Analysis

  • max time kernel
    0s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 21:40

General

  • Target

    1d4d551922a91f2ca3099cac602bb170.exe

  • Size

    3.3MB

  • MD5

    1d4d551922a91f2ca3099cac602bb170

  • SHA1

    70066afd233c024e95e81a4991e0ffcaffdc4eaa

  • SHA256

    e4d07054a1bf665d9cd3a59192a7343c456f63fad3e248deab2a4cc721e85f22

  • SHA512

    780b5e569a233244a53d82e96e727a70d2c095e7f0112bfc4aab15155f3b8ef4e6621e19d93edd1bf04a45248c31aed76e34c25ebc0a079866d01a193765b0b2

  • SSDEEP

    98304:y+R3v/22NuSarPKR1ox2TJIemiB26Arrk:y4F7azK8IZUnrw

Malware Config

Extracted

Family

vidar

Version

40.1

Botnet

706

C2

https://eduarroma.tumblr.com/

Attributes
  • profile_id

    706

Extracted

Family

nullmixer

C2

http://hsiens.xyz/

Extracted

Family

smokeloader

Version

2020

C2

http://varmisende.com/upload/

http://fernandomayol.com/upload/

http://nextlytm.com/upload/

http://people4jan.com/upload/

http://asfaltwerk.com/upload/

rc4.i32
rc4.i32

Extracted

Family

gozi

Signatures

  • Gozi

    Gozi is a well-known and widely distributed banking trojan.

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Vidar Stealer 3 IoCs
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 6 IoCs
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Runs regedit.exe 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe
    "C:\Users\Admin\AppData\Local\Temp\1d4d551922a91f2ca3099cac602bb170.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:496
      • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe
        "C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe"
        3⤵
          PID:2740
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 340
          3⤵
          • Program crash
          PID:2444
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 624
            4⤵
            • Program crash
            PID:2140
    • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu129287bed6aee7d37.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu129287bed6aee7d37.exe"
      1⤵
        PID:692
      • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12fc09d4538e825.exe
        "C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12fc09d4538e825.exe" -a
        1⤵
          PID:1964
        • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12bdb3e13710e08.exe
          Thu12bdb3e13710e08.exe
          1⤵
            PID:764
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 468
              2⤵
              • Program crash
              PID:796
          • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu1292a34e8c7.exe
            Thu1292a34e8c7.exe
            1⤵
              PID:1728
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 956
                2⤵
                • Program crash
                PID:1204
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 604
                  3⤵
                  • Program crash
                  PID:112
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 424
              1⤵
              • Program crash
              PID:2372
            • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12a736a81a0d80.exe
              Thu12a736a81a0d80.exe
              1⤵
                PID:2908
              • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12fa34d54ce.exe
                Thu12fa34d54ce.exe
                1⤵
                  PID:1756
                • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu1229846e873eb.exe
                  Thu1229846e873eb.exe
                  1⤵
                    PID:2568
                  • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu129287bed6aee7d37.exe
                    Thu129287bed6aee7d37.exe
                    1⤵
                      PID:2888
                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"
                      1⤵
                        PID:1984
                      • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12fc09d4538e825.exe
                        Thu12fc09d4538e825.exe
                        1⤵
                          PID:1940
                        • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\Thu12133a64f6944.exe
                          Thu12133a64f6944.exe
                          1⤵
                            PID:1716
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c Thu12a736a81a0d80.exe
                            1⤵
                              PID:2248
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c Thu1229846e873eb.exe
                              1⤵
                                PID:2648
                              • C:\Windows\SysWOW64\cmd.exe
                                C:\Windows\system32\cmd.exe /c Thu12bdb3e13710e08.exe
                                1⤵
                                  PID:2128
                                • C:\Windows\SysWOW64\cmd.exe
                                  C:\Windows\system32\cmd.exe /c Thu12133a64f6944.exe
                                  1⤵
                                    PID:2712
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c Thu1292a34e8c7.exe
                                    1⤵
                                      PID:2652
                                    • C:\Windows\SysWOW64\cmd.exe
                                      C:\Windows\system32\cmd.exe /c Thu129287bed6aee7d37.exe
                                      1⤵
                                        PID:2612
                                      • C:\Windows\SysWOW64\cmd.exe
                                        C:\Windows\system32\cmd.exe /c Thu12fa34d54ce.exe
                                        1⤵
                                          PID:2588
                                        • C:\Windows\SysWOW64\cmd.exe
                                          C:\Windows\system32\cmd.exe /c Thu12fc09d4538e825.exe
                                          1⤵
                                            PID:1780
                                          • C:\Windows\SysWOW64\cmd.exe
                                            C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"
                                            1⤵
                                              PID:2856
                                            • C:\Users\Admin\AppData\Local\Temp\6AD4.exe
                                              C:\Users\Admin\AppData\Local\Temp\6AD4.exe
                                              1⤵
                                                PID:2556
                                                • C:\Windows\SysWOW64\explorer.exe
                                                  C:\Windows\SysWOW64\explorer.exe
                                                  2⤵
                                                    PID:2164
                                                    • C:\Users\Admin\AppData\Local\Temp\35gguag95im5q_1.exe
                                                      /suac
                                                      3⤵
                                                        PID:3044
                                                        • C:\Windows\SysWOW64\regedit.exe
                                                          "C:\Windows\SysWOW64\regedit.exe"
                                                          4⤵
                                                          • Runs regedit.exe
                                                          PID:2756
                                                        • C:\Windows\SysWOW64\schtasks.exe
                                                          "C:\Windows\System32\schtasks.exe" /CREATE /SC ONLOGON /TN "Windows Update Check - 0x1BB70478" /TR "C:\PROGRA~3\JAVAUP~1\35GGUA~1.EXE" /RL HIGHEST
                                                          4⤵
                                                          • Creates scheduled task(s)
                                                          PID:2608
                                                  • C:\Users\Admin\AppData\Local\Temp\71B8.exe
                                                    C:\Users\Admin\AppData\Local\Temp\71B8.exe
                                                    1⤵
                                                      PID:904

