quasar | 1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6

Analysis

max time kernel
120s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2025, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
Size

349KB
MD5

dabfb0447a6890da9fe713ac91062340
SHA1

fd57dd243e2a0ef131433eb433c9f007bed44a90
SHA256

1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6
SHA512

87d156130e4aecb2fc163ebc2784674c11fc0941e794655031b0c4261d2f602665863972989ac55485c097cf475c5f4801ef618cf0fe5cab284411fd708d1066
SSDEEP

6144:UsLqdufVUNDaq5/uqlCWuXecmE4b3eJRB/W:PFUNDa0uqlCWXcmEAeJRBW

Score

10^/10

quasar new world discovery evasion persistence spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

New World

x75tjpwatl2uyunijiq6jwqhlar3j5fkpi5optv7tfreijbpylwnnbqd.onion:8880

Mutex

QSR_MUTEX_d2kuBEHahLdNktTZE5

Attributes

encryption_key
gAMhb8JSxFP4DNFkynoe
install_name
Java.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Java
subdirectory
Java

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	svchost.exe

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/files/0x0007000000023c9b-6.dat	family_quasar
behavioral2/memory/4916-10-0x0000000000B70000-0x0000000000BAC000-memory.dmp	family_quasar

Executes dropped EXE 7 IoCs

pid	Process
4916	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6n.exe
4548	icsys.icn.exe
880	explorer.exe
4756	spoolsv.exe
3172	svchost.exe
1012	spoolsv.exe
4332	midtp.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO"	svchost.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
17	ip-api.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\explorer.exe	explorer.exe
File opened for modification	C:\Windows\SysWOW64\explorer.exe	svchost.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Resources\Themes\icsys.icn.exe	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	icsys.icn.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	explorer.exe
File opened for modification	\??\c:\windows\resources\svchost.exe	spoolsv.exe
File opened for modification	C:\Windows\Resources\tjud.exe	explorer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6n.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icsys.icn.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spoolsv.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
4548	icsys.icn.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
880	explorer.exe
3172	svchost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4916	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6n.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
4548	icsys.icn.exe
4548	icsys.icn.exe
880	explorer.exe
880	explorer.exe
4756	spoolsv.exe
4756	spoolsv.exe
3172	svchost.exe
3172	svchost.exe
1012	spoolsv.exe
1012	spoolsv.exe
4916	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6n.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 4916	4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe	82
PID 4716 wrote to memory of 4916	4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe	82
PID 4716 wrote to memory of 4916	4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe	82
PID 4716 wrote to memory of 4548	4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe	83
PID 4716 wrote to memory of 4548	4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe	83
PID 4716 wrote to memory of 4548	4716	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe	83
PID 4548 wrote to memory of 880	4548	icsys.icn.exe	84
PID 4548 wrote to memory of 880	4548	icsys.icn.exe	84
PID 4548 wrote to memory of 880	4548	icsys.icn.exe	84
PID 880 wrote to memory of 4756	880	explorer.exe	85
PID 880 wrote to memory of 4756	880	explorer.exe	85
PID 880 wrote to memory of 4756	880	explorer.exe	85
PID 4756 wrote to memory of 3172	4756	spoolsv.exe	86
PID 4756 wrote to memory of 3172	4756	spoolsv.exe	86
PID 4756 wrote to memory of 3172	4756	spoolsv.exe	86
PID 3172 wrote to memory of 1012	3172	svchost.exe	87
PID 3172 wrote to memory of 1012	3172	svchost.exe	87
PID 3172 wrote to memory of 1012	3172	svchost.exe	87
PID 4916 wrote to memory of 4332	4916	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6n.exe	88
PID 4916 wrote to memory of 4332	4916	1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6n.exe	88

C:\Users\Admin\AppData\Local\Temp\1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe
"C:\Users\Admin\AppData\Local\Temp\1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6N.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4716
- \??\c:\users\admin\appdata\local\temp\1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6n.exe
  c:\users\admin\appdata\local\temp\1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6n.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4916
- - C:\Users\Admin\AppData\Local\Temp\14dd9c14-d687-47dd-adc1-1f5912e737bd\midtp.exe
    "C:\Users\Admin\AppData\Local\Temp\14dd9c14-d687-47dd-adc1-1f5912e737bd\midtp.exe" -f -
    3⤵
    - Executes dropped EXE
    PID:4332
- C:\Windows\Resources\Themes\icsys.icn.exe
  C:\Windows\Resources\Themes\icsys.icn.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4548
- - \??\c:\windows\resources\themes\explorer.exe
    c:\windows\resources\themes\explorer.exe
    3⤵
    - Modifies visiblity of hidden/system files in Explorer
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:880
  - - \??\c:\windows\resources\spoolsv.exe
      c:\windows\resources\spoolsv.exe SE
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4756
    - - \??\c:\windows\resources\svchost.exe
        
        c:\windows\resources\svchost.exe
        5⤵
        Modifies visiblity of hidden/system files in Explorer
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3172
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe PR
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\14dd9c14-d687-47dd-adc1-1f5912e737bd\0\cached-microdesc-consensus.tmp

Filesize
2.7MB

MD5
d3bf18c06ff18b0cdb3249c4ca455501

SHA1
63a08f96b8b334c13f76c63cf90d9489c98e0437

SHA256
72c2f4cc3d3e3b00c25abe207d0b97ab0e8b1b64f1a1d10f948f5456ae1746e0

SHA512
d0a8190e8994d4690f0da0b54ea870f72110cfb163af0bf60f3e1071fd07c11a76595ed934efa868ee89611826e09316851f2f3ab0d84441df5677619c93c9ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\14dd9c14-d687-47dd-adc1-1f5912e737bd\0\cached-microdescs.new

