Overview

overview

10

Static

static

3

lossless s...ng.exe

windows7-x64

10

lossless s...ng.exe

windows10-2004-x64

10

Resubmissions

14/01/2025, 23:37

250114-3maqsstkcs 10

14/01/2025, 23:34

250114-3kd1fatjgv 10

14/01/2025, 23:27

250114-3feq6svngl 10

Analysis

  • max time kernel
    46s
  • max time network
    48s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/01/2025, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lossless scaling/Lossless Scaling.exe

  • Size

    155KB

  • MD5

    1bb432c7d79983c0438f9c05d7ab2a42

  • SHA1

    fd9d24d6417273c04a046e4da2bd51f6ac287939

  • SHA256

    69c131d4901fb0f0192a2a97fb48012df696c5bd08a38c34e1553a3bdb9942ac

  • SHA512

    1ab2802727c66834e349f79b51847c79c9f340e3b716add2b4ec8c25d3bd1096c3f82596d2efbe57e922945f965aafe72b1bae30d6fcedfd7799595a5ca190ce

  • SSDEEP

    3072:AcjJ6p7RATueBb6sKGyLY1hhhhhhhhhhhhhhhhhhhhhhhOCD:AcjJ6pWTuet1V1hhhhhhhhhhhhhhhhh/

Score
10/10
asyncratdefaultdiscoveryevasionexecutionrattrojan

Malware Config

Extracted

Family

asyncrat

Version

A 14

Botnet

Default

C2

Egypt2.camdvr.org:301

Mutex

MaterxMutex_Egypt2

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

    Using powershell.exe command.

    execution
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lossless scaling\Lossless Scaling.exe
    "C:\Users\Admin\AppData\Local\Temp\lossless scaling\Lossless Scaling.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3552
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" -NoProfile -ExecutionPolicy Bypass -File "C:\Users\Public\language\en-US\hiberfil.ps1"
      2⤵
      • UAC bypass
      • Command and Scripting Interpreter: PowerShell
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1084
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\system32\schtasks.exe" /create /tn administartor /SC minute /MO 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /RL HIGHEST
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:3224
    • C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe
      "C:\Users\Admin\AppData\Local\Temp\lossless scaling\language\uk-UA\LosslessScaling.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2144
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4452
    • C:\Users\Public\IObitUnlocker\IObitUnlocker.exe
      "C:\Users\Public\IObitUnlocker\IObitUnlocker.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4688
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Public\IObitUnlocker\Loader.vbs"
      1⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:2132
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass iex([IO.File]::ReadAllText('C:\Users\Public\IObitUnlocker\Report.ps1'))
        2⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4232
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
          3⤵
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:4340
    • C:\Windows\System32\CScript.exe
      "C:\Windows\System32\CScript.exe" "C:\Users\Public\IObitUnlocker\Loader.vbs"
      1⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:4684
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass iex([IO.File]::ReadAllText('C:\Users\Public\IObitUnlocker\Report.ps1'))
        2⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1280
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2224
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Public\IObitUnlocker\Report.ps1'"
      1⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3776
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        PID:3588

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Lossless Scaling\Settings.xml
      Filesize

      2KB

      MD5

      45fed0a3bcbc889ca99d0c5943210e7e

      SHA1

      602584366a413cb9ae459b6c3231190cd787241e

      SHA256

      9812fe8104a86e693d6baa02a4cdb56ea9a4aedb500b050346eb5ec6bda8dd09

      SHA512

      d0728fcce9484daedb2c9552ee2a818f7cccbeb1e9bca24a1c4fc1ca6e8c181c46cdc89670bfee3d6ad219ea6f69750bd03f776af4f9e4667872c66c11dbd255

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
      Filesize

      3KB

      MD5

      f41839a3fe2888c8b3050197bc9a0a05

      SHA1

      0798941aaf7a53a11ea9ed589752890aee069729

      SHA256

      224331b7bfae2c7118b187f0933cdae702eae833d4fed444675bd0c21d08e66a

      SHA512

      2acfac3fbe51e430c87157071711c5fd67f2746e6c33a17accb0852b35896561cec8af9276d7f08d89999452c9fb27688ff3b7791086b5b21d3e59982fd07699

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aspnet_compiler.exe.log
      Filesize

      425B

      MD5

      4eaca4566b22b01cd3bc115b9b0b2196

      SHA1

      e743e0792c19f71740416e7b3c061d9f1336bf94

      SHA256

      34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

      SHA512

      bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      20KB

      MD5

      ce5572259c6af27ad409beb274f6a0c5

      SHA1

      b0f2a4b186fb7e3f31dd113ec043f0d9dd541750

      SHA256

      0c22228f978ca8bda39b7dea69c6122415151b34d4437e12b5fde235da72d4c8

      SHA512

      5901dcf53a25a76d2d136b925da406ed73c7b40e70d3c07b7fb239991c740af570599772d85f4c911e2854180ea840b303438437307fe56415927c7daecfa020

