purelogs | f6dfae75fd23c0446ec1721994cf2530c66bd76366423176414747b39153bf58

Analysis

max time kernel
7s
max time network
439s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
09-12-2023 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CyberGhostVPNSetup (2).exe
Size

127KB
MD5

fd093f3100a56b710c50d41667da7e2b
SHA1

5ec9063e4380f642d2a551da76fd4d3f00fd4c96
SHA256

f6dfae75fd23c0446ec1721994cf2530c66bd76366423176414747b39153bf58
SHA512

d3daebf6e3669a4b2a944e60d97c86fd31878cea66e252f05ea8d23f92c1f02ef8e6f4dda250b979a9b9df3fa71dc43c4ab98e2cae52e7687861d1e9a3dd09c0
SSDEEP

3072:ACNd5JY06+ywjDnJShh8N7JNzFrxO/DLxPO4GV:TNVPtVQ7LtOz

Score

10^/10

purelogs stealer

Malware Config

Signatures

Detect PureLogs payload 1 IoCs

resource	yara_rule
behavioral2/memory/3084-58-0x000001E73C560000-0x000001E73C5A6000-memory.dmp	family_purelogs

PureLogs
PureLogs is an infostealer written in C#.
stealer purelogs
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Control Panel\International\Geo\Nation	CyberGhostVPNSetup (2).exe

Executes dropped EXE 1 IoCs

pid	Process
3084	759852cb-80b0-41ff-9693-434ff9b4e818.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\794e1281-90b0-4ba7-85fc-f1deafd114cd\Installer.log	759852cb-80b0-41ff-9693-434ff9b4e818.exe
File created	C:\Program Files\794e1281-90b0-4ba7-85fc-f1deafd114cd\759852cb-80b0-41ff-9693-434ff9b4e818.exe	CyberGhostVPNSetup (2).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	CyberGhostVPNSetup (2).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	CyberGhostVPNSetup (2).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	CyberGhostVPNSetup (2).exe
Key created	\REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C	CyberGhostVPNSetup (2).exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C\Blob = 030000000100000014000000d89e3bd43d5d909b47a18977aa9d5ce36cee184c1400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb040000000100000010000000285ec909c4ab0d2d57f5086b225799aa0f000000010000003000000013baa039635f1c5292a8c2f36aae7e1d25c025202e9092f5b0f53f5f752dfa9c71b3d1b8d9a6358fcee6ec75622fabf9190000000100000010000000ea6089055218053dd01e37e1d806eedf5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000850500003082058130820469a00302010202103972443af922b751d7d36c10dd313595300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3139303331323030303030305a170d3238313233313233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c05000382010100188751dc74213d9c8ae027b733d02eccecf0e6cb5e11de226f9b758e9e72fee4d6feaa1f9c962def034a7eaef48d6f723c433bc03febb8df5caaa9c6aef2fcd8eea37b43f686367c14e0cdf4f73ffedeb8b48af09196fefd43647efdccd201a17d7df81919c9422b13bf588bbaa4a266047688914e0c8914cea24dc932b3bae8141abc71f15bf0410b98000a220310e50cb1f9cd923719ed3bf1e43ab6f945132675afbbaaef3f7b773bd2c402913d1900d3175c39db3f7b180d45cd9385962f5ddf59164f3f51bdd545183fed4a8ee80661742316b50d50732744477f105d892a6b853114c4e8a96a4c80bc6a78cfb87f8e7672990c9dfed7910816a1a35f95	CyberGhostVPNSetup (2).exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1648	CyberGhostVPNSetup (2).exe
Token: SeSecurityPrivilege	1648	CyberGhostVPNSetup (2).exe
Token: SeDebugPrivilege	3084	759852cb-80b0-41ff-9693-434ff9b4e818.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 3084	1648	CyberGhostVPNSetup (2).exe	89
PID 1648 wrote to memory of 3084	1648	CyberGhostVPNSetup (2).exe	89

C:\Users\Admin\AppData\Local\Temp\CyberGhostVPNSetup (2).exe
"C:\Users\Admin\AppData\Local\Temp\CyberGhostVPNSetup (2).exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Program Files\794e1281-90b0-4ba7-85fc-f1deafd114cd\759852cb-80b0-41ff-9693-434ff9b4e818.exe
  "C:\Program Files\794e1281-90b0-4ba7-85fc-f1deafd114cd\759852cb-80b0-41ff-9693-434ff9b4e818.exe" "C:\Users\Admin\AppData\Local\Temp\CyberGhostVPNSetup (2).exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  PID:3084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\794e1281-90b0-4ba7-85fc-f1deafd114cd\759852cb-80b0-41ff-9693-434ff9b4e818.exe

