nanocore | 459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7

Analysis

max time kernel
187s
max time network
192s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
Size

1.3MB
MD5

32f6ea5fc87ab9b2c7b37c46545e7b22
SHA1

1b02d26635b3564a1110cc32630f08e07d6972f2
SHA256

459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7
SHA512

456cf441f639f4dac395f326168ed5d8ec6f7533e36005b22f8afeb07ee116c16ad6869c91cecf2ae1077415b91e1f16eb7854703d0168d8054d5511f18cabea
SSDEEP

24576:ztb20pkaCqT5TBWgNQ7apF+/21AihKUTOHPYwi6A:wVg5tQ7apo/yNhKUCvy5

Score

10^/10

nanocore keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

adam150994.mooo.com:666

Mutex

253d9834-c7e1-426e-9d6e-eb4311d0819f

Attributes

activate_away_mode
true
backup_connection_host
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2015-01-12T08:19:11.200820936Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
true
connect_delay
4000
connection_port
666
default_group
Default
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
253d9834-c7e1-426e-9d6e-eb4311d0819f
mutex_timeout
5000
prevent_system_sleep
true
primary_connection_host
adam150994.mooo.com
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
true
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore

Executes dropped EXE 1 IoCs

pid	Process
1736	TempPlatinum Cracker.exe

Loads dropped DLL 4 IoCs

pid	Process
1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run\cmd = "C:\\Users\\Admin\\AppData\\Local\\Temp\\459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe"	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1184 set thread context of 2020	1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	29

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
2020	vbc.exe
2020	vbc.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
2020	vbc.exe
2020	vbc.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2020	vbc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2020	vbc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1736	1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	27
PID 1932 wrote to memory of 1736	1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	27
PID 1932 wrote to memory of 1736	1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	27
PID 1932 wrote to memory of 1736	1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	27
PID 1932 wrote to memory of 1184	1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	28
PID 1932 wrote to memory of 1184	1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	28
PID 1932 wrote to memory of 1184	1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	28
PID 1932 wrote to memory of 1184	1932	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	28
PID 1184 wrote to memory of 2020	1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	29
PID 1184 wrote to memory of 2020	1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	29
PID 1184 wrote to memory of 2020	1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	29
PID 1184 wrote to memory of 2020	1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	29
PID 1184 wrote to memory of 2020	1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	29
PID 1184 wrote to memory of 2020	1184	459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe	29

C:\Users\Admin\AppData\Local\Temp\459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
"C:\Users\Admin\AppData\Local\Temp\459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\TempPlatinum Cracker.exe
  "C:\Users\Admin\AppData\Local\TempPlatinum Cracker.exe"
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Users\Admin\AppData\Local\Temp\459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe
  C:\Users\Admin\AppData\Local\Temp\459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe /AutoIt3ExecuteScript "C:\Users\Admin\AppData\Local\Temp\g" "C:\Users\Admin\AppData\Local\Temp\459af8fc0b2da6b98d03e6268d16f68eded30f1a33d198ca9a2e1f8fcb69eef7.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1184
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    PID:2020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

T1064

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Scripting

T1064

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\TempPlatinum Cracker.exe

Filesize
464KB

MD5
68e44c6d72aafa359207590d0098002b

SHA1
d313088ff45f731e9f851d8ac1bcfa6dc338a5ce

SHA256
ab141e06b958d6b854b80baa0a75bbef0393035338839399e547a7ecb0ab26c5

SHA512
182a229e12649f7f4bd094610a10462e032b12d9d95a5ce3b0ccb4acca6123573ce06e9cba52fcd08f28bcf0678d6b45af22f510605ccb016daaf257b3cf9c6b

Download Submit
C:\Users\Admin\AppData\Local\TempPlatinum Cracker.exe

Filesize
464KB

MD5
68e44c6d72aafa359207590d0098002b

SHA1
d313088ff45f731e9f851d8ac1bcfa6dc338a5ce

SHA256
ab141e06b958d6b854b80baa0a75bbef0393035338839399e547a7ecb0ab26c5

SHA512
182a229e12649f7f4bd094610a10462e032b12d9d95a5ce3b0ccb4acca6123573ce06e9cba52fcd08f28bcf0678d6b45af22f510605ccb016daaf257b3cf9c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\g

Filesize
18KB

MD5
1d5b202e0c0e057d9346abf15f2300e9

SHA1
7cb8e8e846b16bfb9f3672c047df327938fdd5ce

SHA256
11e31517f7df41fe8f0e907fbae63010c284ee50e598ef1ca1c6ec986a2b1ea0

SHA512
892fac217f89a72775d7c3c537026141bcf44c7958b5ba655d5b4d87f2620b77c26f3a0d42d6d8f5d05ffb54404de146ab6da49092e36dd72e75d0f8c2c01200

