6b6b90288f74c08faf4d42b41303fcf607e3132a198ae1c894d9de187b6dc9fd

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6b6b90288f74c08faf4d42b41303fcf607e3132a198ae1c894d9de187b6dc9fd.exe
Size

1.2MB
MD5

882d4e04990549255d8583c5dc654bfe
SHA1

7101a351e5965f30b434997ca7873bd0a116bf6c
SHA256

6b6b90288f74c08faf4d42b41303fcf607e3132a198ae1c894d9de187b6dc9fd
SHA512

218361f7d048b1eb13189cebb872058bea7204ec3f1b3133f06a5f133ca31614e8a8c5a20abdae95fcf5abcf9f5a17e9d311854d76a37ecfbb05537260144d4e
SSDEEP

24576:I99B275YAKEF+tS5ArDZRUgYLatuCSQf:Il27GAK/tlRtYLat

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 11 IoCs

pid	Process
528	alg.exe
5108	elevation_service.exe
4352	elevation_service.exe
1744	maintenanceservice.exe
1148	OSE.EXE
3528	DiagnosticsHub.StandardCollector.Service.exe
1644	fxssvc.exe
936	msdtc.exe
3648	PerceptionSimulationService.exe
1588	perfhost.exe
3800	locator.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\msdtc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\5850b9531222d1c.bin	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	elevation_service.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\locator.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	elevation_service.exe
File opened for modification	C:\Windows\System32\alg.exe	6b6b90288f74c08faf4d42b41303fcf607e3132a198ae1c894d9de187b6dc9fd.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	elevation_service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	elevation_service.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_109750\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	elevation_service.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
644	Process not Found
644	Process not Found

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4152	6b6b90288f74c08faf4d42b41303fcf607e3132a198ae1c894d9de187b6dc9fd.exe
Token: SeDebugPrivilege	528	alg.exe
Token: SeDebugPrivilege	528	alg.exe
Token: SeDebugPrivilege	528	alg.exe
Token: SeTakeOwnershipPrivilege	5108	elevation_service.exe
Token: SeAuditPrivilege	1644	fxssvc.exe

C:\Users\Admin\AppData\Local\Temp\6b6b90288f74c08faf4d42b41303fcf607e3132a198ae1c894d9de187b6dc9fd.exe
"C:\Users\Admin\AppData\Local\Temp\6b6b90288f74c08faf4d42b41303fcf607e3132a198ae1c894d9de187b6dc9fd.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:4152

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4352

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1744

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1148

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:3528

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2348

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1644

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:936

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:3648

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:1588

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:3800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
434KB

MD5
4dc7ec9002a12c227444f6929bb1a808

SHA1
1013b826edf2b29d009ab74ca57c90757b88b5b4

SHA256
9c934137f6cb20c0bb6b82db5269902137176cd4009b3f062826bdc9c3a0eaba

SHA512
957ec625b809b5140fec738311212328872f3427325141a6db9687432ced488a1dc1e067c738d3cffb29e675049a398c0252d77db079098dbf5f1c8826e50194

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.3MB

MD5
3883bd85b09b69f013340d4eefa23da1

SHA1
57057db187ab453586d73da78a16bea02440d840

SHA256
2692786b549c57d0b4b0289e9462b1319f9df598084c4195d3580336499c6f99

SHA512
4d65c727563a77ce145f3052aa021978a57770b914f88d6a050e7cb1c99fa2140badd9d54384bd19f70226cca7e14039a3767b269241845374aa642f89ead3f6

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
275KB

MD5
b16f014c003659fd7869b279de3c061f

SHA1
7a2c4e0ad360c5da932d538585b6070a9969aae4

SHA256
0decb987882c7ba766d3b3260aae7288ccbe9a3161eb65a8a907dcb6f5c45736

SHA512
cd4f3e836f1b5843f36eb685e3ef65511d6329ae2fb8e113f77238bcea92e1cd11f609ca1febef5ee5820202df8cda1316d801ac5ec5a917474d58f56db7e734

