masslogger | 4c69f7c893b04cdcde779cc8debd644802eb9495831b18abe8d3c94d02c5668b

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
20-05-2022 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

INVOICE09090.exe
Size

2.0MB
MD5

014c0a6998bc074852e5a1cb8262e7a2
SHA1

bdc027bbb2bff2c8c1effbd2305154e6ec232eae
SHA256

2c7989e0df0c62a6c561a72a5605bfd55d4006b84878b05dd50d22ce16776d7a
SHA512

ac869275bf85429fe56f496866f27a25520c986790ac9d978ea5aa1f2dc81d365db9c9abc8961efce3fc326b70b3e3984900c2e4464171875ea9bba48310e3d5

Score

10^/10

masslogger collection ransomware spyware stealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\EEB932C954\Log.txt

Family

masslogger

Ransom Note

################################################################# MassLogger v1.3.5.0 ################################################################# ### Logger Details ### User Name: Admin IP: 154.61.71.13 Location: United States OS: Microsoft Windows 10 Pro64bit CPU: Intel Core Processor (Broadwell) GPU: Microsoft Basic Display Adapter AV: NA Screen Resolution: 1280x720 Current Time: 5/20/2022 4:25:27 PM MassLogger Started: 5/20/2022 4:25:19 PM Interval: 1 hour MassLogger Process: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MassLogger Melt: false MassLogger Exit after delivery: false As Administrator: True Processes:

Signatures

MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
stealer spyware masslogger

MassLogger Main Payload 60 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3504-133-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-139-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-140-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-141-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-138-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-142-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-143-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-144-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-145-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-146-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-147-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-148-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-149-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-150-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-151-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-152-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-153-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-154-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-155-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-156-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-157-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-158-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-159-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-160-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-161-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-162-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-163-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-164-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-165-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-166-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-167-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-168-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-170-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-171-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-172-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-173-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-169-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-174-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-175-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-176-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-177-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-178-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-179-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-180-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-181-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-183-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-184-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-182-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-186-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-185-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-187-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-188-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-189-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-190-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-191-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-192-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-193-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-194-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-195-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger
behavioral2/memory/3504-196-0x00000000007B0000-0x0000000000860000-memory.dmp	family_masslogger

MassLogger log file 1 IoCs
Detects a log file produced by MassLogger.

Processes:

yara_rule

masslogger_log_file

yara_rule
masslogger_log_file

Accesses Microsoft Outlook profiles 1 TTPs 18 IoCs

collection

Email Collection

T1114

Processes:

MSBuild.exe

description	ioc	process
Key queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key opened	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook	MSBuild.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	MSBuild.exe
Key queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook	MSBuild.exe
Key queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook	MSBuild.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook	MSBuild.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key opened	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key opened	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe
Key queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	MSBuild.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

33 api.ipify.org
Suspicious use of SetThreadContext 1 IoCs

Processes:

INVOICE09090.exe

description pid process target process

PID 4284 set thread context of 3504 4284 INVOICE09090.exe MSBuild.exe

flow	ioc
33	api.ipify.org

description	pid	process	target process
PID 4284 set thread context of 3504	4284	INVOICE09090.exe	MSBuild.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

Processes:

INVOICE09090.exeMSBuild.exe

pid	process
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
3504	MSBuild.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe
4284	INVOICE09090.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

MSBuild.exe

description pid process

Token: SeDebugPrivilege 3504 MSBuild.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

INVOICE09090.exe

pid process

4284 INVOICE09090.exe
4284 INVOICE09090.exe
4284 INVOICE09090.exe
4284 INVOICE09090.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

INVOICE09090.exe

pid process

4284 INVOICE09090.exe
4284 INVOICE09090.exe
4284 INVOICE09090.exe
4284 INVOICE09090.exe

description	pid	process
Token: SeDebugPrivilege	3504	MSBuild.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

INVOICE09090.exe

description	pid	process	target process
PID 4284 wrote to memory of 3504	4284	INVOICE09090.exe	MSBuild.exe
PID 4284 wrote to memory of 3504	4284	INVOICE09090.exe	MSBuild.exe
PID 4284 wrote to memory of 3504	4284	INVOICE09090.exe	MSBuild.exe
PID 4284 wrote to memory of 3504	4284	INVOICE09090.exe	MSBuild.exe
PID 4284 wrote to memory of 3504	4284	INVOICE09090.exe	MSBuild.exe

outlook_office_path 1 IoCs

Processes:

MSBuild.exe

description	ioc	process
Key queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe

outlook_win_path 1 IoCs

Processes:

MSBuild.exe

description	ioc	process
Key queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\INVOICE09090.exe
"C:\Users\Admin\AppData\Local\Temp\INVOICE09090.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v4.0.30319\\\\MSBuild.exe"
2⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
PID:3504

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3504-132-0x0000000000000000-mapping.dmp

Download
memory/3504-133-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-139-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-140-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-141-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-138-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-142-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-143-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-144-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-145-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-146-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-147-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-148-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-149-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-150-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-151-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-152-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-153-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-154-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-155-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-156-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-157-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-158-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-159-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-160-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-161-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-162-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-163-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-164-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-165-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-166-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-167-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-168-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-170-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-171-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-172-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-173-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-169-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-174-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-175-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-176-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-177-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-178-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-179-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-180-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-181-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-183-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-184-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-182-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-186-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-185-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-187-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-188-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-189-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-190-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-191-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-192-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-193-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-194-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-195-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-196-0x00000000007B0000-0x0000000000860000-memory.dmp

Filesize
704KB

Download
memory/3504-392-0x0000000005450000-0x00000000059F4000-memory.dmp

Filesize
5.6MB

Download
memory/3504-393-0x0000000004F40000-0x0000000004FDC000-memory.dmp

Filesize
624KB

Download
memory/3504-394-0x0000000005150000-0x00000000051B6000-memory.dmp

Filesize
408KB

Download
memory/3504-395-0x0000000005AA0000-0x0000000005B32000-memory.dmp

Filesize
584KB

Download
memory/3504-396-0x00000000066A0000-0x00000000066AA000-memory.dmp

Filesize
40KB

Download
memory/3504-397-0x00000000066D0000-0x0000000006720000-memory.dmp

Filesize
320KB

Download
memory/4284-130-0x0000000004770000-0x00000000048C5000-memory.dmp

Filesize
1.3MB

Download
memory/4284-131-0x0000000004A30000-0x0000000004B85000-memory.dmp

Filesize
1.3MB

Download