Download Submit
C:\Users\Admin\AppData\Local\Temp\incl1

Filesize
12KB

MD5
31fd40fd1891ede7259c8eaca4debcb9

SHA1
5e79575a985ba6f98c4b876f84b1355de61aed55

SHA256
dc9d156617c01507ebbd09a44a336bd75801ba2ac5ee6240884084e5536b7b01

SHA512
6655a831bdb041dcc8c026ec27abb80494e847b8ffdf813a99955c6dcb144ac5916827f3ac1e8b0012e87e88e8cb311cd3f2905072d7e8fe3eca079507d82b6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\incl2

Filesize
209KB

MD5
b2e49b29cfa237ce7518567f42f947b8

SHA1
257c65ef92294b0db7fe17d62154a63efcc879ea

SHA256
866dea6791f4e95f118ed82151bdb3f8bf93f0cef50310d2a8a2dd381c837cfe

SHA512
9e1469e02bc549df3d6e359d61336d7f1857ca48b0dba9d0bf13fc0be11cfd8c0892a23a17a6a175cd0f3a98ff97f0ced9a0d9059dea9521568188d859a1e87e

Download Submit
\Users\Admin\AppData\Local\TempPlatinum Cracker.exe

Filesize
464KB

MD5
68e44c6d72aafa359207590d0098002b

SHA1
d313088ff45f731e9f851d8ac1bcfa6dc338a5ce

SHA256
ab141e06b958d6b854b80baa0a75bbef0393035338839399e547a7ecb0ab26c5

SHA512
182a229e12649f7f4bd094610a10462e032b12d9d95a5ce3b0ccb4acca6123573ce06e9cba52fcd08f28bcf0678d6b45af22f510605ccb016daaf257b3cf9c6b

Download Submit
\Users\Admin\AppData\Local\TempPlatinum Cracker.exe

Filesize
464KB

MD5
68e44c6d72aafa359207590d0098002b

SHA1
d313088ff45f731e9f851d8ac1bcfa6dc338a5ce

SHA256
ab141e06b958d6b854b80baa0a75bbef0393035338839399e547a7ecb0ab26c5

SHA512
182a229e12649f7f4bd094610a10462e032b12d9d95a5ce3b0ccb4acca6123573ce06e9cba52fcd08f28bcf0678d6b45af22f510605ccb016daaf257b3cf9c6b

Download Submit
\Users\Admin\AppData\Local\TempPlatinum Cracker.exe

Filesize
464KB

MD5
68e44c6d72aafa359207590d0098002b

SHA1
d313088ff45f731e9f851d8ac1bcfa6dc338a5ce

SHA256
ab141e06b958d6b854b80baa0a75bbef0393035338839399e547a7ecb0ab26c5

SHA512
182a229e12649f7f4bd094610a10462e032b12d9d95a5ce3b0ccb4acca6123573ce06e9cba52fcd08f28bcf0678d6b45af22f510605ccb016daaf257b3cf9c6b

Download Submit
\Users\Admin\AppData\Local\TempPlatinum Cracker.exe

Filesize
464KB

MD5
68e44c6d72aafa359207590d0098002b

SHA1
d313088ff45f731e9f851d8ac1bcfa6dc338a5ce

SHA256
ab141e06b958d6b854b80baa0a75bbef0393035338839399e547a7ecb0ab26c5

SHA512
182a229e12649f7f4bd094610a10462e032b12d9d95a5ce3b0ccb4acca6123573ce06e9cba52fcd08f28bcf0678d6b45af22f510605ccb016daaf257b3cf9c6b

Download Submit
memory/1736-67-0x0000000000370000-0x00000000003EA000-memory.dmp

Filesize
488KB

Download
memory/1736-83-0x0000000004CA5000-0x0000000004CB6000-memory.dmp

Filesize
68KB

Download
memory/1932-54-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download
memory/2020-75-0x0000000000080000-0x00000000000BA000-memory.dmp

Filesize
232KB

Download
memory/2020-73-0x0000000000080000-0x00000000000BA000-memory.dmp

Filesize
232KB

Download
memory/2020-70-0x0000000000080000-0x00000000000BA000-memory.dmp

Filesize
232KB

Download
memory/2020-78-0x0000000000780000-0x000000000078A000-memory.dmp

Filesize
40KB

Download
memory/2020-79-0x0000000000790000-0x000000000079C000-memory.dmp

Filesize
48KB

Download
memory/2020-80-0x00000000007A0000-0x00000000007BE000-memory.dmp

Filesize
120KB

Download
memory/2020-81-0x00000000007D0000-0x00000000007DA000-memory.dmp

Filesize
40KB

Download
memory/2020-82-0x0000000005175000-0x0000000005186000-memory.dmp

Filesize
68KB

Download
memory/2020-68-0x0000000000080000-0x00000000000BA000-memory.dmp

Filesize
232KB

Download
memory/2020-84-0x0000000005175000-0x0000000005186000-memory.dmp

Filesize
68KB

Download