Resubmissions

22-05-2024 00:10

240522-af3h1sed73 10

22-05-2024 00:06

240522-ad1xeaed36 3

Analysis

  • max time kernel
    41s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 00:06

General

  • Target

    file.html

  • Size

    176KB

  • MD5

    b953eba523e77f6e19ec7a66e5babbad

  • SHA1

    82dbe8304fa22decf94b5a96e5a19697fcbf57ec

  • SHA256

    40a7b25cbc35c77604ac44d96e3cded8b29f3b5dd25c093550ae0629c7019ab1

  • SHA512

    f4be970955f40caebb4c57612ba3ed3b1d6b921ad1561189483ae8072b375868b2e25bc9189e802e28f42be360b3979d322f79e6a80dcff87a3073fdb7897652

  • SSDEEP

    1536:UijCa50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/xlCv1aszFek:UiLgAkHnjPIQ6KSEX/+HuI4MU4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\file.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f69758,0x7fef6f69768,0x7fef6f69778
      2⤵
        PID:2068
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:2
        2⤵
          PID:2784
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:8
          2⤵
            PID:2632
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:8
            2⤵
              PID:2652
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:1
              2⤵
                PID:2592
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2116 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:1
                2⤵
                  PID:2576
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:2
                  2⤵
                    PID:1640
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3324 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:1
                    2⤵
                      PID:2296
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3776 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:8
                      2⤵
                        PID:3020
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3860 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:1
                        2⤵
                          PID:1776
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3840 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:1
                          2⤵
                            PID:1620
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:8
                            2⤵
                              PID:1748
                            • C:\Windows\system32\rundll32.exe
                              "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Software 1.30.1.rar
                              2⤵
                              • Modifies registry class
                              PID:1796
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4212 --field-trial-handle=1288,i,17301373152085529009,11703271405890467235,131072 /prefetch:8
                              2⤵
                                PID:1660
                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                              1⤵
                                PID:2920
                              • C:\Windows\explorer.exe
                                "C:\Windows\explorer.exe"
                                1⤵
                                  PID:2868
                                • C:\Windows\system32\rundll32.exe
                                  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Software 1.30.1.rar
                                  1⤵
                                    PID:2944
                                    • C:\Program Files\7-Zip\7zFM.exe
                                      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Software 1.30.1.rar"
                                      2⤵
                                        PID:1496
                                    • C:\Program Files\7-Zip\7zG.exe
                                      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Software 1.30.1\" -spe -an -ai#7zMap32537:92:7zEvent21714
                                      1⤵
                                        PID:1848
                                      • C:\Users\Admin\Downloads\Software 1.30.1\Software 1.30.1.exe
                                        "C:\Users\Admin\Downloads\Software 1.30.1\Software 1.30.1.exe"
                                        1⤵
                                          PID:1600
                                          • C:\Windows\SysWOW64\WerFault.exe
                                            C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 48
                                            2⤵
                                            • Program crash
                                            PID:2588
                                        • C:\Users\Admin\Downloads\Software 1.30.1\Software 1.30.1.exe
                                          "C:\Users\Admin\Downloads\Software 1.30.1\Software 1.30.1.exe"
                                          1⤵
                                            PID:2504
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 48
                                              2⤵
                                              • Program crash
                                              PID:2184

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

                                            Filesize

                                            1KB

                                            MD5

                                            55540a230bdab55187a841cfe1aa1545

                                            SHA1

                                            363e4734f757bdeb89868efe94907774a327695e

                                            SHA256

                                            d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

                                            SHA512

                                            c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

                                            Filesize

                                            230B

                                            MD5

                                            83b00b3cc99a61112773c819522b9274

                                            SHA1

                                            7d24171c19ab25e350502f22ea7edb3e93db48c6

                                            SHA256

                                            649ab81adad80e21951bc0280aaa5e9bf6a5bf9ee0ff7ee2776686f8cbc880d6

                                            SHA512

                                            15f1b8c42aae0dd8f8925bd49f428487b6e612fa22e9c72f439f68c017695cc90721901c947a83f24ea2bbcc1626756ecbd7ab610e19d67601a4fcdd8d21cb71

                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                            Filesize

