d7128f6452610452b737d188d167151e97dd714c251e70dc521032835a090486

Analysis

max time kernel
113s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe
Size

1.2MB
MD5

8636a5fcea3abdd0fed43c8bdc27c5ff
SHA1

58a2064066a8b4a34c478b0ecaa1ddeeada095ad
SHA256

d7128f6452610452b737d188d167151e97dd714c251e70dc521032835a090486
SHA512

3f475f6a13e96513cf151e44927abd79a45d5a5f23ec68211661029d40c69e2b81cec66f20818e1be575c4e2b6b0ca028b2ad70af7b87929906ea7c6733dbc10
SSDEEP

24576:fcVkKS/WtWrnngnnnKnanxNpVcexw6kPEmEi90YANGNaUHeQYaN:fcB6WErnngnnnKnanzoexoNfKDU+WN

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	BlueStacksInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	BlueStacksInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation	BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe

Executes dropped EXE 3 IoCs

pid	Process
2012	BlueStacksInstaller.exe
2164	BlueStacksInstaller.exe
3632	BlueStacksInstaller.exe

Loads dropped DLL 3 IoCs

pid	Process
2012	BlueStacksInstaller.exe
2164	BlueStacksInstaller.exe
3632	BlueStacksInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2012	BlueStacksInstaller.exe
2012	BlueStacksInstaller.exe
2012	BlueStacksInstaller.exe
2012	BlueStacksInstaller.exe
2012	BlueStacksInstaller.exe
2012	BlueStacksInstaller.exe
2012	BlueStacksInstaller.exe
2012	BlueStacksInstaller.exe
2012	BlueStacksInstaller.exe
2012	BlueStacksInstaller.exe
2164	BlueStacksInstaller.exe
2164	BlueStacksInstaller.exe
3632	BlueStacksInstaller.exe
3632	BlueStacksInstaller.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2164	BlueStacksInstaller.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2012	BlueStacksInstaller.exe
Token: SeDebugPrivilege	2164	BlueStacksInstaller.exe
Token: SeDebugPrivilege	3632	BlueStacksInstaller.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 2012	3352	BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe	82
PID 3352 wrote to memory of 2012	3352	BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe	82
PID 2012 wrote to memory of 2164	2012	BlueStacksInstaller.exe	84
PID 2012 wrote to memory of 2164	2012	BlueStacksInstaller.exe	84
PID 2164 wrote to memory of 4316	2164	BlueStacksInstaller.exe	95
PID 2164 wrote to memory of 4316	2164	BlueStacksInstaller.exe	95
PID 2164 wrote to memory of 4316	2164	BlueStacksInstaller.exe	95
PID 4316 wrote to memory of 3632	4316	BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe	96
PID 4316 wrote to memory of 3632	4316	BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe	96

C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe
"C:\Users\Admin\AppData\Local\Temp\BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Users\Admin\AppData\Local\Temp\7zS81D51597\BlueStacksInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS81D51597\BlueStacksInstaller.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Users\Admin\AppData\Local\Temp\7zS81D51597\BlueStacksInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS81D51597\BlueStacksInstaller.exe" "install" "BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe" "010349d740f95e84b3eaa0fff273680a" "admin" "1d095aaf-40a2-46f2-9a96-463f016eb3cc" "f8e8095e-9b82-4b7e-9719-8793c674d4e2"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: RenamesItself
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe
      "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacksInstaller_4.280.4.4002_native_010349d740f95e84b3eaa0fff273680a.exe" -versionMachineID=f8e8095e-9b82-4b7e-9719-8793c674d4e2 -machineID=1d095aaf-40a2-46f2-9a96-463f016eb3cc -pddir="C:\ProgramData\BlueStacks_bgp64"
      4⤵
      Checks computer location settings
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\7zSCD060638\BlueStacksInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zSCD060638\BlueStacksInstaller.exe" -versionMachineID=f8e8095e-9b82-4b7e-9719-8793c674d4e2 -machineID=1d095aaf-40a2-46f2-9a96-463f016eb3cc -pddir="C:\ProgramData\BlueStacks_bgp64"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\BlueStacks\BlueStacksMicroInstaller_4.280.4.4002.log