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      1ed302d074b090f55df63718ecdbb133

      SHA1

      28a69abfb525d1634b86487884571c2a9bcf94b0

      SHA256

      0cbcc347469bad433d515bf9e11d480164bc22c07bee4c7ec96e287b42993269

      SHA512

      d554e5459a20d347abbbda3777fd3b548e90b467fb3b9b59c943d7f8bf6810010fc4832a6ba17241df796a52f88a2225ed4fc3e5e964faafa35519f74f06f17e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      1KB

      MD5

      8106fbda6b657f06930c07ffcb0219b0

      SHA1

      d58c76407d9f6a6c115f5aad83891abb37316308

      SHA256

      1431023dee29965c9a917083ca6d3fbac7deac55556b5526ac5d4c85fb0d4813

      SHA512

      e9b05306ac235899bc3434784f860ba60043f1cbd6b22beaabce672628797e4381f6b5aad366f7f86e859a4d49556cf01fb845032678e06560d1b20dd9b2aa0f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1nindlb0.uz2.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • C:\Users\Public\IObitUnlocker\IObitUnlocker.dll
      Filesize

      71KB

      MD5

      e1a4327af3cd8ca866996f472f0ff93a

      SHA1

      cfea8426ef8fab4136055401152821a19f908d45

      SHA256

      5f0bc7d75f32981e0e704c2217ed423c9a355f19515a1603103cc55cf9d3b901

      SHA512

      745f1ec495869d2fa2722ecadcaa27ec1f005742c69110802e9e1d7600d680d077e9762a400799e38003a4671a2590ecf1c480c2e7586039ebcce6ed36662280

      Download Submit

    • C:\Users\Public\IObitUnlocker\IObitUnlocker.exe
      Filesize

      2.3MB

      MD5

      9303575597168ef11790500b29279f56

      SHA1

      bfab0ea30c5959fda893b9ddc6a348a4f47f8677

      SHA256

      0a507a553010c19369f17b649c5ffe6060216480059062ff75241944cf729bd7

      SHA512

      8e9f7a98c0a0c90643403d4abccd8736d12ba6bef83679ccfd626e52e86ed7db6fe558c6ec48a88cf32967c00d66131f550ac64cc98cd73fd477f165694e68b0

      Download Submit

    • C:\Users\Public\IObitUnlocker\IObitUnlocker.sys
      Filesize

      65KB

      MD5

      47aa03a10ac3a407f8f30f1088edcbc9

      SHA1

      b5d78a1d3ae93bd343c6d65e64c0945d1d558758

      SHA256

      c79a2bb050af6436b10b58ef04dbc7082df1513cec5934432004eb56fba05e66

      SHA512

      3402ca68b00ffd9e2551f97b3895990ee0274f14f117505c3588ea76c716488860ac2da07c1d9275bbc43eb87b88893c52fb04d15f1afe7b7bf7d9a524961101

      Download Submit

    • C:\Users\Public\IObitUnlocker\Loader.vbs
      Filesize

      155B

      MD5

      3781eced7bdb501738a60e3f926ae42a

      SHA1

      c65ca3f8ee5fd4f6dad689cc43bde301a451ec2c

      SHA256

      b343abd677e362c3ae1e573bf7c43bf476a8e97e67d7758328a51f30daaf4d95

      SHA512

      854dc0f2b8d2d4bcb7bb736d2a9c7f70132d069aedffb0e0952fa2d3d57992ae8cda02ea49214f40f4a05b30ac6fea145901fe6c72f257b43c461be138ce6971

      Download Submit

    • C:\Users\Public\IObitUnlocker\Report.ps1
      Filesize

      457KB

      MD5

      40e7960be05c7c1f64d7157235171ce6

      SHA1

      79df02a409ba3721415e3d2755e467c10f9c698e

      SHA256

      5db5a2e88209a2e2901c8e9e74ad794be31c035a583ec62e73b5e8e22d5df0f0

      SHA512

      6801ed81e4c87b1328906befb506d598ea3eeaec3a835744b3a681104efca02d92db5228189b9859741a380ec54fdf98048f37d690396cfb9b2a7cabe487e2e9

      Download Submit

    • C:\Users\Public\language\en-US\hiberfil.ps1
      Filesize

      1KB

      MD5

      98a99e831c54087770d3fd89f2bb9913

      SHA1

      26754b638106f4e2c3bdff6780c574384a129972

      SHA256

      92360a7d4d9bc840a967a86f6bd3651d0d7fb5218d57e3edcd36ad897f908a44

      SHA512

      cae5a9b95ac842902166cf2d67114f311f6bd9227999654f733b2ef16e4daf8fa2ea5fb5908425243226217fe99e87ded7f9d600a2eb668fb3b4f7d4b0974df2

