Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 03:09

General

  • Target

    0x0007000000014970-113.exe

  • Size

    37KB

  • MD5

    cc479b599784116184dd5528c2903adb

  • SHA1

    4331d7dc0fdeb8ff344862928f0d1f0d02b05ccc

  • SHA256

    a898b42ab81022e5adc0d8d69dc7b0a0eec30eb122d0024f3e28334bd134e3eb

  • SHA512

    a0fd422cae04b37242362f941b048d3b3e7526a2ff1dcfe7702bd815b97c759909e9c5fcbcd11aca3b67a0595a2e6e87f25c71ad4906d460f3481e0a24ad9ef5

  • SSDEEP

    768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

@oleh_ps

C2

176.123.7.190:32927

Extracted

Family

smokeloader

Botnet

up3

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

  • Glupteba payload 2 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 2 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Downloads MZ/PE file
  • Deletes itself 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x0007000000014970-113.exe
    "C:\Users\Admin\AppData\Local\Temp\0x0007000000014970-113.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4476
  • C:\Users\Admin\AppData\Local\Temp\898E.exe
    C:\Users\Admin\AppData\Local\Temp\898E.exe
    1⤵
    • Executes dropped EXE
    PID:3420
  • C:\Users\Admin\AppData\Local\Temp\6C5D.exe
    C:\Users\Admin\AppData\Local\Temp\6C5D.exe
    1⤵
    • Executes dropped EXE
    PID:1104
    • C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
      "C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
      2⤵
        PID:548
        • C:\Users\Admin\AppData\Local\Temp\Broom.exe
          C:\Users\Admin\AppData\Local\Temp\Broom.exe
          3⤵
            PID:1824
        • C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
          "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
          2⤵
            PID:1364
            • C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
              "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
              3⤵
                PID:2976
            • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
              "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
              2⤵
                PID:4640
              • C:\Users\Admin\AppData\Local\Temp\tuc3.exe
                "C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
                2⤵
                  PID:3324
                  • C:\Users\Admin\AppData\Local\Temp\is-A6U2Q.tmp\tuc3.tmp
                    "C:\Users\Admin\AppData\Local\Temp\is-A6U2Q.tmp\tuc3.tmp" /SL5="$7022E,8423542,54272,C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
                    3⤵
                      PID:4524
                      • C:\Program Files (x86)\xrecode3\xrecode3.exe
                        "C:\Program Files (x86)\xrecode3\xrecode3.exe" -i
                        4⤵
                          PID:4920
                        • C:\Windows\SysWOW64\schtasks.exe
                          "C:\Windows\system32\schtasks.exe" /Query
                          4⤵
                            PID:5056
                          • C:\Windows\SysWOW64\net.exe
                            "C:\Windows\system32\net.exe" helpmsg 1
                            4⤵
                              PID:4956
                              • C:\Windows\SysWOW64\net1.exe
                                C:\Windows\system32\net1 helpmsg 1
                                5⤵
                                  PID:532
                              • C:\Program Files (x86)\xrecode3\xrecode3.exe
                                "C:\Program Files (x86)\xrecode3\xrecode3.exe" -s
                                4⤵
                                  PID:4472
                            • C:\Users\Admin\AppData\Local\Temp\latestX.exe
                              "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
                              2⤵
                                PID:2072
                            • C:\Users\Admin\AppData\Local\Temp\716F.exe
                              C:\Users\Admin\AppData\Local\Temp\716F.exe
                              1⤵
                              • Executes dropped EXE
                              PID:4376
                            • C:\Users\Admin\AppData\Local\Temp\C906.exe
                              C:\Users\Admin\AppData\Local\Temp\C906.exe
                              1⤵
                                PID:2688
                              • C:\Users\Admin\AppData\Local\Temp\E45F.exe
                                C:\Users\Admin\AppData\Local\Temp\E45F.exe
                                1⤵
                                  PID:1800

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Program Files (x86)\xrecode3\xrecode3.exe

