metasploit | 6072b423b7d503a38eb0856de7c2e60610e656f2b77efead939d34393b1bd535

Analysis

max time kernel
17s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 07:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12b88e4bbe28e4bbb0b942e811859bca.exe
Size

174KB
MD5

12b88e4bbe28e4bbb0b942e811859bca
SHA1

18806215c8b0bc2479c27b5a3f3aa0f37f89e3c0
SHA256

6072b423b7d503a38eb0856de7c2e60610e656f2b77efead939d34393b1bd535
SHA512

72cb976e0af4e72844c39c2872116b633fa7d4d0313bd887f3acbdbe080ff5e2ca6b86851c11a20cde3a4490899430c515a6d8e53c627a5939e5d581fbc3cbae
SSDEEP

3072:q6zKqIoKEm4d15hQxBgJJMESIUQB5HJkDhHLfHGcu1o/ihj:7mEm4nQ0csHJktjnu1o/y

Score

10^/10

metasploit backdoor trojan upx

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Control Panel\International\Geo\Nation	12b88e4bbe28e4bbb0b942e811859bca.exe

UPX packed file 28 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4744-4-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4744-1-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4744-6-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4744-5-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4744-39-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4420-55-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4420-57-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/2728-65-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/2728-68-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4952-76-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4952-78-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3296-86-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3296-89-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1016-98-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1016-100-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1792-109-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/1792-112-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4728-120-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4728-123-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3452-131-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3452-134-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3760-143-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3760-145-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3568-154-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3568-159-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3624-171-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/976-177-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/976-183-0x0000000000400000-0x0000000000466000-memory.dmp	upx

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	12b88e4bbe28e4bbb0b942e811859bca.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	12b88e4bbe28e4bbb0b942e811859bca.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\igfxwd32.exe	12b88e4bbe28e4bbb0b942e811859bca.exe
File opened for modification	C:\Windows\SysWOW64\	12b88e4bbe28e4bbb0b942e811859bca.exe
File opened for modification	C:\Windows\SysWOW64\igfxwd32.exe	12b88e4bbe28e4bbb0b942e811859bca.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5000 set thread context of 4744	5000	12b88e4bbe28e4bbb0b942e811859bca.exe	91

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4744	12b88e4bbe28e4bbb0b942e811859bca.exe
4744	12b88e4bbe28e4bbb0b942e811859bca.exe
4744	12b88e4bbe28e4bbb0b942e811859bca.exe
4744	12b88e4bbe28e4bbb0b942e811859bca.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4744	5000	12b88e4bbe28e4bbb0b942e811859bca.exe	91
PID 5000 wrote to memory of 4744	5000	12b88e4bbe28e4bbb0b942e811859bca.exe	91
PID 5000 wrote to memory of 4744	5000	12b88e4bbe28e4bbb0b942e811859bca.exe	91
PID 5000 wrote to memory of 4744	5000	12b88e4bbe28e4bbb0b942e811859bca.exe	91
PID 5000 wrote to memory of 4744	5000	12b88e4bbe28e4bbb0b942e811859bca.exe	91
PID 5000 wrote to memory of 4744	5000	12b88e4bbe28e4bbb0b942e811859bca.exe	91
PID 5000 wrote to memory of 4744	5000	12b88e4bbe28e4bbb0b942e811859bca.exe	91

C:\Users\Admin\AppData\Local\Temp\12b88e4bbe28e4bbb0b942e811859bca.exe
"C:\Users\Admin\AppData\Local\Temp\12b88e4bbe28e4bbb0b942e811859bca.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Users\Admin\AppData\Local\Temp\12b88e4bbe28e4bbb0b942e811859bca.exe
  "C:\Users\Admin\AppData\Local\Temp\12b88e4bbe28e4bbb0b942e811859bca.exe"
  2⤵
  - Checks computer location settings
  - Maps connected drives based on registry
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- - C:\Windows\SysWOW64\igfxwd32.exe
    "C:\Windows\system32\igfxwd32.exe" C:\Users\Admin\AppData\Local\Temp\12B88E~1.EXE
    3⤵
    PID:3948
  - - C:\Windows\SysWOW64\igfxwd32.exe
      "C:\Windows\system32\igfxwd32.exe" C:\Users\Admin\AppData\Local\Temp\12B88E~1.EXE
      4⤵
      PID:4420
    - - C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        5⤵
        
