nanocore | 4151897619823917cf3420046de0a8d3c0da19995acbcb134cc784250945d53a

Analysis

max time kernel
144s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/12/2024, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
Size

928KB
MD5

d3a6b2942804437bb23319f5df1e56c3
SHA1

27e4cff6374c24928b365a80aef85697025b2af3
SHA256

4151897619823917cf3420046de0a8d3c0da19995acbcb134cc784250945d53a
SHA512

a0bd4f47c5ab4a1f5e7c637430593b5585ce691120ba84171c22e2bbd5a113546f81242ba5a0fb200fd90a33d774ab4960be66f79ee2c26e8dd065ab16707f16
SSDEEP

24576:X0I9AIw98hljilLI1hBd/+xF8oEHA8sBMxWrj8MNj:Ee+6lmi1hD+3+RdxYjlh

Score

10^/10

nanocore snakekeylogger discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

194.5.98.127:54984

127.0.0.1:54984

Mutex

3994e0df-038e-4283-9a6f-7af7d7806576

Attributes

activate_away_mode
true
backup_connection_host
127.0.0.1
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2021-05-16T10:50:52.692208236Z
bypass_user_account_control
false
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
54984
default_group
iyke
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
3994e0df-038e-4283-9a6f-7af7d7806576
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
194.5.98.127
primary_dns_server
8.8.8.8
request_elevation
false
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
send.one.com
Port:
587
Username:
[email protected]
Password:
btRhqDDqbQXOw2SC
Email To:
[email protected]

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Nanocore family
nanocore
Snake Keylogger
Keylogger and Infostealer first seen in November 2020.
stealer keylogger snakekeylogger

Snake Keylogger payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0007000000015c0d-45.dat	family_snakekeylogger
behavioral1/memory/2136-48-0x0000000000010000-0x0000000000034000-memory.dmp	family_snakekeylogger

Snakekeylogger family
snakekeylogger

Executes dropped EXE 2 IoCs

pid	Process
2212	ikmerro nano.exe
2136	snake logger.exe

Loads dropped DLL 3 IoCs

pid	Process
2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\UDP Manager = "C:\\Program Files (x86)\\UDP Manager\\udpmgr.exe"	ikmerro nano.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ikmerro nano.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
5	checkip.dyndns.org
9	freegeoip.app
10	freegeoip.app

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2964 set thread context of 2636	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	34

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\UDP Manager\udpmgr.exe	ikmerro nano.exe
File opened for modification	C:\Program Files (x86)\UDP Manager\udpmgr.exe	ikmerro nano.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ikmerro nano.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2672	schtasks.exe
372	schtasks.exe
840	schtasks.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
2136	snake logger.exe
2212	ikmerro nano.exe
2212	ikmerro nano.exe
2212	ikmerro nano.exe
2212	ikmerro nano.exe
2212	ikmerro nano.exe
2212	ikmerro nano.exe
2212	ikmerro nano.exe
2212	ikmerro nano.exe
2212	ikmerro nano.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2212	ikmerro nano.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
Token: SeDebugPrivilege	2136	snake logger.exe
Token: SeDebugPrivilege	2212	ikmerro nano.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2672	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	31
PID 2964 wrote to memory of 2672	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	31
PID 2964 wrote to memory of 2672	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	31
PID 2964 wrote to memory of 2672	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	31
PID 2964 wrote to memory of 2612	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	33
PID 2964 wrote to memory of 2612	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	33
PID 2964 wrote to memory of 2612	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	33
PID 2964 wrote to memory of 2612	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	33
PID 2964 wrote to memory of 2636	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	34
PID 2964 wrote to memory of 2636	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	34
PID 2964 wrote to memory of 2636	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	34
PID 2964 wrote to memory of 2636	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	34
PID 2964 wrote to memory of 2636	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	34
PID 2964 wrote to memory of 2636	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	34
PID 2964 wrote to memory of 2636	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	34
PID 2964 wrote to memory of 2636	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	34
PID 2964 wrote to memory of 2636	2964	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	34
PID 2636 wrote to memory of 2212	2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	35
PID 2636 wrote to memory of 2212	2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	35
PID 2636 wrote to memory of 2212	2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	35
PID 2636 wrote to memory of 2212	2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	35
PID 2636 wrote to memory of 2136	2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	36
PID 2636 wrote to memory of 2136	2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	36
PID 2636 wrote to memory of 2136	2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	36
PID 2636 wrote to memory of 2136	2636	d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe	36
PID 2212 wrote to memory of 372	2212	ikmerro nano.exe	37
PID 2212 wrote to memory of 372	2212	ikmerro nano.exe	37
PID 2212 wrote to memory of 372	2212	ikmerro nano.exe	37
PID 2212 wrote to memory of 372	2212	ikmerro nano.exe	37
PID 2212 wrote to memory of 840	2212	ikmerro nano.exe	39
PID 2212 wrote to memory of 840	2212	ikmerro nano.exe	39
PID 2212 wrote to memory of 840	2212	ikmerro nano.exe	39
PID 2212 wrote to memory of 840	2212	ikmerro nano.exe	39
PID 2136 wrote to memory of 1276	2136	snake logger.exe	41
PID 2136 wrote to memory of 1276	2136	snake logger.exe	41
PID 2136 wrote to memory of 1276	2136	snake logger.exe	41

