Overview

overview

10

Static

static

1

kreo q zi.7z

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    143s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    04-11-2024 23:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kreo q zi.7z

  • Size

    922KB

  • MD5

    ec516db688f94e98d5141f4bade557e9

  • SHA1

    198ffbae5eed415ac673f5e371774759f1a53de1

  • SHA256

    282d6f5ddc83351dab51e6decc1293b078638f0cfd0baca4673afc8246fd32bd

  • SHA512

    ecc34ad7d15fbedbbc4e62b469f5e6e5e71099e19831574da61dc9f751ed5b2faad1676b8b3dbf0911c4dac628c7a15e9d07d953692c5ab1b700ea07f6396985

  • SSDEEP

    24576:yScP7qLl4iGQATiKL0aywxTodSrUF+nVZLLymvgDoSAWcNtMXqWOU:07qLl4KATiJUo0UEnLmmvqiWcNtMXDOU

Score
10/10
quasaroffice04microsoftcredential_accessdiscoveryphishingspywarestealertrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

hola435-24858.portmap.host:24858

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes
  • encryption_key

    AEA258EF65BF1786F0F767C0BE2497ECC304C46F

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 2 IoCs
  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Detected potential entity reuse from brand MICROSOFT.
    phishingmicrosoft
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 8 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\kreo q zi.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:652
  • C:\Users\Admin\Desktop\kreo q zi.exe
    "C:\Users\Admin\Desktop\kreo q zi.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:3320
    • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2184
      • C:\Windows\SYSTEM32\schtasks.exe
        "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1808
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
    1⤵
      PID:1104
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2124
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1816
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
      1⤵
        PID:1108
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe" -ServerName:WindowsBackup.AppX7g7ckthmr138zk16nhs1hb5tyevsa9p6.mca
        1⤵
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3612
      • C:\Windows\System32\oobe\UserOOBEBroker.exe
        C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
        1⤵
        • Drops file in Windows directory
        PID:4652

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\kreo q zi.exe.log
        Filesize

        1KB

        MD5

        b08c36ce99a5ed11891ef6fc6d8647e9

        SHA1

        db95af417857221948eb1882e60f98ab2914bf1d

        SHA256

        cc9248a177495f45ec70b86c34fc5746c56730af36ace98ac7eb365dbafda674

        SHA512

        07e62581eace395b0a9699d727761648103180c21155d84ea09140f9e1c9690705c419118545aa67a564334bbde32710225fe3aa92b0b4b4210cb91f0058b1ea

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\HE6GGFXF\microsoft.windows[1].xml
        Filesize

        97B

        MD5

        0b5752b254e183ba58f252f837efafcf

        SHA1

        1205ce73cdfe3db0a61811f99c3c41fed59ac51f

        SHA256

        f52888293411dc7985f1d56db1bd30f6d685ee3165623d8515228687b2b3a8af

        SHA512

        2a165dcf0700f74736e6376bd06469cd37f3eef00976e909c0009e94dc437c104fe87d70c758e11901bc8f51cdbdd48b65c026743c7da2bf34f5c08aa30263c6

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{777047c5-3a3f-4c7b-b224-89e9f6a36914}\0.0.filtertrie.intermediate.txt
        Filesize

        1KB

        MD5

        8609241ac301971b563b8864447f5fbc

        SHA1

        81b1e9382f7012f2441efcec40a5aabf46f34397

        SHA256

        94d0c4ea1f705b557a8dd983931ecab83f4d19e691669f2723781d406d38a282

        SHA512

        e536d2ae24ee17df34e28bcd1220f20901ec9b19a6f69b0c87f82a6535c813737681496927d9bea0b90e33b7c8236c77790a55d9a8514f5084ed3ad16d71c554

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{b69b4384-d428-40a7-8cff-4ef30301aef6}\Apps.ft
        Filesize

        1KB

        MD5

        6c78adbcc2f3ba7a2ad306983176414c

        SHA1

        484787d9aef671594b4d91b6c7d2d5c215f46260

        SHA256

        8f2abe81c4d834b96b5e39b504949cd04aef23e290309b413f501b396efd381a

        SHA512

        69bb126822ee7008d30135f7c216bf364e8e70ec5ca09cff58671d3c29081f467719bedb172cc14962aeeef22c34fb7e4c4a6aed26c26691a4cfef3816138c69

