Resubmissions

08-06-2024 08:50

240608-krvyesae91 10

08-05-2024 16:15

240508-tqnx6ach3w 10

08-05-2024 16:07

240508-tkr3mafa54 10

01-05-2024 18:02

240501-wmf49acg3s 6

27-04-2024 08:46

240427-kpfeysff8s 10

25-04-2024 21:25

240425-z9y55afb7v 10

25-04-2024 21:16

240425-z4pphafa97 10

25-04-2024 18:27

240425-w3929sde33 10

25-04-2024 18:17

240425-ww4a5sdc8x 10

Analysis

  • max time kernel
    58s
  • max time network
    81s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-04-2024 17:55

Errors

Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-25T17:57:45Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10v2004-20240226-en/instance_24-dirty.qcow2\"}"

General

  • Target

    000.exe

  • Size

    6.7MB

  • MD5

    f2b7074e1543720a9a98fda660e02688

  • SHA1

    1029492c1a12789d8af78d54adcb921e24b9e5ca

  • SHA256

    4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966

  • SHA512

    73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff

  • SSDEEP

    3072:eaLA1++iCeFj0im6X/AXpT8vVMCcHVcdhghUuz1o9Y:fLJlC6j0CX4XmvWHVcd62uO9

Malware Config

Signatures

  • Disables Task Manager via registry modification
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 2 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\000.exe
    "C:\Users\Admin\AppData\Local\Temp\000.exe"
    1⤵
    • Enumerates connected drives
    • Modifies WinLogon
    • Sets desktop wallpaper using registry
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:228
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
      2⤵
        PID:496
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /im explorer.exe
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4012
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /im taskmgr.exe
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2488
        • C:\Windows\SysWOW64\Wbem\WMIC.exe
          wmic useraccount where name='Admin' set FullName='UR NEXT'
          3⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:3668
        • C:\Windows\SysWOW64\Wbem\WMIC.exe
          wmic useraccount where name='Admin' rename 'UR NEXT'
          3⤵
            PID:5044
          • C:\Windows\SysWOW64\shutdown.exe
            shutdown /f /r /t 0
            3⤵
              PID:2940
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe"
          1⤵
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:640
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff9eb3b9758,0x7ff9eb3b9768,0x7ff9eb3b9778
            2⤵
              PID:2964
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:2
              2⤵
                PID:456
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:8
                2⤵
                  PID:3596
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:8
                  2⤵
                    PID:1444
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3312 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:1
                    2⤵
                      PID:1944
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:1
                      2⤵
                        PID:4340
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4664 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:1
                        2⤵
                          PID:916
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:8
                          2⤵
                            PID:4396
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:8
                            2⤵
                              PID:232
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:8
                              2⤵
                                PID:2088
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:8
                                2⤵
                                  PID:1860
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4560 --field-trial-handle=1948,i,8553955746044781560,10057867889580652119,131072 /prefetch:1
                                  2⤵
                                    PID:4160
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                  1⤵
                                    PID:2272
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
                                    1⤵
                                      PID:1676
                                    • C:\Windows\system32\LogonUI.exe
                                      "LogonUI.exe" /flags:0x4 /state0:0xa3994855 /state1:0x41c64e6d
                                      1⤵
                                        PID:4860

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                        Filesize

                                        288B

                                        MD5

                                        3805453d6b60885a898d03eb5819c636

                                        SHA1

                                        b0b37b07df9860fe593ba42da937620c3aecee76

                                        SHA256

                                        24f6dcc920f8bb9ce8cbdb8207aad1b1ff2e3ea6961e14e9546d10a7f19f263e

                                        SHA512

                                        f9137c315935f0f19eca4647995bc0926c3aa76bae53c386d7f9a309f29aeaf9c7f43d0c7448feccdb58f690bac91a888eb8eccdb9901bd75d98c906ad4a3131

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        369B

                                        MD5

                                        3ff90cfff0187ef56232d0cebce12f4b

                                        SHA1

                                        ebc004ba4f68853373b123849a04387d10987e3a

                                        SHA256

                                        f431916532b437a7254e8390698dcbd76a4d644f0c5ee7756481bb8b996eb1ea

                                        SHA512

                                        5c4ce50a1882a68da878a32bb5941cb875e2f1bca06bdc0ca844be7bc670f9c820ce4792c10eb69bcfe3390060948fb51553b9079c189c97e27699ab96e0966c

