Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    81s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 03:14

General

  • Target

    0x0007000000014970-113.exe

  • Size

    37KB

  • MD5

    cc479b599784116184dd5528c2903adb

  • SHA1

    4331d7dc0fdeb8ff344862928f0d1f0d02b05ccc

  • SHA256

    a898b42ab81022e5adc0d8d69dc7b0a0eec30eb122d0024f3e28334bd134e3eb

  • SHA512

    a0fd422cae04b37242362f941b048d3b3e7526a2ff1dcfe7702bd815b97c759909e9c5fcbcd11aca3b67a0595a2e6e87f25c71ad4906d460f3481e0a24ad9ef5

  • SSDEEP

    768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

LiveTraffic

C2

77.105.132.87:6731

Extracted

Family

redline

Botnet

@oleh_ps

C2

176.123.7.190:32927

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 3 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Downloads MZ/PE file
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0x0007000000014970-113.exe
    "C:\Users\Admin\AppData\Local\Temp\0x0007000000014970-113.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1572
  • C:\Users\Admin\AppData\Local\Temp\1807.exe
    C:\Users\Admin\AppData\Local\Temp\1807.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2940
  • C:\Users\Admin\AppData\Local\Temp\E069.exe
    C:\Users\Admin\AppData\Local\Temp\E069.exe
    1⤵
      PID:2236
      • C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
        "C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
        2⤵
          PID:1148
          • C:\Users\Admin\AppData\Local\Temp\Broom.exe
            C:\Users\Admin\AppData\Local\Temp\Broom.exe
            3⤵
              PID:2948
          • C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
            "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
            2⤵
              PID:3976
            • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
              "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
              2⤵
                PID:1596
              • C:\Users\Admin\AppData\Local\Temp\tuc3.exe
                "C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
                2⤵
                  PID:4624
                  • C:\Users\Admin\AppData\Local\Temp\is-L5KAS.tmp\tuc3.tmp
                    "C:\Users\Admin\AppData\Local\Temp\is-L5KAS.tmp\tuc3.tmp" /SL5="$501F0,8423542,54272,C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
                    3⤵
                      PID:548
                      • C:\Windows\SysWOW64\schtasks.exe
                        "C:\Windows\system32\schtasks.exe" /Query
                        4⤵
                          PID:1376
                        • C:\Program Files (x86)\xrecode3\xrecode3.exe
                          "C:\Program Files (x86)\xrecode3\xrecode3.exe" -i
                          4⤵
                            PID:316
                          • C:\Program Files (x86)\xrecode3\xrecode3.exe
                            "C:\Program Files (x86)\xrecode3\xrecode3.exe" -s
                            4⤵
                              PID:4596
                            • C:\Windows\SysWOW64\net.exe
                              "C:\Windows\system32\net.exe" helpmsg 1
                              4⤵
                                PID:1680
                                • C:\Windows\SysWOW64\net1.exe
                                  C:\Windows\system32\net1 helpmsg 1
                                  5⤵
                                    PID:4816
                            • C:\Users\Admin\AppData\Local\Temp\latestX.exe
                              "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
                              2⤵
                                PID:4812
                            • C:\Users\Admin\AppData\Local\Temp\E2EB.exe
                              C:\Users\Admin\AppData\Local\Temp\E2EB.exe
                              1⤵
                                PID:4216
                              • C:\Users\Admin\AppData\Local\Temp\F27C.exe
                                C:\Users\Admin\AppData\Local\Temp\F27C.exe
                                1⤵
                                  PID:1384

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Program Files (x86)\xrecode3\xrecode3.exe

                                  Filesize

                                  163KB

                                  MD5

                                  b365d5a9f52f871044f61011e496cbdf

                                  SHA1

                                  13a248939be980d240b20e8ef72334b2eb749d47

                                  SHA256

                                  a94b2bc157dcf54099ff1a80dcc49fc2433fcd48a6048ead44efb177576666b8

                                  SHA512

                                  3f1869957fb7ac9f4278ac160518bad244bf634309c1b0f649f3ea89939931f5924e72b6d2cd9075a158ac135226020e11352743c73096324ddea0b6e769aa17

