Analysis

  • max time kernel
    200s
  • max time network
    215s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    28-11-2022 04:44

General

  • Target

    Synapse Launcher.exe

  • Size

    787KB

  • MD5

    154e1239c1bb0e04b18f27aabffcd6e7

  • SHA1

    0c72c4db91b8ae7e10271aece8db7efb5271f8ec

  • SHA256

    93fc4441b3648a74d3bc72cc5f34ced564ceca74a5e560961178b42a6c8416b0

  • SHA512

    52d4b91f4610a53ad41e0c73d129b218551ebb70e2162e1c268d84030dc77bc5411926a15fa44ba62f1a93e1c757287c842a217ea25602fac0db157742ee2a05

  • SSDEEP

    6144:ARv5ZcPe5q67ue+MNhH0X4wz2HA/z0OqysLAilL2hJO5Hp2y9z89S49htWZ1BXtx:ARv5OIbhH0IwzyE8LyspL9z89x+zHFi

Score
9/10

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 3 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Synapse Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Synapse Launcher.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\Users\Admin\AppData\Local\Temp\bin\xIjfW.bin
      "bin\xIjfW.bin"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1632
      • C:\Users\Admin\AppData\Local\Temp\bin\Lh8t1Mpq7.exe
        "bin\Lh8t1Mpq7.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Executes dropped EXE
        • Checks BIOS information in registry
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Checks processor information in registry
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:972
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1532
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6964f50,0x7fef6964f60,0x7fef6964f70
      2⤵
        PID:1572
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1092 /prefetch:2
        2⤵
          PID:1140
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1408 /prefetch:8
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1940
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1776 /prefetch:8
          2⤵
            PID:1132
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
            2⤵
              PID:1588
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
              2⤵
                PID:1932
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
                2⤵
                  PID:2104
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3208 /prefetch:2
                  2⤵
                    PID:2248
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
                    2⤵
                      PID:2292
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3544 /prefetch:8
                      2⤵
                        PID:2380
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3424 /prefetch:8
                        2⤵
                          PID:2372
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3464 /prefetch:8
                          2⤵
                            PID:2460
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3548 /prefetch:8
                            2⤵
                              PID:2452
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3480 /prefetch:8
                              2⤵
                                PID:2476
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3520 /prefetch:8
                                2⤵
                                  PID:2468
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
                                  2⤵
                                    PID:2612
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2188 /prefetch:1
                                    2⤵
                                      PID:2680
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4184 /prefetch:8
                                      2⤵
                                        PID:2756
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4356 /prefetch:8
                                        2⤵
                                          PID:2884
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4420 /prefetch:8
                                          2⤵
                                            PID:2948
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4500 /prefetch:8
                                            2⤵
                                              PID:2956
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4512 /prefetch:8
                                              2⤵
                                                PID:3020
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
                                                2⤵
                                                  PID:3056
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3376 /prefetch:8
                                                  2⤵
                                                    PID:1696
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
                                                    2⤵
                                                      PID:2148
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1064,14950686064884018348,9325766969997601390,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
                                                      2⤵
                                                        PID:1052
                                                    • C:\Windows\system32\AUDIODG.EXE
                                                      C:\Windows\system32\AUDIODG.EXE 0x2fc
                                                      1⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:2804