                                  Filesize

                                  3.1MB

                                  MD5

                                  16e697fbb09b200f0ab420179ccaefd4

                                  SHA1

                                  5908f7f583d0b60bf5e51dec26abb3ffd7cc31a6

                                  SHA256

                                  3f3a7313feed17bb3d0e821bdaf1ebede9c106d93d322b4ab28184259f709f9c

                                  SHA512

                                  ebae80718fd33b14184c92551fa299777aeec97af0d79574f850441fdb29545e942bf095f3272a634f83c754bb1d47e1a04a07f52434596e73cb455a6ae9f9d2

                                • C:\Program Files (x86)\xrecode3\xrecode3.exe

                                  Filesize

                                  2.4MB

                                  MD5

                                  da8aa7fca2c1f2aadec5c23992945964

                                  SHA1

                                  8b5ec126443684fd504b3aef2a3dfb25a3b3b997

                                  SHA256

                                  27d64e47f85f561390c129f813280adb43084a48183f406a4da43c63669618b4

                                  SHA512

                                  7309791627810478e737bc2bbc7b07a5f2351b9df8bbf56e0c4923fe1822d438969202779dfa0b5b5dc54417d86bf806739ee29ac1e0cffee4ba8d8b3dcd8ad9

                                • C:\Program Files (x86)\xrecode3\xrecode3.exe

                                  Filesize

                                  2.5MB

                                  MD5

                                  53f84548a76c05e2eb08dec0ffc3914e

                                  SHA1

                                  06aaf965c1b1743aeba9fab4e31086882c9b8536

                                  SHA256

                                  debc49918d3e8c0f01a2ea5d005e7ed2a9b89d6652876c65d006e08bdb81c3aa

                                  SHA512

                                  97798caf6269f173361b46cb94f407b3b0cd2e3531cf5ce08c79d8ea563bb3bac4d7eda1ebf270c6847fc04a4d8bf8ba3451a154d5ef258a0572438e0d897199

                                • C:\ProgramData\SpaceRacesEX\SpaceRacesEX.exe

                                  Filesize

                                  2.0MB

                                  MD5

                                  031f92aa5d2af7d683af4ca4d6da56fb

                                  SHA1

                                  c050f9b1f22b7a461a8cc8ba25616a6611a7a28f

                                  SHA256

                                  bb16d833e4cf44e4103b4492df9b9b0c3acf0099eed9fc1271c62e1a6f4345cd

                                  SHA512

                                  487dc0256aae5c584cccba4ff9ef4ea4e4cd02374daf45454fb06d0d72c83f5c2b3a3df9d9d4a6b6121e053ccdee5c357f66a8b4ce616b3457f01f7a8d03c755

                                • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

                                  Filesize

                                  3.4MB

                                  MD5

                                  d87229b116edc4003d8244f9039b15f8

                                  SHA1

                                  73249e6c378fe1f75799defff01d97deef857ac4

                                  SHA256

                                  9696335f8cbf1000a0b9498458fb630e64dae4e209fb8efeb0b9cde4b13be227

                                  SHA512

                                  8d37482bac52cfbcadc76d7a616306994b0d1c3838c85312797d9c1eb371cdc381e682b56f6e6c4ec2baa9a9eddc17deff7ec7e0497a39488a060fc3267dd1b1

                                • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

                                  Filesize

                                  2.4MB

                                  MD5

                                  6200a658245d0bf4fab336e6018a8fef

                                  SHA1

                                  c4bd77e3561eeda70eb68432fa0b146e8777a648

                                  SHA256

                                  7ab8cb78dd3a44504e05aacb1daec6771793c4072c4a1e2bdb959799f8e96b66

                                  SHA512

                                  496dcb042306af0c59134a4f4b2def798926869f537c6c650d67efc3e803804b88a0d07005fbf8714e7d8fb7dc145419c9da42c6f02d9ac57d41a7353325b5d9

