dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c

Analysis

max time kernel
148s
max time network
171s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
19/03/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c.exe
Size

316KB
MD5

9d6ed6d2b71f0c76c005fb4326b33646
SHA1

eb6add00dd44d6c634da09a256af0ae1b81db870
SHA256

dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c
SHA512

3ef1ba4263479222b4fa13d0fefcde7c37efdbd3250595dcbadd6744ae79d3235cce5a7f974f06e733d8779e1892696ab77fd93619c40e60bc4b1ae63f0c605d
SSDEEP

3072:NF9TVkeNMjAdS7h6+Vd9ONty8tqCG1/mTbML1P4kAM8TMG+fXbtdB:r95st44d9Ut5tRAL1ZAMwn+PzB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4560	wfplwfs.exe

Suspicious use of SetThreadContext 14 IoCs

description	pid	Process	procid_target
PID 4560 set thread context of 3964	4560	wfplwfs.exe	85
PID 4560 set thread context of 1808	4560	wfplwfs.exe	89
PID 4560 set thread context of 4740	4560	wfplwfs.exe	94
PID 4560 set thread context of 1512	4560	wfplwfs.exe	97
PID 4560 set thread context of 1244	4560	wfplwfs.exe	100
PID 4560 set thread context of 4892	4560	wfplwfs.exe	103
PID 4560 set thread context of 4832	4560	wfplwfs.exe	106
PID 4560 set thread context of 4808	4560	wfplwfs.exe	109
PID 4560 set thread context of 4860	4560	wfplwfs.exe	112
PID 4560 set thread context of 1856	4560	wfplwfs.exe	115
PID 4560 set thread context of 3792	4560	wfplwfs.exe	118
PID 4560 set thread context of 4708	4560	wfplwfs.exe	121
PID 4560 set thread context of 2760	4560	wfplwfs.exe	124
PID 4560 set thread context of 4772	4560	wfplwfs.exe	127

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\610c7e7005e9630d.job	wfplwfs.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 14 IoCs

pid	pid_target	Process	procid_target
1604	3964	WerFault.exe	85
908	1808	WerFault.exe	89
3080	4740	WerFault.exe	94
4724	1512	WerFault.exe	97
4772	1244	WerFault.exe	100
2692	4892	WerFault.exe	103
2756	4832	WerFault.exe	106
1756	4808	WerFault.exe	109
4688	4860	WerFault.exe	112
4488	1856	WerFault.exe	115
4716	3792	WerFault.exe	118
3940	4708	WerFault.exe	121
1280	2760	WerFault.exe	124
2920	4772	WerFault.exe	127

