Overview

overview

10

Static

static

3

tmprwm0tnp5.exe

windows7-x64

1

tmprwm0tnp5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    241s
  • max time network
    252s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-05-2023 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmprwm0tnp5.exe

  • Size

    1.6MB

  • MD5

    170860057f4aad06ddbeea0ca2b3f1b6

  • SHA1

    db04c735b769df458518f959ae7eca39cfa06213

  • SHA256

    e2c74cd730a858e1104119028b3d80e338900723485e5f8b6c02fd8eb459a998

  • SHA512

    f8bf57126bad026be2414121c798d5688119f06312404c35dea3f457deb717f6422291f5401178586fd23055577f893b4e6236e413c909e3b526c45d3b957766

  • SSDEEP

    24576:uU7taDBzgNEfeEvFTMxdzYPh1ogay/zj1weNgcHFx5MpfTjU/c7jNXPohE:uU7PNBmMxdEvogdzxzHFx+pfTgE7VPI

Score
10/10
blustealercollectionstealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot5797428905:AAGaRRXGZN1d9GGFd3sE5x4uSpCGF0PU4m4/sendMessage?chat_id=1251788325

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Executes dropped EXE 17 IoCs
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Drops file in System32 directory 20 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 5 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe
    "C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:812
    • C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe
      "C:\Users\Admin\AppData\Local\Temp\tmprwm0tnp5.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        3⤵
        • Accesses Microsoft Outlook profiles
        • outlook_office_path
        • outlook_win_path
        PID:3812
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    PID:408
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:3848
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:2620
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4712
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1064
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1032
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:3472
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4652
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:4124
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:1884
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      PID:1664
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:4912
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:2040
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:1496
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:3732
    • C:\Windows\System32\OpenSSH\ssh-agent.exe
      C:\Windows\System32\OpenSSH\ssh-agent.exe
      1⤵
      • Executes dropped EXE
      PID:1212
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:4668
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:1516
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3320

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
        Filesize

        2.1MB

        MD5

        76d5c0d56396fa0a797161669b1fefbf

        SHA1

        b83fac4eb88e9959a491d056b939ca08d3014a58

        SHA256

        73a07cfe74397a6d673b78f16634f11c9c444cc521abadcf02031723a6ba46c8

        SHA512

        944d68e6a039947c32228722a9ca5bbd53331eaa6f937daf4dd7f33233039b151f3fc9df34afb526a50de83e8e9fd423b5b4f8c0631462034f9535517aae84d1

        Download Submit

      • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
        Filesize

        1.4MB

        MD5

        07100330e5362a454d6e769d36a38e05

        SHA1

        1e4cdfada40978a11370eb8fc40ebdb8fadbbfcf

        SHA256

        14452c9e50d743610ffbe5705990d05fcbae158d2698389322e94c9ce83a880c

        SHA512

        2ab664d359fd643a9fafcc318c24d3da132dfc05d57d688e7acbf3beb435f59e72e24f8c84bb2de6fd66cdbbcba42470c46bb35eca1ec3ac4ed6288b8b6ed80e

        Download Submit

      • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
        Filesize

        1.5MB

        MD5

        457e81ce6b81930bcf89de26011777f8

        SHA1

        f0a2aa00b672847c89227edfef4e07e7540b9010

        SHA256

        774d8c3b6542a6018725b76f9e90da182a305134a4b407c823c4bc9e27c6ee2a

        SHA512

        20417726403c99e5bb15e67f25c11a047bc4b7f10fd16fb75288a9890034c627a6e47da70b1ab074db050bc2f954653f5211b14ca70e9e865268f3a94707fb96

        Download Submit

      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
        Filesize

        2.1MB

        MD5

        405b844ae508b922a5a05d36da302bba

        SHA1

        2a9a0281c9643005fbe1787eb801de8d758ef755

        SHA256

        5e02c2c54ae9bb4a0a7d55b2aa01bffbc9dd06ed5012818b78ba6106cb184f0d

        SHA512

        6ddc11d0dd339e6d774998550a9ee340941730d06ad7ffad6609cca4559420c7a65967788cfac9c5be08a8a399a0cc59368a514090c25674d284eec5ef959b3b

