Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 15:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aed885e70b6da85a028b20164cab48af42e6c72a461c0eac35794a7f1d1e8a97.exe

  • Size

    1.8MB

  • MD5

    7415bf519484ee3aa72ddb6a1a133a1e

  • SHA1

    05cef079c55b0b5c6c63136cc24f65c2601687cd

  • SHA256

    aed885e70b6da85a028b20164cab48af42e6c72a461c0eac35794a7f1d1e8a97

  • SHA512

    47eca027cb90f8216092758967c6d56c613d301f11934b9f551e6da3dd59966c183ec3539e6a7bbb6a122e632ab8312121d9b6eaba2273eacf9bf74d564f15c2

  • SSDEEP

    49152:Kk5LXspyIhbEH7fy7LOshS67tVdIy/30GqHBQnroaQFEF:KSYzB2745Sm/dp/EGOQnro3I

Score
10/10
amadeyredlinestealc@oleh_pspdefault2fed3aalivetrafficcredential_accessdiscoveryevasioninfostealerspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.41

Botnet

fed3aa

C2

http://185.215.113.16

Attributes
  • install_dir

    44111dbc49

  • install_file

    axplong.exe

  • strings_key

    8d0ad6945b1a30a186ec2d30be6db0b5

  • url_paths

    /Jo89Ku7d/index.php

rc4.plain

Extracted

Family

redline

Botnet

LiveTraffic

C2

95.179.250.45:26212

Extracted

Family

redline

Botnet

@OLEH_PSP

C2

65.21.18.51:45580

Extracted

Family

stealc

Botnet

default2

C2

http://185.215.113.17

Attributes
  • url_path

    /2fb6c2cc8dce150a.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 3 IoCs
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 8 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 12 IoCs
  • Identifies Wine through registry keys 2 TTPs 4 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aed885e70b6da85a028b20164cab48af42e6c72a461c0eac35794a7f1d1e8a97.exe
    "C:\Users\Admin\AppData\Local\Temp\aed885e70b6da85a028b20164cab48af42e6c72a461c0eac35794a7f1d1e8a97.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3436
    • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
      "C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1136
      • C:\Users\Admin\AppData\Local\Temp\1000002001\gold.exe
        "C:\Users\Admin\AppData\Local\Temp\1000002001\gold.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1200
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          4⤵
            PID:5044
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            4⤵
              PID:2044
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              4⤵
              • System Location Discovery: System Language Discovery
              • Modifies system certificate store
              • Suspicious use of AdjustPrivilegeToken
              PID:4064
          • C:\Users\Admin\AppData\Local\Temp\1000004001\crypteda.exe
            "C:\Users\Admin\AppData\Local\Temp\1000004001\crypteda.exe"
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:880
            • C:\Users\Admin\AppData\Roaming\bLETp7ytcs.exe
              "C:\Users\Admin\AppData\Roaming\bLETp7ytcs.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:1128
            • C:\Users\Admin\AppData\Roaming\QiPgb83nlC.exe
              "C:\Users\Admin\AppData\Roaming\QiPgb83nlC.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:3824
          • C:\Users\Admin\AppData\Local\Temp\1000005001\Nework.exe
            "C:\Users\Admin\AppData\Local\Temp\1000005001\Nework.exe"
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of WriteProcessMemory
            PID:4936
            • C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
              "C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:4008
          • C:\Users\Admin\AppData\Local\Temp\1000066001\stealc_default2.exe
            "C:\Users\Admin\AppData\Local\Temp\1000066001\stealc_default2.exe"
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            PID:3608
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4292,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:8
        1⤵
          PID:4188
        • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
          C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
          1⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          PID:3728
        • C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
          C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
          1⤵
          • Executes dropped EXE
          PID:1844
        • C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
          C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
          1⤵
          • Executes dropped EXE
          PID:1340
        • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
          C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
          1⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          PID:2076

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\mozglue.dll
          Filesize

          593KB

          MD5

          c8fd9be83bc728cc04beffafc2907fe9

          SHA1

          95ab9f701e0024cedfbd312bcfe4e726744c4f2e

          SHA256

          ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

          SHA512

          fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

          Download Submit

        • C:\ProgramData\nss3.dll
          Filesize

          2.0MB

          MD5

          1cc453cdf74f31e4d913ff9c10acdde2

          SHA1

          6e85eae544d6e965f15fa5c39700fa7202f3aafe

          SHA256

          ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

          SHA512

          dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1000002001\gold.exe
          Filesize

          312KB

          MD5

          389881b424cf4d7ec66de13f01c7232a

          SHA1

          d3bc5a793c1b8910e1ecc762b69b3866e4c5ba78

          SHA256

          9d1211b3869ca43840b7da1677b257ad37521aab47719c6fcfe343121760b746

          SHA512

          2b9517d5d9d972e8754a08863a29e3d3e3cfde58e20d433c85546c2298aad50ac8b069cafd5abb3c86e24263d662c6e1ea23c0745a2668dfd215ddbdfbd1ab96

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1000004001\crypteda.exe
          Filesize

