Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2023, 01:42

General

  • Target

    34bd2ce2e8930770f19ca6e9f3b1a32d33711712eb07b54d43b2968ff251a98b.exe

  • Size

    239KB

  • MD5

    868353e2d110b3d3c6c985b1adae7de4

  • SHA1

    ad9c3ae066279e2cd947f9c833a0f1cb4d182973

  • SHA256

    34bd2ce2e8930770f19ca6e9f3b1a32d33711712eb07b54d43b2968ff251a98b

  • SHA512

    2553800d879530261d6a40ca535cf280e824bff878cd0e902b4841d419cdbccf519d71e1fe820a4b8772ffb82d045e92265aefe588d1bd0da8fce7e0f7a72018

  • SSDEEP

    6144:Mr46fuYXChoQTjlFgLuCY1dRuAOeXWaxuQNw8y0:M0YzXChdTbv1bunax/w8y

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Signatures

  • Detected google phishing page
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34bd2ce2e8930770f19ca6e9f3b1a32d33711712eb07b54d43b2968ff251a98b.exe
    "C:\Users\Admin\AppData\Local\Temp\34bd2ce2e8930770f19ca6e9f3b1a32d33711712eb07b54d43b2968ff251a98b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:844
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 52
      2⤵
      • Program crash
      PID:2704
  • C:\Windows\system32\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\4B91.bat" "
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2684
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.facebook.com/login
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3044
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:340993 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2028
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2080
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1164

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5bb1a9c23c2c3b671d2c9f5ecaa61ab3

          SHA1

          a6fb8d3b468131c3b020276932e0d3015163af13

          SHA256

          b56d7207398f00125232a19e383aaa6120e121aac49ffbba650f775c796a48e9

          SHA512

          05089cedc68c73b6f3b83ac651f357062b71a04cee079072224fec18326a383fb0b117a3c3d4349b2f4a1863cf89553e4312cfc43f03817dcd073ff967a11d21

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          284ba88a32dc7f4de9ac2883343cb1d7

          SHA1

          dd636ff478e9472de885b3d3e3b9a6dcfc327030

          SHA256

          315338d683fbbf5681423163b6955c90aa3fa684fc8089776eec14067212dd44

          SHA512

          46019e5afc5536b3ab7e56df0dd9f0396281398c397a9a8b9c81a7e9f3e1f78d10e1c67ec671233373ab489e63a251e5001fcc6fa73227d45fb24ca35e904e93

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fbb5e13e0622c33651be4513beffed12

          SHA1

          9e5b0a9c49f911694017b0de16bf9041aab5c1ff

          SHA256

          2cb9e6414906c57ec84324891d864e6402d07acf1710ebef29a8b53b5f6b9e13

          SHA512

          27eafffebc97527bd1a6c6a70831e19f6ac32d963e9ca8ee1e77e53a80f93c895a2f341de02e9636b997615d54d2955b0226c7d08357e5a3938a1ee3f5fb4099

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2058d3bc08365b36adee6d8f55bed829

          SHA1

          288c508603e82bf9c8b737dd605d7fc9978d63e1

          SHA256

          84bae76245bb30b17763d2cfedb1dad7e990b2c4ad103a23ee6401ffe0cccd8a

          SHA512

          c51a28bd449ac04ab4513ce2852a4006a06b12ac1d89c68601ba8722668e0bb54d47b82813cf1b97a4e0f698e5cb39878a62ea38e374dfc1232c665ba936bb43

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          1be2bd25194e969128f0f3bb4fd47e28

          SHA1

          c075b5139ec0a633739745b4a6c5f1e78e411e41

          SHA256

          9fabdb91e2e525bf848bd38897e7c4eac87f52e3cf41047a2e3cb373f2459716

          SHA512

          7c56cbc7cd6120375cbea7d5ff91cbfbf0acf53f813873b98c98b20ac7cf5fb45fd5cabf5a3386e78508393e6b442c00b348f53aeaf1d438946dacecf6920201

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          19f82bf8099c31ea451dc367dbb919b0

