Analysis

  • max time kernel
    151s
  • max time network
    173s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06-01-2024 13:37

General

  • Target

    465e008ae44b8e00364cfa199b450eb3.exe

  • Size

    1.9MB

  • MD5

    465e008ae44b8e00364cfa199b450eb3

  • SHA1

    2b947ac03931d1e5084bead2b16d61c11105f2fa

  • SHA256

    1823176ae53c5e51f5b421341682c0a812b931687e7685c3b4275b99586b519e

  • SHA512

    bed3275ed4580f8a0561b97d294d5515262bd92841ddfdbfcb256c27dd40e791f446d079b521bbf63d82fcaec4730ca98ed85788bae5a550dd637b08821f009f

  • SSDEEP

    49152:9g3DeZu8JlU1Ud9jKJxrsvs99nUEwfUsVvcNtfxOoq30:yqc8uxrsETUV9c+0

Malware Config

Extracted

Family

nullmixer

C2

http://watira.xyz/

Extracted

Family

smokeloader

Botnet

pub5

Extracted

Family

vidar

Version

40

Botnet

706

C2

https://lenak513.tumblr.com/

Attributes
  • profile_id

    706

Extracted

Family

smokeloader

Version

2020

C2

http://aucmoney.com/upload/

http://thegymmum.com/upload/

http://atvcampingtrips.com/upload/

http://kuapakualaman.com/upload/

http://renatazarazua.com/upload/

http://nasufmutlu.com/upload/

rc4.i32
rc4.i32

Signatures

  • NullMixer

    NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Vidar Stealer 3 IoCs
  • ASPack v2.12-2.42 4 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Executes dropped EXE 11 IoCs
  • Loads dropped DLL 44 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies system certificate store 2 TTPs 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\465e008ae44b8e00364cfa199b450eb3.exe
    "C:\Users\Admin\AppData\Local\Temp\465e008ae44b8e00364cfa199b450eb3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\setup_install.exe
        "C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\setup_install.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1948
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c 0d5026350381.exe
          4⤵
          • Loads dropped DLL
          PID:2832
          • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\0d5026350381.exe
            0d5026350381.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1604
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c 190cee335.exe
          4⤵
          • Loads dropped DLL
          PID:3032
          • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\190cee335.exe
            190cee335.exe
            5⤵
            • Executes dropped EXE
            • Modifies system certificate store
            • Suspicious use of AdjustPrivilegeToken
            PID:2840
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c 3cf01e1373c46.exe
          4⤵
          • Loads dropped DLL
          PID:3008
          • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\3cf01e1373c46.exe
            3cf01e1373c46.exe
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks SCSI registry key(s)
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: MapViewOfSection
            PID:1984
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c c9ebbe1d7.exe
          4⤵
          • Loads dropped DLL
          PID:1916
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c dca6c247e3.exe
          4⤵
          • Loads dropped DLL
          PID:3028
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c f6ab0314134.exe
          4⤵
          • Loads dropped DLL
          PID:3000
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c e12de46c3c832.exe
          4⤵
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2768
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 412
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:1028
  • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\0d5026350381.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\0d5026350381.exe" -a
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:2976
  • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\f6ab0314134.exe
    f6ab0314134.exe
    1⤵
    • Executes dropped EXE
    PID:2944
  • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\dca6c247e3.exe
    dca6c247e3.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:1988
  • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\c9ebbe1d7.exe
    c9ebbe1d7.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Modifies system certificate store
    PID:2016
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 968
      2⤵
      • Loads dropped DLL
      • Program crash
      PID:2360
  • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\e12de46c3c832.exe
    e12de46c3c832.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:2008
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {D6A39467-7F54-445E-BFD1-77DA92FC6FF2} S-1-5-21-2444714103-3190537498-3629098939-1000:DJLAPDMX\Admin:Interactive:[1]
    1⤵
      PID:2844
      • C:\Users\Admin\AppData\Roaming\aiegiii
        C:\Users\Admin\AppData\Roaming\aiegiii
        2⤵
        • Executes dropped EXE
        • Checks SCSI registry key(s)
        • Suspicious behavior: MapViewOfSection
        PID:1548

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      5a3a2e38b4f347abb718ebc94a91b209

