Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    24/09/2023, 23:53

General

  • Target

    SecuriteInfo.com.Win32.Evo-gen.7934.3402.exe

  • Size

    270KB

  • MD5

    3d6d23a12a70a3f32f2764d15463cf66

  • SHA1

    9cd1ec5065f67b211ff5d5a5dc381bb8f7f89b90

  • SHA256

    7b7b88730642a23a8839968e665d119af960929dd53e4dc51b3a633bd1ae2493

  • SHA512

    95674a666391fff469d6dfc558602164801fffe205fc4eed23f5de09fb5228b27e20893bae59932565e797d1b1a6e8696e5797fea0771fcb8cb71d67b23ef4b4

  • SSDEEP

    6144:iRphrJ+j+5j68KsT6h/OCy5U9uAORAUNqw6:iRfN+j+5+RsqGGuwU8w6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Signatures

  • Detected google phishing page
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.7934.3402.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.7934.3402.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:2324
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 52
      2⤵
      • Program crash
      PID:2140
  • C:\Windows\system32\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\45A8.bat" "
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:340993 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1936
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:876 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2404

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          9c36d5c7274b3aa8a7e55fea35952467

          SHA1

          87afab50b5af2369a1cf32115dd5e726845c5ad6

          SHA256

          14e899f71831849206adaba6fe755c118442ad067f43e314fb2b78d6d08fd62f

          SHA512

          fd7e9ed09946574dffaa42347e26bffc8afa9a13d39a5f6a0bb194a9249fbe428f4bce4f07d299d25b78b748b9466a4439f575046c3433d2d2ebb1059b1b5444

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          2360dc5e77c634560c231df5272d79b0

          SHA1

          ecfb3e3e4e44c69717f5be84c788c92967928252

          SHA256

          eb53e916e12550a10c4c9785dda3c3199a6750e5c64a56fc9efa33a040b69deb

          SHA512

          4042802780e5c048787787d7c5798d4d3bb83bd0143b67c835d0aac66311768df3e76909795216f02525eba345eaa45244405351c9cb31cc0bc505f66885b85a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          eb204b8e99b8ff786f02f2c450eccd7e

          SHA1

          d8c53958b1681847fd5b89d791f4d7dd732d33bb

          SHA256

          7a7de7818b6557716127dede0ba90fbf7a94f401d57be5f87444e516a9721e36

          SHA512

          fe73f26e9cc4978d8a0a6e194fdc43ebf10e2f3133538b0a19c272cc28c10ac0238ad52c0708bed1ddac31eedc508852420fe059e1faaee5674a203fc8171f1a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          a274ce8d4adad7b2d5e10c55c415bb9e

          SHA1

          6bd7cfa94c8e4c90020643c12098a0e4456093fc

          SHA256

          17e642755865b19aa23fb09725d9d45bc976ad858caa39b069a92d4ccff8b6e6

          SHA512

          75beae9f18636fbb466002725e4c6eb8f6e65baa37dfdc33b63b076545ceb3a7b268cf71e510b1e6f10b5ec9091c3039c6b980b3ba24da49beb56399aa94d3c7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          f4e9d82e60143234bfd0a0d43e8daee0

          SHA1

          669976431cb05bfa2e0a64d1757d2bcb98837d6d

          SHA256

          a435f40d4afe5eeb5128e31a42691176b9e47a4b82d547af33bb63dbc4ed7a0f

          SHA512

          6e9194f0026ff3c88cef357009f1ad904f2c6c93dcb89301d424da429f5283ebe3eee64a1e8014e280f70d86f03d47edcc6c38f442a6cd954f50ec6e0c06693f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          b323023cfa9cd61d3d23902b0e813791

