Overview

overview

10

Static

static

3

51e9ae4378...05.exe

windows7-x64

51e9ae4378...05.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2024 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51e9ae4378cb38ff331ad95f35cba605.exe

  • Size

    660KB

  • MD5

    51e9ae4378cb38ff331ad95f35cba605

  • SHA1

    8b37a8eb9536972a6bada81d92c109f76ef4b292

  • SHA256

    e56c3eed11cf94d29ac1c24369887112b374e3053b371cafbbab9bc176e12b77

  • SHA512

    5da0a8dc125c2d2cd23ab737e0d9b7a1ee65b21629bbdc867f6890d3a93c20f0c03784184c31a4953a62fb2a4c4e7ff05a81901185db1e3848dc7d61aba845ba

  • SSDEEP

    12288:h8Rjc7UCAIf16KRBhc0ddzKwNkjOaOJ1zoKjquWO:ShNKf166c0dY9EyKOv

Score
10/10
blustealerzgratpersistenceratstealer

Malware Config

Extracted

Family

blustealer

Credentials

  • Protocol:     smtp
  • Host:
    efinancet.shop
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    hXRv^@_E-~Nk

Signatures

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer
  • Detect ZGRat V1 34 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51e9ae4378cb38ff331ad95f35cba605.exe
    "C:\Users\Admin\AppData\Local\Temp\51e9ae4378cb38ff331ad95f35cba605.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:796
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4808
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:404
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:5096
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1608
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4448
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4788
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4548
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2100
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4080
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2944
    • C:\Users\Admin\AppData\Local\Temp\51e9ae4378cb38ff331ad95f35cba605.exe
      C:\Users\Admin\AppData\Local\Temp\51e9ae4378cb38ff331ad95f35cba605.exe
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
    Filesize

    2KB

    MD5

    0774a05ce5ee4c1af7097353c9296c62

    SHA1

    658ff96b111c21c39d7ad5f510fb72f9762114bb

    SHA256

    d9c5347ed06755feeb0615f1671f6b91e2718703da0dbc4b0bd205cbd2896dd4

    SHA512

    104d69fc4f4aaa5070b78ada130228939c7e01436351166fe51fe2da8a02f9948e6d92dd676f62820da1813872b91411e2f863c9a98a760581ec34d4aa354994

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
    Filesize

    53KB

    MD5

    d4d8cef58818612769a698c291ca3b37

    SHA1

    54e0a6e0c08723157829cea009ec4fe30bea5c50

    SHA256

    98fd693b92a71e24110ce7d018a117757ffdfe0e551a33c5fa5d8888a2d74fb0

    SHA512

    f165b1dde8f251e95d137a466d9bb77240396e289d1b2f8f1e9a28a6470545df07d00da6449250a1a0d73364c9cb6c00fd6229a385585a734da1ac65ac7e57f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    19KB

    MD5

    135ae5e530817c5f7c66057e1858f1e8

    SHA1

    731f4e9404edc943510519f7b86cba1a0bc4790f

    SHA256

    85248c5848605562f3d63808f6e322e378347184bfb300be09ec4bae4d4e4ef6

    SHA512

    b70cf7f4b982896879ea718bd4515dc459f061bd6d7a5cdca27e796718234daa481c7a3da662a3a489338e77d2b12427da363317cb92f890a675daf7fcc1562d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    18KB

    MD5

    53bdb994ddc4d77e7880e568208f0d0a

    SHA1

    aecb34af440157694f8f179c95e7337d12df6e17

    SHA256

    1f9464d5c2e8bc9d9ee006e0cfb49e2998779120f64303f0bfda02f384fec7fd

    SHA512

    a68bf1f119fb44b138d81cb860ac702705b60b5168c833f8354780b4e9ef7c68ea3b6168f42e8185132ef85c04132f05bedc4617a3fef160fb7daef836c984cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    19KB

    MD5

    decf5e0632539db838aa168ae3bec5dd

    SHA1

    790d49d68a6a63fb2a58897589bda828478b2281

    SHA256

    7a17d0afce32fab514ea422c97eb3856382db374dcea745b2e939070c19434f8

    SHA512

    12d13ac5384e8339fde5be6b312a20fce4eecdfc4b223fca5d66399ffb7036b1d066a495c3ebc9c01426bfd1d5eb2542ec094c5097f19b9dd92dc8cb80e36cc5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    18KB

    MD5

    5855a93d02baa35af416f7303374dd7a

    SHA1

    d76e88fff90ed358b5b9324512cd14837ac18d53

    SHA256

    4575a197df96914a4f16b6928b20a2b5ac3655b458f2b7c68c8a75589dd33a5e

    SHA512

    100628bc859f2f06c9dc990c9ddaa25ebb301e89aaf33a811f4a4184589ccbbdc1eda3ba4de126fbac91bbee8add9ac9a5d9da430909998dfddf2687d802fbcd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    18KB

    MD5

    cf2a4eff64f9b5760f25d2b3e5188601

    SHA1

    2afa06f6f86fcc050b18372f77391b726bf31a40

    SHA256

    2df4d110e2657ba53efcfd5db5b749270eb97c93a48e8dc96df43d83e1afeab5

    SHA512

    56d9e9b319f7d2752cff0e688989354a38539d77d3bcf24de40adb5a37a8154c82481ce4d2d5b9887b31193c30e507f930ea679e77639d6b2bdf3a34a7328551

