Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24/09/2023, 23:56

General

  • Target

    1280d3050a7369bd06cb4209ab5a42f3097beea7459807f330085bc5e0c08c44.exe

  • Size

    270KB

  • MD5

    6bb8fbd0d0248735c697300ec5cc79d0

  • SHA1

    772d65987815a5a99d1e51e5368fd5ceb6e1c90e

  • SHA256

    1280d3050a7369bd06cb4209ab5a42f3097beea7459807f330085bc5e0c08c44

  • SHA512

    a79527fa05ee6cf8ae5ceb2129be541740c13dcf664345aa69fb5ef9b755d635b864b6a28ab0ad2db5e2917d1139974521c0cbd1d83ab382ffb7a8b2ffc0fc62

  • SSDEEP

    6144:cR/hrJ+j+5j68KsT6h/OCy5U9uAO7A1n5UPqw6:cR5N+j+5+RsqGGuy1nFw6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Signatures

  • Detected google phishing page
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 7 IoCs
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1280d3050a7369bd06cb4209ab5a42f3097beea7459807f330085bc5e0c08c44.exe
    "C:\Users\Admin\AppData\Local\Temp\1280d3050a7369bd06cb4209ab5a42f3097beea7459807f330085bc5e0c08c44.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3780
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4988
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 212
      2⤵
      • Program crash
      PID:1292
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\95C3.bat" "
    1⤵
    • Checks computer location settings
    PID:4848
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1100
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:1596
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3116
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:796
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:5036
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:528
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2444
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2364
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:348
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:3020

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0G1F2NWK\edgecompatviewlist[1].xml

          Filesize

          74KB

          MD5

          d4fc49dc14f63895d997fa4940f24378

          SHA1

          3efb1437a7c5e46034147cbbc8db017c69d02c31

          SHA256

          853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

          SHA512

          cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\009E2MWD\B8BxsscfVBr[1].ico

          Filesize

          1KB

          MD5

          e508eca3eafcc1fc2d7f19bafb29e06b

          SHA1

          a62fc3c2a027870d99aedc241e7d5babba9a891f

          SHA256

          e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a

          SHA512

          49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\E0FDULKG\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

          Filesize

          4KB

          MD5

          24be8a92460b5b7a555b1da559296958

          SHA1

          94147054e8a04e82fea1c185af30c7c90b194064

          SHA256

          77a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3

          SHA512

          ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MKPKGI42.cookie

          Filesize

          132B

          MD5

          e310312e7c740b482ff31684117c1b6f

          SHA1

          17596b26ed8cef89c981ce33017b86226627e020

          SHA256

          d15b2d91a5b25cfa8a703f623edd120389b943e6e8c84c29831ef00c899d7351

          SHA512

          432cabe433b32dfe2bfb4cd94c859e75c687a795c69b3b0ea3500b5a903130441023bba71e8ccbf5c890a00138f41c57e719208d5d7eb2eaa9734f1678d40070

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TI8OJQM1.cookie

          Filesize

          132B

          MD5

          26315e04c8f24f83e5195712eaa42c63

          SHA1

          606beaa6e716481cef6eb784cba37e91ec826eaf

          SHA256

          eab66dc9b815a68d375ef144910111195d403f7c4a2dce711c56e5a44998e3ad

          SHA512

          65727e5a6bb0ca2dd9b4435367e0194616fa6481755c134f8f2d5edb04883e0ccd5b8539c18b7be8bc6a1068aff58d7c117669112074d51ca46213d86f3b8b2f

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

          Filesize

          1KB

          MD5

          b5eda74305a01c41450e0d12777199e1

          SHA1

          36162e9e8c3a69b237d317f7c300f11927a37c12

          SHA256

          6e5c17b2b4e22fa800baa0eaf0b76ce73005e463b915503e8bca92223b9cf594

          SHA512

          f96b2ea451f4ceef082e1289a7f1e160580f5a8d515eaf2b4df0d8d818c34355c17538806f873fba07118b5c937d8c3172721ee03e3d16126e07c0db5faf16f3

