quasar | 4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

Resubmissions

14-12-2024 20:40

241214-zftzbatmds 10

14-12-2024 20:38

241214-zezs6svpgq 10

Analysis

max time kernel
136s
max time network
105s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-12-2024 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Quasar v1.4.1/Quasar.exe
Size

1.2MB
MD5

12ebf922aa80d13f8887e4c8c5e7be83
SHA1

7f87a80513e13efd45175e8f2511c2cd17ff51e8
SHA256

43315abb9c8be9a39782bd8694a7ea9f16a867500dc804454d04b8bf2c15c51e
SHA512

fda5071e15cf077d202b08db741bbfb3dbd815acc41deec7b7d44e055cac408e2f2de7233f8f9c5c618afd00ffc2fc4c6e8352cbdf18f9aab55d980dcb58a275
SSDEEP

12288:IwPs012cBBBYiL9l/bFfpBBBBBBBBBBBBcA:jBBBYiLvzFfpBBBBBBBBBBBBcA

Score

10^/10

quasar spyware trojan

Malware Config

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/2068-1-0x000001C8E8140000-0x000001C8E8278000-memory.dmp	family_quasar
behavioral1/memory/2068-2-0x000001C8E86C0000-0x000001C8E86D6000-memory.dmp	family_quasar

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies registry class 56 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).y = "4294967295"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).left = "4294967287"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).bottom = "1054"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "75"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 500031000000000047592264100041646d696e003c0009000400efbe4759f75e8e5912a52e0000003a57020000000100000000000000000000000000000076a9a800410064006d0069006e00000014000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).x = "4294967295"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos1280x720x96(1).y = "4294967295"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4e003100000000008e5912a5100054656d7000003a0009000400efbe4759f75e8e5912a52e0000005a57020000000100000000000000000000000000000090be9100540065006d007000000014000000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\Registry\User\S-1-5-21-556537508-2730415644-482548075-1000_Classes\NotificationData	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).left = "328"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).right = "791"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).right = "1128"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 50003100000000004759546110004c6f63616c003c0009000400efbe4759f75e8e5912a52e0000005957020000000100000000000000000000000000000001686a004c006f00630061006c00000014000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos1280x720x96(1).x = "4294967295"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 66003100000000008e5919a510005155415341527e312e3100004c0009000400efbe8e5912a58e5919a52e000000f6aa020000001d000000000000000000000000000000812b69005100750061007300610072002000760031002e0034002e00310000001a000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).bottom = "675"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "454"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 56003100000000004759f75e12004170704461746100400009000400efbe4759f75e8e5912a52e00000045570200000001000000000000000000000000000000d7446c004100700070004400610074006100000016000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 78003100000000004759f75e1100557365727300640009000400efbec5522d608e5912a52e0000006c0500000000010000000000000000003a00000000003d30780055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3348	explorer.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2068	Quasar.exe
3348	explorer.exe
3800	Quasar.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2068	Quasar.exe
Token: SeDebugPrivilege	3800	Quasar.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2068	Quasar.exe
3800	Quasar.exe
3800	Quasar.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2068	Quasar.exe
3800	Quasar.exe
3800	Quasar.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3348	explorer.exe
3348	explorer.exe
3348	explorer.exe
3348	explorer.exe
3348	explorer.exe
3348	explorer.exe
3348	explorer.exe
3348	explorer.exe
3348	explorer.exe
3348	explorer.exe
3348	explorer.exe
3348	explorer.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 3520	2068	Quasar.exe	78
PID 2068 wrote to memory of 3520	2068	Quasar.exe	78
PID 3348 wrote to memory of 3800	3348	explorer.exe	81
PID 3348 wrote to memory of 3800	3348	explorer.exe	81

C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\Quasar.exe
"C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\Quasar.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" /select, "C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\quasar.p12"
  2⤵
  PID:3520

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\Quasar.exe
  "C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\Quasar.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3800

