Analysis

  • max time kernel
    300s
  • max time network
    238s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/10/2023, 05:09

General

  • Target

    ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe

  • Size

    3.4MB

  • MD5

    20fb5e586475341f636b916b026208ff

  • SHA1

    adc20cda17f7d27e37d211b28a24dd06ca7a580c

  • SHA256

    24f92c883d5db4db4c8d39d41e31e6d2715fc345a5ec6433585ce38e2c2392f4

  • SHA512

    41c19075c05a66df4517a0dacce8e90eee1f1dca95f71f9d598e5e88f9928459f1157fa967089e7510cb2a81a23a3e8e7728799d183ef17c39b35edb42b70e0d

  • SSDEEP

    98304:mUoz95vq28HVaKCJj1z2ge+u/3qXuD5OxBBkyWBh:jQZyahJ4g3uPIuFKayu

Malware Config

Signatures

  • Detects DLL dropped by Raspberry Robin. 7 IoCs

    Raspberry Robin.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Detected potential entity reuse from brand microsoft.
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe
    "C:\Users\Admin\AppData\Local\Temp\ef8be4e2eee1ce9af5488ac962c4823e11f737e01e2a3c8ed96f32cc0db18fc4.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:3104
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1568
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:4424
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3916
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2176
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:2816
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4532
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1864
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:2640
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    PID:3928

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\FKMV2AI3\edgecompatviewlist[1].xml

          Filesize

          74KB

          MD5

          d4fc49dc14f63895d997fa4940f24378

          SHA1

          3efb1437a7c5e46034147cbbc8db017c69d02c31

          SHA256

          853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

          SHA512

          cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P068WU4V\favicon[1].ico

          Filesize

          16KB

          MD5

          12e3dac858061d088023b2bd48e2fa96

          SHA1

          e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

          SHA256

          90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

          SHA512

          c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PWTOA31O\suggestions[1].en-US

          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\quxig9m\imagestore.dat

          Filesize

          17KB

          MD5

          3257e5b327914ea2ba976c60d3b4eb98

          SHA1

          a4bf78ca460d888b39d7ac45afd18bd1b56fd68b

          SHA256

          33b494e0c17576cf8a4b46a4abb9171c50d4e3dacb4eb53b9dc9dd0d7417c230

          SHA512

          63d82ba8bad2a1dcdbe8e12113f33f62332a3c25f07d16a58351fc67bc6a9ec5dd1af59a127d6e16144385b56646cc292d1a46b04d75f8cbbfd636dd5cf4e44d

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2X1ESESQ\SegoeUI-Roman-VF_web[1].woff2

          Filesize

          115KB

          MD5

          bca97218dca3cb15ce0284cbcb452890

          SHA1

          635298cbbd72b74b1762acc7dad6c79de4b3670d

          SHA256

          63c12051016796d92bcf4bc20b4881057475e6dfa4937c29c9e16054814ab47d

          SHA512

          6e850842d1e353a5457262c5c78d20704e8bd24b532368ba5e5dfc7a4b63059d536296b597fd3ccbd541aa8f89083a79d50aaa1b5e65b4d23fc37bfd806f0545

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2X1ESESQ\application-not-started[1].htm

          Filesize

          46KB

          MD5

          30317cbc57edb71760cb15d12dc4c715

          SHA1

          5f32a8eda7c4cb6bbfa5f3f690b19e946b8353c4

          SHA256

          34c4132c283672918e058c25947e6fca6cbac2b92e040cfe19205d0aa66e8707

          SHA512

          cadb368a19589e53b0b0e7b79dffc3781394f1a7a8c1d6ce8e80f36586b8ca1c8b9ed360c338ec7a0a66af0cbdbf328089607fbbb75f1285f9bf113f061a0c5c

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2X1ESESQ\repair-tool-changes-complete[1].png

          Filesize

          13KB

          MD5

          512625cf8f40021445d74253dc7c28c0

          SHA1

          f6b27ce0f7d4e48e34fddca8a96337f07cffe730

          SHA256

          1d4dcee8511d5371fec911660d6049782e12901c662b409a5c675772e9b87369

          SHA512

          ae02319d03884d758a86c286b6f593bdffd067885d56d82eeb8215fdcb41637c7bb9109039e7fbc93ad246d030c368fb285b3161976ed485abc5a8df6df9a38c

