Resubmissions

11-12-2024 15:32

241211-sy44nssrdm 10

09-08-2024 21:57

240809-1t1vfs1cpm 10

06-08-2024 13:01

240806-p9f97szdlm 10

06-08-2024 12:52

240806-p3672stdkg 10

06-08-2024 12:29

240806-ppa8fsygqr 10

06-08-2024 12:26

240806-pmc92ashlh 10

Analysis

  • max time kernel
    131s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-08-2024 12:29

General

  • Target

    1/3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe

  • Size

    731KB

  • MD5

    bd1050f3642d22733a30cd101f591713

  • SHA1

    5a6553bea21e2df2307ed5c843072bcb023566be

  • SHA256

    3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671

  • SHA512

    6cc19b1df105d9f4e76c39f7be79c9a5a42fdb338a8b56b1d16e1343221e36552344fc30aa8c2bf4d48781694a412dcddb5858a36c643706bc778b0b8cc59883

  • SSDEEP

    12288:tmoDWx2PQfRcudR5C3T+Lc7vaVs95ucinaj13Tp8K2:tHawMR9/gDR5yrQx2K2

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.libreriagandhi.cl
  • Port:
    21
  • Username:
    zativax1@libreriagandhi.cl
  • Password:
    x6p2^m#1#~+O

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.libreriagandhi.cl
  • Port:
    21
  • Username:
    zativax1@libreriagandhi.cl
  • Password:
    x6p2^m#1#~+O

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1\3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
    "C:\Users\Admin\AppData\Local\Temp\1\3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:340
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\1\3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe"
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1016
    • C:\Users\Admin\AppData\Local\Temp\1\3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
      "C:\Users\Admin\AppData\Local\Temp\1\3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4156
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1040,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8
    1⤵
      PID:3188

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      85.177.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      85.177.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=04DC15B4A64B62E23CA80167A76C6378; domain=.bing.com; expires=Sun, 31-Aug-2025 12:30:40 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: F7B932AE6EFC4A7A8E3D7CBEFBCFB803 Ref B: LON04EDGE0620 Ref C: 2024-08-06T12:30:40Z
      date: Tue, 06 Aug 2024 12:30:39 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=04DC15B4A64B62E23CA80167A76C6378
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=0cCnl6ZtAzoxK861h3U4JtjaS6Q-C3a3dtL_95P1aoQ; domain=.bing.com; expires=Sun, 31-Aug-2025 12:30:40 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 358492F461F34477B0AA402C37F77EBB Ref B: LON04EDGE0620 Ref C: 2024-08-06T12:30:40Z
      date: Tue, 06 Aug 2024 12:30:40 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      Remote address:
      204.79.197.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=04DC15B4A64B62E23CA80167A76C6378; MSPTC=0cCnl6ZtAzoxK861h3U4JtjaS6Q-C3a3dtL_95P1aoQ
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: BE52762F741C4BBEA43774B4660C6A62 Ref B: LON04EDGE0620 Ref C: 2024-08-06T12:30:40Z
      date: Tue, 06 Aug 2024 12:30:40 GMT
    • flag-us
      DNS
      237.197.79.204.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.197.79.204.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      ip-api.com
      3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
      Remote address:
      8.8.8.8:53
      Request
      ip-api.com
      IN A
      Response
      ip-api.com
      IN A
      208.95.112.1
    • flag-us
      GET
      http://ip-api.com/line/?fields=hosting
      3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
      Remote address:
      208.95.112.1:80
      Request
      GET /line/?fields=hosting HTTP/1.1
      Host: ip-api.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Tue, 06 Aug 2024 12:30:55 GMT
      Content-Type: text/plain; charset=utf-8
      Content-Length: 6
      Access-Control-Allow-Origin: *
      X-Ttl: 60
      X-Rl: 44
    • flag-us
      DNS
      1.112.95.208.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      1.112.95.208.in-addr.arpa
      IN PTR
      Response
      1.112.95.208.in-addr.arpa
      IN PTR
      ip-apicom
    • flag-us
      DNS
      1.112.95.208.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      1.112.95.208.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      ftp.libreriagandhi.cl
      3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
      Remote address:
      8.8.8.8:53
      Request
      ftp.libreriagandhi.cl
      IN A
      Response
      ftp.libreriagandhi.cl
      IN A
      162.213.209.162
    • flag-us
      DNS
      162.209.213.162.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      162.209.213.162.in-addr.arpa
      IN PTR
      Response
      162.209.213.162.in-addr.arpa
      IN PTR
      cp014 servidoresphcom
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      171.39.242.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      171.39.242.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      14.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      14.227.111.52.in-addr.arpa
      IN PTR
      Response
    • 204.79.197.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
      tls, http2
      2.0kB
      9.3kB
      21
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=7259b08890884fd0994f6da72e7f0913&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

