20a5c8f44be9a51260851e8096fc9c2e1a8ee8cba17c2afc24f32c9e0fccedaf

Analysis

max time kernel
144s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2023, 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VNCscanner.exe
Size

738KB
MD5

132ba0c3ecf8a795944c87a13b037a88
SHA1

7a4c23e4d6ede7b10e1363185bf4a48434dce9d5
SHA256

20a5c8f44be9a51260851e8096fc9c2e1a8ee8cba17c2afc24f32c9e0fccedaf
SHA512

0f8afed5bc02932ca77ccd71b573c84618ed2d98230fa2d063e8d84a20d961925a07a96a74461f721b7efcbe2444c136092c2af2b8b0e3f18544a55cef185a1d
SSDEEP

12288:G5OVdesRaHZZEbc68kt4PpMSUcJkAhMQCSMKjPKsHf2+3Ls8QG6TboMbkgycytTV:GInRa5rHfp0oz5/Ze+3g3G64MQLvt

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	VNCscanner.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	svchost.exe

Executes dropped EXE 2 IoCs

pid	Process
4424	svchost.exe
4540	hex.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\System Driver = "C:\\windows\\system\\programas\\two.bat"	regedit.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 50 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\system\programas\remote.ini	svchost.exe
File created	C:\Windows\System\programas\remote.ini	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\script1.ini	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\VNC_bypauth.exe	VNCscanner.exe
File created	C:\Windows\System\programas\hex.exe	VNCscanner.exe
File created	C:\Windows\System\programas\Hiderun.exe	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\load.reg	VNCscanner.exe
File opened for modification	\??\c:\windows\system\programas\aliases.ini	svchost.exe
File opened for modification	\??\c:\windows\system\programas\script2.ini	svchost.exe
File opened for modification	C:\Windows\System\programas\moo.dll	VNCscanner.exe
File created	C:\Windows\System\programas\script3.dll	VNCscanner.exe
File created	C:\Windows\System\programas\script.ini	VNCscanner.exe
File created	C:\Windows\System\programas\svchost.exe	VNCscanner.exe
File created	C:\Windows\System\programas\two.bat	VNCscanner.exe
File created	C:\Windows\System\programas\aliases.ini	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\Hiderun.exe	VNCscanner.exe
File created	C:\Windows\System\programas\load.reg	VNCscanner.exe
File created	C:\Windows\System\programas\script2.ini	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\servers.ini	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\aliases.ini	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\Commands.txt	VNCscanner.exe
File created	C:\Windows\System\programas\moo.dll	VNCscanner.exe
File created	C:\Windows\System\programas\regedit	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\remote.ini	VNCscanner.exe
File created	C:\Windows\System\programas\script1.ini	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\svchost.exe	VNCscanner.exe
File created	C:\Windows\System\programas\VNC_bypauth.exe	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\mirc.ini	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\script.ini	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\two.bat	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\VNC_bypauth.txt	VNCscanner.exe
File opened for modification	\??\c:\windows\system\programas\nt.dll	svchost.exe
File opened for modification	C:\Windows\System\programas\script2.ini	VNCscanner.exe
File created	C:\Windows\System\programas\mirc.ini	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\moodll.mrc	VNCscanner.exe
File created	C:\Windows\System\programas\nt.dll	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\regedit	VNCscanner.exe
File opened for modification	\??\c:\windows\system\programas	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\script3.dll	VNCscanner.exe
File created	C:\Windows\System\programas\VNC_bypauth.txt	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\nt.dll	VNCscanner.exe
File opened for modification	\??\c:\windows\system\programas\script1.ini	svchost.exe
File created	C:\Windows\System\programas\__tmp_rar_sfx_access_check_240593359	VNCscanner.exe
File created	C:\Windows\System\programas\servers.ini	VNCscanner.exe
File created	C:\Windows\System\programas\Commands.txt	VNCscanner.exe
File opened for modification	C:\Windows\System\programas\hex.exe	VNCscanner.exe
File created	C:\Windows\System\programas\moodll.mrc	VNCscanner.exe
File opened for modification	\??\c:\windows\system\programas\mirc.ini	svchost.exe
File opened for modification	\??\c:\windows\system\programas\script.ini	svchost.exe
File created	\??\c:\windows\system\programas\TMP1.$$$	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 40 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon\ = "\"c:\\windows\\system\\programas\\svchost.exe\""	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application	svchost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\EditFlags = 02000000	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\DefaultIcon	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Application\ = "mIRC"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ = "%1"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\ifexec	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ifexec\ = "%1"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application\ = "mIRC"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha\ = "ChatFile"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ = "%1"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic\ = "Connect"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\ = "URL:IRC Protocol"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\URL Protocol	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\DefaultIcon\ = "\"c:\\windows\\system\\programas\\svchost.exe\""	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Application	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Topic\ = "Connect"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\ = "Chat File"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command\ = "\"c:\\windows\\system\\programas\\svchost.exe\""	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\command	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command\ = "\"c:\\windows\\system\\programas\\svchost.exe\""	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat\ = "ChatFile"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec\ = "%1"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Topic	svchost.exe