          1.1MB

          MD5

          ec23d4868753f523df127f531451dcbd

          SHA1

          8a172e091d057a8db1e3e1999d48060967b99f36

          SHA256

          5a4308d45dc245870376ece2209450e5ca46872e632c81c3c61178f139ef223d

          SHA512

          2e7b63f43a49514d9c98f4ef1964d4ad2b2eef5d88500098246a31d6391f68715bd2a216a662836815615fe4cc2410fe32eacfdd0d7b3cf16f58c816a0c651fb

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1000005001\Nework.exe
          Filesize

          416KB

          MD5

          f5d7b79ee6b6da6b50e536030bcc3b59

          SHA1

          751b555a8eede96d55395290f60adc43b28ba5e2

          SHA256

          2f1aff28961ba0ce85ea0e35b8936bc387f84f459a4a1d63d964ce79e34b8459

          SHA512

          532b17cd2a6ac5172b1ddba1e63edd51ab53a4527204415241e3a78e8ffeb9728071bde5ae1eefabefd2627f00963f8a5458668cd7b8df041c8683252ff56b46

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1000066001\stealc_default2.exe
          Filesize

          187KB

          MD5

          7a02aa17200aeac25a375f290a4b4c95

          SHA1

          7cc94ca64268a9a9451fb6b682be42374afc22fd

          SHA256

          836799fd760eba25e15a55c75c50b977945c557065a708317e00f2c8f965339e

          SHA512

          f6ebfe7e087aa354722cea3fddd99b1883a862fb92bb5a5a86782ea846a1bff022ab7db4397930bcabaa05cb3d817de3a89331d41a565bc1da737f2c5e3720b6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1000129001\2.exe
          Filesize

          5.4MB

          MD5

          974eedd8bd33a9ff6bfcc16f7e7ab1d6

          SHA1

          302a8ac67e876d7e429c79da2755123694cb0e40

          SHA256

          209ca33660cbb1ebad7b8d12d579abf9d499a1c87a89c0311b7f8ff4a4e402f1

          SHA512

          0b990e46d96f919139d17ff2ea82978449fd5a7a441acd4ee0dc0a6f451a9bdd0eec1233e506ca41c6250934599ca62e5a2fe9bfe0609204b557b3d224a11acd

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe
          Filesize

          1.8MB

          MD5

          7415bf519484ee3aa72ddb6a1a133a1e

          SHA1

          05cef079c55b0b5c6c63136cc24f65c2601687cd

          SHA256

          aed885e70b6da85a028b20164cab48af42e6c72a461c0eac35794a7f1d1e8a97

          SHA512

          47eca027cb90f8216092758967c6d56c613d301f11934b9f551e6da3dd59966c183ec3539e6a7bbb6a122e632ab8312121d9b6eaba2273eacf9bf74d564f15c2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tmp5B2B.tmp
          Filesize

          2KB

          MD5

          1420d30f964eac2c85b2ccfe968eebce

          SHA1

          bdf9a6876578a3e38079c4f8cf5d6c79687ad750

          SHA256

          f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9

          SHA512

          6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\tmp7734.tmp
          Filesize

          56KB

          MD5

          7872fbf0a1bb518682babda3d8dc7b4e

          SHA1

          9714d4f9f7e7c3b9a99f656b88b3a10cbd9c65e4

          SHA256

          a821fa964b5c5273f0e4696e98815f07113c85436cc468f41f39722e7d2767c2

          SHA512

          f91bb32e1675f822af53ebc91dc5764625b13bc2e365dcf795e1132525857e5d43a18b2f53b4bb70722aef7a0eafd5b3e4d1805f8567d325d34ae41c281832c0

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\tmp7775.tmp
          Filesize

          232KB

          MD5

          0288a646931d57eb94f25f2daa17c778

          SHA1

          9318054dcb08173fb4e08011a7a56c5775f0f3a5

          SHA256

          79b8441549f879f6580ed76631e606c1642291ff56c4569b3bd96505aecc50b3

          SHA512

          c064c16a28d2e2260da283b240cd073a61cddc57462e7031c4f06090aeda3f58a56a73f27572188be2d20edf22134c1f8be4d08e67e45fbe24ac0b47f7c78fcf

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2170637797-568393320-3232933035-1000\76b53b3ec448f7ccdda2063b15d2bfc3_76278eb0-9988-43b4-9423-af5897ebbcb4
          Filesize

          2KB

          MD5

          ecdcbd24da1bb7e6bfac58385c2f3dae

          SHA1

          30fb643ba2cb5100e3975fcca847e6ca4ec1d9a7

          SHA256

          0a78df9a86ed54112865543a0407693b90cffc0c8156f13b6a7db915e1fe455e

          SHA512

          f3f67b83e61a17108e1e1fa1c410c4495806647cd7f126e0c67e668169d9a006a067abcb9756b9873d28673c6aec513ab0d3d01d79430ba1d9dacbaa8be4d643

