bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c

Analysis

max time kernel
148s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe
Size

5.1MB
MD5

24f50b04771abd5acb21d3c7e895595f
SHA1

e9b1d7429a399cf40a4280d742becae2fd2cad8c
SHA256

bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c
SHA512

f89ace9168be202da4f50c2c9d8d784d3d6dfa3dc2a8a50c1b709421116bfe93f9564b982288fb801c90ba251a659dbf37455485d1f77d066eb2e1af59c3ed98
SSDEEP

98304:eSqj0iqMNjm/sQDu6/oG5I7dbDNuajw9f91BJNkkVmzIr:eS+pQD2+EdbDbjCBNpr

Score

8^/10

aspackv2 persistence

Malware Config

Signatures

ASPack v2.12-2.42 9 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\client.exe	aspack_v212_v242
\Users\Admin\AppData\Local\Temp\client.exe	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\client.exe	aspack_v212_v242
\Users\Admin\AppData\Local\Temp\client.exe	aspack_v212_v242
\Users\Admin\AppData\Local\Temp\client.exe	aspack_v212_v242
\Users\Admin\AppData\Local\Temp\client.exe	aspack_v212_v242
C:\Users\Admin\AppData\Local\Temp\client.exe	aspack_v212_v242
C:\Windows\SysWOW64\svohost.exe	aspack_v212_v242
C:\Windows\SysWOW64\svohost.exe	aspack_v212_v242

Creates new service(s) 1 TTPs
persistence

New Service
T1050
Executes dropped EXE 4 IoCs

Processes:

player.execlient.exeplayer.tmpsvohost.exe

pid process

1016 player.exe
548 client.exe
1812 player.tmp
1644 svohost.exe

pid	process
1016	player.exe
548	client.exe
1812	player.tmp
1644	svohost.exe

Loads dropped DLL 11 IoCs

Processes:

bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exeplayer.execlient.exeplayer.tmp

pid	process
2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe
2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe
1016	player.exe
1016	player.exe
2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe
548	client.exe
548	client.exe
548	client.exe
1016	player.exe
1812	player.tmp
1812	player.tmp

Drops file in System32 directory 6 IoCs

Processes:

client.exesvohost.exe

description	ioc	process
File created	C:\Windows\SysWOW64\svohost.txt	client.exe
File opened for modification	C:\Windows\SysWOW64\svohost.txt	svohost.exe
File opened for modification	C:\Windows\SysWOW64\s_svost.ini	svohost.exe
File created	C:\Windows\SysWOW64\s_svost.ini	client.exe
File created	C:\Windows\SysWOW64\svohost.exe	client.exe
File opened for modification	C:\Windows\SysWOW64\svohost.exe	client.exe

Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exe

pid process

1980 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs net.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

player.tmp

pid process

1812 player.tmp

pid	process
1980	sc.exe

pid	process
1812	player.tmp

Suspicious use of WriteProcessMemory 42 IoCs

Processes:

bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exeplayer.execlient.exenet.exe

