84adef8ab777a37cd3face61cccf13501928f385f4f963deb9c4708b12bf4bd3

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c84427336e0e9d4d3ea7bceff1a1ee5.exe
Size

1.1MB
MD5

3c84427336e0e9d4d3ea7bceff1a1ee5
SHA1

ff3b9b945936e3ee00c59f6e5b5cee8bf77cd61d
SHA256

84adef8ab777a37cd3face61cccf13501928f385f4f963deb9c4708b12bf4bd3
SHA512

44ac720028446208484e4fcba80b2962a7af5da3e92cf12d23e45062a912049132af252837f2b506642a421a9d84e123f36674748feef8d0b7f9940241fb65ed
SSDEEP

24576:R7WsPkA8QsBPyoG0HBrC2zJSKDqDYMcrUMG6dZhVmpXJi5XeFneS:RrEQsBT1DqzCHL5uBeS

Score

10^/10

persistence upx

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe C:\\Windows\\system32\\fservice.exe"	lncom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "Explorer.exe C:\\Windows\\system32\\fservice.exe"	services.exe

Adds policy Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	lncom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\DirectX For Microsoft® Windows = "C:\\Windows\\system32\\fservice.exe"	lncom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	services.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\DirectX For Microsoft® Windows = "C:\\Windows\\system32\\fservice.exe"	services.exe

Modifies Installed Components in the registry 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}	lncom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}\	lncom.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}\StubPath = "C:\\Windows\\system\\sservice.exe"	lncom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}\	services.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}\StubPath = "C:\\Windows\\system\\sservice.exe"	services.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Control Panel\International\Geo\Nation	3c84427336e0e9d4d3ea7bceff1a1ee5.exe

Executes dropped EXE 3 IoCs

pid	Process
2244	lncom.exe
3868	fservice.exe
4048	services.exe

Loads dropped DLL 5 IoCs

pid	Process
4048	services.exe
4048	services.exe
4048	services.exe
3868	fservice.exe
2244	lncom.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2244-18-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/files/0x0006000000023202-17.dat	upx
behavioral2/files/0x0006000000023202-14.dat	upx
behavioral2/files/0x0003000000022763-26.dat	upx
behavioral2/files/0x0003000000022763-27.dat	upx
behavioral2/files/0x000b000000023110-35.dat	upx
behavioral2/files/0x000b000000023110-36.dat	upx
behavioral2/memory/3868-51-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-37-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/files/0x0009000000023116-31.dat	upx
behavioral2/memory/2244-55-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-57-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-58-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-59-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-61-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-62-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-63-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-64-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-65-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-66-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-67-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-68-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-69-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-70-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-71-0x0000000000400000-0x00000000005FF000-memory.dmp	upx
behavioral2/memory/4048-72-0x0000000000400000-0x00000000005FF000-memory.dmp	upx

Modifies WinLogon 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\	lncom.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\	services.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\lncom_.exe	3c84427336e0e9d4d3ea7bceff1a1ee5.exe
File created	C:\Windows\SysWOW64\fservice.exe	lncom.exe
File created	C:\Windows\SysWOW64\fservice.exe	fservice.exe
File opened for modification	C:\Windows\SysWOW64\fservice.exe	fservice.exe
File created	C:\Windows\SysWOW64\winkey.dll	services.exe
File created	C:\Windows\SysWOW64\reginv.dll	services.exe
File created	C:\Windows\SysWOW64\lncom.exe	3c84427336e0e9d4d3ea7bceff1a1ee5.exe
File opened for modification	C:\Windows\SysWOW64\fservice.exe	lncom.exe
File created	C:\Windows\SysWOW64\fservice.exe	services.exe
File created	C:\Windows\SysWOW64\lncom.exe.bat	lncom.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\system\sservice.exe	lncom.exe
File opened for modification	C:\Windows\system\sservice.exe	lncom.exe
File created	C:\Windows\services.exe	fservice.exe
File opened for modification	C:\Windows\services.exe	fservice.exe
File created	C:\Windows\system\sservice.exe	fservice.exe
File opened for modification	C:\Windows\system\sservice.exe	fservice.exe
File created	C:\Windows\system\sservice.exe	services.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe
4048	services.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4048	services.exe
4048	services.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 2244	1156	3c84427336e0e9d4d3ea7bceff1a1ee5.exe	55
PID 1156 wrote to memory of 2244	1156	3c84427336e0e9d4d3ea7bceff1a1ee5.exe	55
PID 1156 wrote to memory of 2244	1156	3c84427336e0e9d4d3ea7bceff1a1ee5.exe	55
PID 2244 wrote to memory of 3868	2244	lncom.exe	63
PID 2244 wrote to memory of 3868	2244	lncom.exe	63
PID 2244 wrote to memory of 3868	2244	lncom.exe	63
PID 3868 wrote to memory of 4048	3868	fservice.exe	62
PID 3868 wrote to memory of 4048	3868	fservice.exe	62
PID 3868 wrote to memory of 4048	3868	fservice.exe	62
PID 4048 wrote to memory of 3344	4048	services.exe	61
PID 4048 wrote to memory of 3344	4048	services.exe	61
PID 4048 wrote to memory of 3344	4048	services.exe	61
PID 4048 wrote to memory of 2596	4048	services.exe	58
PID 4048 wrote to memory of 2596	4048	services.exe	58
PID 4048 wrote to memory of 2596	4048	services.exe	58
PID 3344 wrote to memory of 1280	3344	NET.exe	60
PID 3344 wrote to memory of 1280	3344	NET.exe	60
PID 3344 wrote to memory of 1280	3344	NET.exe	60
PID 2596 wrote to memory of 3832	2596	NET.exe	59
PID 2596 wrote to memory of 3832	2596	NET.exe	59
PID 2596 wrote to memory of 3832	2596	NET.exe	59
PID 2244 wrote to memory of 3388	2244	lncom.exe	105
PID 2244 wrote to memory of 3388	2244	lncom.exe	105
PID 2244 wrote to memory of 3388	2244	lncom.exe	105