                                            344B

                                            MD5

                                            47fd0647029a3fe8888221e7955718b5

                                            SHA1

                                            427c791f788bcdde37b76e0dd2d4a281fc279898

                                            SHA256

                                            3966fee613d24ec5d166f2843d01a7d35c6cdd3f9b1c304668e09e9b6d10834a

                                            SHA512

                                            7a4e801ddebf486d2c4f5942970c96d5911552b9b5e9ea3a167c9782bac2bfe5e5ba26846fdd3a59bbe5c2881f19c6d4828a2a8f349953364e9c21db0b460ae4

                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                            Filesize

                                            344B

                                            MD5

                                            ec43c456692b7014a38a14b8823e6b28

                                            SHA1

                                            2b44791957c8eac7006b95155a95534d4a8d5794

                                            SHA256

                                            496add24cd752d83d95cf4f31103079948b7a8f3de49b54abc884e7a8e2edf17

                                            SHA512

                                            7c6d2516b57f668fb7d6674e269f5b26658b0a2c6ac70655a13e134d7df589f30111f6a797f02d9d3b10cb2f82c6dfec0e95eacf04bd9278bfc88c3959b6b70c

                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                            Filesize

                                            344B

                                            MD5

                                            4cba5a88914d7fd77f6d5a165787d96f

                                            SHA1

                                            c1ccc7cf694cd4ff2a12e50cb27aa1286f8b12a4

                                            SHA256

                                            400bf1457bae4179290f86b446bd5467b090e3d02c2961f19a74b0694e526fce

                                            SHA512

                                            b70f90452b9b50a80f627617f8e78d6d1eaf735fea97c2ef980e2cd61b20c607d8c597f56b5a02687bae0edbf5ab601747374512e2eddff51c4d23b5a9ec70b8

                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                            Filesize

                                            344B

                                            MD5

                                            e54d9976d19f48048f2de59295922e76

                                            SHA1

                                            831151dde232a9491fe02a7278905ea418897fb5

                                            SHA256

                                            465c91f4efe9614692243c499a71bfa1c525c1dcda29c5e50eb357d121ddbcc4

                                            SHA512

                                            552c29ad8ce3af4a32329f3c27d2a499f4bb038312d1a79254aaf950cd2b78212f332a40eb65ea12ecc1d2fc8c4f084d719b017b65d2e2d0f208ea779379bf73

                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                                            Filesize

                                            344B

                                            MD5

                                            5241a03664fb6d6b0c3d9ca7bb67fee7

                                            SHA1

                                            c62a716376469a036025bf1ce6f1354548f876fa

                                            SHA256

                                            d492049d97c898fb99dbf516977f78a0a97a17a8c0cd79257eb221d331af5bae

                                            SHA512

                                            781b8d5e0a34610cb552b4fdbc94c2032a614e5359b3bee224140a3f4a9925b44249b65f2c596866ad399782b976899085aa59c78764e5b590a18ac5019de972

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                            Filesize

                                            40B

                                            MD5

                                            567d4dac6846f22069dcc585af122992

                                            SHA1

                                            a84d24ab0a730a84b54407a63c9d537b4a226399

                                            SHA256

                                            00e69b7f06d44379c68754af3bdc46a5f2919272586618957da47a3cb8a6378c

                                            SHA512

                                            ca40410254bf5abf1f82d7959cf234bd96196dfdc66e4b178631abc23072b8b28f41e31779acc4ebbd366634f62fbf92a677ff7b15343c34b0ba7489ef061860

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                            Filesize

                                            264KB

                                            MD5

                                            f50f89a0a91564d0b8a211f8921aa7de

                                            SHA1

                                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                                            SHA256

                                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                            SHA512

                                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            5KB

                                            MD5

                                            a14b2766c711ba51aca41cb548ff3fc9

                                            SHA1

                                            998f1a734d322b5325f59ec8e8c675369954273c

                                            SHA256

                                            d55199f63f5ae2327a79e71cefc1a06b6f3b74077ab518505047751a065960ce

                                            SHA512

                                            1cf99157bbb4670f3d06bd71215fc682c1436d057db8a8b8de71887133a18be416dec0932a8652e4e0011560d14bf09c6b550bcac0ef298ab3d0042728cec001