        PID:3640
      - C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        6⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        7⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        8⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        9⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        10⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        11⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        12⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        13⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        14⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        15⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        16⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        17⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        18⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        19⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        20⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        21⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        22⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        23⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        24⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        25⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        26⤵
        
        PID:976
        
        C:\Windows\SysWOW64\igfxwd32.exe
        
        "C:\Windows\system32\igfxwd32.exe" C:\Windows\SysWOW64\igfxwd32.exe
        27⤵
        
        PID:4856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\igfxwd32.exe

Filesize
3KB

MD5
cf1f5c8c3601d906e8e5b1fadeb33347

SHA1
634fbedbbdae96bb4f0f7dd65115fa23c392196b

SHA256
96fddee821162f16e8407f6f3b6555add22990bd377c48d91733333f51aaaa3b

SHA512
bb8dc80da634c070de346ee256a3ad2acf8148e5aa09d09561145770fa403d0825396d89a3554f501b05c3d93e89562fc40b8b3a6e94d5fc40d55f3c77a57218

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
18KB

MD5
145110e8cd9603fae22825b23263646f

SHA1
9a12b87d90565e9b6c3859e52efb681e1527222a

SHA256
8850e74c034eb5e60f02504e08eb06c479b0e181e42a5ad64e360768a1672394

SHA512
f15b0d784ce63a077eff00b71f463c5aed5137ccd9930fdddf512e8f48ab6052b2bc3485ac6411c9f0aa887a43be2fe14777ec30fed767ed6de2fc99a6175348

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
17KB

MD5
d12271fbb5d24cfd58ad145567c7731e

SHA1
5b818d84ad38d19d5feec6ec06eaef09af661644

SHA256
25b78db3baf27c95cfa9c342b72791e58aaef63926cbe112cefef325fc0f5b90

SHA512
16028606d095f4efa02ff3fad9a4134904807645a113628479642aed7d5c640579cb3e0647156efc6c56cbbb7f3b34e0a068b5110b832a5415268f7a4377b225

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
12KB

MD5
f95023a0ae3c256639bcd2f6b84c1780

SHA1
b3e0034f29757f579c73c7fefb386070bf03394f

SHA256
c4b1bfcf43112bed2eededf4f27bb789688ff747514e48649b1f4e9b68455ea6

SHA512
843152a821c9b978552336e7b8f141a1cd0dc873cdb75d27bcb61a235436e0344ba02e3b81f100c943b8e241ed8ba7371cce71412413bd8430a54f4a4aa1bf32

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
92KB

MD5
8b096fc4d50a27c28c9a8f63ca564e56

SHA1
8faf49b92f8c01d832e2d6e93445a4a365802687

SHA256
aa6b84b771fd11c76c688343fe3009a19a9653407aa465dc4fdb1af547045f69

SHA512
7ff406fac0537386b305c37bd99b4e2d56057d327daf1ab7be3a270707fe8f8708586bbdd99fc34a2ee52ee69ba112b114ecf42f48d88b8ce1e641c9498309a2

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
23KB

MD5
72efd06c8d3e72e24ec7cd8880d9df2a

SHA1
62f02081713b03815cbd39b5a62e500302ededd6

SHA256
6c59195dc6ab56ac55718a81593d876a574e68fce4a7759fad697b93470e06e2

SHA512
568e9428762d3d1b41b59fb11a5fd81b9c7126ec15f23240003d36e22988b5fc8399908558a7cba5fa4dc7caeeeb568c90211f9ff9d3a94c493abf894e5dc643

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
29KB

MD5
d1b28a1506e774a721fd2adce0f8ade4

SHA1
7916380242086a77e9694c6a62502756536fd84a

SHA256
38dd4f41e0d699b3e98850effc2249b53b01903c436b510004729df2c8b91e2a

SHA512
ea70ea808e12b50efea543f68cd3e63e11b2603be93efde5cdbab50f16dd7588011e45f3adca15667b7ed025fd37ff043c0fa9393e971f9d3811f861dc0ac136

