Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

agg.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    128s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250207-en
  • resource tags

    arch:x64arch:x86image:win11-20250207-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08/02/2025, 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    agg.exe

  • Size

    543KB

  • MD5

    4dbf422d243020b7c8dbf7f186e9f405

  • SHA1

    4e2e3ee0214f1d20817efc248d10faea235cc4b5

  • SHA256

    9f0a14be6b3437eb09cca475a3fdcc22bfe51af31abeed95c57be0f61fbffd35

  • SHA512

    8b903fae347f8b4576720307b03abfcb2b19ff00a6c29cb2199d911531bc90dff1d438449072d64ab8bd75fa735f05953e95dc04455139e9e4622249ee4f57b9

  • SSDEEP

    12288:HLV6BtpmkUliOEyfOR4BLij8f4McGz0esfr:rApfUIOEyfjA8AMeesfr

Score
10/10
nanocoredefense_evasiondiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Nanocore family
    nanocore
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\agg.exe
    "C:\Users\Admin\AppData\Local\Temp\agg.exe"
    1⤵
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Windows\SYSTEM32\schtasks.exe
      "schtasks.exe" /create /f /tn "DPI Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmpF5AA.tmp"
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:3288
    • C:\Windows\SYSTEM32\schtasks.exe
      "schtasks.exe" /create /f /tn "DPI Service Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmpF5DA.tmp"
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:4336
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEMwRkM3QzEtNjEwNS00RUI3LTlBMEQtRjNDRUE5REE2MjM0fSIgdXNlcmlkPSJ7NkVDQjE1MzItN0EzNS00MkM5LTg1OTMtMjVDQUREQzRDOUFFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTUzMkVBRkYtQThGQy00NkE0LUEwNUUtOTM2ODUxNDcwNTc5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRldGltZT0iMTczODk1NjQ2OSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNDI5MTM1MzQ4MDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ5OTM2MzQyOTciLz48L2FwcD48L3JlcXVlc3Q-
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:4988
  • C:\Windows\SysWOW64\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3508" "1252" "1256" "1264" "0" "0" "0" "0" "0" "0" "0" "0"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:4900
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEMwRkM3QzEtNjEwNS00RUI3LTlBMEQtRjNDRUE5REE2MjM0fSIgdXNlcmlkPSJ7NkVDQjE1MzItN0EzNS00MkM5LTg1OTMtMjVDQUREQzRDOUFFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBMjI2OEUyRi1GMzJFLTQyRjgtQTU5MC04RTVBNUQ2ODQzNUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIxMzMuMC4zMDY1LjUxIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTU1OTg2Ij48ZXZlbnQgZXZlbnR0eXBlPSIzMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iNCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTAwMjA3MTg0OCIvPjwvYXBwPjwvcmVxdWVzdD4
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:5056
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MEMwRkM3QzEtNjEwNS00RUI3LTlBMEQtRjNDRUE5REE2MjM0fSIgdXNlcmlkPSJ7NkVDQjE1MzItN0EzNS00MkM5LTg1OTMtMjVDQUREQzRDOUFFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9InszMDQwNUJBQS1FNDk1LTREMDMtOTk1NS03MEI3NUQwMkU1RER9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC42MCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIxIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9IntFRTgzQjkzNS0yMTBGLTRFNzktOTg3OS02MTAzNjcwMTFGRTV9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjEzMy4wLjMwNjUuNTEiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMCIgY29ob3J0PSJycmZAMC4wMSIgb29iZV9pbnN0YWxsX3RpbWU9IjE4NDQ2NzQ0MDczNzA5NTUxNjA2IiB1cGRhdGVfY291bnQ9IjEiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM4MzQzMjQ0MzE3NTYzMjAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSIxIiByPSIxIiBhZD0iNjYxMiIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7MUJEQjBFOUUtOUMzQy00MDMwLTlEMjEtNkNDREQxMTlEMkFBfSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGNvaG9ydD0icnJmQDAuNDMiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIxIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9InswNzM0NEQxMi1BNEY0LTQ4OTQtQkM3My00QkZEQzBFNkJDQzF9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
    1⤵
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:2240
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=3836,i,4562100277163084989,990114372951809185,262144 --variations-seed-version --mojo-platform-channel-handle=3148 /prefetch:14
    1⤵
      PID:4996
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4572,i,4562100277163084989,990114372951809185,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:14
      1⤵
        PID:1516
      • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
        1⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1496
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5244,i,4562100277163084989,990114372951809185,262144 --variations-seed-version --mojo-platform-channel-handle=3852 /prefetch:14
        1⤵
          PID:4892

