masslogger | 2909694b162fb67f8b7d6f01bdb086d23216280a1f84565a13a4406ac46147c3

Analysis

max time kernel
149s
max time network
147s
platform
windows7_x64
resource
win7-20220414-en
submitted
20-05-2022 23:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

doc000643665764.exe
Size

1.4MB
MD5

e04ea3820e1699eb0cce1ddb55b91327
SHA1

736ab206d9bba71557069b42b05b7615b28e5b0f
SHA256

367c31b38577406fec107ed639cc6503710de53d8326b92504fd3919105ffce9
SHA512

64926a6671e9b90a69ffb64f61ae48d59fc61834a5083ae1ad119af711ef04923dfc607ace4bdd4ab2c06e495ee1b84f0399dc0df54b847d201d6770c864167c

Score

10^/10

masslogger persistence ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\AEF946DCB4\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.6.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.50 Location: United States Windows OS: Microsoft Windows 7 Ultimate 64bit Windows Serial Key: D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV CPU: Intel Core Processor (Broadwell) GPU: Standard VGA Graphics Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/21/2022 1:14:39 AM MassLogger Started: 5/21/2022 1:14:28 AM Interval: 2 hour MassLogger Process: C:\Users\Admin\AppData\Local\Temp\RegAsm.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes: Name:WerFault, Title:Z/z8qH7&G(y2x4)YLm

Signatures

MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
stealer spyware masslogger

MassLogger Main Payload 41 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1992-54-0x0000000000B00000-0x0000000000C78000-memory.dmp	family_masslogger
\Users\Admin\Desktop\.exe	family_masslogger
C:\Users\Admin\Desktop\.exe	family_masslogger
C:\Users\Admin\Desktop\.exe	family_masslogger
behavioral1/memory/1172-64-0x0000000000240000-0x00000000003B8000-memory.dmp	family_masslogger
behavioral1/memory/1240-73-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-72-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-74-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-75-0x00000000004ACB9E-mapping.dmp	family_masslogger
behavioral1/memory/1240-78-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-80-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
\Users\Admin\Desktop\.exe	family_masslogger
\Users\Admin\Desktop\.exe	family_masslogger
\Users\Admin\Desktop\.exe	family_masslogger
\Users\Admin\Desktop\.exe	family_masslogger
behavioral1/memory/1240-89-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-91-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-93-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-95-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-97-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-99-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-101-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-103-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-105-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-107-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-109-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-111-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-113-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-115-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-117-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-119-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-121-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-123-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-125-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-127-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-129-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-131-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-133-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-135-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
behavioral1/memory/1240-137-0x0000000000400000-0x00000000004B2000-memory.dmp	family_masslogger
\Users\Admin\Desktop\.exe	family_masslogger

MassLogger log file 1 IoCs
Detects a log file produced by MassLogger.

Processes:

yara_rule

masslogger_log_file
Executes dropped EXE 2 IoCs

Processes:

.exeRegAsm.exe

pid process

1172 .exe
1240 RegAsm.exe
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

RegAsm.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Control Panel\International\Geo\Nation RegAsm.exe
Loads dropped DLL 8 IoCs

Processes:

doc000643665764.exe.exeRegAsm.exeWerFault.exe

pid process

1992 doc000643665764.exe
1172 .exe
1240 RegAsm.exe
636 WerFault.exe
636 WerFault.exe
636 WerFault.exe
636 WerFault.exe
636 WerFault.exe

yara_rule
masslogger_log_file

pid	process
1172	.exe
1240	RegAsm.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Control Panel\International\Geo\Nation	RegAsm.exe

pid	process
1992	doc000643665764.exe
1172	.exe
1240	RegAsm.exe
636	WerFault.exe
636	WerFault.exe
636	WerFault.exe
636	WerFault.exe
636	WerFault.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Windows\CurrentVersion\Run\admin = "C:\\Windows\\system32\\pcalua.exe -a C:\\Users\\Admin\\Desktop\\.exe"	reg.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

4 api.ipify.org
Suspicious use of SetThreadContext 1 IoCs

Processes:

.exe

description pid process target process

PID 1172 set thread context of 1240 1172 .exe RegAsm.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

636 1172 WerFault.exe .exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

RegAsm.exe

pid process

1240 RegAsm.exe
Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

doc000643665764.exe.exeRegAsm.exe

pid process

1992 doc000643665764.exe
1992 doc000643665764.exe
1172 .exe
1172 .exe
1172 .exe
1240 RegAsm.exe
1240 RegAsm.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

doc000643665764.exe.exeRegAsm.exe

description pid process

Token: SeDebugPrivilege 1992 doc000643665764.exe
Token: SeDebugPrivilege 1172 .exe
Token: SeDebugPrivilege 1240 RegAsm.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