Runs .reg file with regedit 1 IoCs

pid	Process
384	regedit.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4424	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4424	svchost.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2096	2744	VNCscanner.exe	83
PID 2744 wrote to memory of 2096	2744	VNCscanner.exe	83
PID 2744 wrote to memory of 2096	2744	VNCscanner.exe	83
PID 2096 wrote to memory of 4424	2096	cmd.exe	85
PID 2096 wrote to memory of 4424	2096	cmd.exe	85
PID 2096 wrote to memory of 4424	2096	cmd.exe	85
PID 2096 wrote to memory of 384	2096	cmd.exe	87
PID 2096 wrote to memory of 384	2096	cmd.exe	87
PID 2096 wrote to memory of 384	2096	cmd.exe	87
PID 4424 wrote to memory of 4540	4424	svchost.exe	89
PID 4424 wrote to memory of 4540	4424	svchost.exe	89
PID 4424 wrote to memory of 4540	4424	svchost.exe	89

C:\Users\Admin\AppData\Local\Temp\VNCscanner.exe
"C:\Users\Admin\AppData\Local\Temp\VNCscanner.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\windows\system\programas\two.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2096
- - \??\c:\windows\system\programas\svchost.exe
    c:\windows\system\programas\svchost.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Windows directory
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4424
  - - C:\Windows\System\programas\hex.exe
      "C:\Windows\System\programas\hex.exe" /hide mIRC*
      4⤵
      Executes dropped EXE
      PID:4540
- - C:\Windows\SysWOW64\regedit.exe
    regedit /s c:\windows\system\programas\load.reg
    3⤵
    - Adds Run key to start application
    - Runs .reg file with regedit
    PID:384

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\programas\hex.exe

Filesize
33KB

MD5
13aeec40e4f9c1d68a262b0c2d285d56

SHA1
ed39fe0dbe5b151616090141201ee393fbb4669e

SHA256
3079f72821d2b810a229f2227bfc6e5459f0f843239c188123752573b1d2d8f4

SHA512
a0ee4806df42aece4b79a336a11cdc138c03459ac1e3e1ffdcaf042efc1812c4c2cc4db2f01aee6453e38a5897a0002f8cbe539a33362151d1685ae89725dfc4

Download Submit
C:\Windows\System\programas\hex.exe

Filesize
33KB

MD5
13aeec40e4f9c1d68a262b0c2d285d56

SHA1
ed39fe0dbe5b151616090141201ee393fbb4669e

SHA256
3079f72821d2b810a229f2227bfc6e5459f0f843239c188123752573b1d2d8f4

SHA512
a0ee4806df42aece4b79a336a11cdc138c03459ac1e3e1ffdcaf042efc1812c4c2cc4db2f01aee6453e38a5897a0002f8cbe539a33362151d1685ae89725dfc4