                                • C:\Program Files (x86)\xrecode3\xrecode3.exe

                                  Filesize

                                  391KB

                                  MD5

                                  dc03cfc87ab203f5d439f65962d95e92

                                  SHA1

                                  2afc0b770115492339137a987b8bbb31c9909aa1

                                  SHA256

                                  7c4fa22ed82dae8c25c0fe27ddc4ba39e105a59a962c5b2d1b9e707370de2c5b

                                  SHA512

                                  0e892499f62548eae2b8365c319151c8823296e2766a2b994388a95d7a1ad691ecd5ae4093fb2faa316d08d2aa60fdd3c6328a9e11f925bb38c0ab102dfa65cb

                                • C:\Program Files (x86)\xrecode3\xrecode3.exe

                                  Filesize

                                  129KB

                                  MD5

                                  21f912f210419128e7c04c04f9de7920

                                  SHA1

                                  6cc2d8bfbed4fc297c68e6925b378663d1a2f48c

                                  SHA256

                                  a0811f0bac71bbc9205110757b302a9b4d829df3b673f2b1ec9c5e4b7e1095a6

                                  SHA512

                                  273bdbcc519f35de7fc8834caa8ed755beb5b9042a42f8451e588d092f440e5a4ee94474dc188e17b44d02f696faa0005f2d19b52458e94f5bbb23549d2c468f

                                • C:\Users\Admin\AppData\Local\Temp\1807.exe

                                  Filesize

                                  401KB

                                  MD5

                                  f88edad62a7789c2c5d8047133da5fa7

                                  SHA1

                                  41b1f056cdda764a1c7c402c6fa4f8ab2f3ce5f9

                                  SHA256

                                  eb2b1ce5574096b91eb9e0482117d2518ab188c0747a209dc77e88d30bb970dc

                                  SHA512

                                  e2d5b0ace5dfd3bd2321b2a42b7e7725071ca440389dc5ef12720a34727ae84c2907cd7befeae5d53568d9deaee8443f4cbda44b598cfc9b6316d9389be09a60

                                • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

                                  Filesize

                                  816KB

                                  MD5

                                  8de8917e309208915990a95180c47ae0

                                  SHA1

                                  906a5eaf56a2e15511bd99a17245d47c47368ed5

                                  SHA256

                                  55bd32d4f7e9d331008c607d2fb618590630d9b6cc79d180cd7ace4cc8834bdd

                                  SHA512

                                  be4764da1a8123bb3f3d4e9793d044f5a3e8699df159a535f1ae82ecb89c4ef3e3f63a8c1cdd32661f4158ca439089bb5111b86e8631ac52be373064e462c475

                                • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

                                  Filesize

                                  621KB

                                  MD5

                                  702222f0bed54a930463e50f1e9cb8ee

                                  SHA1

                                  aaff4dd1acb5106062a6d67a5f5d07490dfdc1d5

                                  SHA256

                                  17986e57c6b160834b0d844781bcce59b0173e55455717f9f7d233d99d707b5d

                                  SHA512

                                  81d93cff9a55ddc71a9b3819741a078e8c6e53eab771c7f2bab250ed3f069cc4142b741c512a7430ba64ef89dfc4ef77769e9dd2a4eedc89bdfc52b13f911f73

                                • C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

                                  Filesize

                                  704KB

                                  MD5

                                  65b02fa69ab9d24b4dcc9c5140a37a5f

                                  SHA1

                                  ca435e858dabc37d820e9f60212ec9f0fd20f54f

                                  SHA256

                                  3a5d6b36be69175977fa2613a74ffa9a2eb4c9520e15a28be70aa5c801307ef1

                                  SHA512

                                  41e329b65e9b00f9ce8ff25fef26db83d962ccb93220987ba4aaaa377862ac6f0dec13d274e7f4797257c5920c1f275b7bdec4fcf2290d0093d8d784fe7d7388