Filesize
1KB

MD5
edcd3635260e4885ee54007a97a900fa

SHA1
6a27a2daf7f2d75d2c48b1aeebe186043fed7ef3

SHA256
b685061a310f13372b7985027dc85b33030aabcac8227fd0f55f7e7e5307e1e7

SHA512
e809136bc4474627d02a172674bbaaa6cb3e0fdecd7cad2eb575cebee06a4f07181d3d8bff79022f34eb891b90983f174a428e0b1eca44a6aef81259f9a54bca

Download Submit
C:\Users\Admin\AppData\Local\BlueStacks\BlueStacksMicroInstaller_4.280.4.4002.log

Filesize
7KB

MD5
80d6a734f86361c64b99c42057f1bfb0

SHA1
be23e18d65f05d2fd944a4d3f941a13e966f76b6

SHA256
7a84f1ba4aeb6857fccac41f504c37e09bd0ea5a15889612a7c6038c5d92d3a8

SHA512
abc132d782ab98b5fe96169e448939045079979569fc1e0e7debf486992bc810aa12cc726222411965965f3bd4e2c073ed555ec04aa08ec91b67f1eb7ac7dce0

Download Submit
C:\Users\Admin\AppData\Local\Bluestacks\Logs.log

Filesize
105B

MD5
955459787c7d5865399db7858275d496

SHA1
f9a59f3f3142ec5f609e0d4fdec7ad210347687d

SHA256
ed598d574095ecbd67afe377c25c24035933468fab27519fd9e2de2ff0a2dce4

SHA512
b2b7d0ba59ccd4ddf322327399d84a1ef4b43d3b938d0ca93c2feafff376c7f9ae911d162789ab90ada957d65376751390ca9c39c3b22562b519105d936758e9

Download Submit
C:\Users\Admin\AppData\Local\Bluestacks\Logs.log

Filesize
309B

MD5
4a3cf77d7474df05c3cb25648d1bfca6

SHA1
6e3976dfbbf3f9ae5a2eab0860ec8ca6c49ac93f

SHA256
af0b7833dd5f6ca92ffd0cb7c0ee126188ce3ac40c5d4c5dde1b875705c80117

SHA512
a7564f8b3ccc8ac632d20f9543a8e4ae28ad373e59377db4ac473ba75a82c2f935a78ccd4321eab4331d5f161d133936c8039da041f24792a240814ca856f757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BlueStacksInstaller.exe.log

Filesize
2KB

MD5
0f186e94e9b99a5e2e31c2dc955346cc

SHA1
ffd9997b2db8c39f410f5d2a9f3d080f8d7523b7

SHA256
bf171a0e53a7acb766fd4f462f516bc2bab3dbc6e12b7b2423af5bae8be1fdf4

SHA512
530ea4c1e9fd6799cbb1be4f7278d4e9ce23875898164dc42650e62e8b37cd886cfa0174310541736487e58ca691a83b1079aa8780ebb7491de8da65c3433488

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\Assets\backicon.png

Filesize
15KB

MD5
7ff5dc8270b5fa7ef6c4a1420bd67a7f

SHA1
b224300372feaa97d882ca2552b227c0f2ef4e3e

SHA256
fa64884054171515e97b78aaa1aad1ec5baa9d1daf9c682e0b3fb4a41a9cb1c1

SHA512
f0d5a842a01b99f189f3d46ab59d2c388a974951b042b25bbce54a15f5a3f386984d19cfca22ba1440eebd79260066a37dfeff6cb0d1332fca136add14488eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\Assets\custom.png

Filesize
17KB

MD5
03b17f0b1c067826b0fcc6746cced2cb

SHA1
e07e4434e10df4d6c81b55fceb6eca2281362477

SHA256
fbece8bb5f4dfa55dcfbf41151b10608af807b9477e99acf0940954a11e68f7b

SHA512
67c78ec01e20e9c8d9cdbba665bb2fd2bb150356f30b88d3d400bbdb0ae92010f5d7bcb683dcf6f895722a9151d8e669d8bef913eb6e728ba56bb02f264573b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\Assets\installer_flash_background.jpg