        Download Submit

      • C:\Windows\SysWOW64\perfhost.exe
        Filesize

        1.2MB

        MD5

        7f8ca59ac311f6a421abaf3c063831f8

        SHA1

        98c85ee49707c30be4585c4c55428759818874a0

        SHA256

        6436830590b2c632b1e085be0b6662f0eae6eea339b0503b69231f7e9f815150

        SHA512

        0dcc973764299177ea76678b23567533eb882959ace8054ac7870d159faa83365c1be056fc6a07a42eb90032112d2d72a70a542b312f41c94074dc2ce609a633

        Download Submit

      • C:\Windows\System32\AgentService.exe
        Filesize

        1.7MB

        MD5

        b713240822daaab9c10d8550dfc467c9

        SHA1

        4fc3a7b119e30de1a962484b80f52a99db8f636d

        SHA256

        1afff821db9246196734cb7dba38eb7e1c19637bad6bfc2547fea32fa5599e15

        SHA512

        2840f70dcb79b4a1f7863f22f560ae74b8852feb15b772b77be044c1dba25ba9c54efb9520917d0b0cf9ee5e57c00b4d8f2373b4199a676212263393e9da4b2b

        Download Submit

      • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
        Filesize

        1.3MB

        MD5

        a2c9affe2c2f838a6eded94a9c88dae4

        SHA1

        b7d0cee532c6a9785dc4f93f1b62395af5c0604e

        SHA256

        9b8cdf9ba71146ad895f311fc2662343b50cc330135e66c0ebed0cf30cdd69a2

        SHA512

        f2a6c8b6051877f1c69e112789df91e4470623ca14c7ca86a95b51dc6cbf9efc361376e13334851744fc420b5dbb3b7a2ddb7d39b4d14fb44dcef98526c64b8c

        Download Submit

      • C:\Windows\System32\FXSSVC.exe
        Filesize

        1.2MB

        MD5

        698dd743c814e538e4f746eba7e1b703

        SHA1

        2bc162b0facdaa8db23aa571badf02bf63c5073f

        SHA256

        a5022d93a7a02fd5090537541f2ee1878a23a88a6c1781e0824dc3e69feb26af

        SHA512

        791c6849d7500a1c5653e8cb4e8471bcdc692c5ca76dc47c77548ef55fb5b4cc7ecc5692b7d073ea8ade21a1e705385651f418b1dd74260fd4e623884d8757b6

        Download Submit

      • C:\Windows\System32\Locator.exe
        Filesize

        1.2MB

        MD5

        2486bc1c4607b3a1905ed1490c8aa45f

        SHA1

        14d055c6476ffa6cd40ceb5cd59b919f561d7a6d

        SHA256

        3fa80b33a6fe88495540674e5253d18921c85d2f9191cb0cdaa15c7e7ff2e2be

        SHA512

        2c736af54f0494325082c0dc6a95889818351eaf4a6d92ad247a4c536224877a929bd6f5a1e766412ecbfa17e3738ba87a0ec791fa71618735f7b3e95462ec3d

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        ccde53da73511b575e0a5fe5fdddf8cb

        SHA1

        fe2bb0da078fd02f8fb2f15c7ea5f68f307cfea3

        SHA256

        2130b661d90525af63e1ca25f6e8efa5328c683a360cf45700cf5635f67b0bfd

        SHA512

        a7529fccd9bfab97e879cd7fd6f8f6c8952c76548260fd1a607d9b7887cd2e29dab176d542c708545e91c1673015d240a7fb8b440e5dabec02dd27727279b92a