          SHA1

          9488e2b7083264a3002d9701535d3feb48fca726

          SHA256

          f97fc534456ebd1f4d81ceafbf4ee3f798d402834dc803741b35bbc302c28fa8

          SHA512

          28b4a37b6b68047f5a21cbe66a4d75f076d31262426143315df67bc21c3348156317320f0a06cdcb9dfc074ec2ffb9525c511b0bbb9ed167d69c442dcf1bf3d4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          e5400f450f4e800dfe7e3d500493bd55

          SHA1

          7bef07ab62ca1aea5dbe89f5b2557074b50b99d1

          SHA256

          03525ed46afc1936362cfdb95814561937b8b0b10474b790dfcfa2805fe3b7b9

          SHA512

          327e8b01ec58d773ec9cdc404302c14e784c850d5d1acaf6e7765b4c9b54ee6bbc3a87850c7d307710e68bb723524460a22794041270f5d365ba24477c037d45

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          8ffe9c9225815d72dd8cc036a57dc150

          SHA1

          59c06399046fe6fa992cd4e4804dbdadc2c0315f

          SHA256

          af531ecd5c994cc9641ec758f4970065f19b1b5fe51a45798e80b794540673ef

          SHA512

          8ed9bfcf523a6b1dc504ef1649e2f4da47ab1c68232762f8068f3db781e0765037933f098c7c96fd105ed5a14cff71c49b71e461cf7cf85a85f7bfcf94325bf6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          0c3a961c14d8336022dfb12b48007104

          SHA1

          10f266873812ca747411dd04b0009e107b32245c

          SHA256

          3eba8d901f00f692615fd305efe918480f0b9baaf3941a314a6434c913af2a3a

          SHA512

          ec98d2d485b308d6b483a6d08633020f474b3baee012278b6d357195402b1c2ac1b169ac41839c6252a3c4b57cf6767b60ad2bafb9a66011905c2e4c61593707

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          c4ac75a95199b07deb15a2e70e48f5a4

          SHA1

          7490692a163fb0a83caf158eb65b37928fe89125

          SHA256

          b5aa3ffa51598e619164d6a9e4c6b7f7289afe81c2dd242d3b2542d0e7847e49

          SHA512

          906c13cd6f2c3417bdeb85a437943da84960634dcab641d9924bb31f6960749af79dfb612c592a102f6c06f85eddac92bd727d41fc90fabecf1e9c05f42466d2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          171af293cf379471af03ccfb7c490222

          SHA1

          7be23e1b5a187ac8f38da4b5fc93d3bedd639fd0

          SHA256

          5b9b689d9c1da01f2037ef039e143246b8bb41da63d2eb1039222572b79d7c18

          SHA512

          eb6be6762f594d8bdfedd2c8d8934bd1ae92cd3233f2d68e28f491707056b8e6cae20f252fd9c6f47d0dc2116640b806c7e7b953dc7e3e10ebdeab794d04551d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          e3815bf52a8d4d283e8902b4c2afd48e

          SHA1

          239e6b9d13a4da1891eec260490c9f79ea5d704c

          SHA256

          773cae5fcccf4f0c8627e123775dbd36bb625644f141153135c4a9f6afa10fe8

          SHA512

          937f32c8e941d446e318ad0ee55d30416ea7c3a1c655b084c60bfcf223d56a20e4ceadbe8b6e6473641780b3c375798c41f16bf4d84940c1001d9906dd372975

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          50e5f615019997822f16ff6ec3c2da19

          SHA1

          55ff4c8bc5cccda6c9568f3de0a60641fc509bdb

          SHA256

          32c4edd93b14664e9a949cfacc259bed49b12ff0a31432c55cc12480e6056b85

          SHA512

          62f72eb318027fb627888144b6ca1ca0d0726c2adee62ba1ce85e212206aa3b0fbbbb7363868f79beb1438165f37e71df76845551182d6f7533f7d6211d03bc4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          927ab93b292da2bcb9fef5e6eca5e024

