blackguard | ae6f1c1d92203532d5791fc0ce79d837f18ed37f28be9924585ad227190b8cc2

Analysis

max time kernel
2590s
max time network
2592s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2024 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New folder.7z
Size

39.9MB
MD5

8988dc64384813a1e98203df0af16479
SHA1

a479c174501274f4fe33523bccc5d16ba1bbabaa
SHA256

ae6f1c1d92203532d5791fc0ce79d837f18ed37f28be9924585ad227190b8cc2
SHA512

f9e50c9188e0c154e83ef8f7943339b643934b1d4c827325181cf72ff559dd3b3d9ca26c70cf2762dbe894456bf34f1378380466bde737f90558c7fe10967905
SSDEEP

786432:+vefN7PvWOz18ji1mRSxFEJWcL23szNOXDdpfJM4vRO7:+KNLWqqqELCoAXDdpfO7

Score

10^/10

blackguard discovery spyware stealer

Malware Config

Signatures

BlackGuard
Infostealer first seen in Late 2021.
stealer blackguard
Blackguard family
blackguard

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	BRUTOFORCE SEED V12.6.1.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	BRUTOFORCE SEED V12.6.1.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	BRUTOFORCE SEED V12.6.1.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	BRUTOFORCE SEED V12.6.1.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	BRUTOFORCE SEED V12.6.1.EXE
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	BRUTOFORCE SEED V12.7.8.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	BRUTOFORCE SEED V12.6.1.EXE

Executes dropped EXE 9 IoCs

pid	Process
4116	BRUTOFORCE SEED V12.7.8.exe
3524	BRUTOFORCE SEED V12.6.1.EXE
3224	BRUTOFORCE SEED V12.6.1.EXE
772	SHARPIL.exe
828	BRUTOFORCE SEED V12.6.1.EXE
4300	BRUTOFORCE SEED V12.6.1.EXE
1892	BRUTOFORCE SEED V12.6.1.EXE
4544	BRUTOFORCE SEED V12.6.1.EXE
2592	BRUTOFORCE SEED V12.6.1.EXE

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
24	api.ipify.org
28	ip-api.com
23	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BRUTOFORCE SEED V12.6.1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BRUTOFORCE SEED V12.6.1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SHARPIL.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BRUTOFORCE SEED V12.6.1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BRUTOFORCE SEED V12.6.1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BRUTOFORCE SEED V12.6.1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BRUTOFORCE SEED V12.6.1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BRUTOFORCE SEED V12.6.1.EXE

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	SHARPIL.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	SHARPIL.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
772	SHARPIL.exe
772	SHARPIL.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2364	7zFM.exe
Token: 35	2364	7zFM.exe
Token: SeSecurityPrivilege	2364	7zFM.exe
Token: SeDebugPrivilege	772	SHARPIL.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2364	7zFM.exe
2364	7zFM.exe
4300	BRUTOFORCE SEED V12.6.1.EXE
4300	BRUTOFORCE SEED V12.6.1.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 3524	4116	BRUTOFORCE SEED V12.7.8.exe	94
PID 4116 wrote to memory of 3524	4116	BRUTOFORCE SEED V12.7.8.exe	94
PID 4116 wrote to memory of 3524	4116	BRUTOFORCE SEED V12.7.8.exe	94
PID 3524 wrote to memory of 3224	3524	BRUTOFORCE SEED V12.6.1.EXE	96
PID 3524 wrote to memory of 3224	3524	BRUTOFORCE SEED V12.6.1.EXE	96
PID 3524 wrote to memory of 3224	3524	BRUTOFORCE SEED V12.6.1.EXE	96
PID 4116 wrote to memory of 772	4116	BRUTOFORCE SEED V12.7.8.exe	97
PID 4116 wrote to memory of 772	4116	BRUTOFORCE SEED V12.7.8.exe	97
PID 4116 wrote to memory of 772	4116	BRUTOFORCE SEED V12.7.8.exe	97
PID 3224 wrote to memory of 828	3224	BRUTOFORCE SEED V12.6.1.EXE	100
PID 3224 wrote to memory of 828	3224	BRUTOFORCE SEED V12.6.1.EXE	100
PID 3224 wrote to memory of 828	3224	BRUTOFORCE SEED V12.6.1.EXE	100
PID 828 wrote to memory of 4300	828	BRUTOFORCE SEED V12.6.1.EXE	101
PID 828 wrote to memory of 4300	828	BRUTOFORCE SEED V12.6.1.EXE	101
PID 828 wrote to memory of 4300	828	BRUTOFORCE SEED V12.6.1.EXE	101
PID 4300 wrote to memory of 1892	4300	BRUTOFORCE SEED V12.6.1.EXE	102
PID 4300 wrote to memory of 1892	4300	BRUTOFORCE SEED V12.6.1.EXE	102
PID 4300 wrote to memory of 1892	4300	BRUTOFORCE SEED V12.6.1.EXE	102
PID 1892 wrote to memory of 4544	1892	BRUTOFORCE SEED V12.6.1.EXE	103
PID 1892 wrote to memory of 4544	1892	BRUTOFORCE SEED V12.6.1.EXE	103
PID 1892 wrote to memory of 4544	1892	BRUTOFORCE SEED V12.6.1.EXE	103
PID 4544 wrote to memory of 2592	4544	BRUTOFORCE SEED V12.6.1.EXE	104
PID 4544 wrote to memory of 2592	4544	BRUTOFORCE SEED V12.6.1.EXE	104
PID 4544 wrote to memory of 2592	4544	BRUTOFORCE SEED V12.6.1.EXE	104