Filesize
5.0MB

MD5
72540194bd451dac050609406eb50a56

SHA1
57c33ec10f90f81f6abc612b4d251510c36ebd6b

SHA256
3a18d5fd76abcfe537d78457dab4797231af313028b5594231f019245c5f7a74

SHA512
ec9b24c877e82269aba78701a9828879e8b91580c4d3002227ee18868b8db76b6c0fba08e687aba1ea3127eea05e37124e2b615c224b33e4dac2512dbefb3444

Download Submit
C:\Program Files\794e1281-90b0-4ba7-85fc-f1deafd114cd\759852cb-80b0-41ff-9693-434ff9b4e818.exe

Filesize
5.0MB

MD5
72540194bd451dac050609406eb50a56

SHA1
57c33ec10f90f81f6abc612b4d251510c36ebd6b

SHA256
3a18d5fd76abcfe537d78457dab4797231af313028b5594231f019245c5f7a74

SHA512
ec9b24c877e82269aba78701a9828879e8b91580c4d3002227ee18868b8db76b6c0fba08e687aba1ea3127eea05e37124e2b615c224b33e4dac2512dbefb3444

Download Submit
C:\Program Files\794e1281-90b0-4ba7-85fc-f1deafd114cd\759852cb-80b0-41ff-9693-434ff9b4e818.exe

Filesize
5.0MB

MD5
72540194bd451dac050609406eb50a56

SHA1
57c33ec10f90f81f6abc612b4d251510c36ebd6b

SHA256
3a18d5fd76abcfe537d78457dab4797231af313028b5594231f019245c5f7a74

SHA512
ec9b24c877e82269aba78701a9828879e8b91580c4d3002227ee18868b8db76b6c0fba08e687aba1ea3127eea05e37124e2b615c224b33e4dac2512dbefb3444

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpAFD7.tmp

Filesize
2KB

MD5
647f843626b023aaaa748f924f95ac25

SHA1
652cacf99409e3dcd39b6eb8839c16d22b1800e8

SHA256
732dee732e0261afbfba21eca43008a5009cfc9e4c405ece8826a9746564cceb

SHA512
61093dcbe07efa5bdffec4933243168bf40b8159bc5a9840552bc3ea8e7c129156276a8548c658e5267bf0b8c4448dcb5c8ab10140c72ed48eb8910c075022fa

