Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    07/12/2023, 19:54

General

  • Target

    23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8.exe

  • Size

    223KB

  • MD5

    aa7c1437997a0f1c1ae8d07ff907135a

  • SHA1

    9a7e53855be3996f35854572cc5d9867e734f260

  • SHA256

    23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8

  • SHA512

    df285ebbbcf74a70aa5a60ed6f116b5b2d0799db321a4abb69ac19bbedab7ea1727a2ea7c1cd3f0d4626d59f200de0ce1d9a3b3f9616c371c54e8b90ebab765e

  • SSDEEP

    3072:xZ7wXfSRZ0ON/EwW66wN94xu4CkAZJM2k5D66L+NfGbVON2Nqi/6gS5UoWXHz72n:7wPSUONLNsuWA7koN+boRi9S6oiz72D

Score
10/10

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Drops file in Drivers directory 9 IoCs
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Drops file in System32 directory 23 IoCs
  • Drops file in Program Files directory 33 IoCs
  • Drops file in Windows directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies system certificate store 2 TTPs 11 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 59 IoCs
  • Suspicious use of AdjustPrivilegeToken 20 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:424
      • C:\Program Files\wlanext.exe
        "C:\Program Files\wlanext.exe"
        2⤵
        • Drops file in Drivers directory
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2792
        • C:\Windows\system32\takeown.exe
          "C:\Windows\system32\takeown.exe"
          3⤵
          • Modifies file permissions
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          PID:1260
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1192
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
      • Suspicious use of NtCreateUserProcessOtherParentProcess
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1272
      • C:\Users\Admin\AppData\Local\Temp\23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8.exe
        "C:\Users\Admin\AppData\Local\Temp\23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8.exe"
        2⤵
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1696
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c timeout /t 1 & del /Q /F "C:\Users\Admin\AppData\Local\Temp\23f32f21c19d22034be2c95d2b4f560612b1002a8978529f2093c03c897911d8.exe"
          3⤵
          • Deletes itself
          • Suspicious use of WriteProcessMemory
          PID:1872
          • C:\Windows\SysWOW64\timeout.exe
            timeout /t 1
            4⤵
            • Delays execution with timeout.exe
            PID:1504

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\wlanext.exe

            Filesize

            97KB

            MD5

            43fab56ae5f639ad59d7209693f4c4c2

            SHA1

            7d23615f778b15791646c31688e63e7d5ebf02ff

            SHA256

            c64155944da774a80d443a0e6dcc40a3405d9c69ca3ebc95ca46bfd65c7a4908

            SHA512

            93709b5d2bb3c1b3950db578600a2c5bee3770c6f7008f45a30c1c857e4513330f7b98b4023cf1140f70050b70ab623c37227b9685fae92ffe9c00ee137e2313

          • C:\Program Files\wlanext.exe

            Filesize

            97KB

            MD5

            43fab56ae5f639ad59d7209693f4c4c2

            SHA1

            7d23615f778b15791646c31688e63e7d5ebf02ff

            SHA256

            c64155944da774a80d443a0e6dcc40a3405d9c69ca3ebc95ca46bfd65c7a4908

            SHA512

            93709b5d2bb3c1b3950db578600a2c5bee3770c6f7008f45a30c1c857e4513330f7b98b4023cf1140f70050b70ab623c37227b9685fae92ffe9c00ee137e2313

          • C:\Program Files\wlanext.exe

            Filesize

            97KB

            MD5

            43fab56ae5f639ad59d7209693f4c4c2

            SHA1

            7d23615f778b15791646c31688e63e7d5ebf02ff

            SHA256

            c64155944da774a80d443a0e6dcc40a3405d9c69ca3ebc95ca46bfd65c7a4908

            SHA512

            93709b5d2bb3c1b3950db578600a2c5bee3770c6f7008f45a30c1c857e4513330f7b98b4023cf1140f70050b70ab623c37227b9685fae92ffe9c00ee137e2313

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          • C:\Users\Admin\AppData\Local\Temp\CabCB3D.tmp

            Filesize

            29KB

            MD5

            d59a6b36c5a94916241a3ead50222b6f

            SHA1

            e274e9486d318c383bc4b9812844ba56f0cff3c6

            SHA256

            a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

            SHA512

            17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

          • C:\Users\Admin\AppData\Local\Temp\TarCB50.tmp

            Filesize

            81KB

            MD5

            b13f51572f55a2d31ed9f266d581e9ea

            SHA1

            7eef3111b878e159e520f34410ad87adecf0ca92

            SHA256

            725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

            SHA512

            f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

          • C:\Users\Admin\AppData\Local\Temp\TarCCBA.tmp

            Filesize

            171KB

            MD5

            9c0c641c06238516f27941aa1166d427

            SHA1

            64cd549fb8cf014fcd9312aa7a5b023847b6c977

            SHA256

            4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

            SHA512

            936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          • C:\Windows\14z4a3DDThcb.sys