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

          Filesize

          4KB

          MD5

          24be8a92460b5b7a555b1da559296958

          SHA1

          94147054e8a04e82fea1c185af30c7c90b194064

          SHA256

          77a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3

          SHA512

          ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

          Filesize

          4KB

          MD5

          24be8a92460b5b7a555b1da559296958

          SHA1

          94147054e8a04e82fea1c185af30c7c90b194064

          SHA256

          77a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3

          SHA512

          ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

          Filesize

          4KB

          MD5

          24be8a92460b5b7a555b1da559296958

          SHA1

          94147054e8a04e82fea1c185af30c7c90b194064

          SHA256

          77a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3

          SHA512

          ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

          Filesize

          724B

          MD5

          ac89a852c2aaa3d389b2d2dd312ad367

          SHA1

          8f421dd6493c61dbda6b839e2debb7b50a20c930

          SHA256

          0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

          SHA512

          c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_87DCDABBB68171FA19C9A78DBA85E190

          Filesize

          471B

          MD5

          3b7403306365b481a905b872a4a8fe8d

          SHA1

          848d8b54a1b0fa0f473fe13bbabcb7872c0a6067

          SHA256

          f7ffcd2b2deb0aafb5ab3eca136e1bfa6560686bf31f6982afeb0535dfd70bd7

          SHA512

          bb40f31f256d4635c9ef00ef2eb7f6d959a262e55e8028d2d009073b74979900672073db15b2e3130b551dfe3b770863251940fa13c49375b8e18c5be24fb2a9

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

          Filesize

          410B

          MD5

          4162684c5ce1e162a0162e7cbb21c50b

          SHA1

          0fcbcc7b43dfbe8f456ecfafaf86e935da1065e2

          SHA256

          593a5590157147e80647edc402aac5b6b0bb7e545612f9d2436203f478ba2e4e

          SHA512

          62c1136f4ebcb030f40b7ab4b581121fef305d0cde77cb26aceb83244260105bc5c3d963e174066134affe19fa5c3bcbc48aba5d0dbba6989a400b8a74842d02

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

          Filesize

          342B

          MD5

          8a98942c076c52a5fdfbc4f2d67fdbc8

          SHA1

          021ad09c6006d9fba08afeb2ca25fbf154dd8a64

          SHA256

          3d22c966193a0a8c77907a14add6d783a48b7f61b1ab85f17c46a6fe1e264389

          SHA512

          8e3e396a71e23d3a1df0a82b026c6c9c6e63c42980e2cd454f65817a3579e9f1d7d88872b1913ec9f1150e30bc43558d9658567d2c65f9b718a09a920abf3d2c

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

          Filesize

          342B

          MD5

          06811620c5e76db73ad94a0addf4eb54

          SHA1

          62ce773030a2e14abd42af1d1e42b6690f5a83b6

          SHA256

          5b6a40a8084ab8d84f72dc4ba44ff0476951907598ab4831d76b2c2daa984fd7

          SHA512

          456cb992393d20ca4c8c70df079f042d66fb095fffba81f346e2f83cf63d997bfee06d7cf74750791a94614d8e663144b6a603014eee712a6a2a53ec339a9d34

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

          Filesize

          342B

          MD5

          06811620c5e76db73ad94a0addf4eb54

          SHA1

          62ce773030a2e14abd42af1d1e42b6690f5a83b6

          SHA256

          5b6a40a8084ab8d84f72dc4ba44ff0476951907598ab4831d76b2c2daa984fd7

          SHA512

          456cb992393d20ca4c8c70df079f042d66fb095fffba81f346e2f83cf63d997bfee06d7cf74750791a94614d8e663144b6a603014eee712a6a2a53ec339a9d34

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

          Filesize

          392B

          MD5

          0e9211a817863b357c45a49f0aaeb8df

          SHA1

          fab65c32a4857778f6115c04489f965cb2837410

          SHA256

          61920a05b7655048c0534e6600e1615fabb6384b19836025f3c53d7b42c8e1f7

          SHA512

          3c2f15ef0ac7e5b401eb80f5431944b7ed8941b9960e6aa970e6732fa5adbd48c7d02aa9b73a4383561d094ef1559b9a8bbcb8411f2abab7048e63563353e371

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_87DCDABBB68171FA19C9A78DBA85E190