      HTTP Response

      204
    • 208.95.112.1:80
      http://ip-api.com/line/?fields=hosting
      http
      3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
      356 B
      347 B
      6
      4

      HTTP Request

      GET http://ip-api.com/line/?fields=hosting

      HTTP Response

      200
    • 162.213.209.162:21
      ftp.libreriagandhi.cl
      ftp
      3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
      881 B
      1.2kB
      15
      12
    • 162.213.209.162:57218
      ftp.libreriagandhi.cl
      3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
      1.1kB
      184 B
      7
      4
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
      90 B
      1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      85.177.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      85.177.190.20.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
      128 B
      1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
      151 B
      1
      1

      DNS Request

      g.bing.com

      DNS Response

      204.79.197.237
      13.107.21.237

    • 8.8.8.8:53
      237.197.79.204.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      237.197.79.204.in-addr.arpa

    • 8.8.8.8:53
      ip-api.com
      dns
      3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
      56 B
      72 B
      1
      1

      DNS Request

      ip-api.com

      DNS Response

      208.95.112.1

    • 8.8.8.8:53
      1.112.95.208.in-addr.arpa
      dns
      142 B
      95 B
      2
      1

      DNS Request

      1.112.95.208.in-addr.arpa

      DNS Request

      1.112.95.208.in-addr.arpa

    • 8.8.8.8:53
      ftp.libreriagandhi.cl
      dns
      3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
      67 B
      83 B
      1
      1

      DNS Request

      ftp.libreriagandhi.cl

      DNS Response

      162.213.209.162

    • 8.8.8.8:53
      162.209.213.162.in-addr.arpa
      dns
      74 B
      110 B
      1
      1

      DNS Request

      162.209.213.162.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
      146 B
      1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      171.39.242.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      171.39.242.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
      128 B
      1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      14.227.111.52.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      14.227.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe.log

      Filesize

      1KB

      MD5

      8783efc818e6c4b08cdd7dc7e06641d0

      SHA1

      481a410d390aefdd28ff1bc005d1ee46e7b092f2

      SHA256

      735a7e96c6b2d91b062f378d14291656b72c92d36b1a21584ce5b606b4ea8572

      SHA512

      1d48c97192d9ca4deca93a2a62dc6230d2752b1710c95660b41e89413b9b022a0139570d946580968bd04cf48497a6dc31e25d4aca7f477525b346ab0a302d32

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_huofx4u1.z41.ps1

      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    • memory/340-8-0x00000000067F0000-0x0000000006812000-memory.dmp