            Filesize

            415KB

            MD5

            adb3baf4d3508556420028504199dbc6

            SHA1

            af7a88d106147ba4752ae2a55dee32be38948890

            SHA256

            d7bfc4a7546c1df6129b0737120c30a9bdadf7494eb0ad37d1c43dd8d959cf27

            SHA512

            d108336f5da456db746318ca2fb9c0beaab39915e327dd55a2db8755edd7dc5fe6ac33558ca42b0daa7d1751c1b307fc64a0a7e136971cb56ea28055f871d10c

          • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            242B

            MD5

            55dbae1c3d897a6d464ba84c0e7a0038

            SHA1

            95075e401916f887a74c083262e91367aa0369e5

            SHA256

            7310b6348f11ea87169f248460622e3579653ad37d78101bd92ffa2a6cbd4913

            SHA512

            c8478b4b70320625eebfeed7dc0188304b236df4c4332a54fba3a9950734db3ea79cb005b92bb333ccd49dac8abf21ffb5b7534a0652339bd896d5711e48ffca

          • C:\Windows\VLOtiHuABofO.sys

            Filesize

            447KB

            MD5

            d15f5f23df8036bd5089ce8d151b0e0d

            SHA1

            4066ff4d92ae189d92fcdfb8c11a82cc9db56bb2

            SHA256

            f2c40dde6f40beaa3c283b66791ff27e6f06d66c8dd6eff5262f51e02ee26520

            SHA512

            feaec8a00346b0a74c530859785e1b280da5833bf3113083bf4664ebee85b14ceca648499f36d266d329d602349f9ad0fc21a10e605377b3a2c24b456f3a9bd9

          • C:\Windows\iq8MK3bpxSsNb.sys

            Filesize

            447KB

            MD5

            39af9a328c2339b614faf5142a1395c4

            SHA1

            914aea213ee2c4a7dfea93192b7e53cc7aa91a9e

            SHA256

            7196fd2702a35acfaf54ef356459bfbe3c82a3dde6215e6c90fb8635199757f5

            SHA512

            2dcd566a9d0b49fa9eb44ac05efd6750ada216b99f6c626ddae3a7ad2f53c55d0aae2e43ea07b144fbe2536b637fa03f5fb3c2562e70cdfefeedc1421c207e33

          • C:\Windows\lrizTgCvq0jY.sys

            Filesize

            415KB

            MD5

            64bc1983743c584a9ad09dacf12792e5

            SHA1

            0f14098f523d21f11129c4df09451413ddff6d61

            SHA256

            057ec356f1577fe86b706e5aeb74e3bdd6fe04d22586fecf69b866f8f72db7f5

            SHA512

            9ab4ddb64bd97dd1a7ee15613a258edf1d2eba880a0896a91487c47a32c9bd1118cde18211053a5b081216d123d5f901b454a525cbba01d8067c31babd8c8c3c

          • \Program Files\wlanext.exe

            Filesize

            97KB

            MD5

            43fab56ae5f639ad59d7209693f4c4c2

            SHA1

            7d23615f778b15791646c31688e63e7d5ebf02ff

            SHA256

            c64155944da774a80d443a0e6dcc40a3405d9c69ca3ebc95ca46bfd65c7a4908

            SHA512

            93709b5d2bb3c1b3950db578600a2c5bee3770c6f7008f45a30c1c857e4513330f7b98b4023cf1140f70050b70ab623c37227b9685fae92ffe9c00ee137e2313

          • \Program Files\wlanext.exe

            Filesize

            97KB

            MD5

            43fab56ae5f639ad59d7209693f4c4c2

            SHA1

            7d23615f778b15791646c31688e63e7d5ebf02ff

            SHA256

            c64155944da774a80d443a0e6dcc40a3405d9c69ca3ebc95ca46bfd65c7a4908

            SHA512

            93709b5d2bb3c1b3950db578600a2c5bee3770c6f7008f45a30c1c857e4513330f7b98b4023cf1140f70050b70ab623c37227b9685fae92ffe9c00ee137e2313