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        369B

                                        MD5

                                        ef00048f47abddbbec0d14f65a648005

                                        SHA1

                                        3328f3fd93364fb666f78b48c954d1b398c2eab4

                                        SHA256

                                        c5486044d1d88c794718a4741f9c6f85ce9af95f65c8dc430b0fac5fbb8dd64c

                                        SHA512

                                        0aaecebb91fc68ca4b332004b54d19481e958f14d2a520d6af73ba15dab67b90d17f30ec54a4fcbdaafaccb80f810dd9c0163a70df9aa298b28f692ccd128536

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                        Filesize

                                        369B

                                        MD5

                                        aa2997db32d8485da380ea833fd28245

                                        SHA1

                                        df80dd15f7317b862dac751f3410c224fc9dd3d3

                                        SHA256

                                        c85802f6fbe5d9ca35ff3471724b957aadc309dae606f82111cc38a2988dc88a

                                        SHA512

                                        ef9e1fa97d861e20748d6003084380d37eacb00267f8cad4856f50279770e5c0ce661648482a713cf466c7d283e865f52c3c97d9ec92827716b057e2c5da485e

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        20f53ab6a9f84ddb3e829318d174a1ad

                                        SHA1

                                        e0af48ab10589c2a54618a30f23dc823fd119f61

                                        SHA256

                                        9be11df4cc31787f7f5fad2fac88c31b1ccf990619594fd48c892a25a6520808

                                        SHA512

                                        be1e2252cb9af8e66d8c9f63584bae69c8341c3ce61a7122bdba6e7649599a06bcf7cd302419ad8cedbcb6c7f7c69e3db896b368a42a261a9865705552dabef8

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        e313dfee5cbb44751895f343b6e65b4e

                                        SHA1

                                        71f011f310d26094c83420c6647b07b29d4bdbe4

                                        SHA256

                                        3fd01b6eebb07cdacb491e57ba6e612a0a19e0619bd0827b1e303e9d0e258c59

                                        SHA512

                                        6849c20429ddf38b624eb58d6e39a6c170010eb2d054f7c5232f91c4daf4f6a104b75f7844a060c88bc29f652223688bd1c6c33d67df2742aa23722a22c1ff2a

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        5KB

                                        MD5

                                        a357320759aa693da51eba250d7645c4

                                        SHA1

                                        e517cfbf6f7ea33e9fcdcdc5469e027a682c1dc0

                                        SHA256

                                        ca12f564f27be5aba0880d2dcc2d4b06a2592f4c41048669d2017b85a1c9ba40

                                        SHA512

                                        b3534ec834053379538b8af29bff6d23a027599b7ab1fb613e4730627c54207e42fe479451c86dc2c8c0202434b58d5ec049f3e218beeea246b517433f815d6c

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        28c07db0f912b33b0b10f4afbe22d988

                                        SHA1

                                        1865fd0da0e21db17b62518ddb37266f5f4cd761

                                        SHA256

                                        0dae137042a93b5c4e8604b2dbb287b91c48d8e30329339eade8d307381cfd9b

                                        SHA512

                                        eccfe4fdaab732ce9e604328c284c9e05cc313e3885641bb28666f34bb185550862913ec888cbb989360878847ede2293dc55abeb5ea625e7543a8d3e2386800

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        265KB

                                        MD5

                                        b84dfe3a2a1081c9c16c2dc434ea342b

                                        SHA1

                                        d8bd696bcee6072038c12ac95469edb6b49d1053

                                        SHA256

                                        263974198d63d0710714f0a8dfb8191480f62dd35b08cbec0123325d740262fd

                                        SHA512

                                        c19e9826c81477648a67810e4c552a3c40943c1e41f8107a2d2b42df711b79a04c859ef5c27e2df79609bc94d5ea3c31b591c51b9d57b2662619430105d2bf93

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        265KB

                                        MD5

                                        9e7a2b4071afcf0ea2b005e098689d75

                                        SHA1

                                        9f488e73d4c6b5d8270b35c35f32bb7cd5d895c5

                                        SHA256

                                        8cc4c4be0b843dda9b0bd8ea9bc6295898ee5e88d001f68dcc34124869dbe1b4

                                        SHA512

                                        90b0041c5eea04d4f29e169bba01f1f3def9c06108f5f94a81f70a0a20903498ab34a62c5b306050195f97c7fab84b5cae9c1194dac8d50eb212ec49094c7ce5

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                        Filesize

                                        2B

                                        MD5

                                        99914b932bd37a50b983c5e7c90ae93b

                                        SHA1

                                        bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                        SHA256

