Analysis
-
max time kernel
131s -
max time network
129s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
03-04-2023 02:32
General
-
Target
https://github.com/Vichingo455/MalwareDatabase/raw/main/Trojans/MEMZ.zip
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Windows directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 56 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/Vichingo455/MalwareDatabase/raw/main/Trojans/MEMZ.zip1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe8d7e9758,0x7ffe8d7e9768,0x7ffe8d7e97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1748,i,3660252083034130519,4260464099696418612,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1748,i,3660252083034130519,4260464099696418612,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1748,i,3660252083034130519,4260464099696418612,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1748,i,3660252083034130519,4260464099696418612,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1748,i,3660252083034130519,4260464099696418612,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1748,i,3660252083034130519,4260464099696418612,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1748,i,3660252083034130519,4260464099696418612,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1748,i,3660252083034130519,4260464099696418612,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1748,i,3660252083034130519,4260464099696418612,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\MEMZ\" -spe -an -ai#7zMap1623:66:7zEvent157661⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap32736:66:7zEvent38361⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /main2⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
839B
MD50a7ad592cd354ee6ac32e7da0c47d077
SHA14d2eae1eb7e27608dd6f599c7791359c90318dfd
SHA2564310b9271d6fd96df2a7c6e4a632830a44639abc31dbbc2b900be11d258c6457
SHA512b1ac442ace648e63c5617dc8dc1f8fa94cdd62e73933b1c8877c27188be66826f6be34aee5572f69d06c18e471b01ebcc538ee14d23baa0972daf296bd1c4f92
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
706B
MD5e6d332be49b4c1b6cfc78ef0aa6c2f41
SHA11adf975954fb64584c32489ba182109ed8cb4725
SHA256a2b2f96c0f28c806015bdf5c92c758c855e564737207fb986a973f91c5ea1314
SHA5129ff57d6a6388c93c7817cce9e981c62e087eb6b9e6b18fee2fd5fb4c2830d926f2bad4ac893690f277f6fba6dfa3115950926e8116afcb9cadc2960d715f6141
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5c03e03a99ce7c547b08ec557842060c9
SHA1e1daf36217528515d1ef678b59205b15b2fafd43
SHA2567564ffd394c0bddae28cd916f22c998a988df9dcfe72ae8498205913b9e0d633
SHA5123fe5975c54852e50abd69967b1570b02479862e02bbd2c2d4fee817bcc560e8fb3b67265a2f4c266aae4a919a2922915b610dfe5544330ce4b3e736b30fafa7b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5c7a623055ddf11178abc48001265b602
SHA1937446510f70537092f9f98843f66e757837a1bd
SHA256d43660b02129dc2db9bfac53da7decaa1551bc66d13c9cf8279dadd99509e75d
SHA5126ec1a62ebc04c1b08b9e82c73042379d94fc5189466ca60365f8ab34462a03ae6f5ce2e1d31abd49ab6e102cdc25e7c908d95fc9e52ad48e8aaa4bbe30048fb0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
12KB
MD5db698a38fb47bed0ae324f8f66ddc09a
SHA1ea9f9868672f0cfc045433230b1e13a9007c29da
SHA256ded6856ce652f48b61b28c1076506305171e2bfbbb233091013ab3b22787f612
SHA512c2b67279142d510439262a9954ef460bcde77f55f40819e225f2fa5a5b0ede3b6fc66659a2bfe2abb8d78836f17cf47564fba425a3071c399ab4577fb41ee3c9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD556d3cb38546cb0e4218b99f4b6802392
SHA1722d83a5cecf19e44154b377b07fc132a7f8607f
SHA256038793fc6e14d5d8085768c9caffbbcddca4ed5aad044ba5b9df1ffec8b3ffef
SHA512f2cc45a8682f6d85bbf5b16c984facb60028c49035c4a7b07f08530f1df7dd0a9b229e3a1408263af75409e427ee19cb7cd10d9871ec7a8df8214f595d793c35