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
252KB

MD5
054c257fe6af859a36e3fae87edba144

SHA1
c454c53a79fc65a5fcc7fcdba06a34deb9006ed4

SHA256
e01a5da049d226eff2a3e3d71fa4985d85909ae572c927acefc9728b78f8fd46

SHA512
eb3f5d2cad81527e276d986eea0343ada32ab3ded659cb5cb57fe31b4138039efe0ef55b1b962a5659ea19e84836774665b864210ca6f6bdb3d4cc262ed158d3

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
116KB

MD5
8c73b7f1d126971ff11b764beba62901

SHA1
aa7b7e58b2d4fd89ba10417443bf25cde6290750

SHA256
61383dc16d66c23f963c2bd6e5fa37b3e88a8dedd0cac4b99d4332f88feb2e6e

SHA512
8b12426e900e7b9a2696b6b6bee57a15fdd4efb9d8eae5b02f66128589b111c972fda6dcda1201008f3f9fdcca12769ec8418bbb3ea7252fb4b77f9c50a5725f

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.1MB

MD5
401b864e984b7a724b54d75bc251a31c

SHA1
e2a00b939c36be5533f05138c533673ba1fb0887

SHA256
1af936c2bde8ef03f98c78611de31694b0925da2b08e5a6b13d8fc3fb169a688

SHA512
9509be613d3eaf2491b7cb14848b28a760e35fec100776a531a6ab660d2e6c58e5bbc990516d7592fe7a68f43e3159fd8959f7bb8a582a8c99ba1485d0780ff4

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.2MB

MD5
65ccc556934535394d5aa24ce5a22692

SHA1
984a345ee8475a7a1db8f220606c75e4643a6963

SHA256
2767a9c9494a5a375cb5ccb3441bd6b3c43d7509d759117a778ac66c64ececc4

SHA512
f6de59701a3431ee48a2d875df432867aa4c29a8d35a8c00578d0f695458889b110fe3e99c896151e88e4e101e732c7742d4f94c8e49f20859e762d3e9417f19

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
aa29d18973fec6d6ea6f6a137d756e1f

SHA1
2ccfb66033f958b9a354844fd2c4082f857c795e

SHA256
b6124ca9196bc880b773d7fe636098614d3ea0bc7804cdd7f65763d266e0ff9a

SHA512
6d8513aa2c2e5bef88c9ddffac0e61fbc8516fcf8ce13b2b28f29c4ec397b58bf476afbaa04c456a78fa1d19990d90218e63192e177facfae313bc085bc9e819

Download Submit
C:\Windows\System32\Locator.exe

Filesize
786KB

MD5
3b84deb1fda1af7685e46a3ecb98e4e7

SHA1
f70c2c9918b706e439c7fec04071097303b08070

SHA256
16ac70c4f31ef0cda803406d0b46f4d584c5b98d7ea8297fe8d42acc8bde264a

SHA512
3d734aafccd979c24b45361046e62cee06019a12a10faf7f46677414f59978f2a751dbfaeded9a38577cfd6d5e72fa3b847468d700313c087c69abdb3c017bfa

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.2MB

MD5
20dc6894ebbfb99aac7eb233f086dc91

SHA1
28c4bd885ee745d72dc1a42ea4c34a40297a94f4

SHA256
9c9e17a9f1a5e6f231bbae2ef69a69eb11b794b47fe43964852c6382cec00e29

SHA512
5e09ed3c1b8a39227616f382c5ee77ec5306c971bd3644e831d86f074f9c35229ca971d25198b68756e8383d7da8673bd2505bc2f7d2236402e1740a113a0204

Download Submit
C:\Windows\System32\alg.exe

Filesize
587KB

MD5
944eab8935a1baf1129cc8bde337f9d9

SHA1
f091f4a4f8b96e5b730b4693e9cc9733b043903d

SHA256
e41a70cce5ffc01bc287155c44fdb0ec57f83bec9ed2e3b427ac6171b6460dea

SHA512
d1eebb11459e33b94eac6ae4e06e6517b1098dcb15942f59aea2327140fcd4a4e62f6077d05e7e3768c00f8925648f1d77152220cfa770bcce0e404f2d70d2dc