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
          Filesize

          352KB

          MD5

          e69c7a7885c04f11c117a12a8e728a86

          SHA1

          696399c0ac6c32da090cbe0961fba44364ddda67

          SHA256

          b3c87091d4a05f5c9f84fed5508bb3ce802ff49c7a9bdfb6df4f2c6037a56dcb

          SHA512

          f02bfd955ed937e025533ee0c51a3c6200f350de0b91828a9884a7079bc450f89b85e55d5f952b47d510a96e1d30195c029112ae475bce6dfe65d8ff817f211a

          Download Submit

        • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
          Filesize

          371KB

          MD5

          0303a56d611229d94cdb90a015934915

          SHA1

          6593d5de926bc32db722cb821fb9eb89f6ffce3c

          SHA256

          f859d8cc50fd5e3502f690dca1cda68f81cb8ee85d02d1cbd3c601db8edb5d83

          SHA512

          73bb3154d7a96afd3cf881fc2f579d6ecdad4a6e2268f9442577b394acaf0aa73e6ac10ca86c38f4de744ceaf4e62684ac5b0ce71bb950745b26b40315ee65db

          Download Submit

        • C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
          Filesize

          389KB

          MD5

          9e6151d969b8a74370baa0abc6c3f26c

          SHA1

          f627449b5d5155488d774af8eab81abff22c296c

          SHA256

          c9d975e30aff677d41e6dc016078222c883a4b0f496b66e4c76a732f6bb72d58

          SHA512

          b957510c83a4a6aa486d0e500add199f094566606f6f0cc7123b30fe15aa795969a36996560a14d09979a122bfa5128509fbe808e431a9460c522a5a9d7e022e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\tmpF5AA.tmp
          Filesize

          1KB

          MD5

          d6157234b2b6ca8f8d1e697731927364

          SHA1

          a245df0c0de55ee1aa7c167f2884bbb0b9f479c8

          SHA256

          0061aab09024753d113b25378f07345ef3b1c4b17db4bb1dcb0a9420486d01e5

          SHA512

          8c97b01c425a76d7865960febc04ee5196f34d71693f91e75b26bfdfa444ce45e5e1a22f4922894cc0087f1aa68cc6de9c4cd5edfa7454c48c5712b73e8403ad

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\tmpF5DA.tmp
          Filesize

          1KB

          MD5

          76e1a07bde338933fc57a7e25da0cc19

          SHA1

          822715f71870cb706f79bf20f98df752a2972997

          SHA256

          b94ef1069d565601332eb75d54530db3521182453d40e2d2ba357f9d48b9a252

          SHA512

          3ed0c46e9792ff5c4612b44167e19c7219709d97a24e091e68ea7cc9d08dfe638dbcaee6e6e92c8e829e272f3cbd7a25c4b3068186478dea1848ad82fed4c335

          Download Submit

        • memory/1528-26-0x000000001D690000-0x000000001D6AE000-memory.dmp

          Filesize

          120KB

          Download

        • memory/1528-27-0x000000001D6E0000-0x000000001D6EA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1528-4-0x000000001CBB0000-0x000000001CC56000-memory.dmp

          Filesize

          664KB

          Download

        • memory/1528-0-0x00007FF841CB5000-0x00007FF841CB6000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1528-15-0x000000001D460000-0x000000001D46A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1528-16-0x0000000001A30000-0x0000000001A42000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1528-17-0x000000001D670000-0x000000001D68A000-memory.dmp

          Filesize

          104KB

          Download

        • memory/1528-19-0x00000000019D0000-0x00000000019DE000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1528-18-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-21-0x000000001CCA0000-0x000000001CCAC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/1528-22-0x000000001CCB0000-0x000000001CCC4000-memory.dmp

          Filesize

          80KB

          Download

        • memory/1528-20-0x000000001CC80000-0x000000001CC92000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1528-24-0x000000001CE70000-0x000000001CE84000-memory.dmp

          Filesize

          80KB

          Download

        • memory/1528-25-0x000000001D3E0000-0x000000001D3EE000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1528-7-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-23-0x0000000001A00000-0x0000000001A10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1528-29-0x000000001D840000-0x000000001D854000-memory.dmp

          Filesize

          80KB

          Download

        • memory/1528-28-0x000000001D710000-0x000000001D73E000-memory.dmp

          Filesize

          184KB

          Download

        • memory/1528-5-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-30-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-31-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-2-0x000000001C960000-0x000000001C9FC000-memory.dmp

          Filesize

          624KB

          Download

        • memory/1528-6-0x00000000019E0000-0x00000000019E8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1528-3-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-44-0x00007FF841CB5000-0x00007FF841CB6000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1528-45-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-46-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-47-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-48-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-49-0x00007FF841A00000-0x00007FF8423A1000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1528-1-0x000000001C3F0000-0x000000001C8BE000-memory.dmp

          Filesize

          4.8MB

          Download