C:\Users\Admin\AppData\Local\Temp\3c84427336e0e9d4d3ea7bceff1a1ee5.exe
"C:\Users\Admin\AppData\Local\Temp\3c84427336e0e9d4d3ea7bceff1a1ee5.exe"
1⤵
- Checks computer location settings
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\lncom.exe
  "C:\Windows\system32\lncom.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Adds policy Run key to start application
  - Modifies Installed Components in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies WinLogon
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Windows\SysWOW64\fservice.exe
    C:\Windows\system32\fservice.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Suspicious use of WriteProcessMemory
    PID:3868
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Windows\SysWOW64\lncom.exe.bat
    3⤵
    PID:3388

C:\Windows\SysWOW64\NET.exe
NET STOP navapsvc
1⤵
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Windows\SysWOW64\net1.exe
  C:\Windows\system32\net1 STOP navapsvc
  2⤵
  PID:3832

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 STOP srservice
1⤵
PID:1280

C:\Windows\SysWOW64\NET.exe
NET STOP srservice
1⤵
- Suspicious use of WriteProcessMemory
PID:3344

C:\Windows\services.exe
C:\Windows\services.exe -XP
1⤵
- Modifies WinLogon for persistence
- Adds policy Run key to start application
- Modifies Installed Components in the registry
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\fservice.exe

Filesize
21KB

MD5
9732c3c1dad0739017c9372fd17c1078

SHA1
7f4893ae2d8dbc62e0bd0a7cb54a4d7a0542d5e9

SHA256
648d7e96455ea71412fe46edc7bd11328b299c915a92fa7675bc4ba027892321

SHA512
adaf34d086753c669d26f0381404e18c776d3c01bbeea56726ce960550694d99a224a9ffbb4f895627e226b7564c9134876e1a14f9f344e1cfb23e596ca33af0

Download Submit
C:\Windows\SysWOW64\fservice.exe

Filesize
341KB

MD5
ac043bf879477b8ea25b8d080a2e09ad

SHA1
e24576674ff6126dc182dabbe0fe7ccc6cb6534d

SHA256
0d3cfda2c93bbf32860d95e06a386e5981f016f46f4decc2d1a8c620b226ec9b

SHA512
ff961e48861d43e12e03e7ce808b066572239e1a7f0c7b24b7fbe6678c1f1bc23d36b799010ce01124d5db0644356c2f04d80f42eb94002b182dd81be3b63761

Download Submit
C:\Windows\SysWOW64\lncom.exe

Filesize
64KB

MD5
c9093405a1308409fc33fb58c71f1a91

SHA1
5b927e54a1774b10f7553b76fb5bdca7ae424295

SHA256
d88210db281a031e4ba1065b59491efb90d61aad24ee735594b0444fa2d2fd37

SHA512
7c532ceb950219d1c3d0278c35dab2bc6ce53510a17fa0ebd90dc11406d47f87ae4194cbc36930f0a0290f05165a6e878da7f569b74022d1e4c85af587c964ab

Download Submit
C:\Windows\SysWOW64\lncom.exe

Filesize
84KB

MD5
95e942d3ca17994748447bcb1c37f577

SHA1
e0fae1951aa8c77e61b6519b8ca9f65f412c0511

SHA256
edc0afcf0554de85157de9edd979e5b72eed19840d5e61dd490e48f824d2a1f6

SHA512
af497c1fbd7b8a4f1e5936f8cd8e96e04e1e8b99307ddc70dc9a0fbed3f8ddfe23fc5a7124218bd4862afd3f84994b19b61eebfbfdbc872f2d48b337d0e9f265

