Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25/09/2023, 00:49

General

  • Target

    659b6a103b658ca7dbbdfc6bc4a82c2a2be7e2d3bd11dcaf7c0ef9a7cf97e436.exe

  • Size

    270KB

  • MD5

    0dc6b7350e17ada8f51979f491d64796

  • SHA1

    d5b915f54aa0da6ee2b24a2a431c9137be9265c8

  • SHA256

    659b6a103b658ca7dbbdfc6bc4a82c2a2be7e2d3bd11dcaf7c0ef9a7cf97e436

  • SHA512

    cce76c658e02a8d3a55df7b85fb57f3b48edc4d9cbcffb79d8a96c53983fb0bb4333ac355da0efbc3b0388652c72cbac37fe44b1b9d8ca28d9435a9c858a988a

  • SSDEEP

    6144:RRDhrJ+j+5j68KsT6h/OCy5U9uAOEAKfCDyqw6:RRtN+j+5+RsqGGuXKfC7w6

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Signatures

  • Detected google phishing page
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 7 IoCs
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 50 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\659b6a103b658ca7dbbdfc6bc4a82c2a2be7e2d3bd11dcaf7c0ef9a7cf97e436.exe
    "C:\Users\Admin\AppData\Local\Temp\659b6a103b658ca7dbbdfc6bc4a82c2a2be7e2d3bd11dcaf7c0ef9a7cf97e436.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:4332
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:4940
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
          2⤵
            PID:828
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
            2⤵
            • Checks SCSI registry key(s)
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: MapViewOfSection
            PID:3812
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 260
            2⤵
            • Program crash
            PID:716
        • C:\Users\Admin\AppData\Roaming\isgtiwh
          C:\Users\Admin\AppData\Roaming\isgtiwh
          1⤵
          • Executes dropped EXE
          PID:1360
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EEDF.bat" "
          1⤵
          • Checks computer location settings
          PID:396
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
          1⤵
          • Drops file in Windows directory
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:3252
        • C:\Windows\system32\browser_broker.exe
          C:\Windows\system32\browser_broker.exe -Embedding
          1⤵
          • Modifies Internet Explorer settings
          PID:2180
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Modifies registry class
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4176
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Drops file in Windows directory
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:4752
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Drops file in Windows directory
          • Modifies registry class
          PID:5024
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Drops file in Windows directory
          • Modifies registry class
          PID:5104
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Drops file in Windows directory
          • Modifies registry class
          PID:3008
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          PID:5000
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Drops file in Windows directory
          • Modifies registry class
          PID:4260
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Modifies registry class
          PID:4620

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DZDMTHDJ\edgecompatviewlist[1].xml

                Filesize

                74KB

                MD5

                d4fc49dc14f63895d997fa4940f24378

                SHA1

                3efb1437a7c5e46034147cbbc8db017c69d02c31

                SHA256

                853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                SHA512

                cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5P1HTB8A\B8BxsscfVBr[1].ico

                Filesize

                1KB

                MD5

                e508eca3eafcc1fc2d7f19bafb29e06b

                SHA1

                a62fc3c2a027870d99aedc241e7d5babba9a891f

                SHA256

                e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a

                SHA512

                49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MU1HHC9S\suggestions[1].en-US

                Filesize

                17KB

                MD5

                5a34cb996293fde2cb7a4ac89587393a

                SHA1

                3c96c993500690d1a77873cd62bc639b3a10653f

                SHA256

                c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                SHA512

                e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                Filesize

                4KB

                MD5

                24be8a92460b5b7a555b1da559296958

                SHA1

                94147054e8a04e82fea1c185af30c7c90b194064

                SHA256

                77a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3

                SHA512

                ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8ACPYZQ1.cookie

                Filesize

                131B

                MD5

                f85839affd5bf08ef704640d9af47888

                SHA1

                c2f2fb7d1c0da0e241573a00f2100b1b9ed668b4

                SHA256

                1302128cc3b3ea40945e123ac486622037e612c7a13975385736021c718c13c0

                SHA512

                cc2adbf6d3ffa70918fa3f812167c4acce4715d8dac9ca008e23e06462cfad4919ffbbde2d4982157e0a0d09ba695d60ec47c5939229de94cb4304c242827fce

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8O3BU3VA.cookie

                Filesize

                131B

                MD5

                c5a1f622fcc0030d416044f13757cbba

                SHA1

                72fd6a6a960bf3ba44ea37766ecb411965047bcf

                SHA256

                89ed23cad83ba2322f57d486f072d489b93955e1ccd16acbaeb1452fa7d008ac

                SHA512

                4a4da13b36d673f00daf04f3e5c1725f18143e8421dfa546483b7d48db038bc54277c2b4cbce023dc54bdc3b0a62253412212bc1944ed05250afb1713fc8cb5f