                                • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

                                  Filesize

                                  3.0MB

                                  MD5

                                  648cf2409af84186c9d9ec1bc00c3f4c

                                  SHA1

                                  a24e94213ba233a05ef3a386ab20df7461483cb6

                                  SHA256

                                  4a6166045b17c703f9d9a5547aa81d0e2e2a7d1019268bef5b13b609896c53dd

                                  SHA512

                                  ac16f74ac3eb7566fa966a480ee021af8addf641f938bcffc37f565641f7c6ad0d937cb92b76d8736aba725fc87ebc4426f889bdf07ee82c356be9d144cd9a74

                                • C:\Users\Admin\AppData\Local\Temp\6C5D.exe

                                  Filesize

                                  20.7MB

                                  MD5

                                  d0c59443e41e1160209139841fa39c9f

                                  SHA1

                                  76be0077ce9dc5ef6756b8c202a6d5d94c759535

                                  SHA256

                                  de3b8eeffa2d3ce30a578af1de877afd5831e428ca7c0767933d6e6af9ac815c

                                  SHA512

                                  d954cd9752d04a8d182377505e5c9a9f942425daf99301e3a136d1dca7565d8b181485d08852194c1b9152752b75824ce55c052d3697bf0c54e48dfb56332f28

                                • C:\Users\Admin\AppData\Local\Temp\716F.exe

                                  Filesize

                                  219KB

                                  MD5

                                  91d23595c11c7ee4424b6267aabf3600

                                  SHA1

                                  ef161bb8e90cebdf81f4e53dfccb50c1f90a9a02

                                  SHA256

                                  d58937d468f6ca92b12ee903a16a4908de340f64f894cf7f1c594cd15c0c7e47

                                  SHA512

                                  cb9ed75c14e7b093cabab66c22d412371c639ace31fbe976c71ffec6007bf85b3d7d3e591fe5612e2a035298398d32e1aa7dc0d753f93328ebc2ce8e44fb8d2b

                                • C:\Users\Admin\AppData\Local\Temp\898E.exe

                                  Filesize

                                  401KB

                                  MD5

                                  f88edad62a7789c2c5d8047133da5fa7

                                  SHA1

                                  41b1f056cdda764a1c7c402c6fa4f8ab2f3ce5f9

                                  SHA256

                                  eb2b1ce5574096b91eb9e0482117d2518ab188c0747a209dc77e88d30bb970dc

                                  SHA512

                                  e2d5b0ace5dfd3bd2321b2a42b7e7725071ca440389dc5ef12720a34727ae84c2907cd7befeae5d53568d9deaee8443f4cbda44b598cfc9b6316d9389be09a60

                                • C:\Users\Admin\AppData\Local\Temp\Broom.exe

                                  Filesize

                                  3.6MB

                                  MD5

                                  8b549b3586fdcfec2f80d8e3ef602dc1

                                  SHA1

                                  d004ccb9547888a939cf664e7eca60642590daa2

                                  SHA256

                                  10e7790607d5c8c14e9ed5eb0747d5901a7f88f322a69d5b979985d93caa07d6

                                  SHA512

                                  cf878cd75bb7007a8a3b572c13187c6e892ddcc0ae75868b6b0e22d9fa20daeca6e190f7ee3d5e5203cce2f088da33808c0c3e28cd1599add5afdc0aa8abf696

                                • C:\Users\Admin\AppData\Local\Temp\C906.exe

                                  Filesize

                                  4.8MB

                                  MD5

                                  3128ddef41e91856db29b2fd12a8fcc6

                                  SHA1

                                  686107159084b34be7cc1aabc6ef2cc3113c3a1e

                                  SHA256

                                  a982aa8c21830caea888c61b1151496d3f7bedfd70838fbb2eda21528186571f

                                  SHA512

                                  bbe60496c3b9b8c132f0cca4611d09954b76d6914820e7c9469c1d65be5013b472d1fb0a85763c62de47b24986315f0844f33e1a3aa95a4b2474d7ffbf5a5dc2

