3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461

Analysis

max time kernel
159s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
Size

1.8MB
MD5

2641cf0778fbd4fec901975b5ca8d4bc
SHA1

83e13c6029b548564d59cd643fe0251bb1c36d5b
SHA256

3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461
SHA512

33ad3a3fec4f0d4084c3d3e589c0c106ff353d54def77ff2270a715d2c85c1086153a780e4350dd4bb2c316135284d58f547656b50b705e739f3387ebd13da93
SSDEEP

49152:0x5SUW/cxUitIGLsF0nb+tJVYleAMz77+WA4e30jaNf1TWbdz:0vbjVkjjCAzJTU023W

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2456	alg.exe
2268	DiagnosticsHub.StandardCollector.Service.exe
548	fxssvc.exe
3532	elevation_service.exe
2780	elevation_service.exe
4356	maintenanceservice.exe
3004	OSE.EXE

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\6b2c3d8db3e2edcd.bin	alg.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_tr.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_156609\java.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_en.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_kn.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_sk.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_th.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_lv.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_sl.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\GoogleUpdateComRegisterShell64.exe	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\GoogleUpdateBroker.exe	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\GoogleUpdate.exe	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_ar.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_fi.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_ko.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_ru.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUT3247.tmp	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_cs.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_ro.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_is.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	alg.exe
File created	C:\Program Files (x86)\Google\Temp\GUM3246.tmp\goopdateres_et.dll	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\arh.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	alg.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1712	3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
Token: SeAuditPrivilege	548	fxssvc.exe
Token: SeDebugPrivilege	2456	alg.exe
Token: SeDebugPrivilege	2456	alg.exe
Token: SeDebugPrivilege	2456	alg.exe

C:\Users\Admin\AppData\Local\Temp\3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe
"C:\Users\Admin\AppData\Local\Temp\3f4977e53e1436f8039edac9358cfd6b6bf0657a32853135e11e7c9ce991a461.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1712

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2456

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:2268

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2980

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:548

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2780

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:4356

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:3456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\elevation_service.exe

Filesize
2.2MB

MD5
7ce08f6b31f6af1748480e9284b9aea5

SHA1
cbcc871613d22f00209415ef550f9999c121a829

SHA256
6f0c2887eea867e0a2c3fedea3a25b63ebfa3f036cf05f23e90befa6920a7d02

SHA512
b48ecf8b6619f3c94688eb5ee22a3d40edc0e9b154cb3663d6cfb7ba5ba3745cfc91dcf31dad0dd99ddde78a52896cab18a9b860e64bcf945461d58774f0e424

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
781KB

MD5
7857462080adf3e2260705a31b508f27

SHA1
dd9537735ac93b86db8f1672a91f889a3221a509

SHA256
8d2edca3ce94545c59223224c532f93c8537683ae12f8b04f60cb5bf5bdf4829

SHA512
c8e8aef39df31bc04e204d8e3b92a2372b9ad0a2e311e61e4dba0ff85f24f919ae401b28f7e95f89f32c95004bd58933ead17142575e0bc3ff9e15d963a6b6e6

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
9f7c40156e0e381e01dd231e8be4a94e

SHA1
07c24b185135178f884d038be7c94557a6fd9e32

SHA256
28cdf85331f5fd8519f36cc7b84e8f90b5d49800997416432ec55dc041827bfe

SHA512
ffa79e577fea24b787eeedd6d62d0abb71700d09642270fda3725cc8b9a2c6846ed4570c24ac8a7d490f5829bfeaed1a44f7d687416b43cb512ea928d66d0891

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
7fbd656282133f80bc698882c8097415

SHA1
78d1cdb2c0365253e2fe8761627da58adfb30767

SHA256
92333c51e3bc1db0618c2f91f46adf4a7956194a65cdc155e39bc782119db4f5

SHA512
81bf150a92444a332da47246ade43680d7bf07c4253565a7636807c3151ccc7c532e1d5305c26264cee49b4cb3f40edefef4e5e8af94b0a980c7d240a951884e

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
189ad52f0b22f5474af2cd8bdea3ea6f

SHA1
3bce9ee97788576fe4d474091efc424863a1a89f

SHA256
2fc5cffe78802c525a4c9d7dbd5a7d55989b787f8807140dfd2add3dcb3e5c10

SHA512
6f61e1be59f5270fb5a8cdfa5937d367f2bf872a256d412733d815bd454d819ab9b7f9d63d0d41d93b6236992f57d750d8f2e8c2e8933209999fe679fb4a20b4

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
215834daccd87c08eb8f2085cbe3420d

SHA1
a0a3c43aef84ea70e16afcdf41d8e1040dc1766a

SHA256
954764d2aa8dbb95d98edca4c691c7169b0ee7d03a07009cf19fa197ddd74155

SHA512
dfaa487762d90f4e9b8d9e29479b59685d81a26074c24af30664c616d2cee26a560add5637b48fcc8459a3ca58fa6b932c536201170cc31b9b6f1d514d3b85cd

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
3dd69adfe6ad1d7840e9826c7c54d626

SHA1
5ed7dd8e11d64699b6ec56aaff1f7afa1cb1a9ee

SHA256
144482f8d5edcf156b3dd8f48866c10e08919f2f448af3f91c7c7c0f36247ca4

SHA512
3bdc0f413bab010e96a57b3ea8c0c94a6a0bcf81044753ba011dd9c669e489b2ec987cf9b66799829440ad9b1ae5a3d47eadd99dbf82cc1a9cef30de278285ed

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
4ca25a703905e5e0fa8ddad427a15c62

SHA1
196bc4cf8fe93910c9d8cf01118ab0321ed7668f

SHA256
6060712ec28642ef3e680b776032020c20c20a72ad159eb2b509fe07307be411

SHA512
997989c1aa296b34427d84b68e2a7e43d33517ed46eb3823b770deaf90e73e9a8aae1a8bc4eaeb1014d23094b416a64243357103dc356a1203f5cff2dc5f71e1

Download Submit
memory/548-106-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/548-118-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/548-116-0x0000000000460000-0x00000000004C0000-memory.dmp

Filesize
384KB

Download
memory/548-114-0x0000000000460000-0x00000000004C0000-memory.dmp

Filesize
384KB

Download
memory/548-107-0x0000000000460000-0x00000000004C0000-memory.dmp

Filesize
384KB

Download
memory/1712-130-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1712-6-0x0000000002330000-0x0000000002397000-memory.dmp

Filesize
412KB

Download
memory/1712-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1712-7-0x0000000002330000-0x0000000002397000-memory.dmp

Filesize
412KB

Download
memory/1712-226-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/1712-1-0x0000000002330000-0x0000000002397000-memory.dmp

Filesize
412KB

Download
memory/2268-237-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2268-102-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/2268-94-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2268-95-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/2456-218-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2456-25-0x0000000000740000-0x00000000007A0000-memory.dmp

Filesize
384KB

Download
memory/2456-15-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2456-56-0x0000000000740000-0x00000000007A0000-memory.dmp

Filesize
384KB

Download
memory/2780-141-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/2780-133-0x0000000000990000-0x00000000009F0000-memory.dmp

Filesize
384KB

Download
memory/2780-134-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/2780-291-0x0000000140000000-0x0000000140245000-memory.dmp

Filesize
2.3MB

Download
memory/3004-330-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3004-230-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/3004-236-0x00000000007D0000-0x0000000000830000-memory.dmp

Filesize
384KB

Download
memory/3004-229-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3532-123-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3532-267-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3532-121-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/3532-128-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/4356-219-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4356-223-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4356-225-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/4356-221-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download