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2X1ESESQ\tex-mml-chtml[1].js

          Filesize

          1.1MB

          MD5

          2e00d51c98dbb338e81054f240e1deb2

          SHA1

          d33bac6b041064ae4330dcc2d958ebe4c28ebe58

          SHA256

          300480069078b5892d2363a2b65e2dfbbf30fe5c80f83edbfecf4610fd093862

          SHA512

          b6268d980ce9cb729c82dba22f04fd592952b2a1aab43079ca5330c68a86e72b0d232ce4070db893a5054ee5c68325c92c9f1a33f868d61ebb35129e74fc7ef9

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2TDM2LQ\67a45209.deprecation[1].js

          Filesize

          1KB

          MD5

          020629eba820f2e09d8cda1a753c032b

          SHA1

          d91a65036e4c36b07ae3641e32f23f8dd616bd17

          SHA256

          f8ae8a1dc7ce7877b9fb9299183d2ebb3befad0b6489ae785d99047ec2eb92d1

          SHA512

          ef5a5c7a301de55d103b1be375d988970d9c4ecd62ce464f730c49e622128f431761d641e1dfaa32ca03f8280b435ae909486806df62a538b48337725eb63ce1

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2TDM2LQ\dce1d392.site-ltr[1].css

          Filesize

          440KB

          MD5

          12f2ed166c75673f1d5267b892aa3f83

          SHA1

          018b3e5e01b9059bb0715d94fe3d4d370dc10b44

          SHA256

          6a495392198e10f3afda154005d1e681f1fe5b807f190fc99fbedc1959a7d482

          SHA512

          9f2aac34cdf4a2cab930829bcb29ba3b8a3f6a801ba50a7d08d407ef7db98c10d1c2c9b9733303d50699b8e5cd4bef9dbcbdb4be2b5656e2b059dc584506c715

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2TDM2LQ\latest[1].woff2

          Filesize

          26KB

          MD5

          2835ee281b077ca8ac7285702007c894

          SHA1

          2e3d4d912aaf1c3f1f30d95c2c4fcea1b7bbc29a

          SHA256

          e172a02b68f977a57a1690507df809db1e43130f0161961709a36dbd70b4d25f

          SHA512

          80881c074df064795f9cc5aa187bea92f0e258bf9f6b970e61e9d50ee812913bf454cecbe7fd9e151bdaef700ce68253697f545ac56d4e7ef7ade7814a1dbc5a

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D2TDM2LQ\logo_net[1].svg

          Filesize

          1KB

          MD5

          37258a983459ae1c2e4f1e551665f388

          SHA1

          603a4e9115e613cc827206cf792c62aeb606c941

          SHA256

          8e34f3807b4bf495d8954e7229681da8d0dd101dd6ddc2ad7f90cd2983802b44

          SHA512

          184cb63ef510143b0af013f506411c917d68bb63f2cfa47ea2a42688fd4f55f3b820af94f87083c24f48aacee6a692199e185fc5c5cfbed5d70790454eed7f5c

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JIRJISR4\4d703278.index-docs[1].js

          Filesize

          2.1MB

          MD5

          155490cbfdfaa90712c01d5389f4d9c8

          SHA1

          a3285c76bb0d2abd7d5a950a3d48ea08534b7a27

          SHA256

          8601201d5294192557525906fcb236a21efccdbdce68280d5ad68fad0dc929da

          SHA512

          5f104ec4a8aa474efc9ef29b2275fd265864689550e30681d9232b0116050a880ca0e7263dcac9a6fcd6cc6e77f125d626859a4b1a9f918d98437b82b36de468

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JIRJISR4\app-could-not-be-started[1].png

          Filesize

          34KB

          MD5

          522037f008e03c9448ae0aaaf09e93cb

          SHA1

          8a32997eab79246beed5a37db0c92fbfb006bef2

          SHA256

          983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7

          SHA512

          643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JIRJISR4\docons.28d69bd4[1].woff2