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.2MB

MD5
d904354178277b264fb917783ba9f2fb

SHA1
760b86993b431c92cfeea1591706b7749fabd631

SHA256
3aed1c08378f757c79b672173ac755e81dad78e29c8e061d6fe86096dfc531a2

SHA512
e07acb261537f13eab779dd1b837fea04e2f3d468f6f87b800b8e2104e189bf709188c05de14c8c99e9eaf95a71c8095a97c2393e911256dc81a8d596fcda594

Download Submit
memory/528-10-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/528-11-0x0000000140000000-0x000000014012E000-memory.dmp

Filesize
1.2MB

Download
memory/528-22-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/528-157-0x0000000140000000-0x000000014012E000-memory.dmp

Filesize
1.2MB

Download
memory/528-21-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/936-278-0x0000000000C90000-0x0000000000CF0000-memory.dmp

Filesize
384KB

Download
memory/936-312-0x0000000000C90000-0x0000000000CF0000-memory.dmp

Filesize
384KB

Download
memory/936-307-0x0000000140000000-0x000000014013D000-memory.dmp

Filesize
1.2MB

Download
memory/936-269-0x0000000140000000-0x000000014013D000-memory.dmp

Filesize
1.2MB

Download
memory/1148-64-0x00000000008D0000-0x0000000000930000-memory.dmp

Filesize
384KB

Download
memory/1148-65-0x0000000140000000-0x0000000140154000-memory.dmp

Filesize
1.3MB

Download
memory/1148-72-0x00000000008D0000-0x0000000000930000-memory.dmp

Filesize
384KB

Download
memory/1148-230-0x0000000140000000-0x0000000140154000-memory.dmp

Filesize
1.3MB

Download
memory/1588-300-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/1588-309-0x00000000005A0000-0x0000000000607000-memory.dmp

Filesize
412KB

Download
memory/1644-254-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1644-273-0x0000000000EC0000-0x0000000000F20000-memory.dmp

Filesize
384KB

Download
memory/1644-270-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/1644-262-0x0000000000EC0000-0x0000000000F20000-memory.dmp

Filesize
384KB

Download
memory/1644-255-0x0000000000EC0000-0x0000000000F20000-memory.dmp

Filesize
384KB

Download
memory/1744-49-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1744-56-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1744-62-0x0000000140000000-0x000000014014E000-memory.dmp

Filesize
1.3MB

Download
memory/1744-59-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/1744-50-0x0000000140000000-0x000000014014E000-memory.dmp

Filesize
1.3MB

Download
memory/3528-243-0x0000000140000000-0x000000014012D000-memory.dmp

Filesize
1.2MB

Download
memory/3528-285-0x0000000140000000-0x000000014012D000-memory.dmp

Filesize
1.2MB

Download
memory/3528-244-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/3528-250-0x00000000004C0000-0x0000000000520000-memory.dmp

Filesize
384KB

Download
memory/3648-284-0x0000000140000000-0x000000014012F000-memory.dmp

Filesize
1.2MB

Download
memory/3648-324-0x0000000140000000-0x000000014012F000-memory.dmp

Filesize
1.2MB

Download
memory/3648-293-0x0000000000BC0000-0x0000000000C20000-memory.dmp

Filesize
384KB

Download
memory/3800-321-0x0000000000750000-0x00000000007B0000-memory.dmp

Filesize
384KB

Download
memory/3800-313-0x0000000140000000-0x0000000140119000-memory.dmp

Filesize
1.1MB

Download
memory/4152-17-0x0000000000400000-0x0000000000539000-memory.dmp

Filesize
1.2MB

Download
memory/4152-6-0x0000000000BD0000-0x0000000000C37000-memory.dmp

Filesize
412KB

Download
memory/4152-0-0x0000000000400000-0x0000000000539000-memory.dmp

Filesize
1.2MB

Download
memory/4152-1-0x0000000000BD0000-0x0000000000C37000-memory.dmp

Filesize
412KB

Download
memory/4352-45-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4352-229-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4352-38-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4352-39-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/5108-228-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/5108-34-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download
memory/5108-28-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/5108-27-0x0000000000830000-0x0000000000890000-memory.dmp

Filesize
384KB

Download