Analysis

  • max time kernel
    49s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/04/2024, 23:09

General

  • Target

    Library.exe

  • Size

    4.1MB

  • MD5

    04ed10d94e5cd607770eecc9aee56105

  • SHA1

    f43752eb19d1359efcc90e8b1e7078594beed40c

  • SHA256

    7da1fb99de280b8baf392e8d5a62026cf709b202bf78cc74652c3f84c90c929f

  • SHA512

    ff770a81822005bd0ff9b901cea3fc25d73daf06dafeaebf75cf2ba38841004fae6f6b102e6b34f215d1df5a647c1a398423ed32179ef1bb28b7562fa6036a27

  • SSDEEP

    98304:+80h5vs4SZWnzJgKSF3UPDV/KQBR8rOI4i1q3:pGVs44WntglyCQwAz

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 4 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 48 IoCs
  • Suspicious use of SendNotifyMessage 45 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Library.exe
    "C:\Users\Admin\AppData\Local\Temp\Library.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/blammed
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://blammed.pro/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1720
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/blammedsolutions
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2016
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2188

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          bd8a41075f10df71e8582bc307ca4b0b

          SHA1

          e28bd8447c760f80fd2f8f0f771bfd28c3f4b432

          SHA256

          9b231bc7a5439a98b9a21040147d1ba9aece42122fd38d5b71954760888d4c36

          SHA512

          7de64dd4aec21df7ad5853ac0817a0ee2bfd51bde30af682cfa265b425bea1eb1cddd8cb9057cb797d72255ac4d2d169c562eb0261a49ff51a1bc594b67a2b79

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c6cdca7c34c40fe497b1d57c17670ed6

          SHA1

          74a53feb2812aebd2293f3c4fe6ab37282f3b7e0

          SHA256

          f6cdf09c064528ac69db49853558ec49395aa9481b0ef97e04eec611bf9dfcd4

          SHA512

          a311384ba19ea8f89e6e934e15f0b563be83aae19a0b1b3a3bf6009cb3bb4eaaecec9ffb00401654d5f0a8ae96591892ff182506f547bad69b71a959f5c17068

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0c847796eb39acfc471e2799d7083692

          SHA1

          b082759926a114e987b380e59535add69aba135b

          SHA256

          aef4e64180d5cfb8b6631a443e7a0373d1e775c3651bd747c61f0f7caea6329c

          SHA512

          7c5f7f984f5c209a9575b74822f9a3b108c978514b7f9bbda1a6a564c441113be02f711a0e61cb127d3e15da3dc7662e6b5939180bf33939cd8d1c8f15d34b90

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          cd46a9ae25104a85be20e556e2c0bb32

          SHA1

          987466f88d4bd0c761a319bad05670fa94816756

          SHA256

          9f6fdb9d1cd3fadff07ce5043d7a1d318655a07a4096a528227aafe5addba0fe

          SHA512

          39b68beeeaf498f13e9246607d014aef8c46df6a43f1667ddfebf839cd7912f672857d85ae465ac9b83feaecd17869c4b6738c8897abe71793f3f1fd44fde566

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f55c0f692a94b8152c434ece3152b62d

          SHA1

          f8b1042be907e438f38537ce88fdb2dc0c801ae5

          SHA256

          dd8d89801a0347bc67b9aa176784220ecd6b883dd6dc189347a50832a5e6dcf8

          SHA512

          430382a181338734dd9b09f28508a29e07a00403fc2534009ac61516fa329028b5a404fe4f929ce0ed4ee7e2aafc4233347c012e6014470f0da931b334e664d7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          41bd86920678116273b3125b40ba8c3c

          SHA1

          0e6c9d1025609db208554cf480d75c122df44ddc

          SHA256

          dd3ce878f761a84933ca578163ca8ffcb64792770c1fa3566335945e930fa4d4

          SHA512

          f655497f2733b21ae269030990ed363ab483009d51a4356031906b7cb2597e5cb55021352669e75cdc2c277ed27fcbc252cc91797705b1c4206bf6f18715a608