          SHA1

          5935f638ef34d241ba20e6c6c9a48fe3b3084631

          SHA256

          c7da9a4c95f74c2785eedc3b3a2c7199bc787349ea349249bdeea1ce14b22c2b

          SHA512

          113ce4d2ec5bcf549a4ee4034d6bf861863d1a7942177d3ed63895037a55d91a6ebe03875f82f1ecb5711694ffd0ee95a9c238bb769339baa8dfaa1294ea59db

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          e4896c9ea45863cebde69f279140f211

          SHA1

          dabce64f5e0e31e13787a6515f198775deacc6b9

          SHA256

          5e296c3b498660005f760e04199fb3740700e582ed45e701007b7e3842030d2e

          SHA512

          5d01197037dc79559bc7120ff6883738869ea2329e067f70cfc78e9c948a1cfe397a85b826833b0135bda7a5c77ca16d0f963f5c2f7f6a5f2a3073fef006d8e7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          c9e1aa9c31296079a453dc1798622e96

          SHA1

          d4ad8471f0e0e2728c1f378f60c6be6215009c0e

          SHA256

          46f6a8dd631d6420f4c0754aa7960deab3213859cef1d7788b32a47756a9d8b3

          SHA512

          d0275e3a25b844c43f9f64d625e8bce216ea2d57e6b7cffad4553c4b13d214914fe2d33e47b1407a6f8cbc60428f9779fc8990567db96db6ad3d302fa274cd67

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          4a0c040915e31c0ec76f1adfbdfddd13

          SHA1

          6dad8d7db21290840e0b3407a39284a7baaea340

          SHA256

          738f514f100163c1addd29ef00d1221a56bddef41216e0ddd4d4a9357155d9fc

          SHA512

          29959b593a0af78fd42a8c897a3de74e334323331aa1a99b373efe5a950abda23ab952d2a7dba6e53fa4fc561b509f9c899fbc11fa4f93d79c5fb25d17c8d10d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          8489e03d0aa2ddbbcce1727ed2cdb252

          SHA1

          518d87c19ea96ca806357280699d22cfe0bcfab3

          SHA256

          9188f0629c478afe5e263f4b653d66cf604efe298979cdca9f512562dab176b4

          SHA512

          32301b0360208f6ab1c8d11ad3fe503a3f32e611022584b4decb3377be3bd38ee18ec199b0bf0eef37ba2f2ebc41e32eb0d504d26fc4f3759eaec3c6f4c325c5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          af6b248aa043875c9bb9a8c930494146

          SHA1

          001fee34cea631eb56941bfa5c94b3380700338c

          SHA256

          0e9c03903529d72d1156722c86804cac21bf98d4c134ce7f1a64a90efba3b1d9

          SHA512

          6a09ebc36306b700ace18f5877cdaa496c531caef1370d79f3fde9a0884f29c8dc6af040010f3a1c065797418a4da098b944535fd347837b0de4fe4c4db19722

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          c674f058fe07443ae77379b949ed79d1

          SHA1

          0bdb07759b988a785aade18c98f10fffd68995aa

          SHA256

          59af2aa21fe1b5e3a8e66362df7cbfd45414ea7e1ca2b4ccb3cebc63eb672c89

          SHA512

          d2fd579b57fab9ee3f383e9586a250e7370e642353b96949b2136cc652beb878d03ff3cb87ea6c20a3062a90d62150d5ed47c73cb0f8720757cc4f9ad9acbde8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          304B

          MD5

          432374e6de70c55da4b4c71b50df1390

          SHA1

          2b9c7262df2eb80ce47a23b6aa67354c32f07a37

          SHA256

          4a4a67dec3d39ce975020681f660369c1a4700657bbeee233c70b766e37db87d

          SHA512

          c13994ce02f140be07c1f8f6a89ef6e9e71e26e278182194f367070ae0a618106d7e7ae591a61949f263ebcef6fd103ebe2535378f4fa19787a86441e7d95873