          SHA1

          7ac43b5782b9f1c5e559dd2170b1f6ba959e7ea2

          SHA256

          c0f18ceb44431966df794b2c9409d971f536f4b70c6e4ec46e0524f7a8b7d3b2

          SHA512

          0f16ce2b33ce11ccb919174bea5086aeeaf0584732e2db8a4aae38b0baeb2a22693c2e89bc21f26583a167c18731b600d741da87389e89268b112c53cc97ded3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          cfe10028615125041e1c67b542e8caca

          SHA1

          c295d4fee2068eb3d4bdd53d5af108312c7ad456

          SHA256

          c44c48cb19a3c31cbdd2b658cc077152ee8a45a439550390ac9418d079df5d26

          SHA512

          67417ae8b99c79710c101d20d03621f61dcf1c0e4aca7df1e0e8b4f800f6da9acd4db888fad55dcaee16e97d585ab050e50d61fd8366866a75012b6eb1b0f93f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6826d007a19b28a9d95c2c010de19390

          SHA1

          b6ff19a573d9821edcd0798aad2a148156361c43

          SHA256

          82c043f6d530c22a1e2c8a78412b31f05c15809d88d3a8110c17cf35209f8e11

          SHA512

          a2a0aba499f7f6d304c9b616b2b5e896bf98ee0706f338f6642cd4f1acecd06a88f3518e124c70b4fd760fac04ab7ad3e09654ea6082eda6e01814a6a6226373

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          87bc67172f2c5c90f0293b94ecb215d7

          SHA1

          48cf43d2e0bdde5a3e3641d3379ff1320457adb7

          SHA256

          c4208342581353edaa5862a34b1773add300f1eb02d79a8e1faf42700b1c5ee5

          SHA512

          544a568e96b59fb1560af9cc44df9f3ffeba7b7072718a4a86e64ad6855c6fbef28cb9a1e837e168acc8f28985809fb3c1c87a62b76f09e990cd0c092afef40e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          90f65fcd763b721e656abdad87135459

          SHA1

          4ed8b6c5a705e2caf116359222e431381cf0c855

          SHA256

          626d69b54a8bb18188949744c8a78bcc5e511f6e2d7c6e43054919f3ec706a56

          SHA512

          feb4dbe1da3cb2270a0c074c76c2f210bdca22fc8b6d48053533c867a440cb290b3da3daf7110ad6dff29857ad1867c39662d35684f989b0e5322618c3b44e0f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          1df7cd3e7beb93c4b9e8592289da78eb

          SHA1

          88a5405e0c99485dd91d5385c4aef21610f75654

          SHA256

          76d579c02940c1af81d5d878602f3f1b35975dedc17a42d9f716c8be5d8cfe55

          SHA512

          eb5a110df2f63bdfd41388601304ecf200a1010597c200e60722e51dabe21f7db5000c39d96233e486805c34bebf7a0723e805fe64efa99b66ea5fdd42da038e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d6b0e6a1b2aafd9f81ec1fa858ddd0d3

          SHA1

          fc7943f5626a89bdaf76f2b28dab6e832e47785d

          SHA256

          c9494e31d9262aa0f08946e9feef05f1805233bfaa15e696b92a0d88779754e8

          SHA512

          36c8902a64b2e22cbd212c3a8bc3ded62a5ab7c21c76d98c04c5672618ed02429ef016dbed91aab92311c207ee83adbc6b57c6e9a9dc3344b766aad20608fc48

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d2f01156e8e4226dcb399b98ede5e36f

          SHA1

          b4c704472bd58c96ff84a2baa5614f5a0c64f9bf

          SHA256

          ac50653bbdcd79edfc4b99fac3563371b9354c1c11a8390587ae9fa464dd1c69

          SHA512

          c17ff82ab1e224fdb950b3d28e0837c84b09ba106928af113d54f32518db2c9945f3b97affd794e831ba884d6e335013141542db1271e5e284dbbe84eea002b5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c12b65b85015ec18ed7c64b7f8bc4ff5