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{b69b4384-d428-40a7-8cff-4ef30301aef6}\Apps.index
        Filesize

        879KB

        MD5

        5e4ec42046e35b20c1b8d97c17926572

        SHA1

        d0f371a97b676240bd90f9fa1a0b14f97f9b1016

        SHA256

        6a8c0c8cc58a866d0b874926f0ff1e2034a60bb18a2c584dd7f100be49c0febc

        SHA512

        d8bc115f3e0632aa6df6d1ca949e53a5724eff26c9d42d90686df0aea777a00b6c3d1738adf7807c7c752f5f702c4bce1bee158d1f9e765a0148c960ea0113af

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{392298c7-2231-4531-bf5e-daf8307e13cf}\apps.csg
        Filesize

        444B

        MD5

        5475132f1c603298967f332dc9ffb864

        SHA1

        4749174f29f34c7d75979c25f31d79774a49ea46

        SHA256

        0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd

        SHA512

        54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{392298c7-2231-4531-bf5e-daf8307e13cf}\apps.schema
        Filesize

        150B

        MD5

        1659677c45c49a78f33551da43494005

        SHA1

        ae588ef3c9ea7839be032ab4323e04bc260d9387

        SHA256

        5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb

        SHA512

        740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{392298c7-2231-4531-bf5e-daf8307e13cf}\appsconversions.txt
        Filesize

        1.4MB

        MD5

        2bef0e21ceb249ffb5f123c1e5bd0292

        SHA1

        86877a464a0739114e45242b9d427e368ebcc02c

        SHA256

        8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307

        SHA512

        f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{392298c7-2231-4531-bf5e-daf8307e13cf}\appsglobals.txt
        Filesize

        343KB

        MD5

        931b27b3ec2c5e9f29439fba87ec0dc9

        SHA1

        dd5e78f004c55bbebcd1d66786efc5ca4575c9b4

        SHA256

        541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e

        SHA512

        4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{392298c7-2231-4531-bf5e-daf8307e13cf}\appssynonyms.txt
        Filesize

        237KB

        MD5

        06a69ad411292eca66697dc17898e653

        SHA1

        fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d

        SHA256

        2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1

        SHA512

        ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{558094ae-450a-439d-bd39-e84c3c5c9193}\0.1.filtertrie.intermediate.txt
        Filesize

        5B

        MD5

        34bd1dfb9f72cf4f86e6df6da0a9e49a

        SHA1

        5f96d66f33c81c0b10df2128d3860e3cb7e89563

        SHA256

        8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

        SHA512

        e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{558094ae-450a-439d-bd39-e84c3c5c9193}\0.2.filtertrie.intermediate.txt
        Filesize

        5B

        MD5

        c204e9faaf8565ad333828beff2d786e

        SHA1

        7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

        SHA256

        d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

        SHA512

        e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133752369618347108.txt
        Filesize

        3KB

        MD5

        6c7c5879f1c75b60ca6fe7048fdf88b6

        SHA1

        e3faf0e19132003dfc8617a40933f760ec6b64c4

        SHA256

        5391afca6e19b795f4790c36b762d967859b8dcab7f34f40cd3e9d02fb8ab74c

        SHA512

        23a865f4b8d9b04b85d85c7e81a24ca6e28b12ad74acc9256ac564b437adeb0c64cb5fdfc723dde91f38a6c9363e63350791eba9d9217d67b9b387ea8ec209bb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\SettingsCache.txt
        Filesize

        689KB

        MD5

        2dee0ab82c5db228dee2de2fe0d82eb3

        SHA1

        c6231ad00bd775537fb422a86bfe2b5754e9b91d

        SHA256

        0e01a47917642eac553b6d0feb6e97b398f7af84c5ffc74ba35ca66d7a341d39

        SHA512

        c46ae09aab1f240ba384044ef46240a4cb02b6144b0403d690ff7ddcf79acc67da345c98254ef5436a4008fb419c889af43489fedf86e8ba822128365f30763f