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\New folder.7z"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2364

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:324

C:\Users\Admin\Desktop\New folder\BRUTOFORCE SEED V12.7.8.exe
"C:\Users\Admin\Desktop\New folder\BRUTOFORCE SEED V12.7.8.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3524
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE
        
        "C:\Users\Admin\AppData\Local\Temp\RarSFX0\BRUTOFORCE SEED V12.6.1.EXE"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2592
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\SHARPIL.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\SHARPIL.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:772

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\keys.txt
1⤵
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3cnfbo0p.rh1

Filesize
474B

MD5
46f522c77d1a514703a7fed0015fc623

SHA1
ed22f0a5884ff7445f4e171e1e49e0af608e0fda

SHA256
240098e7033b5f20c8c5936ecb68cc1049f1ecc34af536995b52a93175249150

SHA512
09aec723bf6f79c3926300c64b9b70f67d7190fcb75d53b32ffd2d4803515dabb014cab50cf2924a366c0c73ac2187c4a393790cdf3d4b989146f6b310d3c90f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.lic

Filesize
247B

MD5
2cef0b18048098593c57d77e2e421072

SHA1
6f5c4db052a4f81b7bad4bdcd3ad4c329437f33c

SHA256
c2fc374a5861c8ec31138635371366a738735b02882a79d1db01b84e7ab5e76a

SHA512
301dda9c49fecb28fd564cd86a2aed46375ce487fa978749780ec84a4bdc4ede9ff19679b10def1b57407a7002329dabfe9e6e690670f92421a83fad181f31d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.lic

Filesize
42B

MD5
1d628e96d802fea7d00efdbec2a4f46f

SHA1
2383e21acc0ae17e946ccc188eb41017fec6a23b

SHA256
9087f0f6b84557465bdc242963da7a3ea659e809e54cb97ba777c614bfd0b715

SHA512
9781393fa40444e972dbc4c7fa092d6da125cfe227e8df5de76e5a7632b567852238b494f53b485fea2667e7c0dd535974a2ea4ed993e9b4d810338941cdbf93

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.lic

Filesize
83B

MD5
351a7b6775dcfd1202ba5bbbc500c711

SHA1
c8d753ae5604662f85b8fa0897edc5365c2d9f1b

SHA256
cf92d39058331192050d9cff9a8c1d89dd22f452536ee9c8f73cee048e4ce061

SHA512
79f1529153e6314984176f84eba344440044ba82504565544c248b03a9ad62fc4afce895e74ab28d1dd0554ac0a8453b428636a223ad8272383f62020374df62

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.lic

Filesize
124B

MD5
2d26d7e6b65a77599f7367c93c88c697

SHA1
5aae7767de6f02adfd1c5f66a353e8eaa1d41603

SHA256
626f709b78da496017e2f3999a1a1c33620351ab11aee024530430a1248653d4

SHA512
3d88869ac49a8680ed2db00c498a354e6869d1aa470974989b96365461c84579016d6c2e614c87db8a0d68e77e81fa55a548af0594b8070f7ca9eb5154291d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.lic