description	pid	process	target process
PID 2040 wrote to memory of 1016	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	player.exe
PID 2040 wrote to memory of 1016	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	player.exe
PID 2040 wrote to memory of 1016	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	player.exe
PID 2040 wrote to memory of 1016	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	player.exe
PID 2040 wrote to memory of 1016	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	player.exe
PID 2040 wrote to memory of 1016	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	player.exe
PID 2040 wrote to memory of 1016	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	player.exe
PID 2040 wrote to memory of 548	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	client.exe
PID 2040 wrote to memory of 548	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	client.exe
PID 2040 wrote to memory of 548	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	client.exe
PID 2040 wrote to memory of 548	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	client.exe
PID 2040 wrote to memory of 548	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	client.exe
PID 2040 wrote to memory of 548	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	client.exe
PID 2040 wrote to memory of 548	2040	bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe	client.exe
PID 1016 wrote to memory of 1812	1016	player.exe	player.tmp
PID 1016 wrote to memory of 1812	1016	player.exe	player.tmp
PID 1016 wrote to memory of 1812	1016	player.exe	player.tmp
PID 1016 wrote to memory of 1812	1016	player.exe	player.tmp
PID 1016 wrote to memory of 1812	1016	player.exe	player.tmp
PID 1016 wrote to memory of 1812	1016	player.exe	player.tmp
PID 1016 wrote to memory of 1812	1016	player.exe	player.tmp
PID 548 wrote to memory of 1980	548	client.exe	sc.exe
PID 548 wrote to memory of 1980	548	client.exe	sc.exe
PID 548 wrote to memory of 1980	548	client.exe	sc.exe
PID 548 wrote to memory of 1980	548	client.exe	sc.exe
PID 548 wrote to memory of 1980	548	client.exe	sc.exe
PID 548 wrote to memory of 1980	548	client.exe	sc.exe
PID 548 wrote to memory of 1980	548	client.exe	sc.exe
PID 548 wrote to memory of 1544	548	client.exe	net.exe
PID 548 wrote to memory of 1544	548	client.exe	net.exe
PID 548 wrote to memory of 1544	548	client.exe	net.exe
PID 548 wrote to memory of 1544	548	client.exe	net.exe
PID 548 wrote to memory of 1544	548	client.exe	net.exe
PID 548 wrote to memory of 1544	548	client.exe	net.exe
PID 548 wrote to memory of 1544	548	client.exe	net.exe
PID 1544 wrote to memory of 980	1544	net.exe	net1.exe
PID 1544 wrote to memory of 980	1544	net.exe	net1.exe
PID 1544 wrote to memory of 980	1544	net.exe	net1.exe
PID 1544 wrote to memory of 980	1544	net.exe	net1.exe
PID 1544 wrote to memory of 980	1544	net.exe	net1.exe
PID 1544 wrote to memory of 980	1544	net.exe	net1.exe
PID 1544 wrote to memory of 980	1544	net.exe	net1.exe

C:\Users\Admin\AppData\Local\Temp\bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe
"C:\Users\Admin\AppData\Local\Temp\bee03bc05372ef7c1ed5db7609f6f6478c5409a895c9c06815e49ff6e5dedb4c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2040

C:\Users\Admin\AppData\Local\Temp\player.exe
"C:\Users\Admin\AppData\Local\Temp\player.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1016

C:\Users\Admin\AppData\Local\Temp\is-88DAE.tmp\player.tmp
"C:\Users\Admin\AppData\Local\Temp\is-88DAE.tmp\player.tmp" /SL5="$B0124,4766696,78336,C:\Users\Admin\AppData\Local\Temp\player.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1812

C:\Users\Admin\AppData\Local\Temp\client.exe
"C:\Users\Admin\AppData\Local\Temp\client.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:548

C:\Windows\SysWOW64\sc.exe
sc.exe create svohost binpath= "C:\Windows\system32\svohost.exe internal_start" DisplayName= svohost start= auto
3⤵
- Launches sc.exe
PID:1980

C:\Windows\SysWOW64\net.exe
net start svohost
3⤵
- Suspicious use of WriteProcessMemory
PID:1544

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start svohost
4⤵
PID:980

C:\Windows\SysWOW64\svohost.exe
C:\Windows\SysWOW64\svohost.exe internal_start
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1644

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

T1050

Privilege Escalation

New Service

T1050

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\client.exe
Filesize
355KB

MD5
635091785cedb895be32f9f8f47f86e2

SHA1
d850e157dc2e9e37449e9a825a99240bd0d56a4a

SHA256
7ced369e6003ada01c674fa5aa2f56d5cd6d08d85e351af9c8d3352f5884b8d3

SHA512
6d0c2cb1504954af0b19d5664601427462ef5c221f8aadac72ed9db366426006fa3958aafb3e6b451ec4d550bc9c6f8c0dd22c4dd68e133ee26eebe5de04c842