                                        44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                        SHA512

                                        27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                      • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

                                        Filesize

                                        384KB

                                        MD5

                                        e4ce7c2fac2fd2150828e8668a1e0185

                                        SHA1

                                        2af89339e7a5c363807450131ea3c1b08da5abc6

                                        SHA256

                                        f8adbc6e4371d8c25d8a5b3b88e4fe92900407446508f67ebd8567276b9601e7

                                        SHA512

                                        e5d6df92a5f4c7d0b71b42bd35a98b0436d42e8aa153650069406bd6fe030e933a94241e7350478874c6c45d7857c76a148f5ea69d16d470585e7e91fd1619bc

                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

                                        Filesize

                                        9KB

                                        MD5

                                        7050d5ae8acfbe560fa11073fef8185d

                                        SHA1

                                        5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                        SHA256

                                        cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                        SHA512

                                        a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                      • C:\Users\Admin\AppData\Local\Temp\one.rtf

                                        Filesize

                                        403B

                                        MD5

                                        6fbd6ce25307749d6e0a66ebbc0264e7

                                        SHA1

                                        faee71e2eac4c03b96aabecde91336a6510fff60

                                        SHA256

                                        e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

                                        SHA512

                                        35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

                                      • C:\Users\Admin\AppData\Local\Temp\rniw.exe

                                        Filesize

                                        76KB

                                        MD5

                                        9232120b6ff11d48a90069b25aa30abc

                                        SHA1

                                        97bb45f4076083fca037eee15d001fd284e53e47

                                        SHA256

                                        70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

                                        SHA512

                                        b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

                                      • C:\Users\Admin\AppData\Local\Temp\text.txt

                                        Filesize

                                        396B

                                        MD5

                                        9037ebf0a18a1c17537832bc73739109

                                        SHA1

                                        1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

                                        SHA256

                                        38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

                                        SHA512

                                        4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

                                      • C:\Users\Admin\AppData\Local\Temp\v.mp4

                                        Filesize

                                        81KB

                                        MD5

                                        d2774b188ab5dde3e2df5033a676a0b4

                                        SHA1

                                        6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

                                        SHA256

                                        95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

                                        SHA512

                                        3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

                                      • C:\Users\Admin\AppData\Local\Temp\windl.bat

                                        Filesize

                                        771B

                                        MD5

                                        a9401e260d9856d1134692759d636e92

                                        SHA1

                                        4141d3c60173741e14f36dfe41588bb2716d2867

                                        SHA256

                                        b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

                                        SHA512

                                        5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

                                      • memory/228-157-0x0000000074F30000-0x00000000756E0000-memory.dmp

                                        Filesize

                                        7.7MB

                                      • memory/228-0-0x0000000074F30000-0x00000000756E0000-memory.dmp

                                        Filesize

                                        7.7MB

                                      • memory/228-109-0x000000000B450000-0x000000000B460000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-152-0x000000000B470000-0x000000000B480000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-153-0x000000000B470000-0x000000000B480000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-155-0x000000000B450000-0x000000000B460000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-154-0x000000000B450000-0x000000000B460000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-108-0x000000000B450000-0x000000000B460000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-159-0x000000000B450000-0x000000000B460000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-158-0x000000000B470000-0x000000000B480000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-156-0x000000000B470000-0x000000000B480000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-110-0x000000000B450000-0x000000000B460000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-101-0x000000000B450000-0x000000000B460000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-100-0x000000000B450000-0x000000000B460000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-621-0x00000000053A0000-0x00000000053B0000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-99-0x000000000B450000-0x000000000B460000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-38-0x00000000053A0000-0x00000000053B0000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-943-0x00000000053A0000-0x00000000053B0000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-66-0x000000000B2B0000-0x000000000B2BE000-memory.dmp

                                        Filesize

                                        56KB

                                      • memory/228-22-0x0000000005A90000-0x0000000006034000-memory.dmp

                                        Filesize

                                        5.6MB

                                      • memory/228-21-0x00000000053A0000-0x00000000053B0000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/228-65-0x000000000B2E0000-0x000000000B318000-memory.dmp

                                        Filesize

                                        224KB

                                      • memory/228-2-0x0000000000320000-0x00000000009CE000-memory.dmp

                                        Filesize

                                        6.7MB

                                      • memory/228-1018-0x0000000074F30000-0x00000000756E0000-memory.dmp

                                        Filesize

                                        7.7MB