                                • C:\Users\Admin\AppData\Local\Temp\C906.exe

                                  Filesize

                                  1.2MB

                                  MD5

                                  d9272f48339d2fff46bdf9ca231866fb

                                  SHA1

                                  bf2ae059f6e8403100bed30d4f524670e01f3bf7

                                  SHA256

                                  d9dab8e325c4e4a5b45d00a631d0cdbbbee06d805eb9a43a69b403771ec890f7

                                  SHA512

                                  3738adfc0f6f430031b24c17bde97afa3c50a3502a3924c69122d8384b68c7321b71b590dd413aa8c597d1893a8902802ab43efbc0cfdaffb7222ec5e4f0b932

                                • C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

                                  Filesize

                                  2.3MB

                                  MD5

                                  77471d919a5e2151fb49f37c315af514

                                  SHA1

                                  0687047ed80aa348bdc1657731f21181995b654c

                                  SHA256

                                  52666594a3e8bd7ac277411e215e1f65a7771f7c1d5b00a9e6ec95fade64f1f1

                                  SHA512

                                  6ffb45e79b03bac2820c98503793cd11c13803f49522eea9334c4c6cd05384dda3a60b0a8a8f363abc439ad444f1a8da290f0350fa69b75b6c3c9701177f8844

                                • C:\Users\Admin\AppData\Local\Temp\is-8BLAL.tmp\_isetup\_iscrypt.dll

                                  Filesize

                                  2KB

                                  MD5

                                  a69559718ab506675e907fe49deb71e9

                                  SHA1

                                  bc8f404ffdb1960b50c12ff9413c893b56f2e36f

                                  SHA256

                                  2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

                                  SHA512

                                  e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

                                • C:\Users\Admin\AppData\Local\Temp\is-8BLAL.tmp\_isetup\_isdecmp.dll

                                  Filesize

                                  13KB

                                  MD5

                                  a813d18268affd4763dde940246dc7e5

                                  SHA1

                                  c7366e1fd925c17cc6068001bd38eaef5b42852f

                                  SHA256

                                  e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

                                  SHA512

                                  b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

                                • C:\Users\Admin\AppData\Local\Temp\is-A6U2Q.tmp\tuc3.tmp

                                  Filesize

                                  694KB

                                  MD5

                                  5525670a9e72d77b368a9aa4b8c814c1

                                  SHA1

                                  3fdad952ea00175f3a6e549b5dca4f568e394612

                                  SHA256

                                  1180706added2a7899f08f25a9f88ecff5d003ba8964f918d00779565e4a6978

                                  SHA512

                                  757249f7e67f82522a8e3079a22c5cf92111626446a32ad3ef876f23885f62d1bb5bf3238d564e23531d062fe18742568dfc00e33b049bb8eef05eb953ef981a

                                • C:\Users\Admin\AppData\Local\Temp\latestX.exe

                                  Filesize

                                  4.1MB

                                  MD5

                                  9615886cd5d4b73e21b7b37853a3abe1

                                  SHA1

                                  27a295a2be329fda09ef420de6fbc5880f63f661

                                  SHA256

                                  d7e749046df14ec00a793aa7b8913c44bfabbb9d0668b765ee60d5f3ceb4d37a

                                  SHA512

                                  c7b9fead0499e0b946c62887635742d8b96c8e2a2c671f8aeab20518202329a184aa5daf18adc4f3ef8669802740fd5b66e9a2eb7e9b9e871918032e6473f4bf

                                • C:\Users\Admin\AppData\Local\Temp\latestX.exe

                                  Filesize

                                  4.6MB

                                  MD5

                                  798886a57ce7fb1a76a577beeb7d05da

                                  SHA1

                                  78f2d724346c7baefbab1d0030ec16a4393ca7d9

                                  SHA256

                                  8706348d9e340df292ec7cd842588b1a1d0f68667bdfcd29c7ec8e57920a8e61

                                  SHA512

                                  261002f42db2421c20b5212e1d2e96658ff7ca02bccf16bfb1fc2e53eae9e533c873d1f36d3d29c52a3f95ebd67376c4691084f08a0c4449512a4ee333881665