RegAsm.exe

pid process

1240 RegAsm.exe

flow	ioc
4	api.ipify.org

description	pid	process	target process
PID 1172 set thread context of 1240	1172	.exe	RegAsm.exe

pid	pid_target	process	target process
636	1172	WerFault.exe	.exe

pid	process
1240	RegAsm.exe

pid	process
1992	doc000643665764.exe
1992	doc000643665764.exe
1172	.exe
1172	.exe
1172	.exe
1240	RegAsm.exe
1240	RegAsm.exe

description	pid	process
Token: SeDebugPrivilege	1992	doc000643665764.exe
Token: SeDebugPrivilege	1172	.exe
Token: SeDebugPrivilege	1240	RegAsm.exe

pid	process
1240	RegAsm.exe

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

doc000643665764.execmd.exe.exe

description	pid	process	target process
PID 1992 wrote to memory of 1364	1992	doc000643665764.exe	cmd.exe
PID 1992 wrote to memory of 1364	1992	doc000643665764.exe	cmd.exe
PID 1992 wrote to memory of 1364	1992	doc000643665764.exe	cmd.exe
PID 1992 wrote to memory of 1364	1992	doc000643665764.exe	cmd.exe
PID 1364 wrote to memory of 1204	1364	cmd.exe	reg.exe
PID 1364 wrote to memory of 1204	1364	cmd.exe	reg.exe
PID 1364 wrote to memory of 1204	1364	cmd.exe	reg.exe
PID 1364 wrote to memory of 1204	1364	cmd.exe	reg.exe
PID 1992 wrote to memory of 1172	1992	doc000643665764.exe	.exe
PID 1992 wrote to memory of 1172	1992	doc000643665764.exe	.exe
PID 1992 wrote to memory of 1172	1992	doc000643665764.exe	.exe
PID 1992 wrote to memory of 1172	1992	doc000643665764.exe	.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 1240	1172	.exe	RegAsm.exe
PID 1172 wrote to memory of 636	1172	.exe	WerFault.exe
PID 1172 wrote to memory of 636	1172	.exe	WerFault.exe
PID 1172 wrote to memory of 636	1172	.exe	WerFault.exe
PID 1172 wrote to memory of 636	1172	.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\doc000643665764.exe
"C:\Users\Admin\AppData\Local\Temp\doc000643665764.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1992

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v admin /t REG_SZ /d C:\Windows\system32\pcalua.exe" -a C:\Users\Admin\Desktop\.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1364

C:\Windows\SysWOW64\reg.exe
REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v admin /t REG_SZ /d C:\Windows\system32\pcalua.exe" -a C:\Users\Admin\Desktop\.exe"
3⤵
- Adds Run key to start application
PID:1204

C:\Users\Admin\Desktop\.exe
"C:\Users\Admin\Desktop\.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1172

C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
"C:\Users\Admin\AppData\Local\Temp\RegAsm.exe"
3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 780
3⤵
- Loads dropped DLL
- Program crash
PID:636

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RegAsm.exe

Filesize
63KB

MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\RegAsm.exe

Filesize
63KB

MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
C:\Users\Admin\Desktop\.exe

Filesize
1.4MB

MD5
e04ea3820e1699eb0cce1ddb55b91327

SHA1
736ab206d9bba71557069b42b05b7615b28e5b0f

SHA256
367c31b38577406fec107ed639cc6503710de53d8326b92504fd3919105ffce9

SHA512
64926a6671e9b90a69ffb64f61ae48d59fc61834a5083ae1ad119af711ef04923dfc607ace4bdd4ab2c06e495ee1b84f0399dc0df54b847d201d6770c864167c

Download Submit
C:\Users\Admin\Desktop\.exe

Filesize
1.4MB

MD5
e04ea3820e1699eb0cce1ddb55b91327

SHA1
736ab206d9bba71557069b42b05b7615b28e5b0f

SHA256
367c31b38577406fec107ed639cc6503710de53d8326b92504fd3919105ffce9

SHA512
64926a6671e9b90a69ffb64f61ae48d59fc61834a5083ae1ad119af711ef04923dfc607ace4bdd4ab2c06e495ee1b84f0399dc0df54b847d201d6770c864167c

Download Submit
\Users\Admin\AppData\Local\Temp\RegAsm.exe

Filesize
63KB

MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
\Users\Admin\AppData\Local\Temp\RegAsm.exe

Filesize
63KB

MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
\Users\Admin\Desktop\.exe

Filesize
1.4MB

MD5
e04ea3820e1699eb0cce1ddb55b91327

SHA1
736ab206d9bba71557069b42b05b7615b28e5b0f

SHA256
367c31b38577406fec107ed639cc6503710de53d8326b92504fd3919105ffce9

SHA512
64926a6671e9b90a69ffb64f61ae48d59fc61834a5083ae1ad119af711ef04923dfc607ace4bdd4ab2c06e495ee1b84f0399dc0df54b847d201d6770c864167c