      SHA1

      4f6233c969fb126c02ee2d7cc977ca0b1f42dd25

      SHA256

      3fa981e91bc3c08e53660aaace2fdb877a86a4674ae2aad4d1754ac3acf7b157

      SHA512

      132340759dee134d8e748517abad36d9ec3defe1ea4d2a0aea741f5772eddbb5b25ab5ec69c4e5e806f10572b4897f3e8a0cd3e9a44d5cbbcf92af0eeda8d4f7

    • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\c9ebbe1d7.exe

      Filesize

      168KB

      MD5

      edefa4918a6c5c3ef6cc32118a723fc4

      SHA1

      81fc4a508ec35019cf65d6175f55dc69779344c3

      SHA256

      d133528c57df4121c1578e52df8b18c0165c6a4c891596f92c9f2579dda86bc8

      SHA512

      b6a2e734c401c3c9d6f587ecca3066b08f468cd8bb1e268197e846b460468f8b4024fe6b80f1e34414a92bc90ccde064cd283ae9ab0d596c9879dc41d35ff6a9

    • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\libcurl.dll

      Filesize

      218KB

      MD5

      d09be1f47fd6b827c81a4812b4f7296f

      SHA1

      028ae3596c0790e6d7f9f2f3c8e9591527d267f7

      SHA256

      0de53e7be51789adaec5294346220b20f793e7f8d153a3c110a92d658760697e

      SHA512

      857f44a1383c29208509b8f1164b6438d750d5bb4419add7626986333433e67a0d1211ec240ce9472f30a1f32b16c8097aceba4b2255641b3d8928f94237f595

    • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\libcurlpp.dll

      Filesize

      54KB

      MD5

      e6e578373c2e416289a8da55f1dc5e8e

      SHA1

      b601a229b66ec3d19c2369b36216c6f6eb1c063e

      SHA256

      43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f

      SHA512

      9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

    • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\libgcc_s_dw2-1.dll

      Filesize

      113KB

      MD5

      9aec524b616618b0d3d00b27b6f51da1

      SHA1

      64264300801a353db324d11738ffed876550e1d3

      SHA256

      59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e

      SHA512

      0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

    • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\libstdc++-6.dll

      Filesize

      647KB

      MD5

      5e279950775baae5fea04d2cc4526bcc

      SHA1

      8aef1e10031c3629512c43dd8b0b5d9060878453

      SHA256

      97de47068327bb822b33c7106f9cbb489480901a6749513ef5c31d229dcaca87

      SHA512

      666325e9ed71da4955058aea31b91e2e848be43211e511865f393b7f537c208c6b31c182f7d728c2704e9fc87e7d1be3f98f5fee4d34f11c56764e1c599afd02

    • C:\Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\setup_install.exe

      Filesize

      925KB

      MD5

      b451e18d17f9d13a6a77224fa8b8d66f

      SHA1

      c62fea158c72c8ce16467f4b7d2225744dc7b330

      SHA256

      274c5222b3aebb56b2a3cea502fe17deccf3e72324ff1d07dd0b401a7b374842

      SHA512

      c4edeeb95fa08d8f5b3c506eb175648cf2a760d2bab207b3be64cd7ff288f1ac6421cc63376591fd3968eb071376b88e9da589eafbceeaade8cee2c9bc1dcd23

    • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

      Filesize

      705KB

      MD5

      5101122360681593812abd2f20fb8160

      SHA1

      bb302ef85d6edf890f8c45860be91d413f7b0aad

      SHA256

      0c5efc8c9fdd6681068bf93b2f1a6b7d73bbae93f6d668b2ad21585ad416fcaa

      SHA512

      1f64965e391e7f2d1f0ba420ce2bbe12fe404ada02af6a82c9b4dce85f3f98035a77eb5432da8df440785f0d61ac4ef3a6dd75d5044a75f87037828866f2b774

    • C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

      Filesize

      986KB

      MD5

      7a48409b2da243030934e71344ddc505

      SHA1

      26cb11ab5f3e168e3036ef98f9b8ec9448b943de

      SHA256

      d448f45e006dbc7cfde2298a0fd75c8380fc9744ce2556a05af44840333eb390

      SHA512

      08b272ac21654dc04808146319ecf0913dcdc0f54b988046191eae42d798b46abdf7b3f4d5b462325cf3a0db80556c529376ef52dd4007fb12e2ba78ee0133d1