Filesize
34KB

MD5
08d091faf58df0ea8218d7e08140bbeb

SHA1
38ebf2763bd2082635a5971c4302021ecaddc0d1

SHA256
7e5f6998d34d56aeca87f676c12a42c6c4362ae16a753dc567aae00e253b0817

SHA512
5cfede2ea2ade7bbc4b63475af5eb52f78af567fa7096a2ead396056271b8745df4dc6e11e4328151ce59ab74c6c48fd49cd13e30f7f4b86c566757e310fd5e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\Assets\installer_logo.png

Filesize
6KB

MD5
4cc6586c249ae201501c07fe5354b23b

SHA1
8fda8ef400f0bc25fd19cf4aa13469141befa3d8

SHA256
06f6630b150cca4ab3a00b663bfb6b0fe0c53309d434036c5ef16b3fe01304ed

SHA512
65ce7392ad4519ca51edafb5e25d60f0b0d2d37f7f8afe0394aa0594e63c38d331cd3c63aea149419dedabdc836f10cb1e9cc468c2d40afbb9e94a344a20fa83

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\Assets\installer_minimize.png

Filesize
113B

MD5
38b539a1e4229738e5c196eedb4eb225

SHA1
f027b08dce77c47aaed75a28a2fce218ff8c936c

SHA256
a064f417e3c2b8f3121a14bbded268b2cdf635706880b7006f931de31476bbc2

SHA512
2ce433689a94fae454ef65e0e9ec33657b89718bbb5a038bf32950f6d68722803922f3a427278bad432395a1716523e589463fcce4279dc2a895fd77434821cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\Assets\setpath.png

Filesize
15KB

MD5
b2e7f40179744c74fded932e829cb12a

SHA1
a0059ab8158a497d2cf583a292b13f87326ec3f0

SHA256
5bbb2f41f9f3a805986c3c88a639bcc22d90067d4b8de9f1e21e3cf9e5c1766b

SHA512
b95b7ebdb4a74639276eaa5c055fd8d9431e2f58a5f7c57303f7cf22e8b599f6f2a7852074cf71b19b49eb31cc9bf2509aedf41d608981d116e49a00030c797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\BlueStacksInstaller.exe

Filesize
416KB

MD5
d2b71de5198c712593c6e9e24ee62d59

SHA1
c359fe46f9909f2f2eba37a41c283e7e1ca8e88c

SHA256
a4eebde84f0166e5ba19f8ca3e5007a1e49a3dcd1c67ee6f4275f1e62f56ea34

SHA512
48a2ebe87ee5b6e2eebf5f1ed963582be6d29f6886bf8f3573768d0d87e420b604e866fc3c91b1a9dd0141038e3736579e25a118d8abcb5665883e160eced191

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\BlueStacksInstaller.exe.config

Filesize
324B

MD5
1b456d88546e29f4f007cd0bf1025703

SHA1
e5c444fcfe5baf2ef71c1813afc3f2c1100cab86

SHA256
d6d316584b63bb0d670a42f88b8f84e0de0db4275f1a342084dc383ebeb278eb

SHA512
c545e416c841b8786e4589fc9ca2b732b16cdd759813ec03f558332f2436f165ec1ad2fbc65012b5709fa19ff1e8396639c17bfad150cabeb51328a39ea556e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\HD-Common-Native.dll

Filesize
547KB

MD5
a2f774900180a4d3f0c8a2ad845e0b54

SHA1
79642c490fcb39b801b0b546c6e09de22fa447d7

SHA256
46bdde1a8ab06b1eb198df1b84697dc68f78aca17ed4299e4c0174cecb361277

SHA512
7eaa599e0a9d4f73deda7f157cee35455dc3cbd9ce6da5bc6cac1808cd3bd4a858e282a04cdb2837dabcb2803fdf82b960e4a834aa3aca3a11e0afcc1c6d3077

