84adef8ab777a37cd3face61cccf13501928f385f4f963deb9c4708b12bf4bd3

Analysis

max time kernel
0s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c84427336e0e9d4d3ea7bceff1a1ee5.exe
Size

1.1MB
MD5

3c84427336e0e9d4d3ea7bceff1a1ee5
SHA1

ff3b9b945936e3ee00c59f6e5b5cee8bf77cd61d
SHA256

84adef8ab777a37cd3face61cccf13501928f385f4f963deb9c4708b12bf4bd3
SHA512

44ac720028446208484e4fcba80b2962a7af5da3e92cf12d23e45062a912049132af252837f2b506642a421a9d84e123f36674748feef8d0b7f9940241fb65ed
SSDEEP

24576:R7WsPkA8QsBPyoG0HBrC2zJSKDqDYMcrUMG6dZhVmpXJi5XeFneS:RrEQsBT1DqzCHL5uBeS

Score

10^/10

persistence upx

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe C:\\Windows\\system32\\fservice.exe"	lncom.exe

Adds policy Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	lncom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\DirectX For Microsoft® Windows = "C:\\Windows\\system32\\fservice.exe"	lncom.exe

Modifies Installed Components in the registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}	lncom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}\	lncom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}\StubPath = "C:\\Windows\\system\\sservice.exe"	lncom.exe

Executes dropped EXE 3 IoCs

pid	Process
2328	lncom.exe
2764	fservice.exe
2800	services.exe

Loads dropped DLL 7 IoCs

pid	Process
1656	3c84427336e0e9d4d3ea7bceff1a1ee5.exe
1656	3c84427336e0e9d4d3ea7bceff1a1ee5.exe
2328	lncom.exe
2328	lncom.exe
2800	services.exe
2800	services.exe
2764	fservice.exe

UPX packed file 34 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b000000012242-6.dat	upx
behavioral1/files/0x000b000000012242-16.dat	upx
behavioral1/files/0x0034000000015658-24.dat	upx
behavioral1/memory/2764-37-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2764-56-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/files/0x0007000000015ccc-53.dat	upx
behavioral1/memory/2800-47-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/files/0x0007000000015ccc-41.dat	upx
behavioral1/files/0x0007000000015cb3-35.dat	upx
behavioral1/files/0x0034000000015658-32.dat	upx
behavioral1/memory/2328-31-0x0000000003380000-0x000000000357F000-memory.dmp	upx
behavioral1/files/0x0034000000015658-30.dat	upx
behavioral1/files/0x0034000000015658-26.dat	upx
behavioral1/files/0x000b000000012242-19.dat	upx
behavioral1/memory/2328-17-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/1656-15-0x00000000075B0000-0x00000000077AF000-memory.dmp	upx
behavioral1/files/0x000b000000012242-10.dat	upx
behavioral1/files/0x000b000000012242-8.dat	upx
behavioral1/memory/2328-66-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-68-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-69-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-70-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-72-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-73-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-74-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-75-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-76-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-77-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-78-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-79-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-80-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-81-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-82-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral1/memory/2800-83-0x0000000000400000-0x00000000005FF000-memory.dmp	upx

