osiris | 90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa

Resubmissions

17/04/2024, 12:16

240417-pfx1vsfh7v 10

17/04/2024, 12:16

17/04/2024, 12:16

17/04/2024, 12:16

17/04/2024, 12:16

16/04/2024, 13:45

Analysis

max time kernel
303s
max time network
308s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
Size

1.3MB
MD5

1ca13ce3fd4bc03072da2c09923cea0d
SHA1

a7e301c835a2543778751ccd37d4d442f18f19fe
SHA256

90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa
SHA512

54be0c00ec5f5f1d8663e912ebb503f41a94ff003babf4ed9c49bc2ead32ec46127ea191014e2e607e5395104626d2d2b4af8f3bad8c04684d101a0f76d8e09d
SSDEEP

12288:hD0Yxtmgcj3DKjs16MKYIjhy+AC5j6vfNqr:hQYxtmiEEYIjhyQj6vfNqr

Score

10^/10

osiris banker botnet

Malware Config

Signatures

Osiris
banker botnet osiris

Executes dropped EXE 1 IoCs

pid	Process
404	GetX64BTIT.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
51	api.ipify.org
52	api.ipify.org

Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.

Proxy
T1090

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 404	2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe	92
PID 2332 wrote to memory of 404	2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe	92
PID 2332 wrote to memory of 1756	2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe	78
PID 2332 wrote to memory of 824	2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe	79
PID 2332 wrote to memory of 3996	2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe	80
PID 2332 wrote to memory of 2848	2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe	81
PID 2332 wrote to memory of 1700	2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe	82
PID 2332 wrote to memory of 4260	2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe	84
PID 2332 wrote to memory of 5048	2332	90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe	85
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101
PID 1756 wrote to memory of 4536	1756	msedge.exe	101

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2f0,0x7ffece862e98,0x7ffece862ea4,0x7ffece862eb0
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2400 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3276 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3380 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=5288 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=5500 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3748 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3788 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:5056

C:\Users\Admin\AppData\Local\Temp\90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe
"C:\Users\Admin\AppData\Local\Temp\90f68e40e22da341888a881fa701d0a26adbfb8a62693044d137826fc1c677fa.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
  "C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"
  2⤵
  - Executes dropped EXE
  PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

T1090

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
6e1cc8de752d1d1bfb20e4f69efe9dea

SHA1
e884e39b1229084d74d2b10d12b4ec0286683805

SHA256
1bba9e6f66a5db9e54c1623c2f48994bf4b56a407db2f83644d3aad1022cf3a2

SHA512
43695be46f6111ac0d110f5cb41523ac295d89a50eddc3b7b3069ffd8629038ae71f7b0af528027c3c50f8d40f607a93029355eb08623d5562c255aa2d78791d

Download Submit
C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe

Filesize
3KB

MD5
b4cd27f2b37665f51eb9fe685ec1d373

SHA1
7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0

SHA256
91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581

SHA512
e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\x64btit.txt

Filesize
28B

MD5
2b9f2aee997e0651203d77fc92a18242

SHA1
b59da44ec1820348ef0822cf8e7a51754a9aa8b7

SHA256
c1128af16d7dc51f0f4a7c0be5bcd45db7c987b579e18f1bb7ed85fd8661b0aa

SHA512
f5ea16b0244d8cf698d0b7c5587bb17e084c501f04eaef70e32957f4ace375cc15eef6329af7adf4e370dfbcd80e6d22710ea52c6cf5e4e8e81cee5344c61cc0

Download Submit
memory/2332-21-0x0000000005510000-0x0000000005577000-memory.dmp

Filesize
412KB

Download
memory/2332-45-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-8-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-6-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-14-0x0000000000400000-0x00000000051BC000-memory.dmp

Filesize
77.7MB

Download
memory/2332-5-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-16-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-17-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-19-0x0000000005590000-0x0000000005690000-memory.dmp

Filesize
1024KB

Download
memory/2332-1-0x0000000005590000-0x0000000005690000-memory.dmp

Filesize
1024KB

Download
memory/2332-23-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-26-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-44-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-7-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-48-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-51-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-52-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-63-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-65-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-66-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-4-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-75-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-3-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download
memory/2332-2-0x0000000005510000-0x0000000005577000-memory.dmp

Filesize
412KB

Download
memory/2332-89-0x0000000005690000-0x0000000005756000-memory.dmp

Filesize
792KB

Download