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD552205dff4117527b065ff192ee8468d8
SHA15121793cde6a88e1e9b6bbd00f55ce9bc25fbed0
SHA2563a1f273c27408b75333ef8fc43fc13b433db0c0387c09bc72cb744886842cc66
SHA51281fd9259815b4d459982faf823475a2672b05c58b241bb268dea186a12ed8980ef9d29a9f91da3733cfff913d2d6cc440c25e3b8155317238338a060b924ecc6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IIBKH8WQ\favicon[1].icoFilesize
5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\Desktop\MEMZ.exeFilesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
C:\Users\Admin\Desktop\MEMZ.exeFilesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
C:\Users\Admin\Desktop\MEMZ.exeFilesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
C:\Users\Admin\Desktop\MEMZ.exeFilesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
C:\Users\Admin\Desktop\MEMZ.exeFilesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
C:\Users\Admin\Desktop\MEMZ.exeFilesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
C:\Users\Admin\Desktop\MEMZ.exeFilesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
C:\Users\Admin\Desktop\MEMZ.exeFilesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
C:\Users\Admin\Desktop\MEMZ.zipFilesize
8KB
MD53edae39b8a9284c297f52c49ebd11ca3
SHA136791405cf58084f518d81223023cf1545d770dc
SHA25619e1d3c8e0b72ff6840c36e445c8f8d83e5fbd4f722cc8fac091e97d5af92aa9
SHA512a99f96d6112c4a1d9c23c2b01fee0076780dceaaebbdbfb81473104baca3d54f599a0cc78674b823683840f4339e235494b7754b44db0a975110cb509aeb1ae9
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\crashpad_3096_MXZZVMESNXQLYZWRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3444-303-0x0000012BEEB20000-0x0000012BEEB22000-memory.dmpFilesize
8KB
-
memory/3444-299-0x0000012BEA310000-0x0000012BEA311000-memory.dmpFilesize
4KB
-
memory/3444-301-0x0000012BEA3A0000-0x0000012BEA3A2000-memory.dmpFilesize
8KB
-
memory/3444-280-0x0000012BEA900000-0x0000012BEA910000-memory.dmpFilesize
64KB
-
memory/3444-304-0x0000012BEEB50000-0x0000012BEEB52000-memory.dmpFilesize
8KB
-
memory/3444-412-0x0000012BEA160000-0x0000012BEA161000-memory.dmpFilesize
4KB
-
memory/3444-408-0x0000012BEA310000-0x0000012BEA311000-memory.dmpFilesize
4KB
-
memory/3444-405-0x0000012BEA3F0000-0x0000012BEA3F2000-memory.dmpFilesize
8KB
-
memory/3444-262-0x0000012BEA020000-0x0000012BEA030000-memory.dmpFilesize
64KB
-
memory/3444-374-0x0000012BF0030000-0x0000012BF0031000-memory.dmpFilesize
4KB
-
memory/3444-373-0x0000012BF0020000-0x0000012BF0021000-memory.dmpFilesize
4KB
-
memory/4384-346-0x000002BFF5520000-0x000002BFF5522000-memory.dmpFilesize
8KB
-
memory/4384-356-0x000002BFF55A0000-0x000002BFF55A2000-memory.dmpFilesize
8KB
-
memory/4384-340-0x000002BFF4CE0000-0x000002BFF4CE2000-memory.dmpFilesize
8KB
-
memory/4384-348-0x000002BFF5540000-0x000002BFF5542000-memory.dmpFilesize
8KB
-
memory/4384-350-0x000002BFF5560000-0x000002BFF5562000-memory.dmpFilesize
8KB
-
memory/4384-352-0x000002BFF5580000-0x000002BFF5582000-memory.dmpFilesize
8KB
-
memory/4384-354-0x000002BFF5590000-0x000002BFF5592000-memory.dmpFilesize
8KB
-
memory/4384-345-0x000002BFF4E10000-0x000002BFF4E30000-memory.dmpFilesize
128KB
-
memory/4384-358-0x000002BFF55B0000-0x000002BFF55B2000-memory.dmpFilesize
8KB
-
memory/4384-360-0x000002BFF55C0000-0x000002BFF55C2000-memory.dmpFilesize
8KB
-
memory/4384-341-0x000002BFF49C0000-0x000002BFF49E0000-memory.dmpFilesize
128KB
-
memory/4384-337-0x000002BFF4C00000-0x000002BFF4C02000-memory.dmpFilesize
8KB
-
memory/4384-335-0x000002BFF4BE0000-0x000002BFF4BE2000-memory.dmpFilesize
8KB
-
memory/4384-332-0x000002BFF46D0000-0x000002BFF46D2000-memory.dmpFilesize
8KB
-
memory/4384-330-0x000002BFF46B0000-0x000002BFF46B2000-memory.dmpFilesize
8KB
-
memory/4384-328-0x000002BFF4690000-0x000002BFF4692000-memory.dmpFilesize
8KB