Resubmissions

25/09/2023, 03:27

230925-dzw25adc74 10

25/09/2023, 01:41

230925-b3534abc2w 10

Analysis

  • max time kernel
    300s
  • max time network
    301s
  • platform
    windows10-1703_x64
  • resource
    win10-20230831-en
  • resource tags

    arch:x64arch:x86image:win10-20230831-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25/09/2023, 01:41

General

  • Target

    b050634379fc9cac5dbfdfc606040c7bc366c511c12044aa649f508816ce45b9.exe

  • Size

    239KB

  • MD5

    751a173de4c3d8ad83c925d5edcd7505

  • SHA1

    9b081b970832e64fa8a2ee82a54d824346cb9272

  • SHA256

    b050634379fc9cac5dbfdfc606040c7bc366c511c12044aa649f508816ce45b9

  • SHA512

    068305877ffb53f619c0132bb28362cc058fd8024f970435c43ef93d59604011ae4d7a7f38276eb724bcbde872c9869c1a56f5afaa3a8820889879a8d73e12ef

  • SSDEEP

    6144:kM46fuYXChoQTjlFgLuCY1dRuAOi0y1R7w8y0:kVYzXChdTbv1buI1R7w8y

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Signatures

  • Detected google phishing page
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 7 IoCs
  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b050634379fc9cac5dbfdfc606040c7bc366c511c12044aa649f508816ce45b9.exe
    "C:\Users\Admin\AppData\Local\Temp\b050634379fc9cac5dbfdfc606040c7bc366c511c12044aa649f508816ce45b9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:2500
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:2836
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
          2⤵
          • Checks SCSI registry key(s)
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          PID:4176
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 256
          2⤵
          • Program crash
          PID:2492
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\9A28.bat" "
        1⤵
        • Checks computer location settings
        PID:4804
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:5004
      • C:\Windows\system32\browser_broker.exe
        C:\Windows\system32\browser_broker.exe -Embedding
        1⤵
        • Modifies Internet Explorer settings
        PID:4060
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4516
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:4836
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:4884
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:1508
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:1220
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:364
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        PID:4416
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:3424
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:4696

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV18IXVA\edgecompatviewlist[1].xml

              Filesize

              74KB

              MD5

              d4fc49dc14f63895d997fa4940f24378

              SHA1

              3efb1437a7c5e46034147cbbc8db017c69d02c31

              SHA256

              853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

              SHA512

              cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\BNCSRQ9I\B8BxsscfVBr[1].ico

              Filesize

              1KB

              MD5

              e508eca3eafcc1fc2d7f19bafb29e06b

              SHA1

              a62fc3c2a027870d99aedc241e7d5babba9a891f

              SHA256

              e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a

              SHA512

              49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\LYC5UOO2\suggestions[1].en-US

              Filesize

              17KB

              MD5

              5a34cb996293fde2cb7a4ac89587393a

              SHA1

              3c96c993500690d1a77873cd62bc639b3a10653f

              SHA256

              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

              SHA512

              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

              Filesize

              4KB

              MD5

              24be8a92460b5b7a555b1da559296958

              SHA1

              94147054e8a04e82fea1c185af30c7c90b194064

              SHA256

              77a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3

              SHA512

              ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\6Y0OOEPS.cookie

              Filesize

              132B

              MD5

              b0fbae34cf9f61b9de2260be8d52edee

              SHA1

              7c9909b0cf9dc84f683db23ee28c8f2344832ccc

              SHA256

              09ab59135d76d8f47db10843061e009127ce0ef595f04cb967e0c4a140a4e8ae

              SHA512

              57ea6cf17b2693249830b793cc3c744a4b5eb47d0daa9c169bcea6def8506281e5191cf77b6b17c7e7731cddc761344a11f4b757cee89fa86ba2a23856e0f8c8