C:\Users\Admin\AppData\Local\Temp\d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fiPVDuIushYm" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2F79.tmp"
  2⤵
  - System Location Discovery: System Language Discovery
  - Scheduled Task/Job: Scheduled Task
  PID:2672
- C:\Users\Admin\AppData\Local\Temp\d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe"
  2⤵
  PID:2612
- C:\Users\Admin\AppData\Local\Temp\d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\d3a6b2942804437bb23319f5df1e56c3_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\ikmerro nano.exe
    "C:\Users\Admin\AppData\Local\Temp\ikmerro nano.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Windows\SysWOW64\schtasks.exe
      "schtasks.exe" /create /f /tn "UDP Manager" /xml "C:\Users\Admin\AppData\Local\Temp\tmp3591.tmp"
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:372
  - - C:\Windows\SysWOW64\schtasks.exe
      "schtasks.exe" /create /f /tn "UDP Manager Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp35E0.tmp"
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:840
- - C:\Users\Admin\AppData\Local\Temp\snake logger.exe
    "C:\Users\Admin\AppData\Local\Temp\snake logger.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2136
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2136 -s 1536
      4⤵
      PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\snake logger.exe

Filesize
121KB

MD5
e0c153e19ccb6366a79cf3571a191561

SHA1
dfee299bd88926e7b9f07c4ea8ae31d2cba69367

SHA256
bc903d20250251ec239811b9007c5221f5c267a1e1a9e9e8dd1eb05e062d5e06

SHA512
b8e88d57e87a7b4b75206477de934076f222fd757325ee80aaadebbc8a58f9b93898e1b9a9c31f8a0ff833c7358fcb0b0bd57e60c7ac55ffd9f6822238fbaa60

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp2F79.tmp

Filesize
1KB

MD5
1a78921f8eb7f6ab4d6bb69bf00cafdc

SHA1
480b57aa238ce2b698cb49370ae65c1ce6f86eb2

SHA256
759977a77055b4d3811b5612e19513c8fdcccba67fc153ac2481a1d191a7b917

SHA512
3b38979b83c03b01cc137f974d563892ca6eb34fa6cc47c8f7a6ce79b8273afc6ad62cfea765d79f1ad6ce5b2dcdd477feea90127695bb6218213a251628b5d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp3591.tmp

Filesize
1KB

MD5
de7b292240c4c9c91f0162c3cc05f7a5

SHA1
6d0150832d202896ad611cf840d8e794355ba276

SHA256
f63da8e36f2ec1c72796d9a7fc847fd0664eb70309220f235cade3298067ce4f

SHA512
a5df353a2ae111c3b847f26b7de7dab9b3ac323de55679e91f9d6f17d0d551ba783bef3c5603ae436aa5e5708fc9e6a97036927fc0c4239b51486e79e51f996e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp35E0.tmp

Filesize
1KB

MD5
c1c4b266e129249076bbe8a15cc5e06c

SHA1
312b8173c264245c834eee91e05dcca845c341f8

SHA256
f336d06dcadca621be6b2dc9493dcb84d871497e65142bc9fdd72c9f250a1b7b

SHA512
0f02ec7700f89d95d29014eec42d13c85234351c3fe1dc6a3efeea52ea76ca4bea3151567a6c798b5ce658d481b424646b43d93e95ccad897356a87a25d45041

Download Submit
\Users\Admin\AppData\Local\Temp\ikmerro nano.exe

Filesize
217KB

MD5
ec962e97ec8150569cda2415c5d07628

SHA1
1043e3b22ceb0f35d695f2096af0c2a5b25a1000

SHA256
0195b5c6f14b4d3c3b9654187133f96e8c498a0831d2a0961b6885a8d4932e47

SHA512
3a98f28160429cbc23efcaf59f8f8e60ada03a80b7dbb917a44d97b8e9442ea275c4fda8dc25655aab7c73e264459c78ec56fdf7cf49df163a43be553d6b0179

Download Submit
memory/2136-48-0x0000000000010000-0x0000000000034000-memory.dmp

Filesize
144KB

Download
memory/2636-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2636-16-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2636-47-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/2636-14-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2636-24-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2636-22-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2636-31-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/2636-30-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/2636-18-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2636-15-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2636-27-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/2964-29-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/2964-0-0x0000000074A4E000-0x0000000074A4F000-memory.dmp

Filesize
4KB

Download
memory/2964-7-0x00000000054E0000-0x000000000555C000-memory.dmp

Filesize
496KB

Download
memory/2964-5-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/2964-4-0x0000000074A4E000-0x0000000074A4F000-memory.dmp

Filesize
4KB

Download
memory/2964-6-0x0000000005C90000-0x0000000005D5E000-memory.dmp

Filesize
824KB

Download
memory/2964-3-0x0000000000490000-0x00000000004AA000-memory.dmp

Filesize
104KB

Download
memory/2964-2-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/2964-1-0x0000000000820000-0x000000000090C000-memory.dmp

Filesize
944KB

Download