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\libcurlpp.dll

                                                      MD5

                                                      d41d8cd98f00b204e9800998ecf8427e

                                                      SHA1

                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                      SHA256

                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                      SHA512

                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                    • C:\Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe

                                                      Filesize

                                                      893KB

                                                      MD5

                                                      47d3388bcd67a5424e1f73abb38f8d16

                                                      SHA1

                                                      f713f2df69b89f8ca42ccdb7e61bf6c160c29267

                                                      SHA256

                                                      ed6b6c31ea3200151dcb0934291a3e6f8efd47c71195a468ef1feda8967a4023

                                                      SHA512

                                                      0c53e0591d42b0bc1550f0b74e4845d7590ac444976a3054c30111e8478d61ed121fba8265ef61a1545fed39c3bf8bb5a7c4b27d6e89603893c8ec2e1163ace7

                                                    • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

                                                      Filesize

                                                      1.1MB

                                                      MD5

                                                      2ea907fc431c1de6dd3574e1513e64ed

                                                      SHA1

                                                      78a5e507ef85eb2731a93792c0fb835f36fff094

                                                      SHA256

                                                      608515e1f11bf0710007f6ea71ec36464f3142657c8075c6e3527b7a2b94e862

                                                      SHA512

                                                      f7bdd4e3281a5bfc18d0d59c70d800a13c1272f8dd2306085b14a28b9e1f0ce3d1acafa83fab8b1f9f7ec07ec9393459e322ff6b593e2a12dd2d5e02f022d6a6

                                                    • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

                                                      Filesize

                                                      1024KB

                                                      MD5

                                                      ba71171deee238efa2be7959b036fdff

                                                      SHA1

                                                      73fc4dc3c679cd653270e3392ade3742b345a234

                                                      SHA256

                                                      3385772012353749c04ec25024d8936c927b3a381bf3f6f18f49832d5c3707fa

                                                      SHA512

                                                      ae89d6b2d6b1ae360c578cdeaa8ec2e895614c9d15cfcee6d65d940c79f1bce693ff717893404ce4097e3e90b81018aff37ecf6088bc204c6675c0d2bc181fa3

                                                    • \Users\Admin\AppData\Local\Temp\7zS0F1C0636\libwinpthread-1.dll

                                                      Filesize

                                                      69KB

                                                      MD5

                                                      1e0d62c34ff2e649ebc5c372065732ee

                                                      SHA1

                                                      fcfaa36ba456159b26140a43e80fbd7e9d9af2de

                                                      SHA256

                                                      509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723

                                                      SHA512

                                                      3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

                                                    • \Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe

                                                      Filesize

                                                      2.1MB

                                                      MD5

                                                      5da0bd6ce560f6c4e2aedfb8de6b14bf

                                                      SHA1

                                                      1daebfbe3f63ce4c917348f56116c705b33295a3

                                                      SHA256

                                                      ae81d0494007f317502d165b830240e5923fb2ef669f726c7b4f6bdb6e1af1dc

                                                      SHA512

                                                      616cceae489d7e89b469c0883b8b134b4275dc8344fd00c0f77f4f24081b48a0a2e3163e4fecc5342c25bff4db4f938f075c8d9cfb253a914a23752df43ba192