          SHA1

          280b904b7da111b333d27d4f5e865dcfdf7cbd1b

          SHA256

          6baf331064c642c660cf37b3558b72dd683ba87629974a8bc376b6dd8a6fa4ec

          SHA512

          4f1de66ef13c0ff3cc5348ff638bc6422e09a854ef0b62f56a0b80c7ac2d7154a4bd9c4ece8522dc6803f9d2ef472b9e098727e2fa0abb3edef2010d53ff977f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          064750ea53b2a87a26eb976321d69fcf

          SHA1

          5945bad9dc130de9672222813c3c9709b62b9c88

          SHA256

          c6c27a42e0a9c1affa9a95c4116368e30f2c5df78d0c27fd24813c2937f4bcd0

          SHA512

          53c02026560920f03276feff2473c10e726ed1b7929a74d7076e48fa036cf0c03605f93c61cfdad32ed816b952feeea5f13e8b9f82843b3434f0d22847ddbc81

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          eeb521471e09e0b7bf13fdd2f9f5759b

          SHA1

          1a611864e0a5b7e170e22952da5f6510e2768481

          SHA256

          db34a9193bbc184e976d00f6cb63dea069dfce63adac0753c65b5fc237d8d28f

          SHA512

          768baf92e8b1e84efa7031b4c60fc00cc91dcac0fefa20b3314ec88b71f3257a66b32ecc69091990d16ab1f74aa44be12311d0428f367595b34640cb97f9ad67

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3e1dc0cfd53b85e8fae5219b53608140

          SHA1

          baa0270c56db9857af1b778c35bf9a0fd98a9f65

          SHA256

          597a94eff35b87da3bf5e173fe7c9af9ae3ceeb1307052207907d7b4cc88aa4a

          SHA512

          54f8ef7355c1f9f69304cdf06e02a588c049a71827bbebfd458fdeadffe49b33bd68ac34b58d246cce42613528df1d98a08c0510882bcd94d584367826f4a35a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a8288dae5994e3e246b6807c3bd7ad4c

          SHA1

          2bc41e5bb19fcd2e862feefcdec0c253bb60f4ad

          SHA256

          ea2d4ec452f729e78f8cea77268b9b9287b93aeadff2b65c623db722f1d0b5d4

          SHA512

          479b1f3cf1f7fd1c9dd97a8653a7d69a87e6caafee66c3f5c43da66c82333982ce26dd9b7d0db02b0e7aae6078f3f08c9a26fcf2077c13a17cb0766cbab02ce0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          cd7f5c05ba7e1495869154428a8ef06f

          SHA1

          e890883a681e8872fa7625873aa3199e58766ea8

          SHA256

          c0e3630d06799ae6a3606e9281832e777c8521ab87878f2cc05f5da4e9cef054

          SHA512

          d0abde897a2bad8697bbe284f525deb7b0105b8115dc208bf4520181a67627919fc5c632f324baac16dadc2d705f15651f7943c8df8b7aaeba8272999b9c03b8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          114e909f0f51c40bd2c66b33ef6b9976

          SHA1

          1fffb216b09ec82c19f5625c4a9fd5aa1b0a6408

          SHA256

          49afd2a8f47e72171ca58058b914ada63add2ce143c3d7d15e85fb555fdf215a

          SHA512

          da724f48616dd9e3045ebce72c324c1d4f3fe9d8e2bb27a849d3ca825a34ab4de851d9912c0996e1644e39b0ed4fc266f81e7a4148e79aa98a7b462c908ac1b6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          43d85d49796f84ca65e08a31ce4a4444

          SHA1

          8c186bca428e348926f385de0834ddef4b2960de

          SHA256

          49ede50b2c97f30f12ee502ee7b90cc6bcaceb78b959a3fa13bff5fcfcc5d76a

          SHA512

          51b2aadb9f6e4dafc9262ec9294111b113880e9f82405bbe5a036fbf3886644f0befdb2808da31368ac9b3d4758ba5ac548b8fd57750699449a4cdce4cf35ffe