        Download Submit

      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        Filesize

        1.6MB

        MD5

        ccde53da73511b575e0a5fe5fdddf8cb

        SHA1

        fe2bb0da078fd02f8fb2f15c7ea5f68f307cfea3

        SHA256

        2130b661d90525af63e1ca25f6e8efa5328c683a360cf45700cf5635f67b0bfd

        SHA512

        a7529fccd9bfab97e879cd7fd6f8f6c8952c76548260fd1a607d9b7887cd2e29dab176d542c708545e91c1673015d240a7fb8b440e5dabec02dd27727279b92a

        Download Submit

      • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe
        Filesize

        1.3MB

        MD5

        d3e01aa58ecc4863c849d204694037d4

        SHA1

        33fca89d98a6345de089af222985a487aa5d3523

        SHA256

        08f7b0aee13f297f4d04f2d847b6ab4c2e31a9bda3da0eb4f057f02654c454d2

        SHA512

        415ee84d399b715c6d90c628b857e638dd5417133ec5dd9dbb3b8f59e2fe2f0796dc61fdb661fa81b72099247274fa0454b346c912af8c7e503d3530b79bb888

        Download Submit

      • C:\Windows\System32\SensorDataService.exe
        Filesize

        1.8MB

        MD5

        919aca35c1590223e69926f59f1e239b

        SHA1

        12cc8ad9498303b71e08d1879398b921107b018a

        SHA256

        86183b694bd3262e58f764b4f3765832a3f86227f0ea8af756a2965ce24bc4d1

        SHA512

        7ef141cf08e342f921f36d7906be29cb3d698ad76b71c6e59576034b34cdc83e01601c72ab9f8925038d951ca9753056bbbec39302d901979ac48573ab67522d

        Download Submit

      • C:\Windows\System32\Spectrum.exe
        Filesize

        1.4MB

        MD5

        adc6782e9873f3e400b30ec116c2a910

        SHA1

        bb2e4b62069f6f9330c0373d96d5887ff4c51db8

        SHA256

        974d58627ea48e61176cc004a24ec4d97236f51741142f8ce33744f3a867f342

        SHA512

        d975303422a11ecf6d4f10729c1f391cf7f1b73dd2171e7fceea2d589dff767a87f8ce41ce4ea542ee938763825baf09f0b2b70e866fb80ce3d60eba55c58372

        Download Submit

      • C:\Windows\System32\TieringEngineService.exe
        Filesize

        1.5MB

        MD5

        7cc7d010718e24a590e4bf8a2f21f711

        SHA1

        6e043769ae7a8e3688cdcfecceeab588ed6ed046

        SHA256

        4038932a54996d69fde92040e9525736d6480bb7af3b4407fa3b6974c66098fb

        SHA512

        01e0e891f99c1e49c7d5ac9e113440255b3030a8d0113c6ab02da059283e84b8a720f782099aa6338705f35c602f63b4a24fbbac70c52579c5b3f7541010ecce

        Download Submit

      • C:\Windows\System32\alg.exe
        Filesize

        1.3MB

        MD5

        7ead92289088e2efe1465fcc60d49234

        SHA1

        7a33adcda2695cfa979e9d4896ad557d58c26515

        SHA256

        1b969e5209cd8d9f25a380eb55186591c09091e086b1f4d4fe7f8596750e48d7

        SHA512

        72170d0888f6a02227b850f8452c0676ba1b235b832a51f5760d25bf186c1d9daa7ac7534f67db76e00009c86d638c90e1208441d2f2dc73d5e5ea45212d50f4

        Download Submit

      • C:\Windows\System32\msdtc.exe
        Filesize

        1.4MB

        MD5

        3cf13b401fb7d6b45b1c514a50ee7eff

        SHA1

        0d78a7a233917b0ef6f2710cc7e832535ec87809

        SHA256

        25b356e325ddbaacc7759079ff3698ad8c93812c123e08b5edfe90bab7c6fe50

        SHA512

        61fbf620106bbef7442a2e486158fc344345cbf19807c8d94244f46a81ce4b8d9e8446ad3ffcff51590ed3a259626504a05e34978a2df5d06b58f9a700d4a5c9