      Download Submit

    • C:\Users\Public\language\en-US\pagefile.sys
      Filesize

      1.7MB

      MD5

      df3362c56b3925e0eb83e0a10fb448c7

      SHA1

      7b82a4de6af8f15994cfa1f179ebf5e0f302e503

      SHA256

      1de06a9918cdd9e8dd95953f1a6b937d490a6eb228b2a67e5a89b09feab810c3

      SHA512

      431dbbf045c8a62cacd7e8236ad343287c574b97684d941fe6f94e702fbb2a19675e1849220fa443616bfe2adec0e2218c42d75889333ca489f064e931891785

      Download Submit

    • memory/1084-91-0x0000000007F50000-0x0000000007FEC000-memory.dmp

      Filesize

      624KB

      Download

    • memory/1084-24-0x0000000074D60000-0x0000000075510000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1084-29-0x0000000005F70000-0x0000000005F8E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/1084-8-0x00000000029B0000-0x00000000029E6000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1084-9-0x0000000005240000-0x0000000005868000-memory.dmp

      Filesize

      6.2MB

      Download

    • memory/1084-10-0x0000000074D60000-0x0000000075510000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1084-123-0x0000000074D60000-0x0000000075510000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1084-11-0x0000000074D60000-0x0000000075510000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1084-12-0x00000000051A0000-0x00000000051C2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1084-30-0x0000000005FB0000-0x0000000005FFC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1084-26-0x0000000005AC0000-0x0000000005E14000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1084-14-0x0000000005950000-0x00000000059B6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1084-13-0x0000000005870000-0x00000000058D6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1084-92-0x0000000007FF0000-0x000000000811C000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1084-90-0x0000000007CD0000-0x0000000007E96000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/1084-59-0x0000000006F60000-0x0000000006FF6000-memory.dmp

      Filesize

      600KB

      Download

    • memory/1084-61-0x00000000064F0000-0x0000000006512000-memory.dmp

      Filesize

      136KB

      Download

    • memory/1084-60-0x00000000064A0000-0x00000000064BA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/1084-62-0x0000000007330000-0x0000000007362000-memory.dmp

      Filesize

      200KB

      Download

    • memory/1084-63-0x00000000702E0000-0x000000007032C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1084-64-0x0000000070440000-0x0000000070794000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1084-74-0x0000000007370000-0x000000000738E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/1084-75-0x00000000073A0000-0x0000000007443000-memory.dmp

      Filesize

      652KB

      Download

    • memory/1084-76-0x0000000008210000-0x000000000888A000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/1084-78-0x0000000007530000-0x000000000753A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/1084-88-0x0000000074D60000-0x0000000075510000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1084-81-0x0000000007560000-0x0000000007571000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1084-82-0x0000000007580000-0x000000000758E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1084-83-0x0000000007590000-0x00000000075A4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/1084-84-0x0000000007CD0000-0x0000000007CEA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/1084-85-0x00000000075D0000-0x00000000075D8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1084-86-0x0000000074D60000-0x0000000075510000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/1084-87-0x0000000074D60000-0x0000000075510000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2144-33-0x000002D1B5640000-0x000002D1B5648000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2144-32-0x000002D1CF7A0000-0x000002D1CF7C6000-memory.dmp

      Filesize

      152KB

      Download

    • memory/2144-27-0x00007FFD6EFA3000-0x00007FFD6EFA5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2144-35-0x00007FFD6EFA0000-0x00007FFD6FA61000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2144-43-0x000002D1D25F0000-0x000002D1D25FE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2144-41-0x000002D1D26D0000-0x000002D1D26D8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2144-40-0x000002D1D1E60000-0x000002D1D1E98000-memory.dmp

      Filesize

      224KB

      Download

    • memory/2144-38-0x000002D1D1F20000-0x000002D1D1FDA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2144-37-0x000002D1D1DB0000-0x000002D1D1E62000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2144-80-0x00007FFD6EFA0000-0x00007FFD6FA61000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2144-28-0x000002D1B38F0000-0x000002D1B39E4000-memory.dmp

      Filesize

      976KB

      Download

    • memory/2144-34-0x000002D1B5650000-0x000002D1B565A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2144-31-0x000002D1CDE50000-0x000002D1CDF36000-memory.dmp

      Filesize

      920KB

      Download

    • memory/3552-0-0x0000000074D6E000-0x0000000074D6F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3552-2-0x00000000055D0000-0x0000000005B74000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3552-1-0x0000000000660000-0x000000000068C000-memory.dmp

      Filesize

      176KB

      Download

    • memory/4232-155-0x0000019D64970000-0x0000019D6497A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4232-134-0x0000019D64940000-0x0000019D64962000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4340-156-0x0000000000400000-0x0000000000416000-memory.dmp

      Filesize

      88KB

      Download

    • memory/4340-174-0x0000000005840000-0x00000000058D2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4340-175-0x0000000005810000-0x000000000581A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4688-132-0x0000000000400000-0x0000000000660000-memory.dmp

      Filesize

      2.4MB

      Download