dff6637bf2f141177e628ccccc03f2b903e2fe3dd6ab01273585ff0114674204

Analysis

max time kernel
154s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.8ec6cbc74a6b64ad33239f4a6b8416b0.exe
Size

201KB
MD5

8ec6cbc74a6b64ad33239f4a6b8416b0
SHA1

c84b9a0906f392fab657b4e57c6510dc3721ff95
SHA256

dff6637bf2f141177e628ccccc03f2b903e2fe3dd6ab01273585ff0114674204
SHA512

54545ac30aa431ed5079ea9104de65d1221cbf53abda0c7e350068e16eabc641bec549ff2b18af45696dcfda262d7fe9c8e460dd474615c092d9e9bb86281257
SSDEEP

6144:ot++Jbojf5Vq5OC4qZhZcKYhc/ZfUozY:L+cff22qZhZcKYhc/

Score

10^/10

persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\apppatch\\svchost.exe,"	svchost.exe

Executes dropped EXE 1 IoCs

pid	Process
964	svchost.exe

Modifies WinLogon 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\b49cd5c8 = "C:\\Windows\\apppatch\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\b49cd5c8 = "C:\\Windows\\apppatch\\svchost.exe"	NEAS.8ec6cbc74a6b64ad33239f4a6b8416b0.exe

Drops file in Program Files directory 44 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Defender\qetyhyg.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\lyrysor.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\pumyjig.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\gatyhub.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\qetyfuv.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\lyrysor.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\volykit.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\qegyval.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\purylev.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\lyxynyx.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\vonyket.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\purylev.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\lygyvuj.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\galynuh.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\vofycot.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\vonypom.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\lysyfyj.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\galyqaz.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\pupycag.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\pupycag.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\vofycot.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\vocyzit.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\qetyfuv.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\qegyval.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\pumyjig.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\lymyxid.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\pupydeq.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\pupydeq.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\vonyket.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\qetyhyg.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\puzylyp.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\puzylyp.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\galyqaz.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\galynuh.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\lyxynyx.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\gadyciz.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\gatyhub.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\vocyzit.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\lymyxid.com	svchost.exe
File created	C:\Program Files (x86)\Windows Defender\gadyciz.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\volykit.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\lygyvuj.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\vonypom.com	svchost.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\lysyfyj.com	svchost.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\apppatch\svchost.exe	NEAS.8ec6cbc74a6b64ad33239f4a6b8416b0.exe
File opened for modification	C:\Windows\apppatch\svchost.exe	NEAS.8ec6cbc74a6b64ad33239f4a6b8416b0.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
964	svchost.exe
964	svchost.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2900	NEAS.8ec6cbc74a6b64ad33239f4a6b8416b0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 964	2900	NEAS.8ec6cbc74a6b64ad33239f4a6b8416b0.exe	83
PID 2900 wrote to memory of 964	2900	NEAS.8ec6cbc74a6b64ad33239f4a6b8416b0.exe	83
PID 2900 wrote to memory of 964	2900	NEAS.8ec6cbc74a6b64ad33239f4a6b8416b0.exe	83

C:\Users\Admin\AppData\Local\Temp\NEAS.8ec6cbc74a6b64ad33239f4a6b8416b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8ec6cbc74a6b64ad33239f4a6b8416b0.exe"
1⤵
- Modifies WinLogon
- Drops file in Windows directory
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\apppatch\svchost.exe
  "C:\Windows\apppatch\svchost.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Modifies WinLogon
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Windows Defender\galynuh.com

Filesize
593B

MD5
926512864979bc27cf187f1de3f57aff

SHA1
acdeb9d6187932613c7fa08eaf28f0cd8116f4b5

SHA256
b3e893a653ec06c05ee90f2f6e98cc052a92f6616d7cca8c416420e178dcc73f

SHA512
f6f9fd3ca9305bec879cfcd38e64111a18e65e30d25c49e9f2cd546cbab9b2dcd03eca81952f6b77c0eaab20192ef7bef0d8d434f6f371811929e75f8620633b