                                • C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

                                  Filesize

                                  291KB

                                  MD5

                                  cde750f39f58f1ec80ef41ce2f4f1db9

                                  SHA1

                                  942ea40349b0e5af7583fd34f4d913398a9c3b96

                                  SHA256

                                  0a434be25f55f27ce0adbdfb08efeac1da01125b3e9194a94669bc7e9c6fe094

                                  SHA512

                                  c181faacbef70f8a91606943470af50cfd443958c48601051371ff5d9bf66bb9ec794571b05a347a7f5776f06484dc007f535591d2f5e1c57e3c0ee04f3e9580

                                • C:\Users\Admin\AppData\Local\Temp\tuc3.exe

                                  Filesize

                                  2.6MB

                                  MD5

                                  39508adcff7eceed3a77a6f6f7e715a8

                                  SHA1

                                  dcd84016a43ab9bd5d476889043f4b56827e8539

                                  SHA256

                                  75b704ba240410adec369ffccc29665521133682d8fb65b021c9888e5d894759

                                  SHA512

                                  5d29ea730cc4dd593f5b06cb31cd94a1192e53380a90f29d26e917af7088d9df791c7525a92b1c626876ff523e78f8806b36f8cd6479a46c79ac529713ec2178

                                • C:\Users\Admin\AppData\Local\Temp\tuc3.exe

                                  Filesize

                                  4.3MB

                                  MD5

                                  b085b07c9fb1aa44b3f854512a6f1b2f

                                  SHA1

                                  0a9aa29c512dc0ff4aba69480d0544f5d829831e

                                  SHA256

                                  de15932684958ba35f798f366ad2e56fa14a3b6259944e5906c2fb3e4a3a4c40

                                  SHA512

                                  1fb1f9972e0a5ab5b4c36f51d3f028d023939f1f6a8e3c84ac7bf72162ac0ba3fa830380a4b6172bcfaf75ed36b0841a160f3c9f326c2bcbf9292816f92e698a

                                • C:\Users\Admin\AppData\Local\Temp\tuc3.exe

                                  Filesize

                                  4.0MB

                                  MD5

                                  8e5942a7903c1da6ed46c2a50f9742ed

                                  SHA1

                                  76aaf7b3616659a6f24b4a8f5b243496e4a38bf6

                                  SHA256

                                  bda380296a716271d12fa54ef0c33ae356d51669c0c9b7b944f870e6e313e5f6

                                  SHA512

                                  0cd9fe2ef8ffac44194bd5ccf3a66720d62eeb2db4600a5fcba792fbaf7e988eada5cd6e7e0c8f258025af754d85db753d7b75116a4bb41804ffffed6261dfbe

                                • memory/1104-23-0x0000000000AC0000-0x0000000001F76000-memory.dmp

                                  Filesize

                                  20.7MB

                                • memory/1104-20-0x0000000074A60000-0x0000000075210000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/1104-91-0x0000000074A60000-0x0000000075210000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/1364-270-0x0000000000830000-0x0000000000839000-memory.dmp

                                  Filesize

                                  36KB

                                • memory/1364-268-0x0000000000840000-0x0000000000940000-memory.dmp

                                  Filesize

                                  1024KB

                                • memory/1824-251-0x0000000000400000-0x0000000000965000-memory.dmp

                                  Filesize

                                  5.4MB

                                • memory/1824-79-0x0000000000B40000-0x0000000000B41000-memory.dmp

                                  Filesize

                                  4KB

                                • memory/2072-254-0x00007FF793510000-0x00007FF793AB1000-memory.dmp

                                  Filesize

                                  5.6MB

                                • memory/2688-257-0x0000000074A60000-0x0000000075210000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/2688-253-0x0000000000410000-0x00000000009C2000-memory.dmp