    • C:\Users\Admin\AppData\Roaming\aiegiii

      Filesize

      310KB

      MD5

      fdc802b8df399f6708ea8a6b97876bbf

      SHA1

      0681baa0c0dd95e131e17e7657fdbd852eadc2fd

      SHA256

      0260280cc56474e9b64234716127ccf2612af51c715611f870e515893b08848c

      SHA512

      f66345e30bf2042af86770c096dec5ae42a7e4519dececb564f1849c1de6b608088b365c88466f4462657acb6d70a8664add0cd1dc5a6c21c3bc4f926b53c7a8

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\0d5026350381.exe

      Filesize

      56KB

      MD5

      c0d18a829910babf695b4fdaea21a047

      SHA1

      236a19746fe1a1063ebe077c8a0553566f92ef0f

      SHA256

      78958d664b1c140f2b45e56c4706108eeb5f14756977e2efd3409f8a788d3c98

      SHA512

      cca06a032d8232c0046c6160f47b8792370745b47885c2fa75308abc3df76dcc5965858b004c1aad05b8cd8fbb9a359077be1b97ec087a05d740145030675823

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\c9ebbe1d7.exe

      Filesize

      354KB

      MD5

      9b00936466485c47e35bbf3b6d46fa4e

      SHA1

      60343742c801ec85a3373f0f47a877ee8a53fd82

      SHA256

      8fd086cc2660a96a5c97ec4a44377f003c24ab825e5a4cb29975ac135c8668fd

      SHA512

      3fa9a38787587a1955d76f72fe49288ce2152b2f7b785b2c547fdb68d70477abf6c040c7d12d58373146edc655b11c771a5b9e1c9d2294d4ff0646bb57658ffb

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\c9ebbe1d7.exe

      Filesize

      92KB

      MD5

      769f56f1bb580d3fba21bf01f4e2ca60

      SHA1

      e7c9d16ae797f6bea97f6002ec2d24bf39c88a45

      SHA256

      bd324bddc1ebbda8917ef1fcd75e5ab0c225f49e49c1c31daa96db40009394dd

      SHA512

      c0f4d24948aef5aabd55570a32eb438fd44af98d405ff854fd40555c8d4f409a88dec10e642e1f7e6ebcd8066948827aed1455e23b30d9c808d93142bef5bbd8

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\c9ebbe1d7.exe

      Filesize

      58KB

      MD5

      7854ac2b28de1041670fbf557c016c8b

      SHA1

      61f98e0fdc20af551e1359fa75c4e6f7d258af39

      SHA256

      cbd70a18dcca9b8b227d1aa5540a737497181c6359d4460c75f35361c631ed3d

      SHA512

      5f381b759c3655418cd28b19f98e5915c5ac7c80c8d70ae9281b93e77557c979b2b70ca15ad0e3e3637630cba5fe1df6b363228c8aa8193168453c6d2b99198a

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\e12de46c3c832.exe

      Filesize

      8KB

      MD5

      bf78562d81291113d7664f8b10b38019

      SHA1

      7c1e6b7a9abcf1f96eb79ffdc7ea1831ad7f7889

      SHA256

      aa18f5ee23ba9686522956203b349217aebdc2c921471db1a89d4bc16d699251

      SHA512

      c94ac906daf9ca91983c58d353984b1b84334d7fa57581b32fd029b0db582ca00ef67f5ef0a1fc0fd624aa30d220503e5f1b70617a303712b2f5886ab5672f36

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\libstdc++-6.dll

      Filesize

      317KB

      MD5

      c437504432dbdfda60cde6a504190d41

      SHA1

      b5908225be1ccfccd815d3bf92f329684666e936

      SHA256

      cfc017d2ad02e2c20baac0dcde221cf70a4a828d1c387e461e4932bd66b6826f

      SHA512

      13bc48b23f6f90283d5ae2c2a1abbdc702972e1d413f3a3369cc3add8c24861946638d2ee73a5938b0558da5c3fa06729a73d0e4b4be21468956499804dd62bd

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\libwinpthread-1.dll

      Filesize

      69KB

      MD5

      1e0d62c34ff2e649ebc5c372065732ee

      SHA1

      fcfaa36ba456159b26140a43e80fbd7e9d9af2de

      SHA256

      509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723

      SHA512

      3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\setup_install.exe

      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\setup_install.exe

      Filesize

      1.2MB

      MD5

      bbcf3142a193be60f7eadf0e5f6bc06b

      SHA1

      6aea82c9a4761419defbeb854ec09021a8e87338

      SHA256

      e72a53838f7f1f3d271e1d1aa9c75e0fbd2462fd7e15c42455c90d5a173e46f4

      SHA512

      a52989124aacd147aaa267007403c21b24ee4264a1dc0614428bcbdc9f03402d4df251fcc1b22581dd819c474aa8f8dd01bae12cde0cd11faccf3a462da4bff6