          Download Submit

        • C:\Users\Admin\AppData\Roaming\QiPgb83nlC.exe
          Filesize

          304KB

          MD5

          7e39ccb9926a01051635f3c2675ff01d

          SHA1

          00518801574c9a475b86847db9ff2635ffe4b08b

          SHA256

          4a5d76a51f341950e5588b373dc03cfc6a107a2799f5e8778d6994f5c15a52fc

          SHA512

          6c768ba63793dcec3a64f96a8e4cdf12ab4f165e4e343b33eeeed6c6473a52cca86f9275ac8689eafaaf58e6daa2ea1b8c87ebefa80152c04475c57f182dbf1d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\bLETp7ytcs.exe
          Filesize

          622KB

          MD5

          4c82ed5f54457b13b25a60c6a0544a9c

          SHA1

          e6e8ff2456ee580fa8d62bb13c679859bf3e0856

          SHA256

          39867afa37975fadeb1a58a7e427c8f2a5c9e0d81bdaf23ce6e51c05a91087e6

          SHA512

          474db526dc64e6558df217442a85fe1614489c9c2f917619eb5f6b62ed37a8ca5079aab147b0bcb63193b3995889702f3eec2eeb0b6dff1103fe5f2b00d42cb9

          Download Submit

        • C:\Users\Admin\Desktop\Microsoft Edge.lnk
          Filesize

          2KB

          MD5

          02481717079d0097913b8f16e8583aaf

          SHA1

          333f1d1f69d06d225ce1c5f429c3903948d2b7c4

          SHA256

          80454146bda122a25bca5841618db8f01f31fa7c9dc0f7a7378221a2019ce920

          SHA512

          f4e6591cfc19b351532109132d6834831ec13e9a8a1312377d1e2445a05d81265a1f753890af1f811955846a310ff418aa548b0a19cf4e99f0c7b3b3ac1c8212

          Download Submit

        • C:\Users\Public\Desktop\Google Chrome.lnk
          Filesize

          2KB

          MD5

          aac5f4ec2d1c4c6de526c560be1321a7

          SHA1

          ad0bf4e7a78040add16b8c5b0c7c1c8e379eef92

          SHA256

          8cc07a2f0d7d04b149bcd0a6a54823428e267a69816e07dc4173567c847f7f07

          SHA512

          1e99f45d1884c97776d3e038fb509e3f48fa8fd89df4dd2709f1daa0af97e5afefc216a64f820a6ed753cf203fbe9a90aee09943dc782556db13b4d8bf21fa2b

          Download Submit

        • memory/1128-185-0x000000000A800000-0x000000000AD2C000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/1128-182-0x0000000008C50000-0x0000000008CB6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/1128-184-0x000000000A100000-0x000000000A2C2000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/1128-130-0x00000000009F0000-0x0000000000A92000-memory.dmp

          Filesize

          648KB

          Download

        • memory/1136-297-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-181-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-317-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-316-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-315-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-299-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-311-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-310-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-309-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-308-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-307-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-306-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-301-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-18-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-19-0x00000000002C1000-0x00000000002EF000-memory.dmp

          Filesize

          184KB

          Download

        • memory/1136-21-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-300-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-176-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-178-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-241-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-20-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1136-183-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/1200-40-0x000000007319E000-0x000000007319F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1200-41-0x0000000000730000-0x0000000000784000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2076-314-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/3436-17-0x0000000000190000-0x0000000000660000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/3436-1-0x0000000077584000-0x0000000077586000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3436-4-0x0000000000190000-0x0000000000660000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/3436-3-0x0000000000190000-0x0000000000660000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/3436-2-0x0000000000191000-0x00000000001BF000-memory.dmp

          Filesize

          184KB

          Download

        • memory/3436-0-0x0000000000190000-0x0000000000660000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/3608-177-0x0000000000090000-0x00000000002D3000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/3608-295-0x0000000000090000-0x00000000002D3000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/3608-186-0x0000000061E00000-0x0000000061EF3000-memory.dmp

          Filesize

          972KB

          Download

        • memory/3728-304-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/3728-305-0x00000000002C0000-0x0000000000790000-memory.dmp

          Filesize

          4.8MB

          Download

        • memory/3824-111-0x0000000000B50000-0x0000000000BA2000-memory.dmp

          Filesize

          328KB

          Download

        • memory/4064-49-0x00000000055A0000-0x00000000055AA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/4064-47-0x0000000005890000-0x0000000005E34000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/4064-48-0x00000000053E0000-0x0000000005472000-memory.dmp

          Filesize

          584KB

          Download

        • memory/4064-266-0x0000000009650000-0x00000000096A0000-memory.dmp

          Filesize

          320KB

          Download

        • memory/4064-44-0x0000000000400000-0x0000000000452000-memory.dmp

          Filesize

          328KB

          Download

        • memory/4064-66-0x00000000061C0000-0x0000000006236000-memory.dmp

          Filesize

          472KB

          Download

        • memory/4064-91-0x0000000007260000-0x00000000072AC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/4064-90-0x0000000007220000-0x000000000725C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4064-86-0x0000000008B40000-0x0000000008C4A000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4064-87-0x00000000071C0000-0x00000000071D2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4064-80-0x0000000006930000-0x000000000694E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/4064-85-0x00000000072C0000-0x00000000078D8000-memory.dmp

          Filesize

          6.1MB

          Download