Download Submit
C:\Windows\SysWOW64\lncom.exe.bat

Filesize
99B

MD5
1f73e450d92934cd37c041eb3f1ff51f

SHA1
f3e9dece5d6b7d7a0e4966c16ffe31437539d4a0

SHA256
3a57d154715459926a51a9e3925687c0c78ec9c88bc39c303b5b93385d34d67e

SHA512
5f982d614e54870ae3ad212f049ca3685602812c1bb066a5f6155e694adb994d6d1608ca7a25bcab605812c6e7e6b22817aaf0dba9e906787add9b0a8e3f32a5

Download Submit
C:\Windows\SysWOW64\lncom_.exe

Filesize
243KB

MD5
c586011d82c71272a39a1730d226cf14

SHA1
c7d75f58c88be539f5d406958d6b97287a140a22

SHA256
fae6e1056d44136506bf2c17c462b6d1e15a4c66fe0710cbbcd95e01bc06a3b6

SHA512
8a296033b9abca9a492dd5148f42621f07b38118a9a10626c37e85e865a71f2d6063be7c4d8a29e032d7989f4d96108c0211ebe575495d9ca0e8030a9fb4d38a

Download Submit
C:\Windows\SysWOW64\reginv.dll

Filesize
36KB

MD5
d4a3f90e159ffbcbc4f9740de4b7f171

SHA1
0542f5d1e2c23dca8d90766b3a8537dc3880e5c9

SHA256
2200dd5f83d2fb8c5d3994206a4fa9ff34b4cbfe56ed39a9a03c954cf45d8f77

SHA512
5493beb50b5f7d8ec52f32718d01696916ae173456005d0c1294ce695161ce5004aff58ee3892bf5db0f9b23720146a6d3ae8ffbcbbd81f84d894fdc8cf75a94

Download Submit
C:\Windows\SysWOW64\winkey.dll

Filesize
24KB

MD5
43e7d9b875c921ba6be38d45540fb9dd

SHA1
f22a73fc0d4aa3ea6c0b8f61d974b028f308acc4

SHA256
f1b2b0abe844e6ba812c7f8709a463a7f6c56fa6ac38d376a0739cc3469f795b

SHA512
2e74e23c0875b69b82319391c392132f28f4eb45aa412805130382498ae48969a06a2b3a7528b626fa7d7ddb6b006f19f0ef8d73cf73cb9a0c0df44a21077622

Download Submit
C:\Windows\services.exe

Filesize
218KB

MD5
dfff92fe6aa1ea7d1b2911e807c58ef5

SHA1
6e509d35bded6e3566341606b7b1f6e4e8bec4d7

SHA256
a34412dd4e2bdb3c1c111223e661eb837ae133d8549a0296b659481713aed537

SHA512
55e9f5bc9b4ad0fc2eb252224250dbbf649b0f2d0d77398208555391b52368a3b1919afb508303513a760dfe3831dbdd603ec463597d62dde49f745ea31aeeb2

Download Submit
C:\Windows\services.exe

Filesize
149KB

MD5
ca4d5e7efa6d3e3c55fbfd572280895d

SHA1
9ed613a8642bb636fbadf263dbb0206f5c2db813

SHA256
dd369731ea186e4804b3e5b5ba60e89730179b48671c38069a40bc0bc6ff5ccb

SHA512
2b1f41fa7d2d3cfdc6e84d04c33bc4a69fb9ed925a19a2ef5a3575c30c9589fbfa92bd7c6efb96b3ffb538f724afa9d2ab8c902256b5026bf8144b4f66798c95

Download Submit
C:\Windows\system\sservice.exe

Filesize
222KB

MD5
7a16d311cd0ff38c1a480d5a040434a6

SHA1
bb25cd290fcdddc55c1c6a7b7d8a41af97b559f7

SHA256
fd12c76c5590c836dafe9d61d4d8fae7fb1729407d381c20e1e4c25422814955

SHA512
dd4bb416d196833107da11e38a92e825f6cf55c5bd28d43bec7e7f8daa48a5073e2477453ba46357ad94214ba08edec707fee072390f5dcfe3ce32f191669a3b

Download Submit
memory/1156-19-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1156-0-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/2244-20-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/2244-18-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/2244-55-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/3868-28-0x00000000009D0000-0x00000000009D1000-memory.dmp

Filesize
4KB

Download
memory/3868-51-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-62-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-65-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-57-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-58-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-59-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-60-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4048-61-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-37-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-38-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4048-63-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-64-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-66-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-67-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-68-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-69-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-70-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-71-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download
memory/4048-72-0x0000000000400000-0x00000000005FF000-memory.dmp

Filesize
2.0MB

Download