                                                    • \Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe

                                                      Filesize

                                                      1.9MB

                                                      MD5

                                                      a5d0b1025f34b4f66c34e8e0cdc37491

                                                      SHA1

                                                      6f254f5626c34b2c148558fac8785c43e887f3b6

                                                      SHA256

                                                      e4ffd175342f2dfb0c88bfd3f7cd41dd9f894795a0d3cf04b413fc652970d5a3

                                                      SHA512

                                                      b54162a8bbdd532b546c3a8f8a06f7869ac8c0533d6ceca43a12fd9153e672000c016ad4d8e214ca4db67334bca0153859465341629f8577d5a445094222650d

                                                    • \Users\Admin\AppData\Local\Temp\7zS0F1C0636\setup_install.exe

                                                      Filesize

                                                      1.4MB

                                                      MD5

                                                      622ecf83905cdff87255acaf7d923574

                                                      SHA1

                                                      7dfbdef78668ffe8cc8cd4c40bf3bc26d8a098f5

                                                      SHA256

                                                      a80b53312dc742c7b91967a8ca76d5a9ed0faef31f217323c3aec2fa2fedfd1c

                                                      SHA512

                                                      10ae2288b169e44a4c27fb5378d1ad1efc221356ee9ff1f12c66ec3beb72ebb13a7ca422682abef64740d52bb6bdffc21d330343f79c829b57cb2de9d56d6ded

                                                    • \Users\Admin\AppData\Local\Temp\setup_installer.exe

                                                      Filesize

                                                      93KB

                                                      MD5

                                                      9b44481728f8fd6894874cf9171e81f1

                                                      SHA1

                                                      e36f10ea66dbf472629b73ed98595a850c9045a8

                                                      SHA256

                                                      d56b2405d390856b7641ad6777e8cfb7722757547e41407ecbd54ca32c047ada

                                                      SHA512

                                                      cd6c7f72637c29c2da1292d45baf8438bb10429f6730e483e78da5f7572639f6018076081b709e0547c16571374385e7c13261bce5d2b92c6e864a38f816c7c5

                                                    • \Users\Admin\AppData\Local\Temp\setup_installer.exe

                                                      Filesize

                                                      832KB

                                                      MD5

                                                      196b530c61a5507af0b6083e709bb932

                                                      SHA1

                                                      0230d312c576dd7210eb57c5375ce1892b2e1d8b

                                                      SHA256

                                                      3e6d4eaa17e4b0b53e58d394b568b3fe33cb493c5f6cfc7a07e09b274a5b4ca1

                                                      SHA512

                                                      d7d4850cc36efb226e21e80455ef583709c9ab474e404c465aef82a51a21e79964572e4404f8696c65af510f22c9c61626be3b7fd81d9aa8b44beeddb0f46bf4

                                                    • \Users\Admin\AppData\Local\Temp\setup_installer.exe

                                                      Filesize

                                                      624KB

                                                      MD5

                                                      359ac7425c20b0cd75d6793e0363eae8

                                                      SHA1

                                                      0f8d92be7b5d73864aa6da89885a9b93bd531422

                                                      SHA256

                                                      4cfe23ed5e1828a8682d583967cfdd0925712411fe0019cfe5969edc470fe6f1

                                                      SHA512

                                                      952e5ddf26e8e5f73e4517ac6021a6c6bc7472a85682e93b299520b012e3efaf835cf2ec499251c331cfb32ecc0845e35bf1ccfe4f04f6c89ead71ee38adf962

                                                    • memory/496-400-0x00000000034C0000-0x0000000003584000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/496-368-0x00000000034C0000-0x0000000003584000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/764-376-0x0000000000FB0000-0x0000000001074000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/904-357-0x000000013FDB0000-0x0000000140475000-memory.dmp

                                                      Filesize

                                                      6.8MB

                                                    • memory/904-393-0x000000013FDB0000-0x0000000140475000-memory.dmp

                                                      Filesize

                                                      6.8MB

                                                    • memory/1172-394-0x0000000077A81000-0x0000000077A82000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/1204-389-0x0000000002E60000-0x0000000002F24000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/1204-388-0x0000000077C3D000-0x0000000077C3E000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/1204-379-0x0000000002E60000-0x0000000002F24000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/1208-374-0x0000000077A81000-0x0000000077A82000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/1208-355-0x000000013FDB0000-0x0000000140475000-memory.dmp

