SPOOLSV.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1060
      • C:\recycled\CTFMON.EXE
        C:\recycled\CTFMON.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:3360
    • C:\recycled\SPOOLSV.EXE
      C:\recycled\SPOOLSV.EXE :agent
      2⤵
      • Modifies WinLogon for persistence
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4804
      • C:\recycled\SVCHOST.EXE
        C:\recycled\SVCHOST.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:4584
      • C:\recycled\SPOOLSV.EXE
        C:\recycled\SPOOLSV.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:5064
      • C:\recycled\CTFMON.EXE
        C:\recycled\CTFMON.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2032
    • C:\recycled\CTFMON.EXE
      C:\recycled\CTFMON.EXE :agent
      2⤵
      • Modifies WinLogon for persistence
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4384
      • C:\recycled\SVCHOST.EXE
        C:\recycled\SVCHOST.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2012
      • C:\recycled\SPOOLSV.EXE
        C:\recycled\SPOOLSV.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:4288
      • C:\recycled\CTFMON.EXE
        C:\recycled\CTFMON.EXE :agent
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:3700
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\9ce2381590c3096b7d6eba0cbd100b9d37097a89c95d87027398662b863af414.doc" /o ""
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:4184

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    9915c23beb6b4fb1e8ab3739d410a160

    SHA1

    4103f077144655bf2e73e1ce9fdce169eaacd3c1

    SHA256

    4373efd03fa1a6b3b6b05a3434cced2fd78c43385c5d2371826f6406f2122a93

    SHA512

    8c601a4e741b854d89ec87aac286aa4a3cc5bccb1079e8819bcd37e8316a07faac2f4dbf39d0f39868985619fba88e6de8fd9637996de094ad7a3c08b4234744

    Download Submit

  • C:\Recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    9915c23beb6b4fb1e8ab3739d410a160

    SHA1

    4103f077144655bf2e73e1ce9fdce169eaacd3c1

    SHA256

    4373efd03fa1a6b3b6b05a3434cced2fd78c43385c5d2371826f6406f2122a93

    SHA512

    8c601a4e741b854d89ec87aac286aa4a3cc5bccb1079e8819bcd37e8316a07faac2f4dbf39d0f39868985619fba88e6de8fd9637996de094ad7a3c08b4234744

    Download Submit

  • C:\Recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    9915c23beb6b4fb1e8ab3739d410a160

    SHA1

    4103f077144655bf2e73e1ce9fdce169eaacd3c1

    SHA256

    4373efd03fa1a6b3b6b05a3434cced2fd78c43385c5d2371826f6406f2122a93

    SHA512

    8c601a4e741b854d89ec87aac286aa4a3cc5bccb1079e8819bcd37e8316a07faac2f4dbf39d0f39868985619fba88e6de8fd9637996de094ad7a3c08b4234744

    Download Submit

  • C:\Recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    9915c23beb6b4fb1e8ab3739d410a160

    SHA1

    4103f077144655bf2e73e1ce9fdce169eaacd3c1

    SHA256

    4373efd03fa1a6b3b6b05a3434cced2fd78c43385c5d2371826f6406f2122a93

    SHA512

    8c601a4e741b854d89ec87aac286aa4a3cc5bccb1079e8819bcd37e8316a07faac2f4dbf39d0f39868985619fba88e6de8fd9637996de094ad7a3c08b4234744

    Download Submit

  • C:\Recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f0ad1920e425f735f5b12da012858bc6

    SHA1

    e64bf1fd704a1b5cdd10995c648df22f733e8e9d

    SHA256

    41803fdd17a8605b6681c617e2236d98f99ce6f753461368408870b27a5a9ecf

    SHA512

    57bf6409a5bd548e50207426e43fcd0c47a4bb38ef04108de9df16c7e481a8a940ed602c623609c967a3a99e2f69043dd8deed86fa1ca3255dd9439023ba84b0