                                • C:\Users\Admin\AppData\Local\Temp\Broom.exe

                                  Filesize

                                  540KB

                                  MD5

                                  ce0c881dde669a80ce0960f90389a061

                                  SHA1

                                  da8834104ea05326300abb6dcef95729e8ef5a68

                                  SHA256

                                  d0ed07e17acad95e07ac7f8e3a6b03fed82e682c25772e82fec837ec0993a2f9

                                  SHA512

                                  e98950620b922cdfcf25c4fbee22dffdcb6e51700573c3707d9b1b01fc256add11477312062dcbda65d80b74f7fc54f16307890cf894679ca21c7071fcc5012f

                                • C:\Users\Admin\AppData\Local\Temp\E069.exe

                                  Filesize

                                  1.8MB

                                  MD5

                                  6c993484f6d45bfd9d0e7fd8481e1e0e

                                  SHA1

                                  1af1afaa4c518f8e856ab5d0ce756da838c013d7

                                  SHA256

                                  f86094034e417dad951bb7145ed5cd20bfb2d3b02009557ccaaab7425401a126

                                  SHA512

                                  e26ca2b44493d01309bc1078849e7de4f44e9134e79ea411b7349b9eff192c7f3e096a2e1e4b238f4277b6f1804b9e6cf85ec0a06a5cc226dc655baac02edb3b

                                • C:\Users\Admin\AppData\Local\Temp\E069.exe

                                  Filesize

                                  2.1MB

                                  MD5

                                  58bd3d124dbafffb7ff24ef86159f969

                                  SHA1

                                  eac7bf63c63e6b369012fa550ee2aad88e679276

                                  SHA256

                                  c961cac47927c87b96b84877da9edac5612ed53daef01e3d8a9feca2bfbdd09d

                                  SHA512

                                  46d7046a95b3a45d2b1f7e0bc682198d1867fc4308dd002e3d89c6c9815db0b68e1e5c7d364b55e07ba0f3cbf39fc065b53ca61ea84348b35ad4f6f210bbb4d1

                                • C:\Users\Admin\AppData\Local\Temp\E2EB.exe

                                  Filesize

                                  219KB

                                  MD5

                                  91d23595c11c7ee4424b6267aabf3600

                                  SHA1

                                  ef161bb8e90cebdf81f4e53dfccb50c1f90a9a02

                                  SHA256

                                  d58937d468f6ca92b12ee903a16a4908de340f64f894cf7f1c594cd15c0c7e47

                                  SHA512

                                  cb9ed75c14e7b093cabab66c22d412371c639ace31fbe976c71ffec6007bf85b3d7d3e591fe5612e2a035298398d32e1aa7dc0d753f93328ebc2ce8e44fb8d2b

                                • C:\Users\Admin\AppData\Local\Temp\F27C.exe

                                  Filesize

                                  323KB

                                  MD5

                                  cc2501300d41433559a6ea42baaaa87e

                                  SHA1

                                  3e951489fc2e1ba11d60f8c8af124ab636a0a30a

                                  SHA256

                                  08ba2abb8c863ce1629d574856f1f341c0eb8119bda8f0c39c35e4c56b359fe9

                                  SHA512

                                  aa2dd3eb7e8e6e1643a8ebbb59cc738b137edb40ab31f78083c233d0d138f36366ac5c420d523cfa2f811283555881698386e3f74bb24326cce1812c7ad1bf84

                                • C:\Users\Admin\AppData\Local\Temp\F27C.exe

                                  Filesize

                                  218KB

                                  MD5

                                  9e0b9926679b39e34f46a97d82577dd2

                                  SHA1

                                  5f3ad2343f98b97e4ca4ec0874cb8f9acbc4ba31

                                  SHA256

                                  dd47b5969e98735684e44c07bdfb3366162ba141e2e4cd5524ef41fc2c980c06

                                  SHA512

                                  85510cd4de855e8c1b19ac25ca67c09fca955c9fa0bec592e7e9e09c91c1d752bdf4e60491d44ca8ac40382b2897ea816d8f959f8cea707ef0fb4fc2bf776ae5