Download Submit
C:\Windows\System\programas\mirc.ini

Filesize
3KB

MD5
253d57c6ea87084c88dc6964b3e74a2d

SHA1
56e9884448f40dab014a71f4346ae390b90cb199

SHA256
1d1d943950a2748f0fabe50018c7c84c2587aed971b7e45ae2b569b92bee20a7

SHA512
386119556e6a8d7fb1665d8ff80de00674ddbd41bc12627b9ac9c2caef9f4877d2802d444678b1bb24d14bc052803a1c8268c238e8fe9297ce182c8000f08e20

Download Submit
C:\Windows\System\programas\mirc.ini

Filesize
3KB

MD5
3e11984076dac448d56e8629fc91b7fd

SHA1
6385723b6f0ec7b599ac9df77c0c7023b57d697d

SHA256
893bd4ff6254284cbfa6b05010192c779247169d1a998f5fede0110f2714d5db

SHA512
b5c27f9524f624297ecfe3e0d7741f5aa129424a62516b4b81ffb520651a92009fa99b902b4321456e45004e46ac26e646850bcc021b6f77490cb480c2192b63

Download Submit
C:\Windows\System\programas\svchost.exe

Filesize
1.6MB

MD5
e07274cd16810b5dc280d9699fce2c8e

SHA1
26234450b0202ae2a92f20753aef15bf2155d7d2

SHA256
8b2f7dc50203793131e395dcd310d2d94ab3ccd6c6986e026787070d6a708877

SHA512
83bbb48708f5afccdaea04ff2728c22b2757e656e41238fcb8d59f07b519a320279eac9348e00f7c24cc65990b5404e337eed2da8dab5a7833b9112ab04cf5bf

Download Submit
C:\windows\system\programas\two.bat

Filesize
112B

MD5
b7a2a93e3fd392c588982e494ea48339

SHA1
517c90e7cc38137703c85080b19f44a4164bcb2d

SHA256
5a8eb22357f0ec88b2e8e21f2cbddc4c49ad0201b621f99d43565e42b6440c11

SHA512
9333a34c9d3779e9f1573a575776d4102192f03388343bd249dc0762eb55a089b6272798a6971734fe3cc07ecb642b150ac90d2748f079fd4b2085e4b5b712c2

Download Submit
\??\c:\Windows\System\programas\load.reg

Filesize
216B

MD5
5da195b550c830b4f1a1f86543d73950

SHA1
78fa37b44fc46f864cf98034da9328959befee0f

SHA256
fa45a93ea63c757e65842059fb0273b3d35aefc5a8d968551d4bb84e8717a194

SHA512
4ff993a9429a74f5a64d8afa66bd202c5af1501daf747111afb9dba86369c6451128bf987f796398a7b4290e33e4a3ae7ecd087a753e13d4029a0649c98134d9

Download Submit
\??\c:\windows\system\programas\aliases.ini

Filesize
42B

MD5
8df69f27258a08c3aff6be7a5fecd033

SHA1
94faccc4cbd15568bb1afb6368b3c035ee010210

SHA256
fe396795a75ecb6f65da522267d7815de7ea64104e20d6573fa9b215976d02ef

SHA512
966d035e6495e94b8c4f7c7172e39fd04eeb42d67db59aedc5dd4791af95ee4b1ecc2842686b8ef5b48e1f72fa8a48b5f3cc4da28b30e799b50177449def1a11

Download Submit
\??\c:\windows\system\programas\mirc.ini

Filesize
3KB

MD5
253d57c6ea87084c88dc6964b3e74a2d

SHA1
56e9884448f40dab014a71f4346ae390b90cb199

SHA256
1d1d943950a2748f0fabe50018c7c84c2587aed971b7e45ae2b569b92bee20a7

SHA512
386119556e6a8d7fb1665d8ff80de00674ddbd41bc12627b9ac9c2caef9f4877d2802d444678b1bb24d14bc052803a1c8268c238e8fe9297ce182c8000f08e20