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
        Filesize

        2KB

        MD5

        eabe8c46f4ea1aa6d7b5cf4860917996

        SHA1

        4b2d92d2fe7f828afdd2c0970440fb88349511ee

        SHA256

        61aa5c6bbb29c3fcbc86e6f4b9dbcb9d96909d7c28f4708f9a15a642de328c58

        SHA512

        472ec680ab2f3c7c229231651a0301ff8ae95519611b3e7e40e30f7c29a5b386672cd4fea0303c736b8b7b502bc69e465298e90bcb29020b2f0a057ba0600117

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
        Filesize

        2KB

        MD5

        9fcd127edd0a8a51b9c438c7dcc75087

        SHA1

        011d60d838654c1f379d703489869ea4544642c0

        SHA256

        7d5c449a605ae8ab5e3b1d48959826d911ee1a6bb0105e02e530c73d8ba75505

        SHA512

        7d8ecad83bc147c9fd9e474a57ee18f4c69cb8e3c1763d4a2af229e5418d0a1f1102d3317c9529ee40ea175829756bc9db708118ff8c66b261487d5720c53942

        Download Submit

      • C:\Users\Admin\Desktop\kreo q zi.exe
        Filesize

        3.1MB

        MD5

        28ac02fc40c8f1c2a8989ee3c09a1372

        SHA1

        b182758b62a1482142c0fce4be78c786e08b7025

        SHA256

        0fe81f9a51cf0068408de3c3605ce2033a00bd7ec90cc9516c38f6069e06433b

        SHA512

        2cbf2f6af46e5fae8e67144e1ac70bc748036c7adb7f7810d7d7d9f255ccf5d163cce07f11fb6526f9ab61c39f28bdf2356cc315b19a61cd2115612882eab767

        Download Submit

      • C:\Windows\Panther\UnattendGC\diagwrn.xml
        Filesize

        1KB

        MD5

        67fc5b9d0957c4fbb37376de49a2b170

        SHA1

        f0d4bf669147086c9ea372d51c6b61fa29d718fe

        SHA256

        8ade5e7080e6d5337ca9b4bd31c9963dc556406189b53263dd5b37a9fbbba523

        SHA512

        784f762b34f037804eab1e6e16e771571ed12d7a80740e4fc33fda386d6d24db661b4d5ab212ba468ce1b8e94aead0983de89930cc230144fcd72e4e14ce6710

        Download Submit

      • memory/1104-18-0x00000273669B0000-0x00000273669B8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1816-86-0x000001A78FF00000-0x000001A790000000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2124-56-0x0000022D78A80000-0x0000022D78A81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-82-0x0000022D78BD0000-0x0000022D78BD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-65-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-66-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-67-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-68-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-69-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-70-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-71-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-73-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-72-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-75-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-74-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-76-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-78-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-79-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-77-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-80-0x0000022D78AC0000-0x0000022D78AC1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-81-0x0000022D78AC0000-0x0000022D78AC1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-63-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-84-0x0000022D78B20000-0x0000022D78B21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-83-0x0000022D78B20000-0x0000022D78B21000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-64-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-61-0x0000022D78A90000-0x0000022D78A91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-62-0x0000022D78AB0000-0x0000022D78AB1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-58-0x0000022D78A80000-0x0000022D78A81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-60-0x0000022D78A90000-0x0000022D78A91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-59-0x0000022D78A90000-0x0000022D78A91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-54-0x0000022D78940000-0x0000022D78941000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2124-35-0x0000022D70740000-0x0000022D70750000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2124-19-0x0000022D70640000-0x0000022D70650000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2184-15-0x000000001BF00000-0x000000001BF3C000-memory.dmp

        Filesize

        240KB

        Download

      • memory/2184-14-0x00000000032B0000-0x00000000032C2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2184-11-0x000000001D410000-0x000000001D4C2000-memory.dmp

        Filesize

        712KB

        Download

      • memory/2184-10-0x0000000003210000-0x0000000003260000-memory.dmp

        Filesize

        320KB

        Download

      • memory/4740-9-0x00007FFCBDB40000-0x00007FFCBE602000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4740-6-0x00007FFCBDB40000-0x00007FFCBE602000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/4740-5-0x0000000000770000-0x0000000000A94000-memory.dmp

        Filesize

        3.1MB

        Download

      • memory/4740-4-0x00007FFCBDB43000-0x00007FFCBDB45000-memory.dmp

        Filesize

        8KB

        Download