        Download Submit

      • C:\Windows\System32\snmptrap.exe
        Filesize

        1.2MB

        MD5

        7be948544051128d2772bf65db4897f9

        SHA1

        3be7532c54fcaa0b29f1e4ecad6b05e9ea358e30

        SHA256

        51d90b264c9028d408cd04467ab18d3b1e3bd063aef840f7e4afd6df78a3fea2

        SHA512

        1b4e22788e1f48ff992bf04e3dc42c14371a2d63f62096f1533d4ecb10f4d3f4eafaf1f235afe4eb261047d88f15e374ebf33372e1ac73eee6c52f1bea6603ee

        Download Submit

      • memory/408-166-0x0000000000690000-0x00000000006F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/408-168-0x0000000140000000-0x0000000140201000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/408-160-0x0000000000690000-0x00000000006F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/812-139-0x0000000007590000-0x000000000762C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/812-138-0x0000000005840000-0x0000000005850000-memory.dmp

        Filesize

        64KB

        Download

      • memory/812-137-0x0000000005840000-0x0000000005850000-memory.dmp

        Filesize

        64KB

        Download

      • memory/812-136-0x00000000055A0000-0x00000000055AA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/812-135-0x00000000055B0000-0x0000000005642000-memory.dmp

        Filesize

        584KB

        Download

      • memory/812-134-0x0000000005AC0000-0x0000000006064000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/812-133-0x0000000000A50000-0x0000000000BE6000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/1032-217-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1032-223-0x0000000000190000-0x00000000001F0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1032-353-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1032-239-0x0000000140000000-0x000000014022B000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1064-203-0x00000000004D0000-0x0000000000530000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1064-206-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1064-196-0x00000000004D0000-0x0000000000530000-memory.dmp

        Filesize

        384KB

        Download

      • memory/1064-322-0x0000000140000000-0x0000000140237000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1212-357-0x0000000140000000-0x0000000140259000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/1496-312-0x0000000140000000-0x00000001401ED000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1516-359-0x0000000140000000-0x0000000140239000-memory.dmp

        Filesize

        2.2MB

        Download

      • memory/1664-282-0x0000000000400000-0x00000000005EE000-memory.dmp

        Filesize

        1.9MB

        Download

      • memory/1884-280-0x0000000140000000-0x0000000140202000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2040-311-0x0000000140000000-0x00000001401D7000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3040-143-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3040-145-0x0000000001330000-0x0000000001396000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3040-140-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3040-150-0x0000000001330000-0x0000000001396000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3040-155-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3040-144-0x0000000000400000-0x0000000000654000-memory.dmp

        Filesize

        2.3MB

        Download

      • memory/3320-368-0x0000000140000000-0x00000001401C0000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3472-236-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3472-233-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3472-240-0x0000000140000000-0x0000000140221000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/3472-227-0x0000000000C00000-0x0000000000C60000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3732-354-0x0000000140000000-0x0000000140169000-memory.dmp

        Filesize

        1.4MB

        Download

      • memory/3812-156-0x0000000000B00000-0x0000000000B66000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3848-173-0x0000000000510000-0x0000000000570000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3848-181-0x0000000140000000-0x0000000140200000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3848-179-0x0000000000510000-0x0000000000570000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4124-278-0x0000000140000000-0x0000000140226000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4652-243-0x0000000000D10000-0x0000000000D70000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4652-242-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4652-367-0x0000000140000000-0x0000000140210000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/4712-184-0x0000000000E80000-0x0000000000EE0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4712-190-0x0000000000E80000-0x0000000000EE0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4712-194-0x0000000000E80000-0x0000000000EE0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/4712-198-0x0000000140000000-0x0000000140135000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/4912-310-0x0000000140000000-0x00000001401EC000-memory.dmp

        Filesize

        1.9MB

        Download