Download Submit
\??\c:\windows\system\programas\nt.dll

Filesize
1KB

MD5
32f75e781fe997e726bc69fd83c0924a

SHA1
af05765b9b96aab46cfc4b9540e064ac2c73dc90

SHA256
ded92c538b1babd886aba7b6908ec8706cf2d1f61ed12f14e4addf8ca7806481

SHA512
81e7e69c47b536a5468e5e062a4f3f2a0963c2b662e9eee3d8ff360fafa14776148135c749e5b58c00432ab7468ca83ec3859b7d62ad5314c37072fcd51e5f27

Download Submit
\??\c:\windows\system\programas\remote.ini

Filesize
265B

MD5
9ce565a6b74f020c7d4de7ccd2a7eafc

SHA1
9f980fc64ddd281894f9758af69ef74f0f5935e1

SHA256
762df15f94fbc1857fbf8947cb2ad30a93b82cb99c37152cabe70dd174f8a470

SHA512
e69fed375a22483e7911684459ea8cd8e9b7f0c6efb65813a4f507c60868ab12f6f788288aa484e52c9d2993247f15c471ed01a4d3bacbd728a98b784398aee5

Download Submit
\??\c:\windows\system\programas\script.ini

Filesize
277B

MD5
359fc318d66870018e7626ad58b65460

SHA1
22206758b681506807f63414267e9d719fc0a8e5

SHA256
720bb82dc83c06be97ab24967f76ea1e2916202fa4500dfab1da65724523ed11

SHA512
370df971bd78fe60c782dfb8d5e33ad2fcdf1f3527656f156b5908ec9d7260f2bfa3435193928325eef11fb9da6c48469a542c89e5db5d6f646b8304791a8def

Download Submit
\??\c:\windows\system\programas\script1.ini

Filesize
404B

MD5
2825d299fd41f50cd8029db3482a6f58

SHA1
91e522d136ab77454b7195802069e256f3ae1f6d

SHA256
8a882c00f56493643a27f93a866a543e81666a68158e9b9f590c39b2bb185c92

SHA512
8b09cadd6ab65eb1dbc77ec9082995c7cd090bcb79ee3c384f4c01eb706f82784bea5512bf55508dd7b047a35b420d45844efddf7318b7611a514040cabd8d70

Download Submit
\??\c:\windows\system\programas\script2.ini

Filesize
91B

MD5
c343f03c4620cd4a93038cb6bcdef4a5

SHA1
2c2c4ec40e7e3c5988e31faf9f0d0a2d494dc4b7

SHA256
3e9da2fe202af594d7996566423cde6a57187432a4e23d804d68e9328df64a1f

SHA512
c6a0bf08be01b1445b2cbd83aeff2a86827a4de7162bf86492d0cbae6ade53acbef4c0808da55f66f235c1cffc98fbfbc426dc72eeae8f00cd2d231af57326c8

Download Submit
\??\c:\windows\system\programas\svchost.exe

Filesize
1.6MB

MD5
e07274cd16810b5dc280d9699fce2c8e

SHA1
26234450b0202ae2a92f20753aef15bf2155d7d2

SHA256
8b2f7dc50203793131e395dcd310d2d94ab3ccd6c6986e026787070d6a708877

SHA512
83bbb48708f5afccdaea04ff2728c22b2757e656e41238fcb8d59f07b519a320279eac9348e00f7c24cc65990b5404e337eed2da8dab5a7833b9112ab04cf5bf

Download Submit
memory/2744-133-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2744-185-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2744-178-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4424-297-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4424-296-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4424-298-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4424-299-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4424-300-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4424-301-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4424-303-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4424-304-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4424-305-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4424-306-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/4540-294-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download