                                  Filesize

                                  5.7MB

                                • memory/2688-256-0x0000000005510000-0x00000000055AC000-memory.dmp

                                  Filesize

                                  624KB

                                • memory/2688-260-0x0000000005500000-0x0000000005510000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/3324-74-0x0000000000400000-0x0000000000414000-memory.dmp

                                  Filesize

                                  80KB

                                • memory/3324-252-0x0000000000400000-0x0000000000414000-memory.dmp

                                  Filesize

                                  80KB

                                • memory/3408-1-0x0000000002730000-0x0000000002746000-memory.dmp

                                  Filesize

                                  88KB

                                • memory/4376-28-0x0000000007180000-0x000000000718A000-memory.dmp

                                  Filesize

                                  40KB

                                • memory/4376-63-0x0000000007450000-0x000000000748C000-memory.dmp

                                  Filesize

                                  240KB

                                • memory/4376-57-0x00000000073F0000-0x0000000007402000-memory.dmp

                                  Filesize

                                  72KB

                                • memory/4376-22-0x0000000000120000-0x000000000015C000-memory.dmp

                                  Filesize

                                  240KB

                                • memory/4376-21-0x0000000074A60000-0x0000000075210000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/4376-47-0x0000000008240000-0x0000000008858000-memory.dmp

                                  Filesize

                                  6.1MB

                                • memory/4376-262-0x0000000007370000-0x0000000007380000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/4376-245-0x0000000007E10000-0x0000000007E76000-memory.dmp

                                  Filesize

                                  408KB

                                • memory/4376-258-0x0000000074A60000-0x0000000075210000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/4376-24-0x0000000007670000-0x0000000007C14000-memory.dmp

                                  Filesize

                                  5.6MB

                                • memory/4376-25-0x00000000071A0000-0x0000000007232000-memory.dmp

                                  Filesize

                                  584KB

                                • memory/4376-75-0x00000000075D0000-0x000000000761C000-memory.dmp

                                  Filesize

                                  304KB

                                • memory/4376-27-0x0000000007370000-0x0000000007380000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/4376-55-0x00000000074C0000-0x00000000075CA000-memory.dmp

                                  Filesize

                                  1.0MB

                                • memory/4472-243-0x0000000000400000-0x0000000000785000-memory.dmp

                                  Filesize

                                  3.5MB

                                • memory/4472-264-0x0000000000400000-0x0000000000785000-memory.dmp

                                  Filesize

                                  3.5MB

                                • memory/4476-3-0x0000000000400000-0x000000000040B000-memory.dmp

                                  Filesize

                                  44KB

                                • memory/4476-0-0x0000000000400000-0x000000000040B000-memory.dmp

                                  Filesize

                                  44KB

                                • memory/4524-255-0x0000000000400000-0x00000000004BD000-memory.dmp

                                  Filesize

                                  756KB

                                • memory/4524-107-0x0000000000610000-0x0000000000611000-memory.dmp

                                  Filesize

                                  4KB

                                • memory/4640-259-0x0000000002980000-0x0000000002D7D000-memory.dmp

                                  Filesize

                                  4.0MB

                                • memory/4640-261-0x0000000002D80000-0x000000000366B000-memory.dmp

                                  Filesize

                                  8.9MB

                                • memory/4640-263-0x0000000000400000-0x0000000000D1C000-memory.dmp

                                  Filesize

                                  9.1MB

                                • memory/4640-265-0x0000000000400000-0x0000000000D1C000-memory.dmp

                                  Filesize

                                  9.1MB

                                • memory/4920-236-0x0000000000400000-0x0000000000785000-memory.dmp

                                  Filesize

                                  3.5MB

                                • memory/4920-235-0x0000000000400000-0x0000000000785000-memory.dmp

                                  Filesize

                                  3.5MB

                                • memory/4920-239-0x0000000000400000-0x0000000000785000-memory.dmp

                                  Filesize

                                  3.5MB