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    20KB

    MD5

    6e3485ef4f0392e249058b41492a85ea

    SHA1

    7a3e84fa402d07a682f631be1583924b9e6978ab

    SHA256

    a2b93418a0076b17152ae99210a5ddaa6aae71372997517bdf4946f77ffc9631

    SHA512

    03225cbda570b8400e69d072138344ac0f2f4b2674e6b16d88f4fcbf56c1f2351aa776ed2562c515775b5e3a80db55a42d1bd4c67ac289ce7d8aef704a2c5f43

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    18KB

    MD5

    2af8238b4dec5718705774bb2b4e7422

    SHA1

    e26046d318a89bd1d652aa5814bcecb941428da7

    SHA256

    cce1f74d53761b9d55266e59bcb332cd013d5f117f37f18ece90a22e77b5828b

    SHA512

    524e85b35d6656103b245615a09534cacbc0333086e979126ece36ee62ad43be55f829300c285c0cbd878d881c2d5e477090c308aabf66a08248380f196c83e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    18KB

    MD5

    0bbf35884c96a4d32449f6aeb7454167

    SHA1

    7f0ee5f413277641bfbb0dd4420ea1b7ab854595

    SHA256

    b02fc4cd4323701994602e4c5743eb3097d75e899e6e815e6cd63cc7cfff0990

    SHA512

    46b2a78b8f46927a6aa96d23687d1bc82ffa259b4753a042dff3d10245c9a3b21196f835389f347ce4a9c8cabe15704832e298e11eb38c882b8a7ff03323d626

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    19KB

    MD5

    bad940d8cead0f7a6794e4f2a7a8219e

    SHA1

    e08db310628dc9568ae7156f08b9830874fe4f2f

    SHA256

    cfc99380f0bb4c32060dc72d25f786365c8b1e49f979e20dc8f00981cd287296

    SHA512

    36a3bae2fbf9d16f8694bb37e1d82c44dca915f6fa09580a17c21b857b32c210814072e2d129016a3d148bcbde48e0840a0b2ed40884a9f221f3b7f72a561f99

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sc35qy1p.hse.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/404-51-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/404-38-0x00000000053D0000-0x00000000053E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/404-37-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/796-218-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-2-0x00000000055F0000-0x0000000005B94000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/796-2352-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/796-175-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-176-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-180-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-29-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/796-182-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-186-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-35-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/796-188-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-190-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-192-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-194-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-196-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-200-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-202-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-206-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-212-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-214-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-222-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-224-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-226-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-230-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-234-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-236-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-238-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-232-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-228-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-220-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-0-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/796-216-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-208-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-210-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-204-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-5-0x0000000004FC0000-0x0000000004FCA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/796-198-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-184-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-4-0x0000000004EB0000-0x0000000004EC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/796-178-0x0000000006210000-0x0000000006279000-memory.dmp

    Filesize

    420KB

    Download

  • memory/796-174-0x0000000006210000-0x000000000627E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/796-173-0x0000000000B50000-0x0000000000B6E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/796-172-0x0000000000EC0000-0x0000000000F68000-memory.dmp

    Filesize

    672KB

    Download

  • memory/796-3-0x0000000004F20000-0x0000000004FB2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/796-171-0x0000000000AA0000-0x0000000000B16000-memory.dmp

    Filesize

    472KB

    Download

  • memory/796-1-0x0000000000470000-0x000000000051C000-memory.dmp

    Filesize

    688KB

    Download

  • memory/1608-79-0x0000000005790000-0x0000000005AE4000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1608-69-0x0000000002620000-0x0000000002630000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1608-82-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1608-67-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/1608-68-0x0000000002620000-0x0000000002630000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2100-140-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2100-128-0x0000000004F70000-0x0000000004F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2100-127-0x0000000004F70000-0x0000000004F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2100-126-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2944-157-0x0000000002660000-0x0000000002670000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2944-170-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2944-158-0x0000000002660000-0x0000000002670000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2944-156-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4080-142-0x00000000022C0000-0x00000000022D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4080-141-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4080-155-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4080-143-0x00000000022C0000-0x00000000022D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4448-83-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4448-96-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4448-84-0x0000000002440000-0x0000000002450000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4524-2353-0x0000000000400000-0x000000000047A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4548-113-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4548-125-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4788-97-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4788-99-0x0000000005090000-0x00000000050A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4788-105-0x0000000005D00000-0x0000000006054000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4788-98-0x0000000005090000-0x00000000050A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4788-112-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4808-13-0x0000000005540000-0x00000000055A6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4808-34-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4808-6-0x0000000002270000-0x00000000022A6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4808-9-0x0000000002220000-0x0000000002230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4808-25-0x0000000005BA0000-0x0000000005BEC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4808-28-0x00000000060A0000-0x00000000060C2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4808-27-0x0000000006050000-0x000000000606A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4808-8-0x0000000002220000-0x0000000002230000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4808-10-0x0000000004D00000-0x0000000005328000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/4808-11-0x0000000004C80000-0x0000000004CA2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4808-12-0x0000000005460000-0x00000000054C6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4808-7-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4808-23-0x00000000056B0000-0x0000000005A04000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4808-24-0x0000000005B60000-0x0000000005B7E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4808-30-0x0000000007DE0000-0x000000000845A000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4808-26-0x00000000060D0000-0x0000000006166000-memory.dmp

    Filesize

    600KB

    Download

  • memory/5096-52-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/5096-53-0x00000000029F0000-0x0000000002A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5096-54-0x00000000029F0000-0x0000000002A00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5096-66-0x00000000744D0000-0x0000000074C80000-memory.dmp

    Filesize

    7.7MB

    Download