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

                Filesize

                1KB

                MD5

                b5eda74305a01c41450e0d12777199e1

                SHA1

                36162e9e8c3a69b237d317f7c300f11927a37c12

                SHA256

                6e5c17b2b4e22fa800baa0eaf0b76ce73005e463b915503e8bca92223b9cf594

                SHA512

                f96b2ea451f4ceef082e1289a7f1e160580f5a8d515eaf2b4df0d8d818c34355c17538806f873fba07118b5c937d8c3172721ee03e3d16126e07c0db5faf16f3

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                Filesize

                4KB

                MD5

                24be8a92460b5b7a555b1da559296958

                SHA1

                94147054e8a04e82fea1c185af30c7c90b194064

                SHA256

                77a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3

                SHA512

                ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

                Filesize

                724B

                MD5

                ac89a852c2aaa3d389b2d2dd312ad367

                SHA1

                8f421dd6493c61dbda6b839e2debb7b50a20c930

                SHA256

                0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

                SHA512

                c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_87DCDABBB68171FA19C9A78DBA85E190

                Filesize

                471B

                MD5

                3b7403306365b481a905b872a4a8fe8d

                SHA1

                848d8b54a1b0fa0f473fe13bbabcb7872c0a6067

                SHA256

                f7ffcd2b2deb0aafb5ab3eca136e1bfa6560686bf31f6982afeb0535dfd70bd7

                SHA512

                bb40f31f256d4635c9ef00ef2eb7f6d959a262e55e8028d2d009073b74979900672073db15b2e3130b551dfe3b770863251940fa13c49375b8e18c5be24fb2a9

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

                Filesize

                410B

                MD5

                c950bc0af40a645ef99080f42739f0f1

                SHA1

                c369ee2fe7a918ece12896b5ccfba385e6d271bf

                SHA256

                b6d667418f8726dd5da2ca5d76e7bee26a84917a4a6ca0092b179660f125087e

                SHA512

                bc79a75ff554909f2ce10431bb39496016637481937c475c67ed48575b81b2cb1ad2515bf8d002d62583adacb9d6074d054c50ff3460a6a6f101a954be9999c9

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                Filesize

                342B

                MD5

                df80e36c3287917d642ddbc73abf5208

                SHA1

                2d7273cf1c8958e43b154e4f1ed01dfafa75eac0

                SHA256

                dea0dbb3389912fdd69ce003afdd73a70a4d6e0b9a83162de2965bc899341c58

                SHA512

                4c0dfff1a77c705cab669bf27f34e62db08a9207ff488990228fef6efac8e801e7807b90b5602331ddce23ac82bea6a5456e76750efbe9f2863d8a958b8a85c0

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

                Filesize

                392B

                MD5

                08b1dd6e78f2003268bf921ee4a1647d

                SHA1

                c349ca51a428fd45f3ec62a2fb1a7f5b2a7e0ffb

                SHA256

                c7c85185fb55bea162d23b7b987b7bf7c5d856273732cedef4976ac0a82dd88f

                SHA512

                b190fe0c0d22a4ab8e60da6d284453f02395ca6eeb16a4f6236c59bfde5c0688eb79c032683c81189142d7b05b826420462b54de384938feaa12f141084ce64a

              • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_87DCDABBB68171FA19C9A78DBA85E190

                Filesize

                406B

                MD5

                0e650b2fb847554a094a62e1cf0f792e

                SHA1

                567663fb62bb09f0d7cd459a6d147579263370cb

                SHA256

                ee3518a287646a1f05919fae049502f7182d654a3d656603c4e812f72a2b3bc9

                SHA512

                33632789320e3066b1d3c152cb165dbbb0340b125ce017152ee7a858a0fa71e11e4adb6b7bcac9575ecb462c9f958d66b9adc8866b24827b9f68ddac40302080

