b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 17:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
Size

1.8MB
MD5

d5f72f1351b9e3f1d24398460ff052f7
SHA1

fb6688793906b9d30e5ee608543ca9bfbfae59b0
SHA256

b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be
SHA512

a3ec2c20b6bdd5aeea5aad26742d1a9c1f0ed7d97661d5c4514394f546c50a7804259b327352d9379aeecc406c8997b987e75db7b3c96a7d2f62d8c894295cb5
SSDEEP

49152:RK783MoXnFv3dcj7q5LsLp3CceMuczXrjJE3jM2ce:RK78HXnl3dcj7q5KpyceMuczXxE3Xc

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
4584	alg.exe
2528	DiagnosticsHub.StandardCollector.Service.exe
3932	fxssvc.exe
4500	elevation_service.exe
3088	elevation_service.exe
1544	maintenanceservice.exe
1752	OSE.EXE

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Windows\system32\dllhost.exe	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\f2a0724aeac8ca73.bin	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_pt-BR.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_ru.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_sw.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_te.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_ja.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateSetup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\ktab.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_bg.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdate.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_ko.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_ml.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_uk.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_hi.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\java.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_pt-PT.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\psmachine.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_de.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jarsigner.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\psuser.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\GoogleCrashHandler64.exe	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_lt.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_sr.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\java.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_sk.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM7427.tmp\goopdateres_id.dll	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	224	b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
Token: SeAuditPrivilege	3932	fxssvc.exe
Token: SeDebugPrivilege	4584	alg.exe
Token: SeDebugPrivilege	4584	alg.exe
Token: SeDebugPrivilege	4584	alg.exe

C:\Users\Admin\AppData\Local\Temp\b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe
"C:\Users\Admin\AppData\Local\Temp\b40dd5b0b5d6317144ced1e756e380b8a1c45edcd1f0a7ff6829345995b427be.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:224

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:4584

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:2528

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4664

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4500

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3088

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1544

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
fa7f110f5831ea7d37cfad3d548c528d

SHA1
c1c61777d5ed032a1c87a65d485e1507c08acc3b

SHA256
6a1af17103cd436c346d98b87696fcc55e861a21dc0f329104ae6164a55b4076

SHA512
fc321e44d8d199a288059526d00065a82630c1473d18e4a80481d3c8bbaa97118e4f967b1d09d050cabcb7a499951b790a7c3c1d0cd1cedb3ebd4ef48f8fee19

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.6MB

MD5
217f336a054fdbb905e8a2a79c65765f

SHA1
8a30112e67aef4cdc6737609896a664f7651ffe3

SHA256
6adccb97204f022e252953fe82061b9d3b79c43617ae51e59f7842d5b5a1142c

SHA512
c57e2227dd473d5b8ed37e483e894662ea3a47b79f0432ea3610e246ee6aedbda10592054340541db6c181a013297055f106ab10ecc1a5f439e58db741c7ce73

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.6MB

MD5
fa95106eaef35e6b19f476e6668c9626

SHA1
895482896e3e67fe3e73c2eedcef33216fdffc0c

SHA256
b74879c4a5676c28e02d994a77b07971ed32ed7e39245ee1ddc3940d67858e5b

SHA512
22771205d2f7d32fad81df65f646e9a6364e6442b0fa29288d96a258a98890f61ad2bef1372794ad488be370cfc5a8bee105a981ada8c16a73c3ca7e2f45dc24

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
3ad4033fcfc9423d755635360926de16

SHA1
432006f216c411fcfeb230cf6a048f43c8b20315

SHA256
7b0d2c4a13c26bd26da74099631b3d034c0fdce93df4c17b355ce87e38ee63b0

SHA512
882dd772cc491764db8fd4903a2464b65a18e1245d37db25b6489a2573ac351a7130a1b83a9808a828d01c3cb060517b3a1aea70e914b9b8c6b146f9a6720cbf

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.5MB

MD5
22bc1d481f460b8b6c889d0efcc62c46

SHA1
c0cce7610a01e82702bf81a2575d96d7cf01a7e8

SHA256
8f780e808c58ca58f4e7e0bdf689ebb3b3a0d6c2c32d9f5bc6494631fb4093b8

SHA512
811cb6a0909fcf4c797b01d52d1c5f2d6f93787b60be8d154e06978d01e7271590c7b9c7cf1ca08d82eec5ceb25994480031bfd2597f14cccfedc6c1adeb3bdb