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BHWI2R9H.cookie

              Filesize

              132B

              MD5

              a179459caa9efb1ac0d83c6c7926ae87

              SHA1

              a62d7fb83b9ac9b70b620d48c54824b6de693167

              SHA256

              b38e866251c2aa5e169758e2884920763cc5b413700297da17afdf01177952cb

              SHA512

              baf0f3821cb7286767d5a4f76cf222f929736c7c30a7799e85c37d433b8d65203e0ab469267803a84a112b1041ed1d3c56701180ce5151c6b420b1b250fed8b4

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

              Filesize

              1KB

              MD5

              b5eda74305a01c41450e0d12777199e1

              SHA1

              36162e9e8c3a69b237d317f7c300f11927a37c12

              SHA256

              6e5c17b2b4e22fa800baa0eaf0b76ce73005e463b915503e8bca92223b9cf594

              SHA512

              f96b2ea451f4ceef082e1289a7f1e160580f5a8d515eaf2b4df0d8d818c34355c17538806f873fba07118b5c937d8c3172721ee03e3d16126e07c0db5faf16f3

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

              Filesize

              4KB

              MD5

              24be8a92460b5b7a555b1da559296958

              SHA1

              94147054e8a04e82fea1c185af30c7c90b194064

              SHA256

              77a3cfe6b7eb676af438d5de88c7efcb6abcc494e0b65da90201969e6d79b2a3

              SHA512

              ed8ef0453e050392c430fdcf556249f679570c130decd18057e077471a45ab0bc0fba513cb2d4d1c61f3d1935318113b3733dec2bc7828a169b18a1081e609a0

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

              Filesize

              724B

              MD5

              ac89a852c2aaa3d389b2d2dd312ad367

              SHA1

              8f421dd6493c61dbda6b839e2debb7b50a20c930

              SHA256

              0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

              SHA512

              c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_87DCDABBB68171FA19C9A78DBA85E190

              Filesize

              471B

              MD5

              3b7403306365b481a905b872a4a8fe8d

              SHA1

              848d8b54a1b0fa0f473fe13bbabcb7872c0a6067

              SHA256

              f7ffcd2b2deb0aafb5ab3eca136e1bfa6560686bf31f6982afeb0535dfd70bd7

              SHA512

              bb40f31f256d4635c9ef00ef2eb7f6d959a262e55e8028d2d009073b74979900672073db15b2e3130b551dfe3b770863251940fa13c49375b8e18c5be24fb2a9

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

              Filesize

              410B

              MD5

              61a1f31971fb56d191978a77738ed480

              SHA1

              93438ae3268e6510cc2a44d03ca1da137d3c76ad

              SHA256

              5145aec049b4f358127d1d286d6c06d7c783f3428a0a02e33d74c08837513d7a

              SHA512

              8da13430cfead3dee2066eadf1dd692cff8daa4fc45fc661ce11be61be4031d617e52cca61d9e0d37f9eead0db1c64d928f0ec45e27882fc112536493e80308e

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

              Filesize

              342B

              MD5

              9188007e12da8a594e773e559122d48e

              SHA1

              6e5db2c8b779a4e5932bcd8b481559c3f10b2477

              SHA256

              9ffbc7ad093129386a40861cd3986a3924780f29266b246a37c860832db2366b

              SHA512

              f3d7d74b31ed68ded0da9974df015deb8f683ab8ebb24e883b1cbaa0187f82196436519d28dc902540a6259847ab779e01f8129de89a58bc9950a51e81935a20

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

              Filesize

              392B

              MD5

              3ba25096350480b0d154c6bdfe626e56

              SHA1

              e2ed8ae95a615878c9147424dc8328f4958d42cf

              SHA256

              291023a08f1a184ceddaea158771fe40c2c21fb6582984659bd6b376c0f1cb44

              SHA512

              b944b34c02b26d0e1822695a7c4b177ae6e4808824335da525635625ca14d9b3d5e0c658e2d35fdc1e88f7043531e227a370f5f57ec2c4a9f534f59f57465969

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_87DCDABBB68171FA19C9A78DBA85E190