          Filesize

          17KB

          MD5

          7e2a819601bdb18df91d434ca4d95976

          SHA1

          94c8d876f9e835b82211d1851314c43987290654

          SHA256

          7da655bf7ac66562215c863212e7225e1d3485e47e4c2d3c09faac7f78999db1

          SHA512

          1ca1d95cc91cb06a22b8d30a970c254e334db7ff6bad255333bac2adc83c98735ec9c43bccf9c46514664d449a43d2586d38a45970338655244e754d2a87a83e

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JIRJISR4\repair-tool-no-resolution[1].png

          Filesize

          17KB

          MD5

          240c4cc15d9fd65405bb642ab81be615

          SHA1

          5a66783fe5dd932082f40811ae0769526874bfd3

          SHA256

          030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07

          SHA512

          267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QFV1UYDJ\install-3-5[1].png

          Filesize

          13KB

          MD5

          f6ec97c43480d41695065ad55a97b382

          SHA1

          d9c3d0895a5ed1a3951b8774b519b8217f0a54c5

          SHA256

          07a599fab1e66babc430e5fed3029f25ff3f4ea2dd0ec8968ffba71ef1872f68

          SHA512

          22462763178409d60609761a2af734f97b35b9a818ec1fd9046afab489aad83ce34896ee8586efe402ea7739ecf088bc2db5c1c8e4fb39e6a0fc5b3adc6b4a9b

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QFV1UYDJ\ms.jsll-3.min[1].js

          Filesize

          180KB

          MD5

          9f667fcbe79a2f0a5881315d22ce5b34

          SHA1

          745be50b4affbf86a900dbc6fea9dcada089c63b

          SHA256

          ed20090ab9eac537cd83a784f70dd61f1ea14da013e0e9c38174bfc691353304

          SHA512

          e2fcc27f22c2ea0ca9c00f2a638c53ec322d4d1ade38570fcefdd86452090dd5052b9e4eaca409b4542ad5f3c40332314d361fcf7b3460405cd6dfe51748d4de

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QFV1UYDJ\repair-tool-recommended-changes[1].png

          Filesize

          15KB

          MD5

          3062488f9d119c0d79448be06ed140d8

          SHA1

          8a148951c894fc9e968d3e46589a2e978267650e

          SHA256

          c47a383de6dd60149b37dd24825d42d83cb48be0ed094e3fc3b228d0a7bb9332

          SHA512

          00bba6bcbfbf44b977129594a47f732809dce7d4e2d22d050338e4eea91fcc02a9b333c45eeb4c9024df076cbda0b46b621bf48309c0d037d19bbeae0367f5ed

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QFV1UYDJ\wcp-consent[1].js

          Filesize

          272KB

          MD5

          5f524e20ce61f542125454baf867c47b

          SHA1

          7e9834fd30dcfd27532ce79165344a438c31d78b

          SHA256

          c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

          SHA512

          224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3QSAK0BW\learn.microsoft[1].xml

          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

          Filesize

          471B

          MD5

          5754774738bba4a5eeb18f2c156b2426

          SHA1

          fd0220b958cdd8c39bb58940af0bac1d618ab2d9

          SHA256

          48ab38fc83b47674743522c94b5960c91b0ceedbce74274f8721e1d86aae53ad

          SHA512

          a7262b9c2727392cb4b90fbdb26eb5eb20c1c23237c69d7de8d1175dccdadad4043b3689f5dd2284f5881448ee9f4537112f1159a70f96341b97753c66b3269a

        • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

          Filesize

          412B

          MD5

          a8464c2335dd0db0ab4a438765f90c02

          SHA1

          ef0a2547b27ccb54148d3ca3535394992118fa98

          SHA256

          84ac1c5d637f69df334d3b383eb64afed0e3257909775e94db338362ade5acb2

          SHA512

          c83c5e918781a1a63007a5132ce3bf21fc819fab11ecdccd69720519cfc5554ecd0feff2a81a399e78745f2a85e8fab6af539eb6c15c5c230957b41d13191e86