                                                    Network

                                                    MITRE ATT&CK Enterprise v6

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Temp\bin\Lh8t1Mpq7.exe

                                                      Filesize

                                                      2.3MB

                                                      MD5

                                                      26b27b008c4ff0a10116bd1b8b6d070d

                                                      SHA1

                                                      495cffb56086d363b43119fef145b917af2530b8

                                                      SHA256

                                                      7dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70

                                                      SHA512

                                                      7f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d

                                                    • C:\Users\Admin\AppData\Local\Temp\bin\Lh8t1Mpq7.exe

                                                      Filesize

                                                      2.3MB

                                                      MD5

                                                      26b27b008c4ff0a10116bd1b8b6d070d

                                                      SHA1

                                                      495cffb56086d363b43119fef145b917af2530b8

                                                      SHA256

                                                      7dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70

                                                      SHA512

                                                      7f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d

                                                    • C:\Users\Admin\AppData\Local\Temp\bin\SLAgent.dll

                                                      Filesize

                                                      6.0MB

                                                      MD5

                                                      9b248dfff1d2b73fd639324741fe2e08

                                                      SHA1

                                                      e82684cd6858a6712eff69ace1707b3bcd464105

                                                      SHA256

                                                      39943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e

                                                      SHA512

                                                      56784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c

                                                    • C:\Users\Admin\AppData\Local\Temp\bin\SynapseInjector.dll

                                                      Filesize

                                                      6.0MB

                                                      MD5

                                                      9b248dfff1d2b73fd639324741fe2e08

                                                      SHA1

                                                      e82684cd6858a6712eff69ace1707b3bcd464105

                                                      SHA256

                                                      39943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e

                                                      SHA512

                                                      56784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c

                                                    • C:\Users\Admin\AppData\Local\Temp\bin\xIjfW.bin

                                                      Filesize

                                                      2.3MB

                                                      MD5

                                                      26b27b008c4ff0a10116bd1b8b6d070d

                                                      SHA1

                                                      495cffb56086d363b43119fef145b917af2530b8

                                                      SHA256

                                                      7dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70

                                                      SHA512

                                                      7f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d

                                                    • C:\Users\Admin\AppData\Local\Temp\bin\xIjfW.bin

                                                      Filesize

                                                      2.3MB

                                                      MD5

                                                      26b27b008c4ff0a10116bd1b8b6d070d

                                                      SHA1

                                                      495cffb56086d363b43119fef145b917af2530b8

                                                      SHA256

                                                      7dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70

                                                      SHA512

                                                      7f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d

                                                    • \??\pipe\crashpad_1532_BIKBGTUTXITTQEEA

                                                      MD5

                                                      d41d8cd98f00b204e9800998ecf8427e

                                                      SHA1

                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                      SHA256

                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                      SHA512

                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                    • \Users\Admin\AppData\Local\Temp\bin\Lh8t1Mpq7.exe

                                                      Filesize

                                                      2.3MB

                                                      MD5

                                                      26b27b008c4ff0a10116bd1b8b6d070d

                                                      SHA1

                                                      495cffb56086d363b43119fef145b917af2530b8

                                                      SHA256

                                                      7dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70

                                                      SHA512

                                                      7f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d

                                                    • \Users\Admin\AppData\Local\Temp\bin\SLAgent.dll

                                                      Filesize

                                                      6.0MB

                                                      MD5

                                                      9b248dfff1d2b73fd639324741fe2e08

                                                      SHA1

                                                      e82684cd6858a6712eff69ace1707b3bcd464105

                                                      SHA256

                                                      39943c30732988289ca346902f007a72124bd98b82e08b0b9739241cdab4018e

                                                      SHA512

                                                      56784a895f113088e3c92ccd96f354473e5d849fb9d0798868ff5e9477f60854e8bc7c9759c63417c9298f8702abab266722439b445977c6e940da393b8b696c

                                                    • \Users\Admin\AppData\Local\Temp\bin\xIjfW.bin

                                                      Filesize

                                                      2.3MB

                                                      MD5

                                                      26b27b008c4ff0a10116bd1b8b6d070d

                                                      SHA1

                                                      495cffb56086d363b43119fef145b917af2530b8

                                                      SHA256

                                                      7dcc7144522805bf61b11917dc29b9c4181f78daa9b15cbf55b373277740df70

                                                      SHA512

                                                      7f82ae1dd839611d710cef25712d9ebf5e497c9246238f16ac2cab2fceae1e709421ade655b297bd63cc90358f323f4bdfc3f93213c9257e7371e0b97d1e7f5d

                                                    • memory/620-56-0x0000000005FC0000-0x0000000006068000-memory.dmp

                                                      Filesize

                                                      672KB

                                                    • memory/620-55-0x0000000000AE0000-0x0000000000BAA000-memory.dmp

                                                      Filesize

                                                      808KB

                                                    • memory/620-54-0x0000000075711000-0x0000000075713000-memory.dmp

                                                      Filesize

                                                      8KB

                                                    • memory/972-92-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-101-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-131-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-130-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-73-0x0000000004D25000-0x0000000004D36000-memory.dmp

                                                      Filesize

                                                      68KB

                                                    • memory/972-75-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-76-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-77-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-78-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-79-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-80-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-81-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-82-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-83-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-84-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-85-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-87-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-88-0x0000000000720000-0x000000000072A000-memory.dmp

                                                      Filesize

                                                      40KB

                                                    • memory/972-89-0x0000000005680000-0x0000000005730000-memory.dmp

                                                      Filesize

                                                      704KB

                                                    • memory/972-90-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-91-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-69-0x00000000002A0000-0x00000000004FA000-memory.dmp

                                                      Filesize

                                                      2.4MB

                                                    • memory/972-93-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-94-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-96-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-97-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-98-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-99-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-100-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-129-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-102-0x0000000000C10000-0x0000000000C44000-memory.dmp

                                                      Filesize

                                                      208KB

                                                    • memory/972-103-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-104-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-105-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-106-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-107-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-108-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-110-0x0000000004D25000-0x0000000004D36000-memory.dmp

                                                      Filesize

                                                      68KB

                                                    • memory/972-111-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-112-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-113-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-114-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-115-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-116-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-117-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-118-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-119-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-120-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-121-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-122-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-65-0x0000000000000000-mapping.dmp

                                                    • memory/972-124-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-125-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-126-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/972-127-0x000000006DDE0000-0x000000006ED06000-memory.dmp

                                                      Filesize

                                                      15.1MB

                                                    • memory/1632-70-0x0000000004E05000-0x0000000004E16000-memory.dmp

                                                      Filesize

                                                      68KB

                                                    • memory/1632-58-0x0000000000000000-mapping.dmp

                                                    • memory/1632-62-0x0000000000CD0000-0x0000000000F2A000-memory.dmp

                                                      Filesize

                                                      2.4MB