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1124	PING.EXE

Suspicious use of SetWindowsHookEx 42 IoCs

pid	Process
3964	rundll32.exe
3964	rundll32.exe
3964	rundll32.exe
1808	rundll32.exe
1808	rundll32.exe
1808	rundll32.exe
4740	rundll32.exe
4740	rundll32.exe
4740	rundll32.exe
1512	rundll32.exe
1512	rundll32.exe
1512	rundll32.exe
1244	rundll32.exe
1244	rundll32.exe
1244	rundll32.exe
4892	rundll32.exe
4892	rundll32.exe
4892	rundll32.exe
4832	rundll32.exe
4832	rundll32.exe
4832	rundll32.exe
4808	rundll32.exe
4808	rundll32.exe
4808	rundll32.exe
4860	rundll32.exe
4860	rundll32.exe
4860	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
1856	rundll32.exe
3792	rundll32.exe
3792	rundll32.exe
3792	rundll32.exe
4708	rundll32.exe
4708	rundll32.exe
4708	rundll32.exe
2760	rundll32.exe
2760	rundll32.exe
2760	rundll32.exe
4772	rundll32.exe
4772	rundll32.exe
4772	rundll32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 4560	2756	dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c.exe	81
PID 2756 wrote to memory of 4560	2756	dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c.exe	81
PID 2756 wrote to memory of 4560	2756	dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c.exe	81
PID 2756 wrote to memory of 4936	2756	dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c.exe	82
PID 2756 wrote to memory of 4936	2756	dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c.exe	82
PID 2756 wrote to memory of 4936	2756	dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c.exe	82
PID 4936 wrote to memory of 1124	4936	cmd.exe	84
PID 4936 wrote to memory of 1124	4936	cmd.exe	84
PID 4936 wrote to memory of 1124	4936	cmd.exe	84
PID 4560 wrote to memory of 3964	4560	wfplwfs.exe	85
PID 4560 wrote to memory of 3964	4560	wfplwfs.exe	85
PID 4560 wrote to memory of 3964	4560	wfplwfs.exe	85
PID 4560 wrote to memory of 3964	4560	wfplwfs.exe	85
PID 4560 wrote to memory of 3964	4560	wfplwfs.exe	85
PID 4560 wrote to memory of 3964	4560	wfplwfs.exe	85
PID 4560 wrote to memory of 3964	4560	wfplwfs.exe	85
PID 4560 wrote to memory of 3964	4560	wfplwfs.exe	85
PID 4560 wrote to memory of 1808	4560	wfplwfs.exe	89
PID 4560 wrote to memory of 1808	4560	wfplwfs.exe	89
PID 4560 wrote to memory of 1808	4560	wfplwfs.exe	89
PID 4560 wrote to memory of 1808	4560	wfplwfs.exe	89
PID 4560 wrote to memory of 1808	4560	wfplwfs.exe	89
PID 4560 wrote to memory of 1808	4560	wfplwfs.exe	89
PID 4560 wrote to memory of 1808	4560	wfplwfs.exe	89
PID 4560 wrote to memory of 1808	4560	wfplwfs.exe	89
PID 4560 wrote to memory of 4392	4560	wfplwfs.exe	92
PID 4560 wrote to memory of 4392	4560	wfplwfs.exe	92
PID 4560 wrote to memory of 4392	4560	wfplwfs.exe	92
PID 4560 wrote to memory of 4740	4560	wfplwfs.exe	94
PID 4560 wrote to memory of 4740	4560	wfplwfs.exe	94
PID 4560 wrote to memory of 4740	4560	wfplwfs.exe	94
PID 4560 wrote to memory of 4740	4560	wfplwfs.exe	94
PID 4560 wrote to memory of 4740	4560	wfplwfs.exe	94
PID 4560 wrote to memory of 4740	4560	wfplwfs.exe	94
PID 4560 wrote to memory of 4740	4560	wfplwfs.exe	94
PID 4560 wrote to memory of 4740	4560	wfplwfs.exe	94
PID 4560 wrote to memory of 1512	4560	wfplwfs.exe	97
PID 4560 wrote to memory of 1512	4560	wfplwfs.exe	97
PID 4560 wrote to memory of 1512	4560	wfplwfs.exe	97
PID 4560 wrote to memory of 1512	4560	wfplwfs.exe	97
PID 4560 wrote to memory of 1512	4560	wfplwfs.exe	97
PID 4560 wrote to memory of 1512	4560	wfplwfs.exe	97
PID 4560 wrote to memory of 1512	4560	wfplwfs.exe	97
PID 4560 wrote to memory of 1512	4560	wfplwfs.exe	97
PID 4560 wrote to memory of 1244	4560	wfplwfs.exe	100
PID 4560 wrote to memory of 1244	4560	wfplwfs.exe	100
PID 4560 wrote to memory of 1244	4560	wfplwfs.exe	100
PID 4560 wrote to memory of 1244	4560	wfplwfs.exe	100
PID 4560 wrote to memory of 1244	4560	wfplwfs.exe	100
PID 4560 wrote to memory of 1244	4560	wfplwfs.exe	100
PID 4560 wrote to memory of 1244	4560	wfplwfs.exe	100
PID 4560 wrote to memory of 1244	4560	wfplwfs.exe	100
PID 4560 wrote to memory of 4892	4560	wfplwfs.exe	103
PID 4560 wrote to memory of 4892	4560	wfplwfs.exe	103
PID 4560 wrote to memory of 4892	4560	wfplwfs.exe	103
PID 4560 wrote to memory of 4892	4560	wfplwfs.exe	103
PID 4560 wrote to memory of 4892	4560	wfplwfs.exe	103
PID 4560 wrote to memory of 4892	4560	wfplwfs.exe	103
PID 4560 wrote to memory of 4892	4560	wfplwfs.exe	103
PID 4560 wrote to memory of 4892	4560	wfplwfs.exe	103
PID 4560 wrote to memory of 4832	4560	wfplwfs.exe	106
PID 4560 wrote to memory of 4832	4560	wfplwfs.exe	106
PID 4560 wrote to memory of 4832	4560	wfplwfs.exe	106
PID 4560 wrote to memory of 4832	4560	wfplwfs.exe	106

C:\Users\Admin\AppData\Local\Temp\dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c.exe
"C:\Users\Admin\AppData\Local\Temp\dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Users\Admin\AppData\Local\Temp\wfplwfs.exe
  C:\Users\Admin\AppData\Local\Temp\wfplwfs.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4560
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:3964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 1624
      4⤵
      Program crash
      PID:1604
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 1604
      4⤵
      Program crash
      PID:908
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    PID:4392
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 1596
      4⤵
      Program crash
      PID:3080
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 1608
      4⤵
      Program crash
      PID:4724
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1244
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 1604
      4⤵
      Program crash
      PID:4772
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 1616
      4⤵
      Program crash
      PID:2692
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 1624
      4⤵
      Program crash
      PID:2756
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 1620
      4⤵
      Program crash
      PID:1756
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4860
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 1596
      4⤵
      Program crash
      PID:4688
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1856
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 1620
      4⤵
      Program crash
      PID:4488
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:3792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 1624
      4⤵
      Program crash
      PID:4716
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4708
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 1608
      4⤵
      Program crash
      PID:3940
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2760
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 1604
      4⤵
      Program crash
      PID:1280
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4772
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 1612
      4⤵
      Program crash
      PID:2920
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ping 127.0.0.1 -n 3 & del "C:\Users\Admin\AppData\Local\Temp\dc6d692930b4540400e19d965ce575b7660c8f1344e675a062536b1a0564916c.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4936
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - Runs ping.exe
    PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3964 -ip 3964
1⤵
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1808 -ip 1808
1⤵
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4740 -ip 4740
1⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1512 -ip 1512
1⤵
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 400 -p 1244 -ip 1244
1⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4892 -ip 4892
1⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4832 -ip 4832
1⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4808 -ip 4808
1⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4860 -ip 4860
1⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1856 -ip 1856
1⤵
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3792 -ip 3792
1⤵
PID:244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4708 -ip 4708
1⤵
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2760 -ip 2760
1⤵
PID:3068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4772 -ip 4772
1⤵
PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wfplwfs.exe

Filesize
229KB

MD5
d4b299f528450d38264383167fb54690

SHA1
40bd4d79c9512008dfc7969fb9860ba01430e5f8

SHA256
6d907801521bb03f3804ac68bc66334bd7d14c806dc4541a915f5ba3a1a0153d

SHA512
f8bc3da39529108780e378eba01591e04903d6394c63b8f73149e03f6af25f83387427d3365da35e87c882b1c376581053cc835cc1c676a24a6d96688b86d8f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\index.html

Filesize
1KB

MD5
12cf60e57791e7a8bd78033c9f308931

SHA1
f6c8a295064f7fa8553295e3cd8a9c62352f7c2c

SHA256
2f9f2fe135d66c296ab6071d01529623bac31d4a63ab073be3c6c1e20d34f50a

SHA512
72735d76803980afe7260d713a377f82316fa24109f1d2767b352984aa53d4a5e441a89d99aa3fdb32042dcb61b43d88465272bc98552892747829d7986cf3b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\logo.png

Filesize
2KB

MD5
561a5a310ac6505c1dc2029a61632617

SHA1
f267ab458ec5d0f008a235461e466b1fd3ed14ee

SHA256
b41bd7c17b6bdfe6ae0d0dbbb5ce92fd38c4696833ae3333a1d81cf7e38d6e35

SHA512
4edb7ef8313e20bbc73fd96207c2076ce3bac0754a92bb00aff0259ffe1adf6f7e4d6917e7815fd643139a08bd4a0f325f66982378f94483ce1ee0924df6d3c5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\qrcode.png

Filesize
2KB

MD5
b3a6719938403a3789e888d1c408f66c

SHA1
a86cf042a397ef78b027025753733cab6bf22f10

SHA256
3cac1fed26fbf9e58ee9b69fc85c2492f6ce2e30a696e491bff60f743795039a

SHA512
94d0b3ea7215893bf4028b1d4d7627dacb124966d1f69695dac592431019f13649ae7fccb40de5e9da3994f8a38b2df04469b8924ac0102c8acb2843dce9e34e

Download Submit
memory/1244-55-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1512-48-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1808-31-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1808-30-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1856-90-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2760-111-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3792-97-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3964-23-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3964-17-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3964-15-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4560-49-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-9-0x00000000021C0000-0x00000000021F9000-memory.dmp

Filesize
228KB

Download
memory/4560-35-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-112-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-42-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-33-0x0000000000520000-0x0000000000620000-memory.dmp

Filesize
1024KB

Download
memory/4560-32-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-24-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-56-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-8-0x0000000000520000-0x0000000000620000-memory.dmp

Filesize
1024KB

Download
memory/4560-63-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-105-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-70-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-98-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-77-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-34-0x00000000021C0000-0x00000000021F9000-memory.dmp

Filesize
228KB

Download
memory/4560-84-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-13-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4560-91-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download
memory/4708-104-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4740-41-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4772-118-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4808-76-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4832-69-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4860-83-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4892-62-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download