                                • C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

                                  Filesize

                                  791KB

                                  MD5

                                  3d206fc22c02d16f536621fc9c80c465

                                  SHA1

                                  2ede51aee2ca72d825e39b945a3b575e0dafbb77

                                  SHA256

                                  4fe016dcc4c5cc69bbbf05eea5428c8cddfa598250b5472db61daebcdea05e07

                                  SHA512

                                  cd2a7f275684de8c862542dfc81158bb25ddb6cb7feb3dc147ede44738767db54c1e6bf7a4c4e83275b9f2046afa26af119b96aaf2893f8d2e0858776e2ff100

                                • C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

                                  Filesize

                                  943KB

                                  MD5

                                  baa2da75e0d013177899f3e5b9cf385b

                                  SHA1

                                  0a10ff5f18e1f9b0da042c1c4e8492a6e3786c2c

                                  SHA256

                                  b2611ffcb49fc617ba80771232f061fcb9161b41f4a43cd7bf1e5f6d6551293b

                                  SHA512

                                  35eaa9f70877831780dcfb696e927dadfc18068102e3ab5ba19b8dfb553f081a4b82ef95f4618792cf7e9d09207fb281ebbff38ff87b184079fd0547d567bd8e

                                • C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe

                                  Filesize

                                  558KB

                                  MD5

                                  530ad889cd20252d186ccff2e2e879d3

                                  SHA1

                                  362e59be2a71629214d59976f7276ad8ccef52fb

                                  SHA256

                                  66ba6152edae3b984f7d6f489e6ac38e8f7e84952db7bbe904dbe9adf07f8281

                                  SHA512

                                  90e9027cca9b9060be1a65f3681173c4cf30b19c66fe3be061eb3bc931c0a4ea6389cc308b38a33e888795bf19239bc031487c5a839d8c218358faa5afd1a834

                                • C:\Users\Admin\AppData\Local\Temp\is-KJPQS.tmp\_isetup\_iscrypt.dll

                                  Filesize

                                  2KB

                                  MD5

                                  a69559718ab506675e907fe49deb71e9

                                  SHA1

                                  bc8f404ffdb1960b50c12ff9413c893b56f2e36f

                                  SHA256

                                  2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

                                  SHA512

                                  e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

                                • C:\Users\Admin\AppData\Local\Temp\is-KJPQS.tmp\_isetup\_isdecmp.dll

                                  Filesize

                                  13KB

                                  MD5

                                  a813d18268affd4763dde940246dc7e5

                                  SHA1

                                  c7366e1fd925c17cc6068001bd38eaef5b42852f

                                  SHA256

                                  e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

                                  SHA512

                                  b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

                                • C:\Users\Admin\AppData\Local\Temp\is-L5KAS.tmp\tuc3.tmp

                                  Filesize

                                  79KB

                                  MD5

                                  3659aa7fd0429bf23260edd5c7fc4cfe

                                  SHA1

                                  6f37c3b49d27930c9cb8820da0f2c80e5a08d45f

                                  SHA256

                                  ae2c2f3929715ea631ff82a0f303f4fbfe1ea3a8d18516fa52feccbaba81d080

                                  SHA512

                                  845993dfe019cfc89c40f77540c757ee89b070dec5a268ee8be56e1b329b257a924cdccf688fd9dc719929be185443f772d5f0b24aea0bbaf876525b544c481a

                                • C:\Users\Admin\AppData\Local\Temp\is-L5KAS.tmp\tuc3.tmp

                                  Filesize

                                  1KB

                                  MD5

                                  dcc391f875f163582ad987b1d81af38b

                                  SHA1

                                  e6d99f84192c8208a21b6465f11b8dc04041430d

                                  SHA256

                                  0ef8b30c7f7f46da3e3d4181a01db4998087e568adcc835968b478a6f985a84a

                                  SHA512

                                  fa9af6c3d8e3fbafe1525a3b0f3dec86211b126a6c0e0cecb25395a03c6c78c2d4cf30e8a22ba32175862ed5eb0bb14f01ec933e5756ccd9d2d1e154bff279fa