                                                      Filesize

                                                      6.8MB

                                                    • memory/1208-362-0x000000013FDB0000-0x0000000140475000-memory.dmp

                                                      Filesize

                                                      6.8MB

                                                    • memory/1208-395-0x000000013FDB0000-0x0000000140475000-memory.dmp

                                                      Filesize

                                                      6.8MB

                                                    • memory/1208-283-0x0000000002D60000-0x0000000002D75000-memory.dmp

                                                      Filesize

                                                      84KB

                                                    • memory/1208-390-0x0000000002D80000-0x0000000002D86000-memory.dmp

                                                      Filesize

                                                      24KB

                                                    • memory/1208-392-0x000000013FDB0000-0x0000000140475000-memory.dmp

                                                      Filesize

                                                      6.8MB

                                                    • memory/1524-383-0x0000000077A81000-0x0000000077A82000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/1668-396-0x0000000077A81000-0x0000000077A82000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/1716-181-0x000000001B1E0000-0x000000001B260000-memory.dmp

                                                      Filesize

                                                      512KB

                                                    • memory/1716-119-0x0000000000EF0000-0x0000000000EF8000-memory.dmp

                                                      Filesize

                                                      32KB

                                                    • memory/1716-165-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

                                                      Filesize

                                                      9.9MB

                                                    • memory/1716-328-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

                                                      Filesize

                                                      9.9MB

                                                    • memory/1728-168-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                    • memory/1728-306-0x0000000000400000-0x0000000002D17000-memory.dmp

                                                      Filesize

                                                      41.1MB

                                                    • memory/1728-169-0x00000000002E0000-0x000000000037D000-memory.dmp

                                                      Filesize

                                                      628KB

                                                    • memory/1728-375-0x00000000066E0000-0x00000000067A4000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/1728-330-0x0000000002DC0000-0x0000000002EC0000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                    • memory/1728-178-0x0000000000400000-0x0000000002D17000-memory.dmp

                                                      Filesize

                                                      41.1MB

                                                    • memory/1756-284-0x0000000000400000-0x0000000002CBB000-memory.dmp

                                                      Filesize

                                                      40.7MB

                                                    • memory/1756-179-0x0000000000400000-0x0000000002CBB000-memory.dmp

                                                      Filesize

                                                      40.7MB

                                                    • memory/1756-166-0x0000000000240000-0x0000000000340000-memory.dmp

                                                      Filesize

                                                      1024KB

                                                    • memory/1756-167-0x00000000003D0000-0x00000000003D9000-memory.dmp

                                                      Filesize

                                                      36KB

                                                    • memory/1964-385-0x0000000001DB0000-0x0000000001DBC000-memory.dmp

                                                      Filesize

                                                      48KB

                                                    • memory/1964-380-0x0000000002E90000-0x0000000002F54000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/1964-377-0x0000000002E90000-0x0000000002F54000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/1964-381-0x0000000002E90000-0x0000000002F54000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/1964-382-0x0000000002E90000-0x0000000002F54000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/1984-170-0x0000000073A70000-0x000000007401B000-memory.dmp

                                                      Filesize

                                                      5.7MB

                                                    • memory/2128-372-0x0000000000BB0000-0x0000000000C74000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2164-338-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-347-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-387-0x00000000000D0000-0x0000000000194000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2164-339-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-358-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-364-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-342-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-343-0x0000000000260000-0x0000000000266000-memory.dmp

                                                      Filesize

                                                      24KB

                                                    • memory/2164-386-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-365-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-344-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-367-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-359-0x0000000000520000-0x000000000052C000-memory.dmp

                                                      Filesize

                                                      48KB

                                                    • memory/2164-391-0x0000000000260000-0x0000000000266000-memory.dmp

                                                      Filesize

                                                      24KB

                                                    • memory/2164-341-0x00000000000D0000-0x0000000000194000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2164-340-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-353-0x00000000000D0000-0x0000000000194000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2164-363-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-361-0x00000000000D0000-0x0000000000194000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2164-366-0x0000000077C10000-0x0000000077D91000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2164-360-0x00000000000D0000-0x0000000000194000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2248-373-0x0000000002940000-0x0000000002A04000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2372-378-0x0000000002A80000-0x0000000002B44000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2556-337-0x0000000077C20000-0x0000000077C21000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/2556-335-0x0000000001EF0000-0x0000000001EFC000-memory.dmp