          • \Program Files\wlanext.exe

            Filesize

            97KB

            MD5

            43fab56ae5f639ad59d7209693f4c4c2

            SHA1

            7d23615f778b15791646c31688e63e7d5ebf02ff

            SHA256

            c64155944da774a80d443a0e6dcc40a3405d9c69ca3ebc95ca46bfd65c7a4908

            SHA512

            93709b5d2bb3c1b3950db578600a2c5bee3770c6f7008f45a30c1c857e4513330f7b98b4023cf1140f70050b70ab623c37227b9685fae92ffe9c00ee137e2313

          • \Program Files\wlanext.exe

            Filesize

            97KB

            MD5

            43fab56ae5f639ad59d7209693f4c4c2

            SHA1

            7d23615f778b15791646c31688e63e7d5ebf02ff

            SHA256

            c64155944da774a80d443a0e6dcc40a3405d9c69ca3ebc95ca46bfd65c7a4908

            SHA512

            93709b5d2bb3c1b3950db578600a2c5bee3770c6f7008f45a30c1c857e4513330f7b98b4023cf1140f70050b70ab623c37227b9685fae92ffe9c00ee137e2313

          • \Program Files\wlanext.exe

            Filesize

            97KB

            MD5

            43fab56ae5f639ad59d7209693f4c4c2

            SHA1

            7d23615f778b15791646c31688e63e7d5ebf02ff

            SHA256

            c64155944da774a80d443a0e6dcc40a3405d9c69ca3ebc95ca46bfd65c7a4908

            SHA512

            93709b5d2bb3c1b3950db578600a2c5bee3770c6f7008f45a30c1c857e4513330f7b98b4023cf1140f70050b70ab623c37227b9685fae92ffe9c00ee137e2313

          • \Program Files\wlanext.exe

            Filesize

            97KB

            MD5

            43fab56ae5f639ad59d7209693f4c4c2

            SHA1

            7d23615f778b15791646c31688e63e7d5ebf02ff

            SHA256

            c64155944da774a80d443a0e6dcc40a3405d9c69ca3ebc95ca46bfd65c7a4908

            SHA512

            93709b5d2bb3c1b3950db578600a2c5bee3770c6f7008f45a30c1c857e4513330f7b98b4023cf1140f70050b70ab623c37227b9685fae92ffe9c00ee137e2313

          • \Program Files\wlanext.exe

            Filesize

            97KB

            MD5

            43fab56ae5f639ad59d7209693f4c4c2

            SHA1

            7d23615f778b15791646c31688e63e7d5ebf02ff

            SHA256

            c64155944da774a80d443a0e6dcc40a3405d9c69ca3ebc95ca46bfd65c7a4908

            SHA512

            93709b5d2bb3c1b3950db578600a2c5bee3770c6f7008f45a30c1c857e4513330f7b98b4023cf1140f70050b70ab623c37227b9685fae92ffe9c00ee137e2313

          • memory/424-46-0x0000000000800000-0x0000000000828000-memory.dmp

            Filesize

            160KB

          • memory/424-104-0x0000000000800000-0x0000000000828000-memory.dmp

            Filesize

            160KB

          • memory/1192-749-0x0000000001DB0000-0x0000000001DB1000-memory.dmp

            Filesize

            4KB

          • memory/1192-746-0x0000000002410000-0x0000000002532000-memory.dmp

            Filesize

            1.1MB

          • memory/1192-764-0x0000000002410000-0x0000000002532000-memory.dmp

            Filesize

            1.1MB

          • memory/1260-112-0x00000000000F0000-0x000000000028C000-memory.dmp

            Filesize

            1.6MB

          • memory/1260-208-0x0000000001EE0000-0x0000000002086000-memory.dmp

            Filesize

            1.6MB

          • memory/1260-135-0x0000000001EE0000-0x0000000002086000-memory.dmp

            Filesize

            1.6MB

          • memory/1260-132-0x00000000002B0000-0x00000000002B3000-memory.dmp

            Filesize

            12KB

          • memory/1272-583-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-454-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-18-0x00000000029A0000-0x00000000029A3000-memory.dmp

            Filesize

            12KB

          • memory/1272-763-0x0000000008C60000-0x0000000008D82000-memory.dmp

            Filesize

            1.1MB

          • memory/1272-21-0x0000000006BD0000-0x0000000006CC7000-memory.dmp

            Filesize

            988KB

          • memory/1272-121-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-19-0x00000000029A0000-0x00000000029A3000-memory.dmp