                                • C:\Users\Admin\AppData\Local\Temp\latestX.exe

                                  Filesize

                                  64KB

                                  MD5

                                  e77422fac1e9d2d11cf7f1c1d57071a4

                                  SHA1

                                  53e63414263dc20ea044c6cbb4fb4fc2c2be6140

                                  SHA256

                                  9d0cfbb7bb8da895a7f43758556217bf4c00b5c335c56b1f765c14069993e320

                                  SHA512

                                  d2b84dd99814d55c541f02452eac9c9344bfd838d1f8b73a07bcc3193b9122176ffee19a182712b0ea646fb9e4b306732940efb0f38f0903d98788ecf2495f53

                                • C:\Users\Admin\AppData\Local\Temp\latestX.exe

                                  Filesize

                                  880KB

                                  MD5

                                  ceb7b6de2781f90b51641fbd89e0d387

                                  SHA1

                                  099c9efc0ea74089da601c1f8d7fb260e296c9d9

                                  SHA256

                                  1bbdc276dfcd8768bfc8659887d307a41d8bd73f76b2ce671257bd4d6e9373d3

                                  SHA512

                                  b2b1528236734421ef589014e78e0d10e5c295f9058ddfa5fe83b82afe219402f3e099feb212098773c7cd3b5f9b66861065d064ffff191fc6b5b5dc4a404210

                                • C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

                                  Filesize

                                  291KB

                                  MD5

                                  cde750f39f58f1ec80ef41ce2f4f1db9

                                  SHA1

                                  942ea40349b0e5af7583fd34f4d913398a9c3b96

                                  SHA256

                                  0a434be25f55f27ce0adbdfb08efeac1da01125b3e9194a94669bc7e9c6fe094

                                  SHA512

                                  c181faacbef70f8a91606943470af50cfd443958c48601051371ff5d9bf66bb9ec794571b05a347a7f5776f06484dc007f535591d2f5e1c57e3c0ee04f3e9580

                                • C:\Users\Admin\AppData\Local\Temp\tuc3.exe

                                  Filesize

                                  534KB

                                  MD5

                                  4143a3040f0296f56986d1d2db61e0a3

                                  SHA1

                                  c43f1398b35656d090feb1211439e990a4546048

                                  SHA256

                                  37fa015655fec8c85f36f52e805d3706b873514258fe9ccdcd63014aeee99209

                                  SHA512

                                  bc57d43581d630b5c301592f3fe6a659764f45289b766db7d17d64f12d1ef08aa5139dd079068c2925c88308fe926a3972dfd17834d78cd382066a7c0db5c1f3

                                • C:\Users\Admin\AppData\Local\Temp\tuc3.exe

                                  Filesize

                                  1.4MB

                                  MD5

                                  54eb949c88b8f80abe56663f76ff83ec

                                  SHA1

                                  b81d4a43d7ca071862979770b04b4c9164247d92

                                  SHA256

                                  09f0c100b01c4b4ea7c8ad2bca7e639c0555985139e509b821b5d56c6969f4e4

                                  SHA512

                                  db723ed74024d76a8b70682d56b11c56b68e964edabb033754ee1ec69f81675210e6a1621d1c84277cdca290f89d4dd692ed30fa078c5d9f06c41bfa2fc4f4d6

                                • C:\Users\Admin\AppData\Local\Temp\tuc3.exe

                                  Filesize

                                  385KB

                                  MD5

                                  6de69fc3a9c9a4c412f36d9f36050e8e

                                  SHA1

                                  ecfd2278db738b0ade1420ff39c551026482f229

                                  SHA256

                                  d3f9309eb142bfd633097bff7abc1b93db3c33b3ca1d210a1e51ed259264eed4

                                  SHA512

                                  1164a43ae88703ab788d7f8d69197234b103d237e4ca84acce06ff381012c14524e5e379f5eac79bd726ab0a8d9515923d63366fbc3da9e863ecbf0424a7eb2b

                                • memory/316-261-0x0000000000400000-0x0000000000785000-memory.dmp

                                  Filesize

                                  3.5MB

                                • memory/316-256-0x0000000000400000-0x0000000000785000-memory.dmp

                                  Filesize

                                  3.5MB

                                • memory/316-254-0x0000000000400000-0x0000000000785000-memory.dmp

                                  Filesize

                                  3.5MB

                                • memory/548-125-0x0000000000620000-0x0000000000621000-memory.dmp

                                  Filesize

                                  4KB

                                • memory/1384-271-0x0000000006210000-0x0000000006220000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/1384-270-0x0000000005810000-0x00000000058AC000-memory.dmp