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8B64A81-5B44-11EE-A335-5AE081D2F0B4}.dat

          Filesize

          5KB

          MD5

          3a9fc00f2ad115670cd53ce74854f547

          SHA1

          3134768356cf60d6712c6828c4648aac34e6bdfa

          SHA256

          90974921c6c234ae306c1635af9e630a48b57854b5b0027a323e070d9a5aa159

          SHA512

          53b9af03001561b388d13eb84f29e763bb065271d605dbfe7aed3574bc2ccdf1b9ea927e71bb045ead9ed39237885afb469201d876f80bec5a2bb48ae8d9bee4

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\6gi47o3\imagestore.dat

          Filesize

          4KB

          MD5

          d3e8851dabe5661b09a45f8724ea7127

          SHA1

          19c475b575bd7b675979e5648a5229bec068d203

          SHA256

          0a139aa8390110e4042ba8b39406b21754f39f51bee01e0062d53b8bd33c409d

          SHA512

          ae07b79443c32dc1470f875c8b712ce0fee9155308cf995f8d6f8df5447a0daa123932df750cf06afb722821888b9c2f97aa56c569a90f73bb8cd59171f889f1

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\6gi47o3\imagestore.dat

          Filesize

          9KB

          MD5

          e0c31690c035e9f653d60495211a894b

          SHA1

          fe6e00b69206570594312144d3ce697a86e47dae

          SHA256

          6f250f8213815b4e7d04ed40378b7556dbdb91775f022af6023bb769672867e6

          SHA512

          f67e3d0a47f529b4f476302162c20e18ad0847c4d4a07248236e096f2c95c38b4c0e5c7d43805ae1cdee8e9add7e096e5132f5af24f4c470d5a9e91340d3f810

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2X6Y6U3\favicon[1].ico

          Filesize

          5KB

          MD5

          f3418a443e7d841097c714d69ec4bcb8

          SHA1

          49263695f6b0cdd72f45cf1b775e660fdc36c606

          SHA256

          6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

          SHA512

          82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2X6Y6U3\hLRJ1GG_y0J[1].ico

          Filesize

          4KB

          MD5

          8cddca427dae9b925e73432f8733e05a

          SHA1

          1999a6f624a25cfd938eef6492d34fdc4f55dedc

          SHA256

          89676a3fb8639d6531c525e5800ff4cc44d06d27ff5607922d27e390eb5b6e62

          SHA512

          20fbee2886995c253e762f2bb814ad16890b0989deab4d92394363ef0060b96a634d87c380c7ba1b787a8ab312be968fed9329a729b4e0d64235a09e397db740

        • C:\Users\Admin\AppData\Local\Temp\4B91.bat

          Filesize

          79B

          MD5

          403991c4d18ac84521ba17f264fa79f2

          SHA1

          850cc068de0963854b0fe8f485d951072474fd45

          SHA256

          ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

          SHA512

          a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

        • C:\Users\Admin\AppData\Local\Temp\4B91.bat

          Filesize

          79B

          MD5

          403991c4d18ac84521ba17f264fa79f2

          SHA1

          850cc068de0963854b0fe8f485d951072474fd45

          SHA256

          ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f

          SHA512

          a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576

        • C:\Users\Admin\AppData\Local\Temp\Cab5023.tmp

          Filesize

          61KB

          MD5

          f3441b8572aae8801c04f3060b550443

          SHA1

          4ef0a35436125d6821831ef36c28ffaf196cda15

          SHA256

          6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

          SHA512

          5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

        • C:\Users\Admin\AppData\Local\Temp\Tar5102.tmp

          Filesize

          163KB

          MD5

          9441737383d21192400eca82fda910ec

          SHA1

          725e0d606a4fc9ba44aa8ffde65bed15e65367e4

          SHA256

          bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

          SHA512

          7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

        • memory/844-0-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/844-8-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/844-6-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/844-4-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

          Filesize

          4KB

        • memory/844-5-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/844-2-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

        • memory/1260-7-0x0000000002AB0000-0x0000000002AC6000-memory.dmp

          Filesize

          88KB