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\setup_install.exe

      Filesize

      459KB

      MD5

      ac4ed5970509c77d2a47a8d319aabdd5

      SHA1

      2f8e4e67e698df615b84badfc304a4ff05c3f74a

      SHA256

      8988db0ad8096f18fce73131462929c37183fff6f2a6f851313a9643cc3ffa93

      SHA512

      5b601baeabcd5d72a637643d5f08503b034856958c8bc301df54e51ce856a809e035d52e026e4252d4c97f7f6f14955c126e9514fc2e8b5dd49d99f9905d1ac1

    • \Users\Admin\AppData\Local\Temp\7zS8AA4A2A6\setup_install.exe

      Filesize

      613KB

      MD5

      4e5f59ffd2158cb63e695c1f72ccbad6

      SHA1

      1f13df1e572b5ac987b7fbcce9deaa2594924faa

      SHA256

      4d2b4aab6e28ad88bcd60723f3cb054c06c05594af6c6bf9c5014eb9232f8a62

      SHA512

      8b0df3611b377868558af3805eed5451602f014161ecbffc83b9ad576ab3a3d329c28148c62b42b2099a062a25ea1ab69ec7723cc524a9fc87b0077d2f102017

    • \Users\Admin\AppData\Local\Temp\setup_installer.exe

      Filesize

      92KB

      MD5

      d772d6902200f5d4599a9b27d0d8f9e6

      SHA1

      564eefb3fabe655b2fb51f492959b158cb20e12d

      SHA256

      7bf11639663306b53a7fe0e3826d12f03e1dda7b1fb3abaa758e3281d35f8e17

      SHA512

      6682d79a013129aceba9cde75a82f0444a28d30bfbd1c4656d7e3774b469283027a780362657c908c991f9b5939db32792e6713a323667ab763a95b3f3e23d36

    • \Users\Admin\AppData\Local\Temp\setup_installer.exe

      Filesize

      1.3MB

      MD5

      e3e7d1f916fd97cf51bffa9635016bf9

      SHA1

      68eafcbcc474d57a8392f0a4f6dc203f961d7b9d

      SHA256

      1f8008ab724b246ffd90b7ca98c1384ff22927724c6a06997846bd250f455cfc

      SHA512

      92085459c6944eef9d1a2da89f430c244d523819bee34a8458a3cfc951bac25f36a3981b692a473f9a1897af81724e775045cf197a5cd5a9a574a50167cffc60

    • \Users\Admin\AppData\Local\Temp\setup_installer.exe

      Filesize

      320KB

      MD5

      1d783bfd211c7a0949186eee30bc7d14

      SHA1

      ef7b4a9b6cd8b43d323252ede03ad838f85a9fd2

      SHA256

      9975f3c8f4354405ecab6ee14dae004ca2a56b0c3c851fcd644d932e49893452

      SHA512

      67992da7412b4c2aabd3a724fd312feb34cf5a1a3cd68a1663342c51c7b2aa479ca7edc7bc057060ead5dc3e2d5563865f3f3b0e43b47379f8df6ae7f3096f36