                                  Filesize

                                  624KB

                                • memory/1384-263-0x0000000075130000-0x00000000758E0000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/1384-264-0x0000000000730000-0x0000000000CE2000-memory.dmp

                                  Filesize

                                  5.7MB

                                • memory/1572-2-0x0000000000400000-0x000000000040B000-memory.dmp

                                  Filesize

                                  44KB

                                • memory/1572-0-0x0000000000400000-0x000000000040B000-memory.dmp

                                  Filesize

                                  44KB

                                • memory/2236-124-0x0000000075130000-0x00000000758E0000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/2236-43-0x0000000000FE0000-0x0000000002496000-memory.dmp

                                  Filesize

                                  20.7MB

                                • memory/2236-42-0x0000000075130000-0x00000000758E0000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/2940-24-0x000000000AFF0000-0x000000000B0FA000-memory.dmp

                                  Filesize

                                  1.0MB

                                • memory/2940-19-0x0000000008040000-0x00000000080D2000-memory.dmp

                                  Filesize

                                  584KB

                                • memory/2940-34-0x000000000C040000-0x000000000C56C000-memory.dmp

                                  Filesize

                                  5.2MB

                                • memory/2940-26-0x000000000AF40000-0x000000000AF7C000-memory.dmp

                                  Filesize

                                  240KB

                                • memory/2940-32-0x0000000008E00000-0x0000000008E50000-memory.dmp

                                  Filesize

                                  320KB

                                • memory/2940-37-0x0000000075130000-0x00000000758E0000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/2940-22-0x0000000009660000-0x0000000009C78000-memory.dmp

                                  Filesize

                                  6.1MB

                                • memory/2940-21-0x0000000008020000-0x000000000802A000-memory.dmp

                                  Filesize

                                  40KB

                                • memory/2940-27-0x000000000AF80000-0x000000000AFCC000-memory.dmp

                                  Filesize

                                  304KB

                                • memory/2940-28-0x000000000BC10000-0x000000000BC76000-memory.dmp

                                  Filesize

                                  408KB

                                • memory/2940-20-0x0000000008270000-0x0000000008280000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/2940-33-0x000000000B150000-0x000000000B312000-memory.dmp

                                  Filesize

                                  1.8MB

                                • memory/2940-29-0x0000000008270000-0x0000000008280000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/2940-25-0x000000000AEE0000-0x000000000AEF2000-memory.dmp

                                  Filesize

                                  72KB

                                • memory/2940-18-0x0000000008550000-0x0000000008AF4000-memory.dmp

                                  Filesize

                                  5.6MB

                                • memory/2940-30-0x0000000075130000-0x00000000758E0000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/2940-31-0x0000000008270000-0x0000000008280000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/2940-17-0x0000000075130000-0x00000000758E0000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/2940-12-0x0000000003020000-0x000000000305C000-memory.dmp

                                  Filesize

                                  240KB

                                • memory/2948-96-0x0000000002830000-0x0000000002831000-memory.dmp

                                  Filesize

                                  4KB

                                • memory/3272-1-0x0000000002500000-0x0000000002516000-memory.dmp

                                  Filesize

                                  88KB

                                • memory/4216-61-0x0000000008100000-0x000000000814C000-memory.dmp

                                  Filesize

                                  304KB

                                • memory/4216-49-0x0000000000FC0000-0x0000000000FFC000-memory.dmp

                                  Filesize

                                  240KB

                                • memory/4216-50-0x0000000075130000-0x00000000758E0000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/4216-267-0x0000000075130000-0x00000000758E0000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/4216-51-0x0000000007F80000-0x0000000007F90000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/4596-268-0x0000000000400000-0x0000000000785000-memory.dmp

                                  Filesize

                                  3.5MB

                                • memory/4624-94-0x0000000000400000-0x0000000000414000-memory.dmp

                                  Filesize

                                  80KB