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
7717dde075fe5900ea047c41fa5f1c2b

SHA1
2d33681e8b9169799f48aed4e3ffb52c45a7517c

SHA256
4880b5d483d7cd330ee223e2c24d8cd3e0b8aa44410865fab4e9e799dd90c309

SHA512
9de198bfa22f4959d0e1932d60a4760a743179350cf6cfdeb7b3976e5f6bc1f606d04ab13b726e4e4451f4818404e6041d7f7939ea045bb19911f5592c9d5789

Download Submit
C:\Users\Admin\AppData\Local\Temp\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
6f298d20ff01f2fbd4eac046c4897690

SHA1
ffb7fa653b23fd5b37b25981fe2e97a273a898fd

SHA256
a4690b0a9c9b02fa5a649b271fa1ec51703ce7eff4983380b320705006fd5386

SHA512
ea269661bf298f78fa2daff926d3046742d358698c47b7b9e765cf469fc0e53d19af265358fc253532a7cabb46f0407ee763e8ba5121442f3435a57e528b8c33

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-556537508-2730415644-482548075-1000\d82017f0f2bbc74c4b4c30b759cef3f9_dd844bc0-09d5-4996-aa38-4ceeb7107a86

Filesize
3KB

MD5
e2f635c869008165de2e434225e245ca

SHA1
615c738a814e4c2c4124a6b9d5c8f0ddab6cd787

SHA256
189daa1bffc8716e050229a27837a95133c5a3ef1f2e3ba7383db0e2c5d639b2

SHA512
96448116f7bd79b72a099d9c0fe46b7eee24f627f93b90cfdeef1651c1beb40ca73f3e5dd5da414854f1536c637822081baa4486eac3475da9e4de6f4b166067

Download Submit
memory/2068-4-0x00007FFDA3DE0000-0x00007FFDA48A2000-memory.dmp

Filesize
10.8MB

Download
memory/2068-13-0x00007FFDA3DE0000-0x00007FFDA48A2000-memory.dmp

Filesize
10.8MB

Download
memory/2068-5-0x00007FFDA3DE0000-0x00007FFDA48A2000-memory.dmp

Filesize
10.8MB

Download
memory/2068-6-0x00007FFDA3DE0000-0x00007FFDA48A2000-memory.dmp

Filesize
10.8MB

Download
memory/2068-7-0x000001C8ED1D0000-0x000001C8ED4FE000-memory.dmp

Filesize
3.2MB

Download
memory/2068-8-0x00007FFDA3DE3000-0x00007FFDA3DE5000-memory.dmp

Filesize
8KB

Download
memory/2068-12-0x00007FFDA3DE0000-0x00007FFDA48A2000-memory.dmp

Filesize
10.8MB

Download
memory/2068-0-0x00007FFDA3DE3000-0x00007FFDA3DE5000-memory.dmp

Filesize
8KB

Download
memory/2068-14-0x00007FFDA3DE0000-0x00007FFDA48A2000-memory.dmp

Filesize
10.8MB

Download
memory/2068-3-0x00007FFDA3DE0000-0x00007FFDA48A2000-memory.dmp

Filesize
10.8MB

Download
memory/2068-31-0x000001C8ECDF0000-0x000001C8ECE08000-memory.dmp

Filesize
96KB

Download
memory/2068-32-0x000001C8EEA50000-0x000001C8EEAA0000-memory.dmp

Filesize
320KB

Download
memory/2068-33-0x000001C8EEB60000-0x000001C8EEC12000-memory.dmp

Filesize
712KB

Download
memory/2068-34-0x000001C8EEAA0000-0x000001C8EEAEC000-memory.dmp

Filesize
304KB

Download
memory/2068-2-0x000001C8E86C0000-0x000001C8E86D6000-memory.dmp

Filesize
88KB

Download
memory/2068-1-0x000001C8E8140000-0x000001C8E8278000-memory.dmp

Filesize
1.2MB

Download