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\	lncom.exe

Drops file in System32 directory 8 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\lncom.exe	3c84427336e0e9d4d3ea7bceff1a1ee5.exe
File created	C:\Windows\SysWOW64\lncom_.exe	3c84427336e0e9d4d3ea7bceff1a1ee5.exe
File created	C:\Windows\SysWOW64\fservice.exe	lncom.exe
File opened for modification	C:\Windows\SysWOW64\fservice.exe	lncom.exe
File created	C:\Windows\SysWOW64\fservice.exe	fservice.exe
File opened for modification	C:\Windows\SysWOW64\fservice.exe	fservice.exe
File created	C:\Windows\SysWOW64\winkey.dll	services.exe
File created	C:\Windows\SysWOW64\reginv.dll	services.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\system\sservice.exe	lncom.exe
File opened for modification	C:\Windows\system\sservice.exe	lncom.exe
File created	C:\Windows\services.exe	fservice.exe
File opened for modification	C:\Windows\services.exe	fservice.exe
File created	C:\Windows\system\sservice.exe	fservice.exe
File opened for modification	C:\Windows\system\sservice.exe	fservice.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2800	services.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2800	services.exe
2800	services.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2328	1656	3c84427336e0e9d4d3ea7bceff1a1ee5.exe	28
PID 1656 wrote to memory of 2328	1656	3c84427336e0e9d4d3ea7bceff1a1ee5.exe	28
PID 1656 wrote to memory of 2328	1656	3c84427336e0e9d4d3ea7bceff1a1ee5.exe	28
PID 1656 wrote to memory of 2328	1656	3c84427336e0e9d4d3ea7bceff1a1ee5.exe	28
PID 2328 wrote to memory of 2764	2328	lncom.exe	27
PID 2328 wrote to memory of 2764	2328	lncom.exe	27
PID 2328 wrote to memory of 2764	2328	lncom.exe	27
PID 2328 wrote to memory of 2764	2328	lncom.exe	27
PID 2764 wrote to memory of 2800	2764	fservice.exe	26
PID 2764 wrote to memory of 2800	2764	fservice.exe	26
PID 2764 wrote to memory of 2800	2764	fservice.exe	26
PID 2764 wrote to memory of 2800	2764	fservice.exe	26
PID 2800 wrote to memory of 2572	2800	services.exe	25
PID 2800 wrote to memory of 2572	2800	services.exe	25
PID 2800 wrote to memory of 2572	2800	services.exe	25
PID 2800 wrote to memory of 2572	2800	services.exe	25
PID 2800 wrote to memory of 2688	2800	services.exe	24
PID 2800 wrote to memory of 2688	2800	services.exe	24
PID 2800 wrote to memory of 2688	2800	services.exe	24
PID 2800 wrote to memory of 2688	2800	services.exe	24

C:\Users\Admin\AppData\Local\Temp\3c84427336e0e9d4d3ea7bceff1a1ee5.exe
"C:\Users\Admin\AppData\Local\Temp\3c84427336e0e9d4d3ea7bceff1a1ee5.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\SysWOW64\lncom.exe
  "C:\Windows\system32\lncom.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Adds policy Run key to start application
  - Modifies Installed Components in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies WinLogon
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Windows\SysWOW64\lncom.exe.bat
    3⤵
    PID:2900

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 STOP srservice
1⤵
PID:2436

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 STOP navapsvc
1⤵
PID:2620

C:\Windows\SysWOW64\NET.exe
NET STOP navapsvc
1⤵
PID:2688

C:\Windows\SysWOW64\NET.exe
NET STOP srservice
1⤵
PID:2572

C:\Windows\services.exe
C:\Windows\services.exe -XP
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800

C:\Windows\SysWOW64\fservice.exe
C:\Windows\system32\fservice.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\fservice.exe

Filesize
5KB

MD5
2a9c92f7b2371b9c7f2434c7d1077a55

SHA1
47bf7acc7634bc0544f574d464d856e5ff5461a4

SHA256
eecfae5ef336e9e85a064bf61e0ade5bbf32678cd81a53bca0c6b02e1ce8cf8c

SHA512
a26c50ee78e9daa8889f3593df689df31e097c84541b101b95bb63e3d8e8245fb584072b99fc27e95e827542fba1f76336478a2043003215d38a7a7ebda75cdb

Download Submit
C:\Windows\SysWOW64\fservice.exe

Filesize
79KB

MD5
7344583d4687e39bf78c561b6b9eaf13

SHA1
9de6da3e6464a533b4c65589280550b152f97c05

SHA256
1f9cf009b608feafb86c0d2dde87f6f62e1ffab9aa39e7ce6313226804f727d5

SHA512
a5a0541c60c9f5d96bcda8259f7b5d4c763c63c42a0139b62f2df9646617da4a76a03a9a807968e2ac81a5cce1790422427d54f937e5f0ab884ee7dd661cd5e2

Download Submit
C:\Windows\SysWOW64\lncom.exe

Filesize
11KB

MD5
7007d6fa9ec5a40b30711275c7c8335b

SHA1
87a484acdf28e6a3be8661d75990c978f809a81a

SHA256
22a6677cb15c5b5ceebc38ac127a3d2ec895bb47243f87b2abcaa305be1835ca

SHA512
42fcfd341ebec5610f1318f7c77d6193ae368493cb3489d0c72600f6419a56320b724ee71ded09b90506e3cadbba5271d2e9b4c59d72edcf46e93a8c3083941f

Download Submit
C:\Windows\SysWOW64\lncom.exe

Filesize
8KB

MD5
1bd858d990c339259a9e450da8669972

SHA1
10117731d5b1814d745dd4fdea1ee0096e4604dc

SHA256
cc599f365769a2a67e8a4d1419b3c40f8a6cd3482e2ec0c83c9e1bb454d0aadb

SHA512
3e9a3727da25bf2dc1dad6f15a1a986e1e0c255805fbbd107cc8863173658869a857aecba8d820ded7a2c7c51b4192c8349eb8473a4369dce8e6734e8a255a43