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
f256da3d3707ce289ba41bf4f4e85b16

SHA1
c0a92ecd10af2105bb4edc38f14510664ebdc8e0

SHA256
be50b2698d8f5515a5b154693402f9e023fbdfa9cc3fb94ba4a7280726788891

SHA512
d283ccd842dacb04dd6c5709544bb1730fee39650893f2f1cdab99e9311aa9151aad45b57279e8a9840190c8d187e9ed5671c7f22f20d74a09ea9d3cdb12241f

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.5MB

MD5
0b484632ec0e7a60ad4648670851eecc

SHA1
c3bfc1e943fb71103312e0a121c081940af5815c

SHA256
c137f7a105410e5df555570ead0e0b952f6f3bfa60129eb6bed9407b1f346834

SHA512
68aa30ee6b0296e6b006422927a0b40172b314f1c4e03e76379ed3567c3c68742f585762a895bd98cee1e8f6b8db66804560cb55ac85cede22bb0d8d848c0554

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
20537455e2804bad42838858b199668f

SHA1
9a5612bbf1b02978bf25f711f70ddf1b20e3b0d1

SHA256
cf2b4db60d42d29a3ce22f745f8f0fe53226968233bb5e211161bd0068fdb46e

SHA512
d30f4c5fe052efd52520ddd3a9e73e05435241d5db92c0a62da614c56da74420a1b5b631b51d913db145395bf9d7c2b8bb075219e59a3e0ac25066f664d98762

Download Submit
memory/224-7-0x0000000000810000-0x0000000000877000-memory.dmp

Filesize
412KB

Download
memory/224-1-0x0000000000810000-0x0000000000877000-memory.dmp

Filesize
412KB

Download
memory/224-6-0x0000000000810000-0x0000000000877000-memory.dmp

Filesize
412KB

Download
memory/224-20-0x0000000000400000-0x00000000005DD000-memory.dmp

Filesize
1.9MB

Download
memory/224-182-0x0000000000400000-0x00000000005DD000-memory.dmp

Filesize
1.9MB

Download
memory/224-0-0x0000000000400000-0x00000000005DD000-memory.dmp

Filesize
1.9MB

Download
memory/1544-221-0x0000000140000000-0x0000000140269000-memory.dmp

Filesize
2.4MB

Download
memory/1544-235-0x0000000140000000-0x0000000140269000-memory.dmp

Filesize
2.4MB

Download
memory/1544-232-0x0000000000D00000-0x0000000000D60000-memory.dmp

Filesize
384KB

Download
memory/1544-222-0x0000000000D00000-0x0000000000D60000-memory.dmp

Filesize
384KB

Download
memory/1544-229-0x0000000000D00000-0x0000000000D60000-memory.dmp

Filesize
384KB

Download
memory/1752-297-0x0000000140000000-0x000000014026E000-memory.dmp

Filesize
2.4MB

Download
memory/1752-247-0x0000000000820000-0x0000000000880000-memory.dmp

Filesize
384KB

Download
memory/1752-237-0x0000000000820000-0x0000000000880000-memory.dmp

Filesize
384KB

Download
memory/1752-238-0x0000000140000000-0x000000014026E000-memory.dmp

Filesize
2.4MB

Download
memory/2528-103-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/2528-186-0x0000000140000000-0x0000000140248000-memory.dmp

Filesize
2.3MB

Download
memory/2528-104-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/2528-98-0x0000000140000000-0x0000000140248000-memory.dmp

Filesize
2.3MB

Download
memory/3088-206-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3088-207-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3088-295-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3088-216-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3932-220-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3932-183-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3932-200-0x0000000000840000-0x00000000008A0000-memory.dmp

Filesize
384KB

Download
memory/3932-213-0x0000000000840000-0x00000000008A0000-memory.dmp

Filesize
384KB

Download
memory/3932-185-0x0000000000840000-0x00000000008A0000-memory.dmp

Filesize
384KB

Download
memory/4500-188-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4500-187-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4500-201-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/4500-245-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4584-96-0x0000000140000000-0x0000000140249000-memory.dmp

Filesize
2.3MB

Download
memory/4584-26-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/4584-19-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/4584-13-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/4584-12-0x0000000140000000-0x0000000140249000-memory.dmp

Filesize
2.3MB

Download