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            6KB

                                            MD5

                                            2c73ed1198cb521379d5595c77409022

                                            SHA1

                                            d9dfa5a5d3b6cee10045d5a97fc3665866225a67

                                            SHA256

                                            18a81cdefe7cbadcbf2ee5c8da1df61ad5ea97aa6c6d99ab54b2823ba4df3e64

                                            SHA512

                                            a0e78770009db02e876c5a422a65d32b263d526a8dea8ef47022bce2b31a3c8a94fc4540eb09d79fe78d5a4114768008fc1c0513e88c2e2f8dfdb1c152709d01

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            6KB

                                            MD5

                                            0abfb30485575b07378c601c412c7ec4

                                            SHA1

                                            7185c45959d29d179c425db5f53565cfd091c959

                                            SHA256

                                            356731989dc549eba8494797664473eb241e70237ed1787506de40bc73bd494f

                                            SHA512

                                            eca59387631d09495f226eb1a82a5c14079ba2a735adc7c56e6db3e581601719b1785b64df3f7c97b2c5fbc1f797f182e3a0ac16fa59312644946a857ea9c8c4

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                            Filesize

                                            16B

                                            MD5

                                            18e723571b00fb1694a3bad6c78e4054

                                            SHA1

                                            afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                            SHA256

                                            8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                            SHA512

                                            43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c841f665-f05e-4d05-ba07-5be0c44db42e.tmp

                                            Filesize

                                            140KB

                                            MD5

                                            fdb5fc392b9b60ffbf65fdf7a57a551b

                                            SHA1

                                            43b0164e8743d05a8b6f02119112eec97e71a795

                                            SHA256

                                            3175a280ca1a78a8cc61545e9bf14025fb9fc4814a65be2a8dc108d232df0def

                                            SHA512

                                            58444aa63b3684c3942ab7ccf06b42ee23db54812d63416aaf251fdbc1f34951968dfcf0928de604fc641d009a05f23d26e541d7d0d01fcbd8074418bea4cd00

                                          • C:\Users\Admin\AppData\Local\Temp\Cab2CCD.tmp

                                            Filesize

                                            68KB

                                            MD5

                                            29f65ba8e88c063813cc50a4ea544e93

                                            SHA1

                                            05a7040d5c127e68c25d81cc51271ffb8bef3568

                                            SHA256

                                            1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

                                            SHA512

                                            e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

                                          • C:\Users\Admin\AppData\Local\Temp\Tar2CFF.tmp

                                            Filesize

                                            177KB

                                            MD5

                                            435a9ac180383f9fa094131b173a2f7b

                                            SHA1

                                            76944ea657a9db94f9a4bef38f88c46ed4166983

                                            SHA256

                                            67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

                                            SHA512

                                            1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

                                          • C:\Users\Admin\Downloads\Software 1.30.1.rar

                                            Filesize

                                            11.1MB

                                            MD5

                                            67798e30cf7d3c317ec30c06ded31ce8

                                            SHA1

                                            2d8322bc19e5e2885990a39914a3c6a34fed4490

                                            SHA256

                                            3a768cea741a8d0a44d41461a42ead9dcb245f961fdfebe6518ad55f4f3acc51

                                            SHA512

                                            268ae145b0b569cba79329daca510d324edd457713bca99560b36e2e190bab430c11590fa8089b25d5f0933daced4653e9087e5921c5e3677e1016fd5e43e61b

                                          • C:\Users\Admin\Downloads\Software 1.30.1\Software 1.30.1.exe

                                            Filesize

                                            459KB

                                            MD5

                                            8f24d51d694f0d2c82716f1b43634c5e

                                            SHA1

                                            e071121aa5086be82e3a922b2d494d7131d5dc7d

                                            SHA256

                                            6e2b703f13feb98d24b500aa6b161fe789c14969a7602fb2be7637aa47c05d9d

                                            SHA512

                                            bddc65d0865c27b5146633416cab69650c876fabfe4f3bccf3adb208109fea57a57f97f07f77d0cbbd318d3d6d24b323a5a9ad257acb0d1e2845285bb501b5eb

                                          • memory/1600-568-0x0000000000020000-0x0000000000021000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1600-572-0x0000000000020000-0x0000000000021000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/2944-519-0x0000000003DD0000-0x0000000003DE0000-memory.dmp

                                            Filesize

                                            64KB