masslogger | 19c5d6ab953cd04cf91ba1370f14d527cf89de375c8a340ce3e34ef777cba84e

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Size

942KB
MD5

291d775d55a75bb207922bf0d28ce052
SHA1

50e259313a63370304c62d9b68b74152a08ef123
SHA256

19c5d6ab953cd04cf91ba1370f14d527cf89de375c8a340ce3e34ef777cba84e
SHA512

cd8e88564edb628714d0fcee6f01da1df21497ebd8015054678b7d46a379a4fa67b57866dfa34d71da80b336d9693623ce21edc2d18d69e9760f41a7d6df90b6
SSDEEP

12288:jymKWkYsoI8yZx+AC5iFY96R/uySH2qQQ0b2OTE/7jJbcN0Oc5slwA0MI2EJuuo8:5KWlALZsAIqR/uyRu/7eqOB2yHEJ/o

Score

10^/10

masslogger zgrat collection rat spyware stealer

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral2/memory/3804-14-0x0000000000400000-0x00000000004B8000-memory.dmp	family_zgrat_v1

MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
stealer spyware masslogger

MassLogger Main payload 1 IoCs

resource	yara_rule
behavioral2/memory/3804-14-0x0000000000400000-0x00000000004B8000-memory.dmp	family_masslogger

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Accesses Microsoft Outlook profiles 1 TTPs 42 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key opened	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
45	api.ipify.org

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1584 set thread context of 3804	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	101

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
972	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3804	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
3804	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
3804	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
Token: SeDebugPrivilege	3804	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3804	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 972	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	96
PID 1584 wrote to memory of 972	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	96
PID 1584 wrote to memory of 972	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	96
PID 1584 wrote to memory of 3780	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	98
PID 1584 wrote to memory of 3780	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	98
PID 1584 wrote to memory of 3780	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	98
PID 1584 wrote to memory of 3456	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	99
PID 1584 wrote to memory of 3456	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	99
PID 1584 wrote to memory of 3456	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	99
PID 1584 wrote to memory of 5112	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	100
PID 1584 wrote to memory of 5112	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	100
PID 1584 wrote to memory of 5112	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	100
PID 1584 wrote to memory of 3804	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	101
PID 1584 wrote to memory of 3804	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	101
PID 1584 wrote to memory of 3804	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	101
PID 1584 wrote to memory of 3804	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	101
PID 1584 wrote to memory of 3804	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	101
PID 1584 wrote to memory of 3804	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	101
PID 1584 wrote to memory of 3804	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	101
PID 1584 wrote to memory of 3804	1584	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe	101

outlook_office_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\&startupname&" /XML "C:\Users\Admin\AppData\Local\Temp\tmpED6D.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:972
- C:\Users\Admin\AppData\Local\Temp\291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
  "{path}"
  2⤵
  PID:3780
- C:\Users\Admin\AppData\Local\Temp\291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
  "{path}"
  2⤵
  PID:3456
- C:\Users\Admin\AppData\Local\Temp\291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
  "{path}"
  2⤵
  PID:5112
- C:\Users\Admin\AppData\Local\Temp\291d775d55a75bb207922bf0d28ce052_JaffaCakes118.exe
  "{path}"
  2⤵
  - Checks computer location settings
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - outlook_office_path
  - outlook_win_path
  PID:3804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpED6D.tmp

Filesize
1KB

MD5
5df9b30424a296ece9e128b71387780a

SHA1
caa84ce847983c574a00e20794e663c09f383441

SHA256
ba1e95d76b9b37fbc93d943078f956d07b82418a86445705fa45df51e8ab1f51

SHA512
748f540f3188b6344fb783731206538e7e7395f7b31212e982c80923b8eca3185fc223b80a39a9bf1ece4768caa9ea163caaa44649ae1468bcb2486915f97be9

Download Submit
memory/1584-10-0x0000000006790000-0x0000000006852000-memory.dmp

Filesize
776KB

Download
memory/1584-3-0x0000000005220000-0x00000000052B2000-memory.dmp

Filesize
584KB

Download
memory/1584-1-0x0000000000780000-0x0000000000872000-memory.dmp

Filesize
968KB

Download
memory/1584-4-0x00000000052D0000-0x00000000052DA000-memory.dmp

Filesize
40KB

Download
memory/1584-5-0x0000000074D80000-0x0000000075530000-memory.dmp

Filesize
7.7MB

Download
memory/1584-6-0x0000000008120000-0x00000000081BC000-memory.dmp

Filesize
624KB

Download
memory/1584-7-0x00000000053C0000-0x00000000053C8000-memory.dmp

Filesize
32KB

Download
memory/1584-8-0x0000000074D80000-0x0000000075530000-memory.dmp

Filesize
7.7MB

Download
memory/1584-20-0x0000000074D80000-0x0000000075530000-memory.dmp

Filesize
7.7MB

Download
memory/1584-0-0x0000000074D8E000-0x0000000074D8F000-memory.dmp

Filesize
4KB

Download
memory/1584-9-0x0000000008360000-0x0000000008426000-memory.dmp

Filesize
792KB

Download
memory/1584-2-0x0000000005720000-0x0000000005CC4000-memory.dmp

Filesize
5.6MB

Download
memory/3804-37-0x0000000074D80000-0x0000000075530000-memory.dmp

Filesize
7.7MB

Download
memory/3804-17-0x0000000005300000-0x0000000005378000-memory.dmp

Filesize
480KB

Download
memory/3804-19-0x0000000074D80000-0x0000000075530000-memory.dmp

Filesize
7.7MB

Download
memory/3804-18-0x00000000053F0000-0x0000000005456000-memory.dmp

Filesize
408KB

Download
memory/3804-16-0x0000000074D80000-0x0000000075530000-memory.dmp

Filesize
7.7MB

Download
memory/3804-21-0x0000000074D80000-0x0000000075530000-memory.dmp

Filesize
7.7MB

Download
memory/3804-22-0x0000000074D80000-0x0000000075530000-memory.dmp

Filesize
7.7MB

Download
memory/3804-23-0x0000000074D80000-0x0000000075530000-memory.dmp

Filesize
7.7MB

Download
memory/3804-24-0x00000000079B0000-0x0000000007A00000-memory.dmp

Filesize
320KB

Download
memory/3804-14-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download