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A98C3AF1-5B35-11EE-A740-7A253D57155B}.dat

          Filesize

          5KB

          MD5

          6d07ebdfb6c860c677c470ffbafe7caa

          SHA1

          1ea8cad6e8d19ab47eccf7ef6eb1fa6feaa4498e

          SHA256

          a110d94356e72f98f8f4b023a45642649dc6d66f7cfe7c389f3a6347f2ece2b0

          SHA512

          fd8544b0661cc30dd66a9ce189ec021934b475b47d675db21f0238497b09be02b121187256202c62b5e7a975c0f557dd6655e0c6ed32591919dcfcf5d9f3595b

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q81kvxe\imagestore.dat

          Filesize

          5KB

          MD5

          a6d7fb2b1278a774b2da468636eaf0e9

          SHA1

          f4baab789aa8c4565ff39f1c1fc3209a8d146f75

          SHA256

          e38a87b47c5fa1ff187970322e5761eaacbc80fbcb6e902b72044b06b6023957

          SHA512

          07e0f15a349a37f66b95989d58cc176be962e12e2d0fc0fa1c3ae240cf651bc76e47da72de52b48ec42de808fbfa47c8da27840772be10fb0a5dbd0c4cbcbded

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q81kvxe\imagestore.dat

          Filesize

          9KB

          MD5

          88321a307ad91687d986531c76e6fce8

          SHA1

          c2a3307f8a546edd8001a70738e2985348f3c17e

          SHA256

          4ae72d19639d0449cb38714f8ac59648a4b3f6cf61b113536306b8c33108bb88

          SHA512

          05e9021ac6a83698690afceffcb2d0569b9097c590f422258ae7ae239552e0d9e6ff77e56c8d30c01b5d624b6d16800f305b505d7a1ed9027be6e5966aff9c2c

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9IOZ64VQ\hLRJ1GG_y0J[1].ico

          Filesize

          4KB

          MD5

          8cddca427dae9b925e73432f8733e05a

          SHA1

          1999a6f624a25cfd938eef6492d34fdc4f55dedc

          SHA256

          89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62

          SHA512

          20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCB5UVUE\favicon[1].ico

          Filesize

          5KB

          MD5

          f3418a443e7d841097c714d69ec4bcb8

          SHA1

          49263695f6b0cdd72f45cf1b775e660fdc36c606

          SHA256

          6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

          SHA512

          82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

        • C:\Users\Admin\AppData\Local\Temp\45A8.bat

          Filesize

          79B

          MD5

          403991c4d18ac84521ba17f264fa79f2

          SHA1

          850cc068de0963854b0fe8f485d951072474fd45

          SHA256

          ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

          SHA512

          a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

        • C:\Users\Admin\AppData\Local\Temp\45A8.bat

          Filesize

          79B

          MD5

          403991c4d18ac84521ba17f264fa79f2

          SHA1

          850cc068de0963854b0fe8f485d951072474fd45

          SHA256

          ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

          SHA512

          a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

        • C:\Users\Admin\AppData\Local\Temp\Cab4C2E.tmp

          Filesize

          61KB

          MD5

          f3441b8572aae8801c04f3060b550443

          SHA1

          4ef0a35436125d6821831ef36c28ffaf196cda15

          SHA256

          6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

          SHA512

          5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

        • C:\Users\Admin\AppData\Local\Temp\Tar4C8F.tmp

          Filesize

          163KB

          MD5

          9441737383d21192400eca82fda910ec

          SHA1

          725e0d606a4fc9ba44aa8ffde65bed15e65367e4

          SHA256

          bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

          SHA512

          7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

        • memory/1204-5-0x00000000021A0000-0x00000000021B6000-memory.dmp

          Filesize

          88KB

        • memory/2324-0-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/2324-6-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/2324-4-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/2324-3-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/2324-2-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

          Filesize

          4KB

        • memory/2324-1-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB