f41ad7d84dff054319cca61c55542c294e639cd6d5b741c27cc65b9a3081d944

Analysis

max time kernel
135s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Funshion.exe
Size

1.7MB
MD5

0889eadfa78e56af137084e249106520
SHA1

61d4cae62622cb2beb3784eff3a626969fbbd624
SHA256

1ea323d3769374766a916308ab53be755897c2541e3b80f83f180d3831ad6d01
SHA512

cd11e8c60e9de9c69b144c4cdf0e168c31e85f4eacbdbf0cef806a19c236e8ff412768c5d6d6d2f216940165bf56e5919e0cb56741c604f4f1fa19a15f7ce920
SSDEEP

24576:2hPZDb6pqEvfVpgoJkrN2K2Tl0VjddeY/LeMadbawrdviBPKf2P+pjF:2WrnHgoWxI0N6YjeMEf2P+pF

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Funshion.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	dxdiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	dxdiag.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	evid4226-vc80-mt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tracert.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Funshion.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FunshionService.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1316	tracert.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	dxdiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dxdiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	dxdiag.exe

Modifies registry class 51 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Funshion.exe\" %1"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\DefaultIcon	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SysWOW64\\dxdiagn.dll"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\ddeexec\Application\ = "Funshion"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Funshion.exe"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\ = "URL: fsp Protocol"	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\ddeexec\ = "%1"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\ddeexec\Application	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	dxdiag.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{4CF142CF-1163-4A22-B6DB-E821110AAD77}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\ddeexec\Topic	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\ddeexec\Topic\ = "FSP"	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\command	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class"	dxdiag.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{09D851C8-C5F0-4DE5-A4CA-EE522D73014C}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\shell\open\ddeexec	Funshion.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject"	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fsp\URL Protocol	Funshion.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	dxdiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID	dxdiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	dxdiag.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3240	dxdiag.exe
3240	dxdiag.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2292	Funshion.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1788	FunshionService.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe

Suspicious use of SendNotifyMessage 21 IoCs

pid	Process
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
2292	Funshion.exe
3240	dxdiag.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1788	2292	Funshion.exe	88
PID 2292 wrote to memory of 1788	2292	Funshion.exe	88
PID 2292 wrote to memory of 1788	2292	Funshion.exe	88
PID 1788 wrote to memory of 3240	1788	FunshionService.exe	89
PID 1788 wrote to memory of 3240	1788	FunshionService.exe	89
PID 1788 wrote to memory of 3240	1788	FunshionService.exe	89
PID 2292 wrote to memory of 4432	2292	Funshion.exe	94
PID 2292 wrote to memory of 4432	2292	Funshion.exe	94
PID 2292 wrote to memory of 4432	2292	Funshion.exe	94
PID 1788 wrote to memory of 1316	1788	FunshionService.exe	105
PID 1788 wrote to memory of 1316	1788	FunshionService.exe	105
PID 1788 wrote to memory of 1316	1788	FunshionService.exe	105

C:\Users\Admin\AppData\Local\Temp\Funshion.exe
"C:\Users\Admin\AppData\Local\Temp\Funshion.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\FunshionService.exe
  "C:\Users\Admin\AppData\Local\Temp\FunshionService.exe" UISTARTFSPSERVER
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Windows\SysWOW64\dxdiag.exe
    dxdiag.exe /whql:off /t C:\Users\Admin\funshion\fsdxdiag.txt
    3⤵
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Checks SCSI registry key(s)
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3240
- - C:\Windows\SysWOW64\tracert.exe
    tracert.exe -d -h 16 -w 800 209.131.36.158
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:1316
- C:\Users\Admin\AppData\Local\Temp\XPSP2Patch\evid4226-vc80-mt.exe
  --silent
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\funshion.ini

Filesize
129B

MD5
a97cabe36194a10ea1e59dcbab1ec575

SHA1
59ddf34eefc3214514845945bbb33cb48dd5f7ab

SHA256
41230d95c4b728cba2c96612603063b61aba177fa6c53bd3af5c6226806d5b54

SHA512
8450ff4b8bf95f2248a861bd0deb23833b5582c7ea6d8fdfa507204733f19c914b821a72d9cbdf0bf56dbe3e49fde05f31d5fcd9e8c7412074b8a847ae2d2ce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\funshion.ini

Filesize
153B

MD5
5ea101dbdea64d0e6987794b28bbded0

SHA1
d8e866f1fe22dc2eddec064dcdbeb0fbaf4a0ac6

SHA256
00189fd386355b5f1bd6d3f8b60182d76ec5d681bd5582a5fb5451a7605eb94c

SHA512
ae8b6361b3bf80b64ece05e20e4a99442a6701c29014849949b559ecdc545536dfc626fe6fb853fbc8feee615578fc80cb8218ffc30def534d116b261b1e3bfc

Download Submit
C:\Users\Admin\FunShion.ini

Filesize
257B

MD5
7599a937447942fadd46ea9142932fe5

SHA1
6081ee88c95b0782d20112f9a337ea25aab643bd

SHA256
e557e480e17e7f70b44bcebd6c60958468de6eed50c3aa267b08d13365378452

SHA512
96e801fc5a867d7eac02f14ce4659db8d159eb647d5121c654f000c1e8449279bc0ed9810194916c5d554feea7e3a0c855ed8477c3d656537ad1ff7a0c9e5f0d

Download Submit
C:\Users\Admin\FunShion.ini

Filesize
257B

MD5
43a8a4db62b5216eac19fcc3ed63c966

SHA1
c37161bc287db47497ef6603128d11345fe63b50

SHA256
d996cf7c1ebb83e85029d3f3dfd897a5af01af79d07d7390ee40e950032965d8

SHA512
e2341dddd9b53d01f70f58406e2a7fae0fc77cfd2c9097fc2058a34c81e41d7884fec4910d65fd52af65f792fd247e1125f93db2aeb9448cb714442ff56fb3d2

Download Submit
C:\Users\Admin\FunShion.ini

Filesize
212B

MD5
208b8d3b66c05a4c969fcdb13d014754

SHA1
3888da51d785bb7d4d463f82c8cd5b0ba21fb69b

SHA256
0cc73a5a673b84ee53718f7b32004aa40eca3bb7189bd041a73b6bb93ed73b93

SHA512
9bc8a604eeed55e698965e68df28e33c6389ffb86aae0d963b2d566b8b1d52bf37eb976ce28fde7df066d528b628f55a3514aa3996ecd33a20a2682b306e74d9

Download Submit
memory/1788-229-0x0000000003B40000-0x0000000003B6B000-memory.dmp

Filesize
172KB

Download
memory/1788-16-0x0000000000820000-0x000000000084E000-memory.dmp

Filesize
184KB

Download
memory/1788-15-0x0000000000800000-0x000000000081C000-memory.dmp

Filesize
112KB

Download
memory/2292-199-0x0000000006490000-0x0000000006579000-memory.dmp

Filesize
932KB

Download
memory/2292-259-0x00000000030E0000-0x00000000030E1000-memory.dmp

Filesize
4KB

Download
memory/2292-0-0x00000000030E0000-0x00000000030E1000-memory.dmp

Filesize
4KB

Download
memory/2292-2-0x0000000003560000-0x000000000357B000-memory.dmp

Filesize
108KB

Download
memory/3240-232-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3240-243-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3240-242-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3240-241-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3240-240-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3240-239-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3240-238-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3240-244-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3240-234-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/3240-233-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download