    Download Submit

  • C:\Recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f0ad1920e425f735f5b12da012858bc6

    SHA1

    e64bf1fd704a1b5cdd10995c648df22f733e8e9d

    SHA256

    41803fdd17a8605b6681c617e2236d98f99ce6f753461368408870b27a5a9ecf

    SHA512

    57bf6409a5bd548e50207426e43fcd0c47a4bb38ef04108de9df16c7e481a8a940ed602c623609c967a3a99e2f69043dd8deed86fa1ca3255dd9439023ba84b0

    Download Submit

  • C:\Recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f0ad1920e425f735f5b12da012858bc6

    SHA1

    e64bf1fd704a1b5cdd10995c648df22f733e8e9d

    SHA256

    41803fdd17a8605b6681c617e2236d98f99ce6f753461368408870b27a5a9ecf

    SHA512

    57bf6409a5bd548e50207426e43fcd0c47a4bb38ef04108de9df16c7e481a8a940ed602c623609c967a3a99e2f69043dd8deed86fa1ca3255dd9439023ba84b0

    Download Submit

  • C:\Recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f0ad1920e425f735f5b12da012858bc6

    SHA1

    e64bf1fd704a1b5cdd10995c648df22f733e8e9d

    SHA256

    41803fdd17a8605b6681c617e2236d98f99ce6f753461368408870b27a5a9ecf

    SHA512

    57bf6409a5bd548e50207426e43fcd0c47a4bb38ef04108de9df16c7e481a8a940ed602c623609c967a3a99e2f69043dd8deed86fa1ca3255dd9439023ba84b0

    Download Submit

  • C:\Recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    6483cd0ccd953e91143b64f4daf08672

    SHA1

    b81ef0fc1e33d58b39741099f598aaf7271d04e9

    SHA256

    56437732745ed3e3159bdb8dd158877b2555581f11c5789c5abe2db6854aa5d4

    SHA512

    7643bcc438485aeddd1f41c5576c372cc9ace9ebded821948bdbe90ca6c6a0fabdb9c399bcf511ba0aba8aaef504cc82f6a4c44d7ab0c3c443b65ccb8b35f121

    Download Submit

  • C:\Recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    6483cd0ccd953e91143b64f4daf08672

    SHA1

    b81ef0fc1e33d58b39741099f598aaf7271d04e9

    SHA256

    56437732745ed3e3159bdb8dd158877b2555581f11c5789c5abe2db6854aa5d4

    SHA512

    7643bcc438485aeddd1f41c5576c372cc9ace9ebded821948bdbe90ca6c6a0fabdb9c399bcf511ba0aba8aaef504cc82f6a4c44d7ab0c3c443b65ccb8b35f121

    Download Submit

  • C:\Recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    6483cd0ccd953e91143b64f4daf08672

    SHA1

    b81ef0fc1e33d58b39741099f598aaf7271d04e9

    SHA256

    56437732745ed3e3159bdb8dd158877b2555581f11c5789c5abe2db6854aa5d4

    SHA512

    7643bcc438485aeddd1f41c5576c372cc9ace9ebded821948bdbe90ca6c6a0fabdb9c399bcf511ba0aba8aaef504cc82f6a4c44d7ab0c3c443b65ccb8b35f121

    Download Submit

  • C:\Recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    6483cd0ccd953e91143b64f4daf08672

    SHA1

    b81ef0fc1e33d58b39741099f598aaf7271d04e9

    SHA256

    56437732745ed3e3159bdb8dd158877b2555581f11c5789c5abe2db6854aa5d4

    SHA512

    7643bcc438485aeddd1f41c5576c372cc9ace9ebded821948bdbe90ca6c6a0fabdb9c399bcf511ba0aba8aaef504cc82f6a4c44d7ab0c3c443b65ccb8b35f121