              Filesize

              406B

              MD5

              88b95f507ba8cc65b332a6679738ba27

              SHA1

              355614971bd62bcb8d57b0609c6e5e204fa26d7e

              SHA256

              b9ad6f24485fa02b2ce78f88fc8ac329112e311ee5253797fb679e453cf479f0

              SHA512

              53a7d09b4d0bd16ba2b9259b8edad88312451999d2ad17fa1b08dbdc01efd736c1745cdce801552cffcdb19be90ca10e6d414e36cb2b64c111921d9c94273d9a

            • C:\Users\Admin\AppData\Local\Temp\9A28.bat

              Filesize

              79B

              MD5

              403991c4d18ac84521ba17f264fa79f2

              SHA1

              850cc068de0963854b0fe8f485d951072474fd45

              SHA256

              ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

              SHA512

              a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

            • memory/1508-199-0x00000281FD250000-0x00000281FD270000-memory.dmp

              Filesize

              128KB

            • memory/1508-195-0x00000281FD460000-0x00000281FD560000-memory.dmp

              Filesize

              1024KB

            • memory/3184-57-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-61-0x00000000013E0000-0x00000000013F0000-memory.dmp

              Filesize

              64KB

            • memory/3184-35-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-40-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-42-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-46-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-48-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-50-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-47-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-43-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-44-0x0000000001390000-0x00000000013A0000-memory.dmp

              Filesize

              64KB

            • memory/3184-51-0x0000000003100000-0x0000000003110000-memory.dmp

              Filesize

              64KB

            • memory/3184-54-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-53-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-55-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-37-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-60-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-59-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-58-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-28-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-62-0x0000000003100000-0x0000000003110000-memory.dmp

              Filesize

              64KB

            • memory/3184-23-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-38-0x00000000013F0000-0x0000000001400000-memory.dmp

              Filesize

              64KB

            • memory/3184-21-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-4-0x00000000012D0000-0x00000000012E6000-memory.dmp

              Filesize

              88KB

            • memory/3184-10-0x0000000001120000-0x0000000001130000-memory.dmp

              Filesize

              64KB

            • memory/3184-33-0x00000000013E0000-0x00000000013F0000-memory.dmp

              Filesize

              64KB

            • memory/3184-32-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-30-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-11-0x0000000001120000-0x0000000001130000-memory.dmp

              Filesize

              64KB

            • memory/3184-13-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-15-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-16-0x0000000001390000-0x00000000013A0000-memory.dmp

              Filesize

              64KB

            • memory/3184-22-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-18-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/3184-20-0x0000000001380000-0x0000000001390000-memory.dmp

              Filesize

              64KB

            • memory/4176-5-0x0000000000400000-0x0000000000409000-memory.dmp

              Filesize

              36KB

            • memory/4176-3-0x0000000000400000-0x0000000000409000-memory.dmp

              Filesize

              36KB

            • memory/4176-0-0x0000000000400000-0x0000000000409000-memory.dmp

              Filesize

              36KB

            • memory/4884-419-0x000002441A820000-0x000002441A822000-memory.dmp

              Filesize

              8KB

            • memory/4884-417-0x000002441A0C0000-0x000002441A0C2000-memory.dmp

              Filesize

              8KB

            • memory/4884-413-0x000002441A0A0000-0x000002441A0A2000-memory.dmp

              Filesize

              8KB

            • memory/4884-407-0x000002441A050000-0x000002441A052000-memory.dmp

              Filesize

              8KB

            • memory/4884-395-0x000002441A0E0000-0x000002441A0E2000-memory.dmp

              Filesize

              8KB

            • memory/4884-392-0x0000024418BF0000-0x0000024418BF2000-memory.dmp

              Filesize

              8KB

            • memory/4884-380-0x0000024417AE0000-0x0000024417AE2000-memory.dmp

              Filesize

              8KB

            • memory/4884-270-0x0000024418570000-0x0000024418590000-memory.dmp

              Filesize

              128KB

            • memory/5004-84-0x00000237C4F00000-0x00000237C4F10000-memory.dmp

              Filesize

              64KB

            • memory/5004-68-0x00000237C4720000-0x00000237C4730000-memory.dmp

              Filesize

              64KB

            • memory/5004-103-0x00000237C4D10000-0x00000237C4D12000-memory.dmp

              Filesize

              8KB