Download Submit
C:\Windows\SysWOW64\lncom.exe

Filesize
24KB

MD5
fa363e8126a7d520c1d6a875842b59fe

SHA1
c4785453343fee2d92f9e17918ed4a3ba349c01d

SHA256
533437f8d25bc72ebb007744cd3cc8908afbb255a88579e1d04cb22d214e2370

SHA512
3d30cfdddcacc9f7b32c5ee7c51afa22b5e3da8fdff1f0b32727917027c679b15466f3ef666564461f8ec96015551cb151995e74a5bdbbba5150e02d3c2f84fa

Download Submit
C:\Windows\SysWOW64\lncom.exe.bat

Filesize
99B

MD5
1f73e450d92934cd37c041eb3f1ff51f

SHA1
f3e9dece5d6b7d7a0e4966c16ffe31437539d4a0

SHA256
3a57d154715459926a51a9e3925687c0c78ec9c88bc39c303b5b93385d34d67e

SHA512
5f982d614e54870ae3ad212f049ca3685602812c1bb066a5f6155e694adb994d6d1608ca7a25bcab605812c6e7e6b22817aaf0dba9e906787add9b0a8e3f32a5

Download Submit
C:\Windows\SysWOW64\lncom_.exe

Filesize
18KB

MD5
086476b6f0f46a5eff176d0d8f70b5b5

SHA1
d9614454fc2059653f2a7b5330ba7780f77a5f79

SHA256
9cba105a0490f04c6802be7d0280bf6a224c8ceae0de6f8f08340d096c99ef1f

SHA512
269ee75e11c4a25fd484454946708ff1989752c0015b60ea4e3022c6bb32e9d78eb604559b3a36380849f122219c7af9493a3d01adc81a6567c902873d3664be

Download Submit
C:\Windows\services.exe

Filesize
30KB

MD5
1cdd434b421b202992fd4e2fb08b4448

SHA1
73a0e369fbb6cb1921481e86ee6d1858b6e3e855

SHA256
823395d953d34cfca00220180d71945a4a6a6af3e4bbbfc3794b54da34dcc278

SHA512
479ba0098cfa192c2038fca693f973e9462e6d16adc3551727dcefdcfc20b0213f3c88fc091c37eb32e4ec8109d832a4a3b01753a1d385f135d425c4ad9bc413

Download Submit
C:\Windows\services.exe

Filesize
21KB

MD5
9545f81988324295c66f5fed1193b77a

SHA1
856bd57768a79b0050bc55d0d47844c099a8b44d

SHA256
400bfa9e1c7a1c938540a0e58a3ae80506e52e5173458af607cfb1b1ed49bf5e

SHA512
85f141e8c8a89f58f98453dbcf5f6ccdc0bf8286bc31181b840390197e6d2236203c9b2df876ff9e46556e191fd72e9d72249cd5462ff8ac047b0c72d6f58c42

Download Submit
C:\Windows\system\sservice.exe

Filesize
13KB

MD5
2dcdba25f3d21884c17335976566df08

SHA1
1f3d003145cc1c714843afa5e69f62021e2309ee

SHA256
9dd2e437ddb58ba6d8648b25ac883b7a3c38fa229898642db85d00c00856ac5f

SHA512
bf2158c49e8d111fbdf8153553a58d60f7b3221acfddf4b627368be6593373f9ac01c35cabe630a42aa7998a3524a1a1ed7f6d4d3706b1125dd3604ceeef999f

Download Submit
\Windows\SysWOW64\fservice.exe

Filesize
15KB

MD5
1a6b40bfa47b6843d47932777f906cff

SHA1
ce916289df1ef3702bd736bdcc70eba675b74222

SHA256
ecc9fdb8d21971ff8be04e12cf3f38b3afa0837e4e003ec2f3c8be9975232dc1

SHA512
5c73a8e3ef712bfda43f1e2415e30d9fd24239f7968d2737b53d1324a0e4a487183b62e6b67149243531d68d0ff60ad48dee90fb766ebe8f19f551d7251be6cf

Download Submit
\Windows\SysWOW64\fservice.exe

Filesize
1KB

MD5
cd111ca9a7daa8c675480de108256033

SHA1
37e6a487dac2ad91b4817e017d3ea85358b83e15

SHA256
53ae95906845f50bee74cd58d247dfc09ffae2bc766c1dd558705b3ca1a739c8

SHA512
d0a4c56f4e630cfe810fd123e915e0cc1a7d185ce561ab81b72840749e15b89668049a3501ef02ac33c0d34e751f8292f9020af8f9e178a0dacc9a8484e5ab07