        • memory/1568-15-0x00000146B1320000-0x00000146B1330000-memory.dmp

          Filesize

          64KB

        • memory/1568-195-0x00000146B7990000-0x00000146B7991000-memory.dmp

          Filesize

          4KB

        • memory/1568-194-0x00000146B7980000-0x00000146B7981000-memory.dmp

          Filesize

          4KB

        • memory/1568-31-0x00000146B1D00000-0x00000146B1D10000-memory.dmp

          Filesize

          64KB

        • memory/1568-50-0x00000146B14F0000-0x00000146B14F2000-memory.dmp

          Filesize

          8KB

        • memory/2816-187-0x0000019C14010000-0x0000019C14012000-memory.dmp

          Filesize

          8KB

        • memory/2816-189-0x0000019C14030000-0x0000019C14032000-memory.dmp

          Filesize

          8KB

        • memory/2816-185-0x000001A47FCE0000-0x000001A47FCE2000-memory.dmp

          Filesize

          8KB

        • memory/2816-144-0x000001A47EE40000-0x000001A47EE60000-memory.dmp

          Filesize

          128KB

        • memory/2816-117-0x000001A47D6E0000-0x000001A47D700000-memory.dmp

          Filesize

          128KB

        • memory/2816-80-0x000001A47C9E0000-0x000001A47C9E2000-memory.dmp

          Filesize

          8KB

        • memory/2816-75-0x000001A47C960000-0x000001A47C962000-memory.dmp

          Filesize

          8KB

        • memory/2816-78-0x000001A47C9C0000-0x000001A47C9C2000-memory.dmp

          Filesize

          8KB

        • memory/3104-51-0x0000000076AA0000-0x0000000076B70000-memory.dmp

          Filesize

          832KB

        • memory/3104-12-0x00000000000E0000-0x0000000000B14000-memory.dmp

          Filesize

          10.2MB

        • memory/3104-209-0x0000000076CD0000-0x0000000076E92000-memory.dmp

          Filesize

          1.8MB

        • memory/3104-211-0x0000000076AA0000-0x0000000076B70000-memory.dmp

          Filesize

          832KB

        • memory/3104-212-0x0000000076AA0000-0x0000000076B70000-memory.dmp

          Filesize

          832KB

        • memory/3104-210-0x0000000076AA0000-0x0000000076B70000-memory.dmp

          Filesize

          832KB

        • memory/3104-0-0x00000000000E0000-0x0000000000B14000-memory.dmp

          Filesize

          10.2MB

        • memory/3104-207-0x0000000076AA0000-0x0000000076B70000-memory.dmp

          Filesize

          832KB

        • memory/3104-14-0x0000000076AA0000-0x0000000076B70000-memory.dmp

          Filesize

          832KB

        • memory/3104-55-0x0000000076CD0000-0x0000000076E92000-memory.dmp

          Filesize

          1.8MB

        • memory/3104-13-0x0000000076AA0000-0x0000000076B70000-memory.dmp

          Filesize

          832KB

        • memory/3104-213-0x00000000000E0000-0x0000000000B14000-memory.dmp

          Filesize

          10.2MB

        • memory/3104-8-0x0000000077954000-0x0000000077955000-memory.dmp

          Filesize

          4KB

        • memory/3104-7-0x0000000076CD0000-0x0000000076E92000-memory.dmp

          Filesize

          1.8MB

        • memory/3104-6-0x0000000076CD0000-0x0000000076E92000-memory.dmp

          Filesize

          1.8MB

        • memory/3104-5-0x0000000076CD0000-0x0000000076E92000-memory.dmp

          Filesize

          1.8MB

        • memory/3104-4-0x0000000076CD0000-0x0000000076E92000-memory.dmp

          Filesize

          1.8MB

        • memory/3104-1-0x0000000076AA0000-0x0000000076B70000-memory.dmp

          Filesize

          832KB

        • memory/3104-2-0x0000000076AA0000-0x0000000076B70000-memory.dmp

          Filesize

          832KB

        • memory/3104-66-0x0000000076CD0000-0x0000000076E92000-memory.dmp

          Filesize

          1.8MB

        • memory/3104-3-0x0000000076AA0000-0x0000000076B70000-memory.dmp

          Filesize

          832KB

        • memory/4532-261-0x0000016C15980000-0x0000016C159A0000-memory.dmp

          Filesize

          128KB

        • memory/4532-247-0x0000016C13FF0000-0x0000016C14010000-memory.dmp

          Filesize

          128KB