            Filesize

            12KB

          • memory/1272-22-0x0000000006BD0000-0x0000000006CC7000-memory.dmp

            Filesize

            988KB

          • memory/1272-148-0x0000000001EE0000-0x0000000002086000-memory.dmp

            Filesize

            1.6MB

          • memory/1272-747-0x0000000003960000-0x0000000003961000-memory.dmp

            Filesize

            4KB

          • memory/1272-748-0x0000000008D90000-0x0000000008D94000-memory.dmp

            Filesize

            16KB

          • memory/1272-744-0x0000000008C60000-0x0000000008D82000-memory.dmp

            Filesize

            1.1MB

          • memory/1272-193-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-743-0x0000000002CA0000-0x0000000002CA3000-memory.dmp

            Filesize

            12KB

          • memory/1272-690-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-272-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-287-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-309-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-336-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-354-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-363-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-345-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-571-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-382-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-391-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-381-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-372-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-401-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-400-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-427-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-436-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-443-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-426-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-562-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-471-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-100-0x0000000006BD0000-0x0000000006CC7000-memory.dmp

            Filesize

            988KB

          • memory/1272-536-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1272-553-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/1696-99-0x0000000000AD0000-0x0000000000B3E000-memory.dmp

            Filesize

            440KB

          • memory/1696-45-0x0000000000AD0000-0x0000000000B3E000-memory.dmp

            Filesize

            440KB

          • memory/1696-0-0x0000000000AD0000-0x0000000000B3E000-memory.dmp

            Filesize

            440KB

          • memory/1696-90-0x0000000000AD0000-0x0000000000B3E000-memory.dmp

            Filesize

            440KB

          • memory/2792-178-0x0000000004010000-0x0000000004132000-memory.dmp

            Filesize

            1.1MB

          • memory/2792-34-0x0000000000160000-0x0000000000163000-memory.dmp

            Filesize

            12KB

          • memory/2792-96-0x0000000037B90000-0x0000000037BA0000-memory.dmp

            Filesize

            64KB

          • memory/2792-584-0x00000000029B0000-0x00000000029B1000-memory.dmp

            Filesize

            4KB

          • memory/2792-101-0x0000000001E70000-0x0000000001E71000-memory.dmp

            Filesize

            4KB

          • memory/2792-102-0x0000000001CA0000-0x0000000001D6B000-memory.dmp

            Filesize

            812KB

          • memory/2792-739-0x0000000001E80000-0x0000000001E81000-memory.dmp

            Filesize

            4KB

          • memory/2792-103-0x0000000001E70000-0x0000000001E71000-memory.dmp

            Filesize

            4KB

          • memory/2792-180-0x0000000005960000-0x0000000005B2A000-memory.dmp

            Filesize

            1.8MB

          • memory/2792-28-0x0000000000130000-0x0000000000131000-memory.dmp

            Filesize

            4KB

          • memory/2792-110-0x0000000004010000-0x0000000004132000-memory.dmp

            Filesize

            1.1MB

          • memory/2792-98-0x0000000000800000-0x0000000000828000-memory.dmp

            Filesize

            160KB

          • memory/2792-106-0x0000000001F10000-0x0000000001F1F000-memory.dmp

            Filesize

            60KB

          • memory/2792-38-0x0000000001CA0000-0x0000000001D6B000-memory.dmp

            Filesize

            812KB

          • memory/2792-40-0x0000000001CA0000-0x0000000001D6B000-memory.dmp

            Filesize

            812KB

          • memory/2792-41-0x000007FEBF7D0000-0x000007FEBF7E0000-memory.dmp

            Filesize

            64KB

          • memory/2792-42-0x0000000001CA0000-0x0000000001D6B000-memory.dmp

            Filesize

            812KB

          • memory/2792-26-0x0000000000060000-0x0000000000123000-memory.dmp

            Filesize

            780KB

          • memory/2792-105-0x0000000002CB0000-0x0000000002D67000-memory.dmp

            Filesize

            732KB

          • memory/2792-108-0x0000000002240000-0x000000000226E000-memory.dmp

            Filesize

            184KB

          • memory/2792-111-0x0000000001E70000-0x0000000001E71000-memory.dmp

            Filesize

            4KB

          • memory/2792-762-0x0000000001E80000-0x0000000001E81000-memory.dmp

            Filesize

            4KB

          • memory/2792-107-0x0000000002240000-0x000000000226E000-memory.dmp

            Filesize

            184KB

          • memory/2792-114-0x0000000005960000-0x0000000005B2A000-memory.dmp

            Filesize

            1.8MB