                                                      Filesize

                                                      48KB

                                                    • memory/2556-331-0x0000000000290000-0x00000000002F6000-memory.dmp

                                                      Filesize

                                                      408KB

                                                    • memory/2556-332-0x0000000000300000-0x0000000000306000-memory.dmp

                                                      Filesize

                                                      24KB

                                                    • memory/2556-354-0x0000000000300000-0x0000000000306000-memory.dmp

                                                      Filesize

                                                      24KB

                                                    • memory/2556-333-0x0000000000310000-0x000000000031D000-memory.dmp

                                                      Filesize

                                                      52KB

                                                    • memory/2556-352-0x0000000000290000-0x00000000002F6000-memory.dmp

                                                      Filesize

                                                      408KB

                                                    • memory/2556-334-0x0000000000510000-0x0000000000511000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/2556-348-0x0000000000530000-0x0000000000531000-memory.dmp

                                                      Filesize

                                                      4KB

                                                    • memory/2556-326-0x0000000000010000-0x000000000006D000-memory.dmp

                                                      Filesize

                                                      372KB

                                                    • memory/2556-327-0x0000000000290000-0x00000000002F6000-memory.dmp

                                                      Filesize

                                                      408KB

                                                    • memory/2568-117-0x00000000013C0000-0x00000000013EC000-memory.dmp

                                                      Filesize

                                                      176KB

                                                    • memory/2568-155-0x0000000000250000-0x0000000000270000-memory.dmp

                                                      Filesize

                                                      128KB

                                                    • memory/2568-159-0x00000000002F0000-0x00000000002F6000-memory.dmp

                                                      Filesize

                                                      24KB

                                                    • memory/2568-146-0x0000000000240000-0x0000000000246000-memory.dmp

                                                      Filesize

                                                      24KB

                                                    • memory/2568-164-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

                                                      Filesize

                                                      9.9MB

                                                    • memory/2568-299-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

                                                      Filesize

                                                      9.9MB

                                                    • memory/2652-370-0x0000000002850000-0x0000000002914000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2712-371-0x00000000008B0000-0x0000000000974000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2740-300-0x0000000000400000-0x000000000051B000-memory.dmp

                                                      Filesize

                                                      1.1MB

                                                    • memory/2740-71-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                      Filesize

                                                      572KB

                                                    • memory/2740-68-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                      Filesize

                                                      572KB

                                                    • memory/2740-72-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2740-73-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2740-74-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2740-75-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2740-78-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                      Filesize

                                                      152KB

                                                    • memory/2740-59-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                      Filesize

                                                      152KB

                                                    • memory/2740-79-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                      Filesize

                                                      152KB

                                                    • memory/2740-66-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                      Filesize

                                                      572KB

                                                    • memory/2740-60-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                      Filesize

                                                      572KB

                                                    • memory/2740-69-0x0000000064940000-0x0000000064959000-memory.dmp

                                                      Filesize

                                                      100KB

                                                    • memory/2740-369-0x0000000001E90000-0x0000000001F54000-memory.dmp

                                                      Filesize

                                                      784KB

                                                    • memory/2740-302-0x000000006B280000-0x000000006B2A6000-memory.dmp

                                                      Filesize

                                                      152KB

                                                    • memory/2740-305-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2740-304-0x000000006EB40000-0x000000006EB63000-memory.dmp

                                                      Filesize

                                                      140KB

                                                    • memory/2740-303-0x000000006B440000-0x000000006B4CF000-memory.dmp

                                                      Filesize

                                                      572KB

                                                    • memory/2740-76-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2740-67-0x000000006FE40000-0x000000006FFC6000-memory.dmp

                                                      Filesize

                                                      1.5MB

                                                    • memory/2740-301-0x0000000064940000-0x0000000064959000-memory.dmp

                                                      Filesize

                                                      100KB

                                                    • memory/2908-336-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

                                                      Filesize

                                                      9.9MB

                                                    • memory/2908-118-0x0000000000C90000-0x0000000000C98000-memory.dmp

                                                      Filesize

                                                      32KB

                                                    • memory/2908-182-0x000007FEF5DD0000-0x000007FEF67BC000-memory.dmp

                                                      Filesize

                                                      9.9MB

                                                    • memory/2908-180-0x000000001AF40000-0x000000001AFC0000-memory.dmp

                                                      Filesize

                                                      512KB

                                                    • memory/2908-397-0x0000000077A30000-0x0000000077BD9000-memory.dmp

                                                      Filesize

                                                      1.7MB