Filesize
165B

MD5
d66b9e2e52316e0bcb81f14aa38224a2

SHA1
64fda501f8b5bd40b4e9b9a8d4d92f549aa719af

SHA256
7f17ad6adbf35086761d99c48bf809ee741bcbe2da7854e03ab48aeede9b7ebc

SHA512
179e84d071f5030400abf5a3170c6636273bb8d053cca682e9aa4b4dd30722ff4bc519ec28d6748d37b16e43ea2083699fdee4ef6c40d9792acc66178f14928a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\License.lic

Filesize
206B

MD5
29259561046ded0dd99928babd49b0b4

SHA1
f3112fa14ed833e20fdb040835d43575e0f60ee9

SHA256
573ac50cfe8a8bff4f69c4951711b75ec9d36e5f3cba89d42939db407711aec4

SHA512
86647d9cb46aae256a1c82095b1c06e73bbfa640361358d059090a603b9abeaaa92160efb6d079b536562a86d569721363bae97b1e8d10dbad1694db06905aa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\SHARPIL.exe

Filesize
291KB

MD5
fd8dbbff11893d8010cea56e7a8d5370

SHA1
b476bf5ac599b956beeb705c24fbb1a524ba4d7f

SHA256
72d4546c8928cf3e62f19543654da10b704cb1588458f0cc90ec0aaf62dc5d5c

SHA512
60742cecc99e9b2911dfa8a8b822cfaefa5ad109c87a026cf7f67c1e5ada78b12e81c76b29ea7bf171f622ef3012c1737f78fca68d4b850073b4a9fcbcd3b458

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp13BC.tmp.dat

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp13D0.tmp.dat

Filesize
124KB

MD5
9618e15b04a4ddb39ed6c496575f6f95

SHA1
1c28f8750e5555776b3c80b187c5d15a443a7412

SHA256
a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab

SHA512
f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

Download Submit
C:\Users\Admin\AppData\Local\WindowsBrandOr\Process.txt

Filesize
1KB

MD5
3bb91b7ddb0c56a2a04a8fcf2ddce8b3

SHA1
be7a79269387649b7438e0d23445cc37a8650403

SHA256
4b64bf1885ed01de05edb095d56b3e8aa180ef11db304f301c32f4b457ad73e2

SHA512
6f798a4b59610fc55ea9ed86f9eee0ce6238406e5fc9c0c82f4afd400c264937e29bbe2f8d157a3b6009b86f5e4f18bcf0c12d156532b3275d842803d7d4e3db

Download Submit
C:\Users\Admin\Desktop\New folder\BRUTOFORCE SEED V12.7.8.exe

Filesize
40.2MB

MD5
52abb3e74164e2ad5878096bb6a3625e

SHA1
6f2b960b05a788e7177320b16370613baac2a5e6

SHA256
4430db9f5ed3a2cc612fcd4784f0774d0fc5d505ee5c1aa25234e1d27e85a3a8

SHA512
a6b832560972ffe69c7a29b87dda53fe6dcf5f990724f2149df96c3ad233cf575658b59011ece904f2af3d138fe87d12703233636003fcd8cb46444398b5528f

Download Submit
C:\Users\Admin\Desktop\New folder\keys.txt

Filesize
245B

MD5
68ae0aa0d5ccf15a4061a88a631a1b91

SHA1
41564803cabdf6ddbe0197f9d5d342c74eb5ae41

SHA256
e18eacb17d6e550c1d07f9368f9dc8f75b7689c026fa420f37632fec6333a02d

SHA512
163968ff3cd2b86bec8bf9a26b2bd2cae530c0385d357bf2a5ea2e3c520a02056ffa0ecd0fe1b6d9757eb5575fde8c9a42eefc7ef6e89abcc8dd1e185514a4cb