Download Submit
\Users\Admin\Desktop\.exe

Filesize
1.4MB

MD5
e04ea3820e1699eb0cce1ddb55b91327

SHA1
736ab206d9bba71557069b42b05b7615b28e5b0f

SHA256
367c31b38577406fec107ed639cc6503710de53d8326b92504fd3919105ffce9

SHA512
64926a6671e9b90a69ffb64f61ae48d59fc61834a5083ae1ad119af711ef04923dfc607ace4bdd4ab2c06e495ee1b84f0399dc0df54b847d201d6770c864167c

Download Submit
\Users\Admin\Desktop\.exe

Filesize
1.4MB

MD5
e04ea3820e1699eb0cce1ddb55b91327

SHA1
736ab206d9bba71557069b42b05b7615b28e5b0f

SHA256
367c31b38577406fec107ed639cc6503710de53d8326b92504fd3919105ffce9

SHA512
64926a6671e9b90a69ffb64f61ae48d59fc61834a5083ae1ad119af711ef04923dfc607ace4bdd4ab2c06e495ee1b84f0399dc0df54b847d201d6770c864167c

Download Submit
\Users\Admin\Desktop\.exe

Filesize
1.4MB

MD5
e04ea3820e1699eb0cce1ddb55b91327

SHA1
736ab206d9bba71557069b42b05b7615b28e5b0f

SHA256
367c31b38577406fec107ed639cc6503710de53d8326b92504fd3919105ffce9

SHA512
64926a6671e9b90a69ffb64f61ae48d59fc61834a5083ae1ad119af711ef04923dfc607ace4bdd4ab2c06e495ee1b84f0399dc0df54b847d201d6770c864167c

Download Submit
\Users\Admin\Desktop\.exe

Filesize
1.4MB

MD5
e04ea3820e1699eb0cce1ddb55b91327

SHA1
736ab206d9bba71557069b42b05b7615b28e5b0f

SHA256
367c31b38577406fec107ed639cc6503710de53d8326b92504fd3919105ffce9

SHA512
64926a6671e9b90a69ffb64f61ae48d59fc61834a5083ae1ad119af711ef04923dfc607ace4bdd4ab2c06e495ee1b84f0399dc0df54b847d201d6770c864167c

Download Submit
\Users\Admin\Desktop\.exe

Filesize
1.4MB

MD5
e04ea3820e1699eb0cce1ddb55b91327

SHA1
736ab206d9bba71557069b42b05b7615b28e5b0f

SHA256
367c31b38577406fec107ed639cc6503710de53d8326b92504fd3919105ffce9

SHA512
64926a6671e9b90a69ffb64f61ae48d59fc61834a5083ae1ad119af711ef04923dfc607ace4bdd4ab2c06e495ee1b84f0399dc0df54b847d201d6770c864167c

Download Submit
memory/636-82-0x0000000000000000-mapping.dmp

Download
memory/1172-61-0x0000000000000000-mapping.dmp

Download
memory/1172-64-0x0000000000240000-0x00000000003B8000-memory.dmp

Filesize
1.5MB

Download
memory/1172-66-0x0000000001F70000-0x0000000001F7A000-memory.dmp

Filesize
40KB

Download
memory/1204-59-0x0000000000000000-mapping.dmp

Download
memory/1240-69-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-121-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-75-0x00000000004ACB9E-mapping.dmp

Download
memory/1240-72-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-78-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-80-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-73-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-70-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-604-0x0000000004F95000-0x0000000004FA6000-memory.dmp

Filesize
68KB

Download
memory/1240-603-0x0000000000670000-0x00000000006B4000-memory.dmp

Filesize
272KB

Download
memory/1240-137-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-135-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-89-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-91-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-93-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-95-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-97-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-99-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-101-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-103-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-105-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-107-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-109-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-111-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-113-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-115-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-117-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-119-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-74-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-123-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-125-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-127-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-129-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-131-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1240-133-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1364-58-0x0000000000000000-mapping.dmp

Download
memory/1992-56-0x0000000000500000-0x0000000000520000-memory.dmp

Filesize
128KB

Download
memory/1992-57-0x00000000005C0000-0x00000000005CA000-memory.dmp

Filesize
40KB

Download
memory/1992-55-0x0000000075381000-0x0000000075383000-memory.dmp

Filesize
8KB

Download
memory/1992-54-0x0000000000B00000-0x0000000000C78000-memory.dmp

Filesize
1.5MB

Download