      Filesize

      136KB

    • memory/340-9-0x0000000006970000-0x000000000698A000-memory.dmp

      Filesize

      104KB

    • memory/340-4-0x0000000005280000-0x000000000528A000-memory.dmp

      Filesize

      40KB

    • memory/340-6-0x0000000005C60000-0x0000000005FB4000-memory.dmp

      Filesize

      3.3MB

    • memory/340-5-0x00000000745E0000-0x0000000074D90000-memory.dmp

      Filesize

      7.7MB

    • memory/340-7-0x0000000006090000-0x00000000060A2000-memory.dmp

      Filesize

      72KB

    • memory/340-18-0x00000000745E0000-0x0000000074D90000-memory.dmp

      Filesize

      7.7MB

    • memory/340-3-0x00000000051B0000-0x0000000005242000-memory.dmp

      Filesize

      584KB

    • memory/340-10-0x00000000069B0000-0x00000000069BE000-memory.dmp

      Filesize

      56KB

    • memory/340-11-0x00000000069D0000-0x0000000006A54000-memory.dmp

      Filesize

      528KB

    • memory/340-12-0x00000000093B0000-0x000000000944C000-memory.dmp

      Filesize

      624KB

    • memory/340-2-0x00000000056B0000-0x0000000005C54000-memory.dmp

      Filesize

      5.6MB

    • memory/340-1-0x0000000000710000-0x00000000007CC000-memory.dmp

      Filesize

      752KB

    • memory/340-0-0x00000000745EE000-0x00000000745EF000-memory.dmp

      Filesize

      4KB

    • memory/1016-23-0x00000000745E0000-0x0000000074D90000-memory.dmp

      Filesize

      7.7MB

    • memory/1016-49-0x0000000006270000-0x000000000628E000-memory.dmp

      Filesize

      120KB

    • memory/1016-63-0x00000000745E0000-0x0000000074D90000-memory.dmp

      Filesize

      7.7MB

    • memory/1016-22-0x00000000745E0000-0x0000000074D90000-memory.dmp

      Filesize

      7.7MB

    • memory/1016-21-0x00000000050C0000-0x00000000056E8000-memory.dmp

      Filesize

      6.2MB

    • memory/1016-60-0x0000000007310000-0x0000000007318000-memory.dmp

      Filesize

      32KB

    • memory/1016-59-0x0000000007330000-0x000000000734A000-memory.dmp

      Filesize

      104KB

    • memory/1016-58-0x0000000007230000-0x0000000007244000-memory.dmp

      Filesize

      80KB

    • memory/1016-34-0x00000000745E0000-0x0000000074D90000-memory.dmp

      Filesize

      7.7MB

    • memory/1016-35-0x00000000058C0000-0x0000000005C14000-memory.dmp

      Filesize

      3.3MB

    • memory/1016-33-0x0000000005760000-0x00000000057C6000-memory.dmp

      Filesize

      408KB

    • memory/1016-36-0x0000000005CE0000-0x0000000005CFE000-memory.dmp

      Filesize

      120KB

    • memory/1016-37-0x0000000006150000-0x000000000619C000-memory.dmp

      Filesize

      304KB

    • memory/1016-38-0x0000000006C80000-0x0000000006CB2000-memory.dmp

      Filesize

      200KB

    • memory/1016-39-0x0000000070260000-0x00000000702AC000-memory.dmp

      Filesize

      304KB

    • memory/1016-17-0x0000000002310000-0x0000000002346000-memory.dmp

      Filesize

      216KB

    • memory/1016-50-0x0000000006CC0000-0x0000000006D63000-memory.dmp

      Filesize

      652KB

    • memory/1016-51-0x0000000007660000-0x0000000007CDA000-memory.dmp

      Filesize

      6.5MB

    • memory/1016-52-0x0000000007000000-0x000000000701A000-memory.dmp

      Filesize

      104KB

    • memory/1016-53-0x0000000007060000-0x000000000706A000-memory.dmp

      Filesize

      40KB

    • memory/1016-54-0x0000000007270000-0x0000000007306000-memory.dmp

      Filesize

      600KB

    • memory/1016-55-0x00000000071F0000-0x0000000007201000-memory.dmp

      Filesize

      68KB

    • memory/1016-57-0x0000000007220000-0x000000000722E000-memory.dmp

      Filesize

      56KB

    • memory/4156-56-0x0000000006970000-0x00000000069C0000-memory.dmp

      Filesize

      320KB

    • memory/4156-13-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

    • memory/4156-16-0x00000000745E0000-0x0000000074D90000-memory.dmp

      Filesize

      7.7MB

    • memory/4156-19-0x0000000005580000-0x00000000055E6000-memory.dmp

      Filesize

      408KB

    • memory/4156-20-0x00000000745E0000-0x0000000074D90000-memory.dmp

      Filesize

      7.7MB

    • memory/4156-64-0x00000000745E0000-0x0000000074D90000-memory.dmp

      Filesize

      7.7MB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.