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
14KB

MD5
0412b45ec4a746b85a3e58e0e2af41fb

SHA1
c138323164a70a7e9f4a1d83d6bf4f1379977267

SHA256
23691ef8069285f6d2294ffda38d0a85b086dade1bc60ad08b4b1d86ea33392d

SHA512
120744c637efa10aebd2c2471bf91fa60b4e0261bccb4cb3f64b05f735c98f42f40c1ac2bafe34cdc5432c32c11183229cd996c9c4207a49aa55a3158e2e6303

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
3KB

MD5
e29bc5141f7a4d4ce0a16adedfdd8fe9

SHA1
c0cb2288fcac55f3f835c1fa659b77f85fe71179

SHA256
77700f5d87562982275e34ecbb15289a5f9d53a0f8b6ab92bd533fea60692ede

SHA512
b4bb69630aae1c841e9c80d56fcac86430e408a6ab9da82b92369beb4e6c85958a06c1ebf2f12b501fdef80f33a5c047160b52d5b15456e00221cfed08917b3e

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
16KB

MD5
d97f55eb9a85a8818d90a753eea7480f

SHA1
580d34a8fc77f57434632dec86063572fec23238

SHA256
8c89cc323278e6e55fd66cb485215b16016b90f3e0dceff3abc31249f0d980dd

SHA512
adb57532213972945f669499ba9ff75cca54c175481ac29cd48503d6dd6e118fe856dde64888a9884ee3148e1de0cee555b11ca0b9e42ddd2996795eb71d8a72

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
57KB

MD5
0a908f3e7a95f878c59c26c30ed52f89

SHA1
aad6bf698540dc678a9a4254089aa9d290261be5

SHA256
1d71ebbb84a7e48ad729f04f57c3d72bde4c008fe05cd174d9255b5fc4ced0fa

SHA512
69fb1f2c6fde9d6b1fb836338c6c1dd5ad2d4289741897d627c837158f3eb626346111d3500b6c9d60b1095744e64f318c4e9ca76c4cbba30e1bfd8ff7dce55e

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
32KB

MD5
493924f10c8fee881fbacb170c9604f7

SHA1
2bfef5c0c3d4ea8dcc81aedb1dc5471097370882

SHA256
76b3b77928a9906496200a7701f89e91562e48df19a29d73a92bc7fc09ca595a

SHA512
595843bdca4ecbfb727c69b4765de2eef789441350c7d1adb148316eb2d83f18431a408b8173bf5402a25b5114da3c21b225167e8521fff9fd8c2df9ee2197d2

Download Submit
C:\Windows\SysWOW64\igfxwd32.exe

Filesize
4KB

MD5
60b55df2858c62a63aa7a8c9585fd7de

SHA1
da6aa14676c110e05b5591eba7ae2d86f48e15af

SHA256
af107956b83aeb4a4380b9990850c0651cebbd6dd85bb874a54eb73e0e341f5f

SHA512
50b56c23950fad18f24dc478c898218527e95ee7f4c8f143c4b0b2eb1d4fc542685de8c90b86ac69c7270500d0f867278360d92339b36938152e0373c12ace34

Download Submit
memory/976-177-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/976-183-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1016-98-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1016-100-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1076-101-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1076-106-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1448-79-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1448-84-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1792-109-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/1792-112-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2408-146-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2408-150-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2724-90-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2724-95-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2728-65-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2728-68-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2732-69-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3264-135-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3264-139-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3296-86-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3296-89-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3452-134-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3452-131-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3568-159-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3568-154-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3624-171-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3636-113-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3636-118-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3640-58-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3640-63-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3676-162-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3676-157-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3760-143-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3760-145-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3940-169-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3940-175-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3948-52-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/3948-48-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4420-57-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4420-55-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4588-129-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4588-124-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4728-120-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4728-123-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4744-5-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4744-39-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4744-6-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4744-1-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4744-4-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4856-181-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/4952-76-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4952-78-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/5000-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/5000-3-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download