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Flu Burung.txt
    Filesize

    2KB

    MD5

    1a1dce35d60d2c70ca8894954fd5d384

    SHA1

    58547dd65d506c892290755010d0232da34ee000

    SHA256

    2661c05273f33efa4b7faa6ed8a6f7e69a13ad86077f69ee285ece9cba57e44c

    SHA512

    4abe37613145fabeb44ea4c28ecc827c8a0eb2b003e86ae7aef9be5687711fa7a294f17567ea0a70a6f14ab3cbe7886c83763a7c49278097fd53f0d11fd8154e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Flu Burung.txt
    Filesize

    2KB

    MD5

    1a1dce35d60d2c70ca8894954fd5d384

    SHA1

    58547dd65d506c892290755010d0232da34ee000

    SHA256

    2661c05273f33efa4b7faa6ed8a6f7e69a13ad86077f69ee285ece9cba57e44c

    SHA512

    4abe37613145fabeb44ea4c28ecc827c8a0eb2b003e86ae7aef9be5687711fa7a294f17567ea0a70a6f14ab3cbe7886c83763a7c49278097fd53f0d11fd8154e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Flu Burung.txt
    Filesize

    2KB

    MD5

    1a1dce35d60d2c70ca8894954fd5d384

    SHA1

    58547dd65d506c892290755010d0232da34ee000

    SHA256

    2661c05273f33efa4b7faa6ed8a6f7e69a13ad86077f69ee285ece9cba57e44c

    SHA512

    4abe37613145fabeb44ea4c28ecc827c8a0eb2b003e86ae7aef9be5687711fa7a294f17567ea0a70a6f14ab3cbe7886c83763a7c49278097fd53f0d11fd8154e

    Download Submit

  • C:\Windows\Fonts\ Explorer.exe
    Filesize

    42KB

    MD5

    7f87b3ca4ee77cf0a1f723f984966900

    SHA1

    a5f11e846ff14728560aebf0348ea4de6a67a420

    SHA256

    ae7e2cad2c8d46f7fa35d139278357dd4fcd058b36c08e2c4f0c033c93b4fcde

    SHA512

    08b1fb9ff60f798c5758ea7bcff4fd91be9a3b3794dda8d087282243fa9fa2fc7ae97c8ba2cf05b1240f64e5b5b969b0d7fcc953cb58bca19b5218ab77b21f4f

    Download Submit

  • C:\Windows\Fonts\ Explorer.exe
    Filesize

    42KB

    MD5

    422733abb3c1e755cb258b38fa6cb886

    SHA1

    ba31cb8d24e8c20303de7024c2dc25d1dd43eead

    SHA256

    61d8e4e955f7201c836a3af562dcde1541ec5e2744515508b39ba4ba2b865b47

    SHA512

    69a783153f692cd32b4028e012e13a2fb06b202145c4961cabd50a562d06fbed5952762f4daebfbb77316f2b5182c65660a507d0aa5cd4bdd9ceaccc903495b6

    Download Submit

  • C:\Windows\Fonts\ Explorer.exe
    Filesize

    42KB

    MD5

    422733abb3c1e755cb258b38fa6cb886

    SHA1

    ba31cb8d24e8c20303de7024c2dc25d1dd43eead

    SHA256

    61d8e4e955f7201c836a3af562dcde1541ec5e2744515508b39ba4ba2b865b47

    SHA512

    69a783153f692cd32b4028e012e13a2fb06b202145c4961cabd50a562d06fbed5952762f4daebfbb77316f2b5182c65660a507d0aa5cd4bdd9ceaccc903495b6

    Download Submit

  • C:\begolu.txt
    Filesize

    2B

    MD5

    2b9d4fa85c8e82132bde46b143040142

    SHA1

    a02431cf7c501a5b368c91e41283419d8fa9fb03

    SHA256

    4658d6abbbaf7748c172ed5a3e003cdb8997648f88724834e41f75e54520e142

    SHA512

    c37f27b442d578e94db6e5d879d026b0b3457f42b99ec56a9cb6fca3161540a32e207b942ef2ddb7be01fa9245ba4d8c859978a0f9a498c1ad8aa46d0890e6be