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\JSON.dll

Filesize
411KB

MD5
f5fd966e29f5c359f78cb61a571d1be4

SHA1
a55e7ed593b4bc7a77586da0f1223cfd9d51a233

SHA256
d2c8d26f95f55431e632c8581154db7c19547b656380e051194a9d2583dd2156

SHA512
d99e6fe250bb106257f86135938635f6e7ad689b2c11a96bb274f4c4c5e9a85cfacba40122dbc953f77b5d33d886c6af30bff821f10945e15b21a24b66f6c8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\Locales\i18n.en-US.txt

Filesize
117KB

MD5
bc06cc543480420460bbff56657f4bd2

SHA1
1348e68db07101fad6541b0a680076ea9fc152c6

SHA256
b542578fd373773958d24733c979eeafd057db6fa23e9ef571c4c95a5229a96d

SHA512
e85f6b40b7d51b997d7c65b9a5e8152cde6c940e6f271c73c7424650ad3185da944c3f45a25a2be85feb014454d2c3949bb8eedc6dba785ff27e5b38f6c62895

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS81D51597\ThemeFile

Filesize
76KB

MD5
4567f7dc395c544d0e6903a1ba678fc6

SHA1
d09275c52f6ffaa83962f07854bc5f7cbaae5953

SHA256
3777668daf5c0da4e4938dc95feb4535ef8493e809081703304587e1056e9fbf

SHA512
9509e99a1cb69749f883f701f88cec6ec6ca61a877f92418990f1536cdd766266ad2a31c5248e95e3df3b15fea994c73de451861f7d362275faa5184835e9236

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCD060638\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCD060638\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Public\BlueStacks\MachineID

Filesize
36B

MD5
e518045f3a3a59895dfb6beeaa2acde8

SHA1
f2e45845b3f48fdd845a6232e4f332dce375900f

SHA256
d7fba3a9231594fc70c58b3c37c3832f9d085b584bef36eb79f06d81fdc9fca2

SHA512
3433b4a17ccb803bf87df0d6b42832ab9b52a9f335bcebb29aaf277c40cf0380482c83e85947e5d53ee596f98fa5ec4baee3efa66523e5f9c223b040e7729bb2

Download Submit
C:\Users\Public\BlueStacks\VersionMachineId_4.280.4.4002

Filesize
36B

MD5
a825416f12fc21ad49c48fac0efd58cc

SHA1
e0bb098698f7fa187c08018bb2be9f6fcfbf56ba

SHA256
2731cc8549a5ce3f6c8d2b122f4bcd65e6f88fd6bf4846b5681a76c5315d1f60

SHA512
94241474d9087f2e7a183168fdd052a27ec24f012d80fd80b93625fa0bbcf2fbf016fe3481cfcf8189e4a01e9e3a4d8ea3aa3181944505ba409558e6a6db3542

Download Submit
memory/2012-109-0x00007FFF68253000-0x00007FFF68255000-memory.dmp

Filesize
8KB

Download
memory/2012-142-0x00007FFF68253000-0x00007FFF68255000-memory.dmp

Filesize
8KB

Download
memory/2012-143-0x00007FFF68250000-0x00007FFF68D11000-memory.dmp

Filesize
10.8MB

Download
memory/2012-117-0x00007FFF68250000-0x00007FFF68D11000-memory.dmp

Filesize
10.8MB

Download
memory/2012-110-0x0000000000ED0000-0x0000000000F3C000-memory.dmp

Filesize
432KB

Download
memory/2012-308-0x00007FFF68250000-0x00007FFF68D11000-memory.dmp

Filesize
10.8MB

Download
memory/2164-141-0x0000000021D90000-0x0000000021DF8000-memory.dmp

Filesize
416KB

Download
memory/2164-136-0x0000000020F70000-0x0000000020F78000-memory.dmp

Filesize
32KB

Download
memory/2164-138-0x000000001D4B0000-0x000000001D4BE000-memory.dmp

Filesize
56KB

Download
memory/2164-137-0x000000001D4E0000-0x000000001D518000-memory.dmp

Filesize
224KB

Download
memory/3352-343-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download