Download Submit
C:\Program Files (x86)\Windows Defender\galyqaz.com

Filesize
40KB

MD5
9cf42b652ca7350ccf4a59f0bf4d85af

SHA1
2a373588efc240a60ceea92c46e15ee00e03b59a

SHA256
c3551dd62a13630779c3779fc7972253f6e56c162306e6a5e4ec2d3ddebcc975

SHA512
ff42eeff77e58188065abccd93cffe4e829e034dd05d9512983ce1c0d135a08d266083ed5b4a3aafe73fadd2c013784515c6ae587c4b0c09d2cae0d69806bdb1

Download Submit
C:\Program Files (x86)\Windows Defender\gatyhub.com

Filesize
1KB

MD5
4158bb0c6a98745d7da629cf06c9de0d

SHA1
756f6f95d364f5fda902ce524db5b18b0debac62

SHA256
3e6e536bfe626a3f21182d8c78c8e115448d8a04057ecf595470614d4376186d

SHA512
03cb7aa240ed23757747bf6d0ce28661ec824cce488b33d063ef05ea60877017cf7b2a68d71ead7b96a7385c178e18269b5f91ac89c6eecef9a698b706526c94

Download Submit
C:\Program Files (x86)\Windows Defender\lyrysor.com

Filesize
1KB

MD5
01475b45d13cb5f21710deaf0a188dc7

SHA1
ecb13bdbccbba3e8676d5d5f0f8f5a19a51c1e1a

SHA256
85b884966f92f83a83495f9fd7b8a43d0a0b12de4d5e3ebe94ff45c007f5f7ba

SHA512
c21117788372521eb342d8a676bd7aaa4fb89080a1248dab7f2e414d0e17334fb7e1b16cca2fd8aefd4232cf57d04aa1754ffe9cf4f6aac2e2382769a9039c5e

Download Submit
C:\Program Files (x86)\Windows Defender\lyrysor.com

Filesize
1KB

MD5
77ed70e83a60adfd593b6338064bb749

SHA1
792f332ed587ce3e663003372467370918375df3

SHA256
9188ba3047679cb209a7893725b562f631e9264e79435f046a4c3f25bff88e30

SHA512
d587f363b03b39918567ae8256ffe5cdd47e43678037129e1729a43f227ca758d9c2c77bfae50c481eeda038c97ac90f32c58fe502630b61f00c1087f830c57a

Download Submit
C:\Program Files (x86)\Windows Defender\lysyfyj.com

Filesize
481B

MD5
436a0f76e886aaf1de64065397be4625

SHA1
7835f124978278aa5884e31c04ebe461754b77a5

SHA256
ea64e70818b2c8c6b455a582f6ecf113f9cf38b3bcce0bdc646d6013d14b1643

SHA512
35fdbed6cee7a9b27478190fb996401e6ba02c9ba3306a24fe18318d36e51ef9882fdc8738bd4844bea2a2f1a2c1a5176e718ccd8e4a3ba3e74a4ec515a6816f

Download Submit
C:\Program Files (x86)\Windows Defender\lyxynyx.com

Filesize
52KB

MD5
2741863149e3808be38dbdab5a51cce2

SHA1
26beb88e7853b21950b6131cf353b78057727376

SHA256
965cb928221b4be280764aa646269ec7b11364694c5e7608569bed85630a9031

SHA512
1ce0e9d044e8c21bf254a57dbedd7592be72b780273f243450821fbb4f4d2b293bee42d2e4b1306936c0b93d4c0e77b858c095e950740fe508d3898dbf9e0124

Download Submit
C:\Program Files (x86)\Windows Defender\pumyjig.com

Filesize
300B

MD5
876f62d9d409542dbfbf8594a68477bc

SHA1
326fb2760d0d80a2b8a29f773a568030dfdf7bdd

SHA256
42b45b147d7d6c5ce4c7ea8554f31701ace306b5a66ef309a25a80d75fe77c7c

SHA512
58c869954675268e15ba116d37d46550c6b3197d12868db5a32f2c58dded7508e694b92f0a7bbff729862317f38080e974af952a0fae957937180f9b5e0132d7