Filesize
21.2MB

MD5
2dad0dd8d2cc518ea236dd3d084a862e

SHA1
40c7e2755decf5b89da7550f365f792d53bc81a4

SHA256
e4378729cb94e210c782b9db9ac7221ea362128d6076efcd2935944a8e5dc7b1

SHA512
dde0843381da9d917f287b3c20d88d8a0b605e94a1cf2541191a5d37861d6f4da683f24b5bf1c8e1a9b52aa25e208dc0dddf79d6045f8aacec2ea5e5acc3cb0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\14dd9c14-d687-47dd-adc1-1f5912e737bd\midtp.exe

Filesize
8.6MB

MD5
dcb04bad2eb62d8e258a8038e741c554

SHA1
ba64b4b7134d9ccda5cdd3624cdc898e3778fb7f

SHA256
33049016dd8985e97e69d89cad74b59b06488310c0be86d0f83b10ee096b7875

SHA512
8f0fb5a453030850c37e6f3b8f94bc0eb04512c4810dfc5499289dc74b1d02c38e639947245e996cfb3398449395d3ba59f1513f5a9c3283dc4d268f0d7265c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\1f40225b21f035d11c1d21b13e51fcc1be6be091825cf876977fe63ee51ff5e6n.exe

Filesize
214KB

MD5
862d9a823ae99b9181b749ae66198bca

SHA1
b89eaa81779e4c7f6109cd67ad69fc8a99ce7f16

SHA256
af74be686e4636701f86e56d1129cdacdda93b863bb45ab491237d093b8101bf

SHA512
d80bd737a4af4d07b104551bf1c91cedc91cfb463b8af2ae78b0aac6e75862a4dd31cd2de37daa0e4d5857e785987f43e994f0623286adfbe61e656274207507

Download Submit
C:\Windows\Resources\Themes\explorer.exe

Filesize
135KB

MD5
4bb8db9525a5df8a4e7ba6d206e33940

SHA1
6ac17599dfcd71cd636b0c2dbc287add20dc4565

SHA256
c1522188223a3909132c1a61d6607bc30612a7182aa7281ed3e2cecba507e18e

SHA512
85ad5ff1ccdf320d752858c4cdd57bc94a64ca0d7c251ff171880ac503735e8af53a405577b84d593c05c7c195789a4c2fdfdd61f7c41aa346243c613d23c8b5

Download Submit
C:\Windows\Resources\Themes\icsys.icn.exe

Filesize
135KB

MD5
d8dc406bf8d197c04dcff330056f8973

SHA1
f8cc9cd479fd010721862839c7ea52914f1fbf93

SHA256
9ef8896115ec433657a4943b7f839d9828d27af7c7772ec60f2f764b6974a0c8

SHA512
ca039a49da2b7c173f9eebde5dbb64ba340557eea5c50a2b8c5338d8251c999d4d965244be450e4a7898792539d9bb65c8cb37ae75cdf287c0fbc822804fc9cd

Download Submit
\??\c:\windows\resources\spoolsv.exe

Filesize
135KB

MD5
17cfcfa7e5f1cb82c3b95a449c2afb4f

SHA1
0ee044ee7003665ee9022091142bdf44a31f037a

SHA256
faa460a209279fa160397ccf561da904e1d9f9b1a264c06d359d704a9c67364a

SHA512
797464b3a668fc6eda14cea86a58d74215d01b54df8c71ad88130d704c4d2061816112241be00a60f0c48056edf89bfc799ef6fe8ce4e5d1ba6365f33e0340ce

Download Submit
\??\c:\windows\resources\svchost.exe

Filesize
135KB

MD5
ca5857fc3d72c3474b366502ef17a5bc

SHA1
2e9b9eebca1f7e653651dd06f19704aad73eb1d9

SHA256
cf51c054ea84660ed478b58ec3e465c87950f9fb94b9bf72c1ffc2fe3ffc34df

SHA512
3a429dc9cc713c74e7f06e4d163cc17326e67ca9f93fb58ed5bf94f11446501ca84e70203e4dde62d0969753488f70bb5fd8ac8bb0139ccf4d4e1988e8debaa5

Download Submit
memory/880-114-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1012-47-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3172-115-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4548-49-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4716-50-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4716-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4756-48-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4916-61-0x00000000069E0000-0x0000000006A1C000-memory.dmp

Filesize
240KB

Download
memory/4916-58-0x0000000074DAE000-0x0000000074DAF000-memory.dmp

Filesize
4KB

Download
memory/4916-59-0x0000000006580000-0x00000000065E6000-memory.dmp

Filesize
408KB

Download
memory/4916-60-0x0000000006830000-0x0000000006842000-memory.dmp

Filesize
72KB

Download
memory/4916-55-0x0000000016220000-0x00000000162B2000-memory.dmp

Filesize
584KB

Download
memory/4916-63-0x0000000006D50000-0x0000000006D5A000-memory.dmp

Filesize
40KB

Download
memory/4916-64-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/4916-12-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/4916-11-0x0000000005BE0000-0x0000000006184000-memory.dmp

Filesize
5.6MB

Download
memory/4916-10-0x0000000000B70000-0x0000000000BAC000-memory.dmp

Filesize
240KB

Download
memory/4916-9-0x0000000074DAE000-0x0000000074DAF000-memory.dmp

Filesize
4KB

Download