Download Submit
memory/1648-0-0x00000000001E0000-0x0000000000202000-memory.dmp

Filesize
136KB

Download
memory/1648-1-0x00007FFF7BA00000-0x00007FFF7C4C1000-memory.dmp

Filesize
10.8MB

Download
memory/1648-2-0x000000001AED0000-0x000000001AEE0000-memory.dmp

Filesize
64KB

Download
memory/1648-3-0x000000001BDC0000-0x000000001BF82000-memory.dmp

Filesize
1.8MB

Download
memory/1648-4-0x000000001C4C0000-0x000000001C9E8000-memory.dmp

Filesize
5.2MB

Download
memory/1648-103-0x000000001AED0000-0x000000001AEE0000-memory.dmp

Filesize
64KB

Download
memory/1648-100-0x00007FFF7BA00000-0x00007FFF7C4C1000-memory.dmp

Filesize
10.8MB

Download
memory/3084-66-0x000001E73D490000-0x000001E73D498000-memory.dmp

Filesize
32KB

Download
memory/3084-73-0x000001E7220C0000-0x000001E7220D0000-memory.dmp

Filesize
64KB

Download
memory/3084-52-0x000001E7239A0000-0x000001E7239A8000-memory.dmp

Filesize
32KB

Download
memory/3084-53-0x000001E723B10000-0x000001E723BA4000-memory.dmp

Filesize
592KB

Download
memory/3084-54-0x000001E7220B0000-0x000001E7220BA000-memory.dmp

Filesize
40KB

Download
memory/3084-55-0x000001E723AB0000-0x000001E723ABA000-memory.dmp

Filesize
40KB

Download
memory/3084-56-0x000001E73C3D0000-0x000001E73C470000-memory.dmp

Filesize
640KB

Download
memory/3084-57-0x000001E723AE0000-0x000001E723AFA000-memory.dmp

Filesize
104KB

Download
memory/3084-58-0x000001E73C560000-0x000001E73C5A6000-memory.dmp

Filesize
280KB

Download
memory/3084-59-0x000001E73C6F0000-0x000001E73C6FE000-memory.dmp

Filesize
56KB

Download
memory/3084-60-0x000001E73C700000-0x000001E73C72A000-memory.dmp

Filesize
168KB

Download
memory/3084-61-0x000001E73C730000-0x000001E73C738000-memory.dmp

Filesize
32KB

Download
memory/3084-62-0x000001E73CA30000-0x000001E73CA38000-memory.dmp

Filesize
32KB

Download
memory/3084-63-0x000001E73CD90000-0x000001E73CD98000-memory.dmp

Filesize
32KB

Download
memory/3084-64-0x000001E73D390000-0x000001E73D398000-memory.dmp

Filesize
32KB

Download
memory/3084-65-0x000001E73D430000-0x000001E73D438000-memory.dmp

Filesize
32KB

Download
memory/3084-67-0x000001E73D4D0000-0x000001E73D4D8000-memory.dmp

Filesize
32KB

Download
memory/3084-50-0x000001E723A10000-0x000001E723AA6000-memory.dmp

Filesize
600KB

Download
memory/3084-69-0x000001E73D6D0000-0x000001E73D6D8000-memory.dmp

Filesize
32KB

Download
memory/3084-68-0x000001E73D670000-0x000001E73D678000-memory.dmp

Filesize
32KB

Download
memory/3084-70-0x000001E73D7B0000-0x000001E73D7B8000-memory.dmp

Filesize
32KB

Download
memory/3084-71-0x000001E73D830000-0x000001E73D838000-memory.dmp

Filesize
32KB

Download
memory/3084-72-0x000001E73D990000-0x000001E73D9A6000-memory.dmp

Filesize
88KB

Download
memory/3084-51-0x000001E722090000-0x000001E722098000-memory.dmp

Filesize
32KB

Download
memory/3084-75-0x000001E73FB60000-0x000001E73FB68000-memory.dmp

Filesize
32KB

Download
memory/3084-74-0x000001E73FB50000-0x000001E73FB58000-memory.dmp

Filesize
32KB

Download
memory/3084-76-0x000001E7220C0000-0x000001E7220D0000-memory.dmp

Filesize
64KB

Download
memory/3084-78-0x000001E73FFE0000-0x000001E73FFEE000-memory.dmp

Filesize
56KB

Download
memory/3084-77-0x000001E740010000-0x000001E740048000-memory.dmp

Filesize
224KB

Download
memory/3084-80-0x000001E740FE0000-0x000001E74101A000-memory.dmp

Filesize
232KB

Download
memory/3084-79-0x000001E740050000-0x000001E740088000-memory.dmp

Filesize
224KB

Download
memory/3084-49-0x000001E7220C0000-0x000001E7220D0000-memory.dmp

Filesize
64KB

Download
memory/3084-95-0x000001E741050000-0x000001E741072000-memory.dmp

Filesize
136KB

Download
memory/3084-96-0x000001E73FFF0000-0x000001E73FFFA000-memory.dmp

Filesize
40KB

Download
memory/3084-97-0x000001E741080000-0x000001E7410BA000-memory.dmp

Filesize
232KB

Download
memory/3084-98-0x000001E7410C0000-0x000001E741172000-memory.dmp

Filesize
712KB

Download
memory/3084-99-0x000001E741170000-0x000001E741182000-memory.dmp

Filesize
72KB

Download
memory/3084-47-0x000001E721760000-0x000001E721C70000-memory.dmp

Filesize
5.1MB

Download
memory/3084-102-0x000001E7220C0000-0x000001E7220D0000-memory.dmp

Filesize
64KB

Download
memory/3084-101-0x000001E7220C0000-0x000001E7220D0000-memory.dmp

Filesize
64KB

Download
memory/3084-48-0x00007FFF7BA00000-0x00007FFF7C4C1000-memory.dmp

Filesize
10.8MB

Download
memory/3084-104-0x00007FFF7BA00000-0x00007FFF7C4C1000-memory.dmp

Filesize
10.8MB

Download
memory/3084-105-0x000001E7220C0000-0x000001E7220D0000-memory.dmp

Filesize
64KB

Download
memory/3084-106-0x000001E7220C0000-0x000001E7220D0000-memory.dmp

Filesize
64KB

Download
memory/3084-107-0x000001E7220C0000-0x000001E7220D0000-memory.dmp

Filesize
64KB

Download
memory/3084-109-0x000001E7220C0000-0x000001E7220D0000-memory.dmp

Filesize
64KB

Download
memory/3084-108-0x000001E7220C0000-0x000001E7220D0000-memory.dmp

Filesize
64KB

Download