Download Submit
C:\Users\Admin\AppData\Local\Temp\client.exe
Filesize
355KB

MD5
635091785cedb895be32f9f8f47f86e2

SHA1
d850e157dc2e9e37449e9a825a99240bd0d56a4a

SHA256
7ced369e6003ada01c674fa5aa2f56d5cd6d08d85e351af9c8d3352f5884b8d3

SHA512
6d0c2cb1504954af0b19d5664601427462ef5c221f8aadac72ed9db366426006fa3958aafb3e6b451ec4d550bc9c6f8c0dd22c4dd68e133ee26eebe5de04c842

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-88DAE.tmp\player.tmp
Filesize
725KB

MD5
84ff6c3d5d724babe0e5d2a750ae9905

SHA1
61820b938fc6ecafec092bfb698735142a5d5e9a

SHA256
9b6d2904239f60398d1fb6735387ab81311dfe2d24a1ecd95fa805f46b328057

SHA512
548fcc1676eed26647f3a4ebe4f2af0e5b681140351422527a9eeb87c4e41591e667ce03d5c6784121f4d653811bda93ff90f1f5e0120ec45f7e92af0b219c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-88DAE.tmp\player.tmp
Filesize
725KB

MD5
84ff6c3d5d724babe0e5d2a750ae9905

SHA1
61820b938fc6ecafec092bfb698735142a5d5e9a

SHA256
9b6d2904239f60398d1fb6735387ab81311dfe2d24a1ecd95fa805f46b328057

SHA512
548fcc1676eed26647f3a4ebe4f2af0e5b681140351422527a9eeb87c4e41591e667ce03d5c6784121f4d653811bda93ff90f1f5e0120ec45f7e92af0b219c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\player.exe
Filesize
4.8MB

MD5
cacba2a9d0099583c7c402e121318a47

SHA1
316548a0c6fa059cb0455ac2e3cc08413313733a

SHA256
860351e5e9176ba6bf81e8f40bd7829e0cba8b569de54ecbc75582abe18862be

SHA512
93f966bd075b3d3acf5a26159b69d21eaeb37988782df7f4d488b85600f4c2e751e5604ba71a421b973e2e71bbf31f7f1fc66206ea977794f9095bd620c4e8ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\player.exe
Filesize
4.8MB

MD5
cacba2a9d0099583c7c402e121318a47

SHA1
316548a0c6fa059cb0455ac2e3cc08413313733a

SHA256
860351e5e9176ba6bf81e8f40bd7829e0cba8b569de54ecbc75582abe18862be

SHA512
93f966bd075b3d3acf5a26159b69d21eaeb37988782df7f4d488b85600f4c2e751e5604ba71a421b973e2e71bbf31f7f1fc66206ea977794f9095bd620c4e8ba

Download Submit
C:\Windows\SysWOW64\s_svost.ini
Filesize
11B

MD5
809cd34b28599d7413fbb7d55630d6ab

SHA1
ee2fe95da120abbde669603f18a54e6d3c2cd630

SHA256
00bd57241a71a6c3a826047b3606288ac8b829f725f183a0e897b3c3b97dda42

SHA512
2a80a827d70d222c23d0964f67468af57d47652b3b46da1535748cde3ca43d38d6e7cb0da224439d6556ac2fcd20fff7031f4fe96bb802debc471a298dcd8102

Download Submit
C:\Windows\SysWOW64\svohost.exe
Filesize
355KB

MD5
635091785cedb895be32f9f8f47f86e2

SHA1
d850e157dc2e9e37449e9a825a99240bd0d56a4a

SHA256
7ced369e6003ada01c674fa5aa2f56d5cd6d08d85e351af9c8d3352f5884b8d3

SHA512
6d0c2cb1504954af0b19d5664601427462ef5c221f8aadac72ed9db366426006fa3958aafb3e6b451ec4d550bc9c6f8c0dd22c4dd68e133ee26eebe5de04c842