Download Submit
\Windows\SysWOW64\lncom.exe

Filesize
9KB

MD5
269bef36a91467a29aebca907ea7898d

SHA1
0fd677c26b0336235b947fffd608c748c0b1f0a0

SHA256
9ef56a9aa6f1521d273fd0b4fb2edc2177a2ea4843868c3ee10007cd595e37bd

SHA512
65eca2a91da731d23120cf3b054158e2681649d74a159a3f86117b523abb80eac90e1999f5e9a4f419d57ad6aec62a7e124e326cdea169e168167339302b986e

Download Submit
\Windows\SysWOW64\lncom.exe

Filesize
9KB

MD5
18576ee9f0d3932a3c2c78aeb356a44b

SHA1
79e3bbed448c7ab288df9ca52a5de63489312397

SHA256
07d90c8b533956781f612c4f28d301d23f626b51c1cef4e62e47aff67198c448

SHA512
2ef05f711e7a967a33012be8765839076dbdc8123f6acd88927ef5f8b91725621ab5e3dd09ff03bd4ff3e0fc1d304b170bb0b6c38bd040342e0ea98f54ebc25c

Download Submit
\Windows\SysWOW64\reginv.dll

Filesize
36KB

MD5
d4a3f90e159ffbcbc4f9740de4b7f171

SHA1
0542f5d1e2c23dca8d90766b3a8537dc3880e5c9

SHA256
2200dd5f83d2fb8c5d3994206a4fa9ff34b4cbfe56ed39a9a03c954cf45d8f77

SHA512
5493beb50b5f7d8ec52f32718d01696916ae173456005d0c1294ce695161ce5004aff58ee3892bf5db0f9b23720146a6d3ae8ffbcbbd81f84d894fdc8cf75a94

Download Submit
\Windows\SysWOW64\reginv.dll

Filesize
28KB

MD5
f132b2bd2acfdd55ed947ca743353f26

SHA1
332f66c36b5621e8023e31854640955695a60789

SHA256
1ea620ac060f64af308977a7c3ad862ef991a7b026fd43fb84667d7028f6197a

SHA512
35d322bb781eae866e9ce791b5f5327133c936926a6c6b12fe1ee1f8de8210197724ecb8b318509798c914509681350b62485998ae2ce56bbbef4a56efd29242

Download Submit
\Windows\SysWOW64\reginv.dll

Filesize
1KB

MD5
ab4270d7e416fd4a2d460c03459266f0

SHA1
d60b3a0f1b7d7cd2721b0ac71c61db84f91f773c

SHA256
be8620fa999652377a802b1d840b8a39503cc61586e3528b36de3a21cb4a6f54

SHA512
c099f2b022629244b928d671adab2faff5ff278a7a2f5e5987b5a732e04e585ac283d66aba98a926092b8593694ba8f6e6fb2929b67b5e99f7c1e9e218f05d96

Download Submit
\Windows\SysWOW64\winkey.dll

Filesize
24KB

MD5
43e7d9b875c921ba6be38d45540fb9dd

SHA1
f22a73fc0d4aa3ea6c0b8f61d974b028f308acc4

SHA256
f1b2b0abe844e6ba812c7f8709a463a7f6c56fa6ac38d376a0739cc3469f795b

SHA512
2e74e23c0875b69b82319391c392132f28f4eb45aa412805130382498ae48969a06a2b3a7528b626fa7d7ddb6b006f19f0ef8d73cf73cb9a0c0df44a21077622

Download Submit
memory/1656-0-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1656-15-0x00000000075B0000-0x00000000077AF000-memory.dmp

Filesize
2.0MB

Download
memory/1656-14-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/2328-31-0x0000000003380000-0x000000000357F000-memory.dmp

Filesize
2.0MB

Download
memory/2328-66-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2328-18-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2328-17-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2328-48-0x0000000003380000-0x000000000357F000-memory.dmp

Filesize
2.0MB

Download
memory/2764-42-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2764-46-0x00000000033D0000-0x00000000035CF000-memory.dmp

Filesize
2.0MB

Download
memory/2764-56-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2764-37-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-47-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-49-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2800-68-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-69-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-70-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-71-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2800-72-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-73-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-74-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-75-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-76-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-77-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-78-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-79-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-80-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-81-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-82-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2800-83-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download