    • memory/1300-181-0x0000000003AB0000-0x0000000003AC6000-memory.dmp

      Filesize

      88KB

    • memory/1548-422-0x0000000000AC0000-0x0000000000BC0000-memory.dmp

      Filesize

      1024KB

    • memory/1548-423-0x0000000000400000-0x0000000000903000-memory.dmp

      Filesize

      5.0MB

    • memory/1548-428-0x0000000000400000-0x0000000000903000-memory.dmp

      Filesize

      5.0MB

    • memory/1948-54-0x000000006B440000-0x000000006B4CF000-memory.dmp

      Filesize

      572KB

    • memory/1948-63-0x000000006B280000-0x000000006B2A6000-memory.dmp

      Filesize

      152KB

    • memory/1948-58-0x000000006FE40000-0x000000006FFC6000-memory.dmp

      Filesize

      1.5MB

    • memory/1948-188-0x0000000000400000-0x000000000071D000-memory.dmp

      Filesize

      3.1MB

    • memory/1948-217-0x000000006B280000-0x000000006B2A6000-memory.dmp

      Filesize

      152KB

    • memory/1948-56-0x000000006FE40000-0x000000006FFC6000-memory.dmp

      Filesize

      1.5MB

    • memory/1948-57-0x000000006FE40000-0x000000006FFC6000-memory.dmp

      Filesize

      1.5MB

    • memory/1948-39-0x000000006B280000-0x000000006B2A6000-memory.dmp

      Filesize

      152KB

    • memory/1948-61-0x000000006B280000-0x000000006B2A6000-memory.dmp

      Filesize

      152KB

    • memory/1948-55-0x000000006B440000-0x000000006B4CF000-memory.dmp

      Filesize

      572KB

    • memory/1948-60-0x000000006FE40000-0x000000006FFC6000-memory.dmp

      Filesize

      1.5MB

    • memory/1948-51-0x0000000064940000-0x0000000064959000-memory.dmp

      Filesize

      100KB

    • memory/1948-219-0x000000006EB40000-0x000000006EB63000-memory.dmp

      Filesize

      140KB

    • memory/1948-220-0x000000006FE40000-0x000000006FFC6000-memory.dmp

      Filesize

      1.5MB

    • memory/1948-59-0x000000006FE40000-0x000000006FFC6000-memory.dmp

      Filesize

      1.5MB

    • memory/1948-179-0x0000000064940000-0x0000000064959000-memory.dmp

      Filesize

      100KB

    • memory/1948-42-0x000000006B440000-0x000000006B4CF000-memory.dmp

      Filesize

      572KB

    • memory/1948-180-0x000000006B440000-0x000000006B4CF000-memory.dmp

      Filesize

      572KB

    • memory/1948-50-0x000000006FE40000-0x000000006FFC6000-memory.dmp

      Filesize

      1.5MB

    • memory/1948-52-0x000000006B440000-0x000000006B4CF000-memory.dmp

      Filesize

      572KB

    • memory/1984-182-0x0000000000400000-0x0000000000903000-memory.dmp

      Filesize

      5.0MB

    • memory/1984-120-0x0000000000400000-0x0000000000903000-memory.dmp

      Filesize

      5.0MB

    • memory/1984-184-0x00000000003C0000-0x00000000003C9000-memory.dmp

      Filesize

      36KB

    • memory/1984-118-0x0000000000240000-0x0000000000340000-memory.dmp

      Filesize

      1024KB

    • memory/1984-119-0x00000000003C0000-0x00000000003C9000-memory.dmp

      Filesize

      36KB

    • memory/2008-121-0x00000000010C0000-0x00000000010C8000-memory.dmp

      Filesize

      32KB

    • memory/2008-134-0x000000001A8E0000-0x000000001A960000-memory.dmp

      Filesize

      512KB

    • memory/2008-254-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

      Filesize

      9.9MB

    • memory/2008-337-0x000000001A8E0000-0x000000001A960000-memory.dmp

      Filesize

      512KB

    • memory/2008-126-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

      Filesize

      9.9MB

    • memory/2016-129-0x0000000000400000-0x0000000000958000-memory.dmp

      Filesize

      5.3MB

    • memory/2016-221-0x0000000000400000-0x0000000000958000-memory.dmp

      Filesize

      5.3MB

    • memory/2016-128-0x0000000000FB0000-0x000000000104D000-memory.dmp

      Filesize

      628KB

    • memory/2016-293-0x0000000000A90000-0x0000000000B90000-memory.dmp

      Filesize

      1024KB

    • memory/2016-130-0x0000000000A90000-0x0000000000B90000-memory.dmp

      Filesize

      1024KB

    • memory/2840-122-0x0000000000320000-0x0000000000350000-memory.dmp

      Filesize

      192KB

    • memory/2840-255-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

      Filesize

      9.9MB

    • memory/2840-136-0x000000001ACB0000-0x000000001AD30000-memory.dmp

      Filesize

      512KB

    • memory/2840-135-0x00000000001F0000-0x00000000001F6000-memory.dmp

      Filesize

      24KB

    • memory/2840-338-0x000000001ACB0000-0x000000001AD30000-memory.dmp

      Filesize

      512KB

    • memory/2840-364-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

      Filesize

      9.9MB

    • memory/2840-133-0x00000000001D0000-0x00000000001F2000-memory.dmp

      Filesize

      136KB

    • memory/2840-127-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

      Filesize

      9.9MB

    • memory/2840-131-0x00000000001C0000-0x00000000001C6000-memory.dmp

      Filesize

      24KB