393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e

Analysis

max time kernel
149s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e.exe
Size

272KB
MD5

a2e4beb2753ac7ed189ae4df9e051650
SHA1

98179438d7954cf9843dd1441e575e00e376feec
SHA256

393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e
SHA512

d6f59d5f8facb8b1880fa46c328e38896fd2a199e939140207f2f5711993d43a97ed43a88522fb3caa1425c4ebf14091c620c11778a820d9611ef1880a66e4bf
SSDEEP

6144:XvixE++swhjnZSBxnHNvPmOu+QUrT610gj7Q:XYEldAB7vPBLZ

Score

8^/10

aspackv2 persistence upx

Malware Config

Signatures

ASPack v2.12-2.42 18 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x00140000000054ab-56.dat	aspack_v212_v242
behavioral1/files/0x00140000000054ab-58.dat	aspack_v212_v242
behavioral1/memory/1908-65-0x00000000002F0000-0x000000000033E000-memory.dmp	aspack_v212_v242
behavioral1/files/0x00080000000126c9-66.dat	aspack_v212_v242
behavioral1/files/0x00080000000126c9-67.dat	aspack_v212_v242
behavioral1/files/0x0008000000012744-75.dat	aspack_v212_v242
behavioral1/files/0x0008000000012744-76.dat	aspack_v212_v242
behavioral1/files/0x0007000000012758-81.dat	aspack_v212_v242
behavioral1/files/0x0007000000012758-82.dat	aspack_v212_v242
behavioral1/files/0x000700000001311a-88.dat	aspack_v212_v242
behavioral1/files/0x000700000001311a-87.dat	aspack_v212_v242
behavioral1/files/0x0007000000013170-93.dat	aspack_v212_v242
behavioral1/files/0x0007000000013170-92.dat	aspack_v212_v242
behavioral1/files/0x00070000000131fd-99.dat	aspack_v212_v242
behavioral1/files/0x00070000000131fd-98.dat	aspack_v212_v242
behavioral1/files/0x0007000000013300-103.dat	aspack_v212_v242
behavioral1/files/0x0007000000013300-104.dat	aspack_v212_v242
behavioral1/memory/1908-109-0x00000000002F0000-0x000000000033E000-memory.dmp	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
1908	7fa05b4f.exe

Sets DLL path for service in the registry 2 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Ias\Parameters\ServiceDll = "C:\\Windows\\system32\\Ias.dll"	7fa05b4f.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Nwsapagent\Parameters\ServiceDll = "C:\\Windows\\system32\\Nwsapagent.dll"	7fa05b4f.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SRService\Parameters\ServiceDll = "C:\\Windows\\system32\\SRService.dll"	7fa05b4f.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Wmi\Parameters\ServiceDll = "C:\\Windows\\system32\\Wmi.dll"	7fa05b4f.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\FastUserSwitchingCompatibility\Parameters\ServiceDll = "C:\\Windows\\system32\\FastUserSwitchingCompatibility.dll"	7fa05b4f.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Irmon\Parameters\ServiceDll = "C:\\Windows\\system32\\Irmon.dll"	7fa05b4f.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Nla\Parameters\ServiceDll = "C:\\Windows\\system32\\Nla.dll"	7fa05b4f.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Ntmssvc\Parameters\ServiceDll = "C:\\Windows\\system32\\Ntmssvc.dll"	7fa05b4f.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\NWCWorkstation\Parameters\ServiceDll = "C:\\Windows\\system32\\NWCWorkstation.dll"	7fa05b4f.exe

UPX packed file 35 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00140000000054ab-56.dat	upx
behavioral1/memory/748-59-0x0000000000400000-0x0000000000444000-memory.dmp	upx
behavioral1/files/0x00140000000054ab-58.dat	upx
behavioral1/memory/1908-62-0x0000000000800000-0x000000000084E000-memory.dmp	upx
behavioral1/memory/1908-63-0x0000000000800000-0x000000000084E000-memory.dmp	upx
behavioral1/memory/1908-64-0x0000000000800000-0x000000000084E000-memory.dmp	upx
behavioral1/memory/1908-65-0x00000000002F0000-0x000000000033E000-memory.dmp	upx
behavioral1/files/0x00080000000126c9-66.dat	upx
behavioral1/files/0x00080000000126c9-67.dat	upx
behavioral1/memory/916-69-0x0000000074990000-0x00000000749DE000-memory.dmp	upx
behavioral1/memory/916-70-0x0000000074990000-0x00000000749DE000-memory.dmp	upx
behavioral1/memory/916-71-0x0000000074990000-0x00000000749DE000-memory.dmp	upx
behavioral1/files/0x0008000000012744-75.dat	upx
behavioral1/files/0x0008000000012744-76.dat	upx
behavioral1/memory/1756-78-0x0000000074440000-0x000000007448E000-memory.dmp	upx
behavioral1/memory/1756-79-0x0000000074440000-0x000000007448E000-memory.dmp	upx
behavioral1/memory/1756-80-0x0000000074440000-0x000000007448E000-memory.dmp	upx
behavioral1/files/0x0007000000012758-81.dat	upx
behavioral1/files/0x0007000000012758-82.dat	upx
behavioral1/memory/1608-84-0x0000000074990000-0x00000000749DE000-memory.dmp	upx
behavioral1/memory/1608-85-0x0000000074990000-0x00000000749DE000-memory.dmp	upx
behavioral1/memory/1608-86-0x0000000074990000-0x00000000749DE000-memory.dmp	upx
behavioral1/files/0x000700000001311a-88.dat	upx
behavioral1/files/0x000700000001311a-87.dat	upx
behavioral1/memory/1584-96-0x0000000074990000-0x00000000749DE000-memory.dmp	upx
behavioral1/memory/1584-95-0x0000000074990000-0x00000000749DE000-memory.dmp	upx
behavioral1/files/0x0007000000013170-93.dat	upx
behavioral1/memory/1584-97-0x0000000074990000-0x00000000749DE000-memory.dmp	upx
behavioral1/files/0x0007000000013170-92.dat	upx
behavioral1/files/0x00070000000131fd-99.dat	upx
behavioral1/files/0x00070000000131fd-98.dat	upx
behavioral1/files/0x0007000000013300-103.dat	upx
behavioral1/files/0x0007000000013300-104.dat	upx
behavioral1/memory/1908-108-0x0000000000800000-0x000000000084E000-memory.dmp	upx
behavioral1/memory/1908-109-0x00000000002F0000-0x000000000033E000-memory.dmp	upx

Loads dropped DLL 7 IoCs

pid	Process
916	svchost.exe
1756	svchost.exe
1608	svchost.exe
1448	svchost.exe
1584	svchost.exe
776	svchost.exe
1552	svchost.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\FastUserSwitchingCompatibility.dll	7fa05b4f.exe
File opened for modification	C:\Windows\SysWOW64\Ias.dll	7fa05b4f.exe
File opened for modification	C:\Windows\SysWOW64\Nwsapagent.dll	7fa05b4f.exe
File opened for modification	C:\Windows\SysWOW64\Wmi.dll	7fa05b4f.exe
File opened for modification	C:\Windows\SysWOW64\Irmon.dll	7fa05b4f.exe
File opened for modification	C:\Windows\SysWOW64\Nla.dll	7fa05b4f.exe
File opened for modification	C:\Windows\SysWOW64\Ntmssvc.dll	7fa05b4f.exe
File opened for modification	C:\Windows\SysWOW64\NWCWorkstation.dll	7fa05b4f.exe
File opened for modification	C:\Windows\SysWOW64\SRService.dll	7fa05b4f.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1908	7fa05b4f.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 1908	748	393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e.exe	28
PID 748 wrote to memory of 1908	748	393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e.exe	28
PID 748 wrote to memory of 1908	748	393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e.exe	28
PID 748 wrote to memory of 1908	748	393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e.exe	28
PID 748 wrote to memory of 1908	748	393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e.exe	28
PID 748 wrote to memory of 1908	748	393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e.exe	28
PID 748 wrote to memory of 1908	748	393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e.exe	28

C:\Users\Admin\AppData\Local\Temp\393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e.exe
"C:\Users\Admin\AppData\Local\Temp\393ffb7500d45536f4e95784628fef73786b26ef5095e56b27eda0bc6a4c955e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\7fa05b4f.exe
  C:\7fa05b4f.exe
  2⤵
  - Executes dropped EXE
  - Sets DLL path for service in the registry
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1908

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:916

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1756

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1608

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1448

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1584

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:776

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
- Loads dropped DLL
PID:1552

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
1⤵
PID:1492

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\7fa05b4f.exe

Filesize
238KB

MD5
683d0370e535bbb21489bd0255c26256

SHA1
c49011481ff216759ea0632f04a5cd3fa5cc743c

SHA256
e897feca67c0c2e0c539f8040b5b5ac254196a11495c236cd296e678d692e082

SHA512
0ebdedbf2534fd6939b132c9f1cf6d64d88a4b9f60c23c459c7c2f0ec7e5d0203bfa7a2bb33fa57a141b8440cce5a044e160717ed30777e833f07936bb4bdd40

Download Submit
C:\7fa05b4f.exe

Filesize
238KB

MD5
683d0370e535bbb21489bd0255c26256

SHA1
c49011481ff216759ea0632f04a5cd3fa5cc743c

SHA256
e897feca67c0c2e0c539f8040b5b5ac254196a11495c236cd296e678d692e082

SHA512
0ebdedbf2534fd6939b132c9f1cf6d64d88a4b9f60c23c459c7c2f0ec7e5d0203bfa7a2bb33fa57a141b8440cce5a044e160717ed30777e833f07936bb4bdd40

Download Submit
\??\c:\windows\SysWOW64\fastuserswitchingcompatibility.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\??\c:\windows\SysWOW64\irmon.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\??\c:\windows\SysWOW64\nla.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\??\c:\windows\SysWOW64\ntmssvc.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\??\c:\windows\SysWOW64\nwcworkstation.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\??\c:\windows\SysWOW64\nwsapagent.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\??\c:\windows\SysWOW64\srservice.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\Windows\SysWOW64\FastUserSwitchingCompatibility.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\Windows\SysWOW64\Irmon.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\Windows\SysWOW64\NWCWorkstation.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\Windows\SysWOW64\Nla.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\Windows\SysWOW64\Ntmssvc.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\Windows\SysWOW64\Nwsapagent.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
\Windows\SysWOW64\SRService.dll

Filesize
238KB

MD5
5bde78cbb6156f62b8a8fd3ce0f477df

SHA1
8290372f48fe98c65566f6aee6eaa2b313329716

SHA256
b4c11b4dc871f5e52fb0666e4e7b3a82da86f2422a00c59c555a04554f7dcbaf

SHA512
3f07a68524ec9d6766520118584574f5a5c7c2d7eccd308c8555fb8dc428151ee0e441ff55dca303b06dc14aab2b79d7a375a9b72e565cf3c410d0360baa13d1

Download Submit
memory/748-74-0x0000000000170000-0x000000000017D000-memory.dmp

Filesize
52KB

Download
memory/748-61-0x0000000000180000-0x00000000001CE000-memory.dmp

Filesize
312KB

Download
memory/748-59-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/748-60-0x0000000000170000-0x00000000001B4000-memory.dmp

Filesize
272KB

Download
memory/748-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/916-71-0x0000000074990000-0x00000000749DE000-memory.dmp

Filesize
312KB

Download
memory/916-69-0x0000000074990000-0x00000000749DE000-memory.dmp

Filesize
312KB

Download
memory/916-70-0x0000000074990000-0x00000000749DE000-memory.dmp

Filesize
312KB

Download
memory/1584-96-0x0000000074990000-0x00000000749DE000-memory.dmp

Filesize
312KB

Download
memory/1584-97-0x0000000074990000-0x00000000749DE000-memory.dmp

Filesize
312KB

Download
memory/1584-95-0x0000000074990000-0x00000000749DE000-memory.dmp

Filesize
312KB

Download
memory/1608-85-0x0000000074990000-0x00000000749DE000-memory.dmp

Filesize
312KB

Download
memory/1608-84-0x0000000074990000-0x00000000749DE000-memory.dmp

Filesize
312KB

Download
memory/1608-86-0x0000000074990000-0x00000000749DE000-memory.dmp

Filesize
312KB

Download
memory/1756-78-0x0000000074440000-0x000000007448E000-memory.dmp

Filesize
312KB

Download
memory/1756-79-0x0000000074440000-0x000000007448E000-memory.dmp

Filesize
312KB

Download
memory/1756-80-0x0000000074440000-0x000000007448E000-memory.dmp

Filesize
312KB

Download
memory/1908-62-0x0000000000800000-0x000000000084E000-memory.dmp

Filesize
312KB

Download
memory/1908-72-0x0000000001FC0000-0x0000000005FC0000-memory.dmp

Filesize
64.0MB

Download
memory/1908-73-0x0000000001FC0000-0x0000000005FC0000-memory.dmp

Filesize
64.0MB

Download
memory/1908-63-0x0000000000800000-0x000000000084E000-memory.dmp

Filesize
312KB

Download
memory/1908-65-0x00000000002F0000-0x000000000033E000-memory.dmp

Filesize
312KB

Download
memory/1908-64-0x0000000000800000-0x000000000084E000-memory.dmp

Filesize
312KB

Download
memory/1908-108-0x0000000000800000-0x000000000084E000-memory.dmp

Filesize
312KB

Download
memory/1908-109-0x00000000002F0000-0x000000000033E000-memory.dmp

Filesize
312KB

Download