              • C:\Users\Admin\AppData\Local\Temp\EEDF.bat

                Filesize

                79B

                MD5

                403991c4d18ac84521ba17f264fa79f2

                SHA1

                850cc068de0963854b0fe8f485d951072474fd45

                SHA256

                ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

                SHA512

                a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

              • C:\Users\Admin\AppData\Roaming\isgtiwh

                Filesize

                96KB

                MD5

                7825cad99621dd288da81d8d8ae13cf5

                SHA1

                f3e1ab0c8e4f22e718cdeb6fa5faa87b0e61e73c

                SHA256

                529088553fe9cb3e497ef704ce9bc7bc07630f6ddfad44afb92acfe639789ec5

                SHA512

                2e81251a2c140a96f681fa95d82eee531b391e2654daa90da08d1dd00f13cba949136d465a2dc37507d40b4a708b6fc695baa716f19737591b1a89bd2a4b60b4

              • C:\Users\Admin\AppData\Roaming\isgtiwh

                Filesize

                96KB

                MD5

                7825cad99621dd288da81d8d8ae13cf5

                SHA1

                f3e1ab0c8e4f22e718cdeb6fa5faa87b0e61e73c

                SHA256

                529088553fe9cb3e497ef704ce9bc7bc07630f6ddfad44afb92acfe639789ec5

                SHA512

                2e81251a2c140a96f681fa95d82eee531b391e2654daa90da08d1dd00f13cba949136d465a2dc37507d40b4a708b6fc695baa716f19737591b1a89bd2a4b60b4

              • memory/3236-4-0x0000000000920000-0x0000000000936000-memory.dmp

                Filesize

                88KB

              • memory/3252-18-0x000002041A520000-0x000002041A530000-memory.dmp

                Filesize

                64KB

              • memory/3252-408-0x0000020420CB0000-0x0000020420CB1000-memory.dmp

                Filesize

                4KB

              • memory/3252-34-0x000002041AD00000-0x000002041AD10000-memory.dmp

                Filesize

                64KB

              • memory/3252-53-0x000002041A680000-0x000002041A682000-memory.dmp

                Filesize

                8KB

              • memory/3252-409-0x0000020420CC0000-0x0000020420CC1000-memory.dmp

                Filesize

                4KB

              • memory/3812-0-0x0000000000400000-0x0000000000409000-memory.dmp

                Filesize

                36KB

              • memory/3812-5-0x0000000000400000-0x0000000000409000-memory.dmp

                Filesize

                36KB

              • memory/3812-3-0x0000000000400000-0x0000000000409000-memory.dmp

                Filesize

                36KB

              • memory/4260-492-0x0000023AFC200000-0x0000023AFC202000-memory.dmp

                Filesize

                8KB

              • memory/5024-351-0x000001A3820E0000-0x000001A3820E2000-memory.dmp

                Filesize

                8KB

              • memory/5024-383-0x000001A382940000-0x000001A382942000-memory.dmp

                Filesize

                8KB

              • memory/5024-390-0x000001A3823F0000-0x000001A3824F0000-memory.dmp

                Filesize

                1024KB

              • memory/5024-379-0x000001A382930000-0x000001A382932000-memory.dmp

                Filesize

                8KB

              • memory/5024-374-0x000001A3823E0000-0x000001A3823E2000-memory.dmp

                Filesize

                8KB

              • memory/5024-370-0x000001A381DD0000-0x000001A381DD2000-memory.dmp

                Filesize

                8KB

              • memory/5024-440-0x000001ABFF600000-0x000001ABFF700000-memory.dmp

                Filesize

                1024KB

              • memory/5024-367-0x000001A381DB0000-0x000001A381DB2000-memory.dmp

                Filesize

                8KB

              • memory/5024-358-0x000001A381D60000-0x000001A381D62000-memory.dmp

                Filesize

                8KB

              • memory/5024-348-0x000001A381DF0000-0x000001A381DF2000-memory.dmp

                Filesize

                8KB

              • memory/5024-339-0x000001A381B20000-0x000001A381C20000-memory.dmp

                Filesize

                1024KB

              • memory/5024-336-0x000001A381C40000-0x000001A381C42000-memory.dmp

                Filesize

                8KB

              • memory/5024-226-0x000001ABFF7E0000-0x000001ABFF800000-memory.dmp

                Filesize

                128KB

              • memory/5024-209-0x000001ABFF300000-0x000001ABFF400000-memory.dmp

                Filesize

                1024KB

              • memory/5104-121-0x000001A100CE0000-0x000001A100CE2000-memory.dmp

                Filesize

                8KB

              • memory/5104-111-0x000001A100C40000-0x000001A100C42000-memory.dmp

                Filesize

                8KB

              • memory/5104-115-0x000001A100C90000-0x000001A100CB0000-memory.dmp

                Filesize

                128KB

              • memory/5104-104-0x000001A100CF0000-0x000001A100CF2000-memory.dmp

                Filesize

                8KB