          Filesize

          406B

          MD5

          d7943e559ecd269386e37480595d732a

          SHA1

          ba1afe4e182b36cb8d74dee783da69d5c57e022c

          SHA256

          05f9262ba3ad5802fae8ce69d960278bec8f90cef0c0e2be8884c1cdc60f4423

          SHA512

          afffe43855632b11abef42e6562575d33384f20b6918126a9849f7524381b5342bd3c10de659d926f2bed0a4595d520f8234c39fe184b67877d5972b33ae0bbc

        • C:\Users\Admin\AppData\Local\Temp\95C3.bat

          Filesize

          79B

          MD5

          403991c4d18ac84521ba17f264fa79f2

          SHA1

          850cc068de0963854b0fe8f485d951072474fd45

          SHA256

          ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

          SHA512

          a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

        • memory/528-139-0x00000180D4F40000-0x00000180D4F60000-memory.dmp

          Filesize

          128KB

        • memory/1100-426-0x000002DC5DDD0000-0x000002DC5DDD1000-memory.dmp

          Filesize

          4KB

        • memory/1100-51-0x000002DC57490000-0x000002DC57492000-memory.dmp

          Filesize

          8KB

        • memory/1100-32-0x000002DC57300000-0x000002DC57310000-memory.dmp

          Filesize

          64KB

        • memory/1100-16-0x000002DC56F20000-0x000002DC56F30000-memory.dmp

          Filesize

          64KB

        • memory/1100-428-0x000002DC5DDE0000-0x000002DC5DDE1000-memory.dmp

          Filesize

          4KB

        • memory/3160-4-0x0000000000C40000-0x0000000000C56000-memory.dmp

          Filesize

          88KB

        • memory/4988-0-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/4988-6-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/4988-3-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/5036-250-0x00000123F0A10000-0x00000123F0A12000-memory.dmp

          Filesize

          8KB

        • memory/5036-405-0x00000123F5010000-0x00000123F5012000-memory.dmp

          Filesize

          8KB

        • memory/5036-407-0x00000123F4EE0000-0x00000123F4FE0000-memory.dmp

          Filesize

          1024KB

        • memory/5036-414-0x00000123F4200000-0x00000123F4300000-memory.dmp

          Filesize

          1024KB

        • memory/5036-402-0x00000123F5000000-0x00000123F5002000-memory.dmp

          Filesize

          8KB

        • memory/5036-398-0x00000123F4FF0000-0x00000123F4FF2000-memory.dmp

          Filesize

          8KB

        • memory/5036-394-0x00000123F5080000-0x00000123F5082000-memory.dmp

          Filesize

          8KB

        • memory/5036-465-0x00000123F1B00000-0x00000123F1C00000-memory.dmp

          Filesize

          1024KB

        • memory/5036-476-0x00000123F0C40000-0x00000123F0C50000-memory.dmp

          Filesize

          64KB

        • memory/5036-477-0x00000123F0C40000-0x00000123F0C50000-memory.dmp

          Filesize

          64KB

        • memory/5036-390-0x00000123F3710000-0x00000123F3712000-memory.dmp

          Filesize

          8KB

        • memory/5036-247-0x00000123F0AC0000-0x00000123F0AC2000-memory.dmp

          Filesize

          8KB

        • memory/5036-244-0x00000123F0AA0000-0x00000123F0AA2000-memory.dmp

          Filesize

          8KB

        • memory/5036-235-0x00000123F2540000-0x00000123F2542000-memory.dmp

          Filesize

          8KB

        • memory/5036-233-0x00000123F27A0000-0x00000123F27C0000-memory.dmp

          Filesize

          128KB

        • memory/5036-220-0x00000123F2410000-0x00000123F2412000-memory.dmp

          Filesize

          8KB

        • memory/5036-218-0x00000123F1900000-0x00000123F1A00000-memory.dmp

          Filesize

          1024KB

        • memory/5036-153-0x00000123F1DF0000-0x00000123F1DF2000-memory.dmp

          Filesize

          8KB

        • memory/5036-149-0x00000123F1070000-0x00000123F1072000-memory.dmp

          Filesize

          8KB

        • memory/5036-147-0x00000123F1F50000-0x00000123F1F52000-memory.dmp

          Filesize

          8KB