Download Submit
C:\Windows\SysWOW64\svohost.exe
Filesize
355KB

MD5
635091785cedb895be32f9f8f47f86e2

SHA1
d850e157dc2e9e37449e9a825a99240bd0d56a4a

SHA256
7ced369e6003ada01c674fa5aa2f56d5cd6d08d85e351af9c8d3352f5884b8d3

SHA512
6d0c2cb1504954af0b19d5664601427462ef5c221f8aadac72ed9db366426006fa3958aafb3e6b451ec4d550bc9c6f8c0dd22c4dd68e133ee26eebe5de04c842

Download Submit
C:\Windows\SysWOW64\svohost.txt
Filesize
45B

MD5
440b2c92cd9c4b7037c74b9bead264b3

SHA1
bfe96981bbcbae5bd94ae20a60545c7932899df8

SHA256
1688cea0c4e9c182925c5b677eeacbb17bc1d4fd81dbe1123c79dc2b46017768

SHA512
1e59390125c50bbca9c3ee34187e7f5d7c8e044965af563d2d89012605db3ade0743dd6432b10f6b35fceb13eae31d5cb8b313d881066d7a83de509cedf3b2ea

Download Submit
\Users\Admin\AppData\Local\Temp\client.exe
Filesize
355KB

MD5
635091785cedb895be32f9f8f47f86e2

SHA1
d850e157dc2e9e37449e9a825a99240bd0d56a4a

SHA256
7ced369e6003ada01c674fa5aa2f56d5cd6d08d85e351af9c8d3352f5884b8d3

SHA512
6d0c2cb1504954af0b19d5664601427462ef5c221f8aadac72ed9db366426006fa3958aafb3e6b451ec4d550bc9c6f8c0dd22c4dd68e133ee26eebe5de04c842

Download Submit
\Users\Admin\AppData\Local\Temp\client.exe
Filesize
355KB

MD5
635091785cedb895be32f9f8f47f86e2

SHA1
d850e157dc2e9e37449e9a825a99240bd0d56a4a

SHA256
7ced369e6003ada01c674fa5aa2f56d5cd6d08d85e351af9c8d3352f5884b8d3

SHA512
6d0c2cb1504954af0b19d5664601427462ef5c221f8aadac72ed9db366426006fa3958aafb3e6b451ec4d550bc9c6f8c0dd22c4dd68e133ee26eebe5de04c842

Download Submit
\Users\Admin\AppData\Local\Temp\client.exe
Filesize
355KB

MD5
635091785cedb895be32f9f8f47f86e2

SHA1
d850e157dc2e9e37449e9a825a99240bd0d56a4a

SHA256
7ced369e6003ada01c674fa5aa2f56d5cd6d08d85e351af9c8d3352f5884b8d3

SHA512
6d0c2cb1504954af0b19d5664601427462ef5c221f8aadac72ed9db366426006fa3958aafb3e6b451ec4d550bc9c6f8c0dd22c4dd68e133ee26eebe5de04c842

Download Submit
\Users\Admin\AppData\Local\Temp\client.exe
Filesize
355KB

MD5
635091785cedb895be32f9f8f47f86e2

SHA1
d850e157dc2e9e37449e9a825a99240bd0d56a4a

SHA256
7ced369e6003ada01c674fa5aa2f56d5cd6d08d85e351af9c8d3352f5884b8d3

SHA512
6d0c2cb1504954af0b19d5664601427462ef5c221f8aadac72ed9db366426006fa3958aafb3e6b451ec4d550bc9c6f8c0dd22c4dd68e133ee26eebe5de04c842

Download Submit
\Users\Admin\AppData\Local\Temp\client.exe
Filesize
355KB

MD5
635091785cedb895be32f9f8f47f86e2

SHA1
d850e157dc2e9e37449e9a825a99240bd0d56a4a

SHA256
7ced369e6003ada01c674fa5aa2f56d5cd6d08d85e351af9c8d3352f5884b8d3

SHA512
6d0c2cb1504954af0b19d5664601427462ef5c221f8aadac72ed9db366426006fa3958aafb3e6b451ec4d550bc9c6f8c0dd22c4dd68e133ee26eebe5de04c842

Download Submit
\Users\Admin\AppData\Local\Temp\is-88DAE.tmp\player.tmp
Filesize
725KB

MD5
84ff6c3d5d724babe0e5d2a750ae9905

SHA1
61820b938fc6ecafec092bfb698735142a5d5e9a

SHA256
9b6d2904239f60398d1fb6735387ab81311dfe2d24a1ecd95fa805f46b328057

SHA512
548fcc1676eed26647f3a4ebe4f2af0e5b681140351422527a9eeb87c4e41591e667ce03d5c6784121f4d653811bda93ff90f1f5e0120ec45f7e92af0b219c4c

Download Submit
\Users\Admin\AppData\Local\Temp\is-P9FEV.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-P9FEV.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\player.exe
Filesize
4.8MB

MD5
cacba2a9d0099583c7c402e121318a47

SHA1
316548a0c6fa059cb0455ac2e3cc08413313733a

SHA256
860351e5e9176ba6bf81e8f40bd7829e0cba8b569de54ecbc75582abe18862be

SHA512
93f966bd075b3d3acf5a26159b69d21eaeb37988782df7f4d488b85600f4c2e751e5604ba71a421b973e2e71bbf31f7f1fc66206ea977794f9095bd620c4e8ba

Download Submit
\Users\Admin\AppData\Local\Temp\player.exe
Filesize
4.8MB

MD5
cacba2a9d0099583c7c402e121318a47

SHA1
316548a0c6fa059cb0455ac2e3cc08413313733a

SHA256
860351e5e9176ba6bf81e8f40bd7829e0cba8b569de54ecbc75582abe18862be

SHA512
93f966bd075b3d3acf5a26159b69d21eaeb37988782df7f4d488b85600f4c2e751e5604ba71a421b973e2e71bbf31f7f1fc66206ea977794f9095bd620c4e8ba

Download Submit
\Users\Admin\AppData\Local\Temp\player.exe
Filesize
4.8MB

MD5
cacba2a9d0099583c7c402e121318a47

SHA1
316548a0c6fa059cb0455ac2e3cc08413313733a

SHA256
860351e5e9176ba6bf81e8f40bd7829e0cba8b569de54ecbc75582abe18862be

SHA512
93f966bd075b3d3acf5a26159b69d21eaeb37988782df7f4d488b85600f4c2e751e5604ba71a421b973e2e71bbf31f7f1fc66206ea977794f9095bd620c4e8ba

Download Submit
memory/548-75-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/548-77-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/548-72-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/548-78-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/548-64-0x0000000000000000-mapping.dmp

Download
memory/548-86-0x00000000008F0000-0x000000000097D000-memory.dmp

Filesize
564KB

Download
memory/548-87-0x00000000008F0000-0x000000000097D000-memory.dmp

Filesize
564KB

Download
memory/548-88-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/548-76-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/548-90-0x00000000008F0000-0x000000000097D000-memory.dmp

Filesize
564KB

Download
memory/548-73-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/548-109-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/980-95-0x0000000000000000-mapping.dmp

Download
memory/1016-67-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1016-56-0x0000000000000000-mapping.dmp

Download
memory/1016-89-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1016-110-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1544-93-0x0000000000000000-mapping.dmp

Download
memory/1644-101-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1644-104-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1644-103-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1644-102-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1644-99-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1644-108-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1644-100-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1644-111-0x0000000000400000-0x000000000048D000-memory.dmp

Filesize
564KB

Download
memory/1812-80-0x0000000000000000-mapping.dmp

Download
memory/1980-83-0x0000000000000000-mapping.dmp

Download
memory/2040-54-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download