Download Submit
memory/772-441-0x0000000006A20000-0x0000000006A86000-memory.dmp

Filesize
408KB

Download
memory/772-451-0x0000000006430000-0x0000000006442000-memory.dmp

Filesize
72KB

Download
memory/772-297-0x0000000006470000-0x0000000006A14000-memory.dmp

Filesize
5.6MB

Download
memory/772-296-0x0000000005E20000-0x0000000005EB2000-memory.dmp

Filesize
584KB

Download
memory/772-282-0x0000000005990000-0x00000000059AE000-memory.dmp

Filesize
120KB

Download
memory/772-281-0x00000000059F0000-0x0000000005A66000-memory.dmp

Filesize
472KB

Download
memory/772-280-0x0000000005920000-0x0000000005970000-memory.dmp

Filesize
320KB

Download
memory/772-203-0x00000000001D0000-0x0000000000220000-memory.dmp

Filesize
320KB

Download
memory/3524-77-0x0000000006640000-0x0000000006649000-memory.dmp

Filesize
36KB

Download
memory/3524-64-0x0000000006590000-0x00000000065A5000-memory.dmp

Filesize
84KB

Download
memory/3524-53-0x00000000064B0000-0x00000000064BC000-memory.dmp

Filesize
48KB

Download
memory/3524-52-0x00000000064E0000-0x00000000064F1000-memory.dmp

Filesize
68KB

Download
memory/3524-49-0x00000000064E0000-0x00000000064F1000-memory.dmp

Filesize
68KB

Download
memory/3524-48-0x0000000006520000-0x000000000655A000-memory.dmp

Filesize
232KB

Download
memory/3524-69-0x00000000065E0000-0x00000000065F5000-memory.dmp

Filesize
84KB

Download
memory/3524-40-0x00000000081B0000-0x0000000008D99000-memory.dmp

Filesize
11.9MB

Download
memory/3524-45-0x0000000006520000-0x000000000655A000-memory.dmp

Filesize
232KB

Download
memory/3524-44-0x00000000064C0000-0x00000000064DD000-memory.dmp

Filesize
116KB

Download
memory/3524-41-0x00000000064C0000-0x00000000064DD000-memory.dmp

Filesize
116KB

Download
memory/3524-29-0x0000000006650000-0x0000000006685000-memory.dmp

Filesize
212KB

Download
memory/3524-25-0x0000000006700000-0x00000000067EC000-memory.dmp

Filesize
944KB

Download
memory/3524-24-0x0000000006C20000-0x00000000075A9000-memory.dmp

Filesize
9.5MB

Download
memory/3524-57-0x0000000006490000-0x00000000064AF000-memory.dmp

Filesize
124KB

Download
memory/3524-60-0x0000000006490000-0x00000000064AF000-memory.dmp

Filesize
124KB

Download
memory/3524-61-0x0000000006590000-0x00000000065A5000-memory.dmp

Filesize
84KB

Download
memory/3524-56-0x00000000064B0000-0x00000000064BC000-memory.dmp

Filesize
48KB

Download
memory/3524-65-0x00000000065B0000-0x00000000065D2000-memory.dmp

Filesize
136KB

Download
memory/3524-68-0x00000000065B0000-0x00000000065D2000-memory.dmp

Filesize
136KB

Download
memory/3524-72-0x00000000065E0000-0x00000000065F5000-memory.dmp

Filesize
84KB

Download
memory/3524-76-0x0000000006570000-0x0000000006576000-memory.dmp

Filesize
24KB

Download
memory/3524-80-0x0000000006640000-0x0000000006649000-memory.dmp

Filesize
36KB

Download
memory/3524-81-0x00000000066B0000-0x00000000066C2000-memory.dmp

Filesize
72KB

Download
memory/3524-84-0x00000000066B0000-0x00000000066C2000-memory.dmp

Filesize
72KB

Download
memory/3524-85-0x0000000006690000-0x00000000066AE000-memory.dmp

Filesize
120KB

Download
memory/3524-73-0x0000000006570000-0x0000000006576000-memory.dmp

Filesize
24KB

Download
memory/3524-37-0x00000000081B0000-0x0000000008D99000-memory.dmp

Filesize
11.9MB

Download
memory/3524-36-0x00000000068B0000-0x0000000006964000-memory.dmp

Filesize
720KB

Download
memory/3524-32-0x0000000006650000-0x0000000006685000-memory.dmp

Filesize
212KB

Download
memory/3524-33-0x00000000068B0000-0x0000000006964000-memory.dmp

Filesize
720KB

Download
memory/3524-28-0x0000000006700000-0x00000000067EC000-memory.dmp

Filesize
944KB

Download
memory/3524-21-0x0000000006C20000-0x00000000075A9000-memory.dmp

Filesize
9.5MB

Download