    Download Submit

  • C:\recycled\CTFMON.EXE
    Filesize

    42KB

    MD5

    9915c23beb6b4fb1e8ab3739d410a160

    SHA1

    4103f077144655bf2e73e1ce9fdce169eaacd3c1

    SHA256

    4373efd03fa1a6b3b6b05a3434cced2fd78c43385c5d2371826f6406f2122a93

    SHA512

    8c601a4e741b854d89ec87aac286aa4a3cc5bccb1079e8819bcd37e8316a07faac2f4dbf39d0f39868985619fba88e6de8fd9637996de094ad7a3c08b4234744

    Download Submit

  • C:\recycled\SPOOLSV.EXE
    Filesize

    42KB

    MD5

    f0ad1920e425f735f5b12da012858bc6

    SHA1

    e64bf1fd704a1b5cdd10995c648df22f733e8e9d

    SHA256

    41803fdd17a8605b6681c617e2236d98f99ce6f753461368408870b27a5a9ecf

    SHA512

    57bf6409a5bd548e50207426e43fcd0c47a4bb38ef04108de9df16c7e481a8a940ed602c623609c967a3a99e2f69043dd8deed86fa1ca3255dd9439023ba84b0

    Download Submit

  • C:\recycled\SVCHOST.EXE
    Filesize

    42KB

    MD5

    6483cd0ccd953e91143b64f4daf08672

    SHA1

    b81ef0fc1e33d58b39741099f598aaf7271d04e9

    SHA256

    56437732745ed3e3159bdb8dd158877b2555581f11c5789c5abe2db6854aa5d4

    SHA512

    7643bcc438485aeddd1f41c5576c372cc9ace9ebded821948bdbe90ca6c6a0fabdb9c399bcf511ba0aba8aaef504cc82f6a4c44d7ab0c3c443b65ccb8b35f121

    Download Submit

  • memory/1060-202-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1060-190-0x0000000000000000-mapping.dmp

    Download

  • memory/1968-218-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1968-135-0x0000000000000000-mapping.dmp

    Download

  • memory/1968-137-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2012-175-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2012-169-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2012-163-0x0000000000000000-mapping.dmp

    Download

  • memory/2032-183-0x0000000000000000-mapping.dmp

    Download

  • memory/2032-197-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3360-208-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3360-206-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3360-201-0x0000000000000000-mapping.dmp

    Download

  • memory/3560-179-0x0000000000000000-mapping.dmp

    Download

  • memory/3560-193-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3700-204-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3700-189-0x0000000000000000-mapping.dmp

    Download

  • memory/4184-211-0x00007FFBDCCD0000-0x00007FFBDCCE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4184-214-0x00007FFBDCCD0000-0x00007FFBDCCE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4184-213-0x00007FFBDCCD0000-0x00007FFBDCCE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4184-215-0x00007FFBDCCD0000-0x00007FFBDCCE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4184-212-0x00007FFBDCCD0000-0x00007FFBDCCE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4184-216-0x00007FFBDA980000-0x00007FFBDA990000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4184-217-0x00007FFBDA980000-0x00007FFBDA990000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4184-209-0x0000000000000000-mapping.dmp

    Download

  • memory/4288-191-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4288-173-0x0000000000000000-mapping.dmp

    Download

  • memory/4384-155-0x0000000000000000-mapping.dmp

    Download

  • memory/4384-160-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4384-220-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4460-210-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4460-132-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4584-154-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4584-171-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4584-150-0x0000000000000000-mapping.dmp

    Download

  • memory/4804-142-0x0000000000000000-mapping.dmp

    Download

  • memory/4804-146-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4804-219-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/5064-167-0x0000000000000000-mapping.dmp

    Download

  • memory/5064-170-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/5064-185-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download