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d974711cafd8303ca600d31da594d61e

          SHA1

          4c9d7e09e4c77307396b3d5579273f272c5dcabf

          SHA256

          f7586fe4cd737dc7565c33accc03497f9074d662e231e956cbbe093fdc15ad18

          SHA512

          51f64cc95e5cf0824d34ae096fa08f249c3b3e6402a3e9cf29812bf94dcb0982a8784e3508bb3b4a90e5cbd01a09bbe1402192bb42b68e05b7c23ea9952a0476

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c6bcc99d938ecb0f478c0766956ce441

          SHA1

          b0a6ede3d5a5fec899a3edade44577c47c8a5265

          SHA256

          2976055ef7908933986c0991a2b688d0f6411def4f4c6a7cf21324d46bb81677

          SHA512

          be78caa9ad6f3a6f0663e95842048be8ce75a9840a3e717bdd8cafc08f4900ea1d5271b5e0742091b35e394809a56467224b2731790e4bcfc6b3d6060310b80f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2ced6d96077924cfa0a2cff76bb0fbe6

          SHA1

          8b3ec7bf577112cd7cfd6aec9122e39f9f968a3d

          SHA256

          6b1b08554be9d065dbc3b50fddc6afeb68a0d48c0ded958df0222868b3a2e80c

          SHA512

          b3b96fa3a5537f4eb241eaf0dba786366151a991414e603084fae047ee06b1d96b7e9cf1a21a1c132c24e883aea69a2da83cb3a67c16412874527d9482bc3185

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          95d002f7dd1d5d1843ae9681e2d2263e

          SHA1

          c9c4a8c9bb4b880dbb7cb27e44bb2008fd36a3ae

          SHA256

          fc69e6294e87dd5f2ea0376357636527831b597bbec0cf3c0bc39983fb81fff1

          SHA512

          7f0f70eb2bb7253eeb7b1f7eb5654900fbf087e71c519bcbe14e8a22742951e77df839814a5311f31cbfc736924322ead5efceccfb50e673306c271c99680f78

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          134ca3a29f6e731411ca8cc754554b85

          SHA1

          96b46c27c45545aa8a72a516fad9fed6b69474f6

          SHA256

          35482c309d56a92eda2476fa03e4ad72796a03ddc35fecccc44224947352f9d5

          SHA512

          d76650bdf8bcd1793218ac46b229bf7ad6aa20eaa566dfcfbc0649a264dfe85db70df68681efd826010cd5c83f14974867f6c1d02252bf8cdb01bf53a25222c4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e0b99b6375d129ccc908c8293790bde2

          SHA1

          8e5ecc3aeb4921ba69d59a452f5e28da0b03f6b4

          SHA256

          6383484308a3c7e0f25bf9e112f096dbd48287a5b816150736f5c5d02325c537

          SHA512

          d8036c4a3e74e38d19363f0288bc60a02f01d5dc766da6223fa67bfe4716ff08024649cbe383ce0b6f342930f8930bbe1db67ce7a79253d2dbe468aa5bfd6479

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9E31EA91-F858-11EE-A5A1-E299A69EE862}.dat

          Filesize

          4KB

          MD5

          20093f6ea64a6e31903e143750d9222e

          SHA1

          a933d3344895765941038870bc940dfbb9336b0e

          SHA256

          b33ecb749bb912bdf5fe88ea95364d4cda994d74dc0f958ce1c1c623c7001c7e

          SHA512

          2d00df825937e0fa96f6e3460d7a62bad7b26c6ad85a09c8cd46049e1878a776ee1722088cd649098dbb1a86f135e396ab3f4e21b4c6d49a6539e79ec9957d55

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9E31EA91-F858-11EE-A5A1-E299A69EE862}.dat