Download Submit
C:\Program Files (x86)\Windows Defender\pupydeq.com

Filesize
12KB

MD5
1639705c0468ff5b89d563cc785c9374

SHA1
f6807f616bab661123da67196ca7d5015df9ea82

SHA256
4788bc2f12f5ef35a1e86ba33d4ecd9efcc89446502465d7e8320a36c6a0e25c

SHA512
d50f65b6100586ddda7d62a8d21d013e0c5d4c52a2fc5d53867ba086571116dac992eefd2fb55873196f3516bac91c9cff8da5f4b8f91e5f9c13240e5622d768

Download Submit
C:\Program Files (x86)\Windows Defender\purylev.com

Filesize
2KB

MD5
a8fdd0012e6998420474a0c0669327c4

SHA1
aa0b687e766c259a247c16677f4c631ce542fc6e

SHA256
85a0119ffb919c7b1157dabbc8e40897f97ce6544f89931e503564966057d5d6

SHA512
bd834b7119f51ef0c741d2c0696e449e13a003140ad631f5e272130cac2d30f8cb25a5e76cc415ddf6208ee920efed6c7c33519b8f1bd02dd4ae8d3f39e926f5

Download Submit
C:\Program Files (x86)\Windows Defender\puzylyp.com

Filesize
2KB

MD5
76953195b33de212d62ebf9386250009

SHA1
e4caac0eff04cf81d7f9281f2f9cd09aae0cb247

SHA256
ce18ec402e924d038b58f3f5305a5a07566802a77868b0c56e931d2aca088d60

SHA512
215026ac6eb6f63847a89dbe980b479d59ff063c943a9c52ad24b7f0d489dda779e9bfe5d88acb12ba158f6af30c821f74e69309453797241330d6f6d9b6b995

Download Submit
C:\Program Files (x86)\Windows Defender\qegyval.com

Filesize
300B

MD5
3f2d812fb1f2a70b04c2f85bef6ce2c5

SHA1
f61d5473f2bff5ea3ba79d673be514a0354fc4a1

SHA256
27d2d8f96b9ec34a2e6233d35cec3d876faf5778bf52bace772793814e91f0bd

SHA512
e5d907709a6024368c4beb685a0a121dfeb5eda01200bcd1ecbd44155aac1c88f93718c713d12b96bf737d615ed45634b898f05fc0b797674f59f7e7bda06064

Download Submit
C:\Program Files (x86)\Windows Defender\vofycot.com

Filesize
300B

MD5
98c07dd93dc8d7bbdbe7c372063ce722

SHA1
8e88ce86ab6d7861e964ba2bff38d058ae6bd2d3

SHA256
3035b3e1b06686fbef73d4b7b8e2f530c8d7f33e26244545b89801c2a24ee20a

SHA512
8d0a13f292f10b7f4382d5d487f2104da1916d5863c8440f879065b478ea6b9521a7d6720c02d4381980f6e5e8038b51c42921bc2b300c5ade7c3b70991451f9

Download Submit
C:\Program Files (x86)\Windows Defender\volykit.com

Filesize
2KB

MD5
22afd0962e71fa1eb07b1b8cc82fe835

SHA1
7670f9707f2f99521cd8494a290956500fbc09be

SHA256
4d21ea28d3d5466c492cd4dd3c3fa1ae202f2ddf60cab43b7047cafc9e9a9ebb

SHA512
123f85692b4495216b2a07a99a793fa708e5d3c8c8c5729df73b117d5901c1fdb8df544c9e18f19594d59204199567ec94efe9bfc9b7aa18c043fe238afe0985

Download Submit
C:\Program Files (x86)\Windows Defender\vonyket.com

Filesize
300B

MD5
f9dad179ef5b004fcf376ffeeb360f2d

SHA1
56dc8e6bd02962ee7d7351bc2972bfdee317ecb6

SHA256
25755e903187d83c80e1429cb47b2a447e3de02bfad5c9a2d07298faae2cf51b

SHA512
fc93b71e3d978482f8373e8ad462e4e920047a6c1bd7e14325c79b4307edd1ba240ae30a550ef0f560da3f364a1e4f3efd07a29a074bd7f9a39604f5a3972bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M0XE9BAD\login[3].htm

Filesize
168B

MD5
d57e3a550060f85d44a175139ea23021

SHA1
2c5cb3428a322c9709a34d04dd86fe7628f8f0a6

SHA256
43edf068d34276e8ade4113d4d7207de19fc98a2ae1c07298e593edae2a8774c

SHA512
0364fe6a010fce7a3f4a6344c84468c64b20fd131f3160fc649db78f1075ba52d8a1c4496e50dbe27c357e01ee52e94cdcda8f7927cba28d5f2f45b9da690063

Download Submit
C:\Windows\apppatch\svchost.exe

Filesize
201KB

MD5
00f7bb8adfd35545922934c2c42db582

SHA1
829399a5d48b64295883ad0abb957d64f39ff692

SHA256
8fa9f7e794283f22a7a4abb3f6f00f20665968a4ffbd2c71ed1249f701df52f6

SHA512
6ecd417ea92788a078cae50a5a7d5e3655cac466c5254d356e9252fba5be01fbeb728b7119d304ec5bfb25293e5028c97aaae51049284f478eb0013814ecd44d

Download Submit
C:\Windows\apppatch\svchost.exe

Filesize
201KB

MD5
00f7bb8adfd35545922934c2c42db582

SHA1
829399a5d48b64295883ad0abb957d64f39ff692

SHA256
8fa9f7e794283f22a7a4abb3f6f00f20665968a4ffbd2c71ed1249f701df52f6

SHA512
6ecd417ea92788a078cae50a5a7d5e3655cac466c5254d356e9252fba5be01fbeb728b7119d304ec5bfb25293e5028c97aaae51049284f478eb0013814ecd44d

Download Submit
C:\Windows\apppatch\svchost.exe

Filesize
201KB

MD5
00f7bb8adfd35545922934c2c42db582

SHA1
829399a5d48b64295883ad0abb957d64f39ff692

SHA256
8fa9f7e794283f22a7a4abb3f6f00f20665968a4ffbd2c71ed1249f701df52f6

SHA512
6ecd417ea92788a078cae50a5a7d5e3655cac466c5254d356e9252fba5be01fbeb728b7119d304ec5bfb25293e5028c97aaae51049284f478eb0013814ecd44d

Download Submit
memory/964-26-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-69-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-30-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-33-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-34-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-35-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-32-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-36-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-39-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-40-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-41-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-42-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-44-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-45-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-47-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-48-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-50-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-51-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-53-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-61-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-62-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-64-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-52-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-66-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-67-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-29-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-72-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-74-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-71-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-76-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-28-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-249-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/964-27-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-2461-0x00000000773D2000-0x00000000773D3000-memory.dmp

Filesize
4KB

Download
memory/964-334-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-25-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-24-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-23-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-22-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-21-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-19-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-17-0x0000000002BD0000-0x0000000002C82000-memory.dmp

Filesize
712KB

Download
memory/964-15-0x00000000029E0000-0x0000000002A84000-memory.dmp

Filesize
656KB

Download
memory/964-12-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/964-2192-0x00000000773D2000-0x00000000773D3000-memory.dmp

Filesize
4KB

Download
memory/2900-13-0x00000000021F0000-0x000000000223F000-memory.dmp

Filesize
316KB

Download
memory/2900-14-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2900-0-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2900-2-0x0000000000400000-0x0000000000491000-memory.dmp

Filesize
580KB

Download
memory/2900-1-0x00000000021F0000-0x000000000223F000-memory.dmp

Filesize
316KB

Download