          Filesize

          3KB

          MD5

          860247c98835b0534d0cebd924eff876

          SHA1

          e076764c32e434745a7830738fffb3622b548591

          SHA256

          09a134821350f0b0e348ffbb2d6633d5477f6c2158a5a53131b3d0290cc77f8e

          SHA512

          155a0dd1038dce8bd4b2f81be5518eeeca44496709fb953c438173790ba9c5eb22fe0ae69545c0d6ece6637a2f797f72e88cb9fdcabb21d72db65e30adcbde47

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9E347301-F858-11EE-A5A1-E299A69EE862}.dat

          Filesize

          5KB

          MD5

          2249771f42fa6bf68d6f3e38b60f48a9

          SHA1

          9e0cf314ecea2f08425faf82197a97a65f5578e2

          SHA256

          9133475501da1e6e5e5c523383db7907f71a5f240af96f775ebf1dbf20da25ca

          SHA512

          b99074869fa9aeb53e830ba22988c05e023ad55c2a375543eee06333daa448aeed94e5d73387e1aa15b2a9c5fc6ff5d6dd7229f3e23edfa9ec9b9ee684e238eb

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{5339A170-D0C3-11EE-87E8-C695CBC44580}.dat

          Filesize

          5KB

          MD5

          f7c950cf3dea9fd3c92b8e046e9cb0f1

          SHA1

          708436bfef9b31a82f4e89b7e08f68ed67cc0a62

          SHA256

          84fba41aef1984217e0b284ac4f748fa0b7a0745d576e8ac9c8c54be10ccdb9f

          SHA512

          ba9ba64c263154d8345c45dac9a1bd8e5dee45fc519b589b9a929b2eab1d2f0e0908b803d43235e67f1cfe74eeea02609580b72e5885d5d4ad42dd8246306b0a

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{5339A170-D0C3-11EE-87E8-C695CBC44580}.dat

          Filesize

          6KB

          MD5

          f217d3eb71428f918ed2b68914c97230

          SHA1

          fc10e8a317600a01d8d435911670087445c28a96

          SHA256

          7c970c06cec8f7fa756c6d51efb0098e6abd69a004ccae3eda63808a5ee1bead

          SHA512

          70e542dd873d84c102922990176e68fd91019dff63df9241b8f3fd3e846618b9ea044a26c8f680baafb2e29deb3e4605083d2730a3c991242112610ca452862d

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{9E31EA94-F858-11EE-A5A1-E299A69EE862}.dat

          Filesize

          4KB

          MD5

          6498562b5eaad231fb1a47aaba988341

          SHA1

          35a88b28f4214ae029a47110865d3884234cf059

          SHA256

          e1c730ab756197312a8c7616654c9bc7129f988b844a630e75b29ebe439b1922

          SHA512

          6b450083e93d809854c365601a9219010b76f3bcf5e21dda1467c263e40a4dd98dc551ce6df625213beef28eea46a894e273b2be636afc98eb10c5b6679293ef

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{A4A38370-F858-11EE-A5A1-E299A69EE862}.dat

          Filesize

          4KB

          MD5

          d20e75b0e4794f3564b5666c73a24039

          SHA1

          e4433023cda8fd6ceeac5f13dcbbfc7b38e76eb0

          SHA256

          d217f525ed0273c7f4bb027857c129c7761ddc08180e68514673767c2cb584c3

          SHA512

          73f9a83d3625c5f4e51de5710fea3eb9ce3c8215131a88e00f9ba4d86e40402743b5ea5eed927128790611009443dfade4b552f876d76ef93209413739a65a3d

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

          Filesize

          24KB

          MD5

          064fc7e561d242664cc48ef15e7f3d8d

          SHA1

          fba8a9c6d0fad6730142b215e6df244f3ea1b740

          SHA256

          73c9f2b221201a3d4b967cd4b4177855bfec0b2736034964d2a92465d37f8d41

          SHA512

          ff151b41f0a36d89dbddcb2056e9d19d33ca64a0b765ef5cabf9eaa6b24c0dedc1fa6f510af19b99bcbbc1f80e9fa6be106dba3fdfc977805a3fccca5c195cac

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\favicon[1].ico

          Filesize

          23KB

          MD5

          ec2c34cadd4b5f4594415127380a85e6

          SHA1

          e7e129270da0153510ef04a148d08702b980b679

          SHA256

          128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

          SHA512

          c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

        • C:\Users\Admin\AppData\Local\Temp\Cab3D7E.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Cab3E8A.tmp

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\Local\Temp\Tar3E8F.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

        • C:\Users\Admin\AppData\Local\Temp\~DF3B0E6C314C311BCB.TMP

          Filesize

          16KB

          MD5

          d02fb6dca4e85882e1050901d1783935

          SHA1

          5579f9d6e54f61a43781401e51add0f8bb181a08

          SHA256

          107919610b9fcaa74f2c8c269cabc516f8d8f4466317694a6e9acbc1d1030d26

          SHA512

          3495318358d72c545cb48fe3892fed7b520e7cb206dce2cbb4b424eb373aff55194a085227a2c1ded936fbbf3caa7bd959e1e29df8cc0003f04e1db5528bc25c

        • memory/2120-198-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-10-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-19-0x0000000001090000-0x00000000019CE000-memory.dmp

          Filesize

          9.2MB

        • memory/2120-173-0x0000000001090000-0x00000000019CE000-memory.dmp

          Filesize

          9.2MB

        • memory/2120-0-0x0000000001090000-0x00000000019CE000-memory.dmp

          Filesize

          9.2MB

        • memory/2120-17-0x0000000001090000-0x00000000019CE000-memory.dmp

          Filesize

          9.2MB

        • memory/2120-22-0x0000000000C40000-0x0000000000C80000-memory.dmp

          Filesize

          256KB

        • memory/2120-200-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-199-0x0000000075830000-0x0000000075877000-memory.dmp

          Filesize

          284KB

        • memory/2120-8-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-206-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-205-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-18-0x0000000074840000-0x0000000074F2E000-memory.dmp

          Filesize

          6.9MB

        • memory/2120-11-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-16-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-12-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-15-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-14-0x0000000077830000-0x0000000077832000-memory.dmp

          Filesize

          8KB

        • memory/2120-20-0x0000000000C40000-0x0000000000C80000-memory.dmp

          Filesize

          256KB

        • memory/2120-13-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-204-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-520-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-4-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-647-0x0000000074840000-0x0000000074F2E000-memory.dmp

          Filesize

          6.9MB

        • memory/2120-6-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-3-0x0000000075830000-0x0000000075877000-memory.dmp

          Filesize

          284KB

        • memory/2120-21-0x00000000057D0000-0x0000000005BA6000-memory.dmp

          Filesize

          3.8MB

        • memory/2120-2-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-1-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-672-0x0000000000C40000-0x0000000000C80000-memory.dmp

          Filesize

          256KB

        • memory/2120-673-0x0000000000C40000-0x0000000000C80000-memory.dmp

          Filesize

          256KB

        • memory/2120-681-0x0000000074840000-0x0000000074F2E000-memory.dmp

          Filesize

          6.9MB

        • memory/2120-682-0x0000000000C40000-0x0000000000C80000-memory.dmp

          Filesize

          256KB

        • memory/2120-679-0x0000000075830000-0x0000000075877000-memory.dmp

          Filesize

          284KB

        • memory/2120-678-0x0000000076B50000-0x0000000076C60000-memory.dmp

          Filesize

          1.1MB

        • memory/2120-680-0x0000000001090000-0x00000000019CE000-memory.dmp

          Filesize

          9.2MB

        • memory/2188-676-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB

        • memory/2188-675-0x0000000140000000-0x00000001405E8000-memory.dmp

          Filesize

          5.9MB