Resubmissions

30-06-2024 01:18

240630-bn62va1erg 10

29-06-2024 22:53

240629-2t7tfaydje 10

29-06-2024 22:33

240629-2gkhdayald 10

Analysis

  • max time kernel
    990s
  • max time network
    959s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-06-2024 22:53

General

  • Target

    Borat/BoratRat.exe

  • Size

    20.0MB

  • MD5

    65b694d69d327efe28fcbce125401e96

  • SHA1

    049d4d71742b99a598c074458f1f2d5b0119e912

  • SHA256

    de60ecbbfef30c93fe8875ef69b358b20076d1f969fc3d21ab44d59dc9ef7cab

  • SHA512

    7ab57642e414e134e851d9aa2ed3ef8b483f3a5f77877cdc04e08d7f95c44884f8ccc6beaf8ba7f6949cfd7398c46be46c024d4fdeacd3a332d4565609baad5b

  • SSDEEP

    393216:V+G+oTCP+Zw6NLIsFfskh1BmXGnfBd+Uw:IGpTCP+Zlnk0rmkBYUw

Score
10/10

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 31 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Borat\BoratRat.exe
    "C:\Users\Admin\AppData\Local\Temp\Borat\BoratRat.exe"
    1⤵
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:376
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4172,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
    1⤵
      PID:3584
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
        PID:4240
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3124
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fffd9b9ab58,0x7fffd9b9ab68,0x7fffd9b9ab78
          2⤵
            PID:3332
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:2
            2⤵
              PID:4660
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:8
              2⤵
                PID:1232
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:8
                2⤵
                  PID:4596
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:1
                  2⤵
                    PID:4944
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:1
                    2⤵
                      PID:2856
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:1
                      2⤵
                        PID:5576
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:8
                        2⤵
                          PID:5604
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:8
                          2⤵
                            PID:5612
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4572 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:1
                            2⤵
                              PID:5800
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4708 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:1
                              2⤵
                                PID:5888
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:8
                                2⤵
                                  PID:5528
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:8
                                  2⤵
                                    PID:5680
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1968,i,13146644715947381578,10174109646749415398,131072 /prefetch:8
                                    2⤵
                                      PID:5660
                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                    1⤵
                                      PID:5388
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:5956
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4444,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:8
                                        1⤵
                                          PID:1360

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          288B

                                          MD5

                                          7eb276eb106fef57fa2d57e488c2a106

                                          SHA1

                                          d1d18037ebde9d8c655f1661a9226add50e0c83e

                                          SHA256

                                          760ef353e11ef7c94be32145f295c0516753ffcbe651e98c95a59f32e113e761

                                          SHA512

                                          3f7933fffb1279065e52938f8fc4d0498536da542885da60dc20b7c09db2cced9403d35b0c4091a7e486b125868427c6189fb0dcabb058a41738d00b1b6095e8

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          2KB

                                          MD5

                                          d6d355dabdbe76bfb147376df035e7dd

                                          SHA1

                                          d53a52771e5ef6ba1deddee0a80710c151021a7f

                                          SHA256

                                          f7b3d44e74db1a76625b37b4c6c7d4e0109fa8d58012bb7ba9d04f8801b98ac7

                                          SHA512

                                          4aefaef69e948cb8261a893460fd6902f4281b454c24b0dee8ecb4511b0e43a99692745634829537a91c4a11ec4b3ef29228d3b2c6d83729373733b20828655e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          2KB

                                          MD5

                                          0e97347361fa72b31fce4b3f3760a14e

                                          SHA1

                                          d44fa2f7bececde236f4bf7d5cb0370cd768f210

                                          SHA256

                                          bef03623f25f305e70f29e89b58ffb2f83e20d794892d0fbe3104e30016cbe2e

                                          SHA512

                                          5f1bafb572a46fd46326cdbac5774725d723cd9f7bc32f95342147fd56ee5577e67767aba1265aebc5697a7a49473f05788a37c956bafc8712f1b8432f8fdc51

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          690B

                                          MD5

                                          e7c013a428cdb5bfe13d076d0d4b8aa6

                                          SHA1

                                          749d37ac6ad02c32172dc577d22b43fa9fb94562

                                          SHA256

                                          62f44886119f44e99c13f06a823873c5cedf7a7c9290920d02052753ebebef67

                                          SHA512

                                          def237a01aa0a412fa669ae2a21e4fbe7f6aae63e544bb70ca29cd18e849abbb898471fc6e4daaa0b688f6c21203334777ea3544df8f712d64fc64d38d993fec

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          690B

                                          MD5

                                          5c82d4b8801b5d11bb277049baba3442

                                          SHA1

                                          98d260e1404a0ac7d4d6fc3fdc7124e2867621cf

                                          SHA256

                                          6dd9d464e730eef904a527e9ec6e1714c695be7249365a90dc1d5c58436af980

                                          SHA512

                                          3adce75e98a7956730e3b1820ec3d1061e91f5ce51bc48a70242389f8c2af9c89e436ca8b4dae9b06c0ed3befeb00a318176af22f08420c611eda5850075e6e4

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          4aa4c5efb807d8957214ebb4ac37bfa5

                                          SHA1

                                          15a933ce383b9716e9b98fd11e7220d687b43f97

                                          SHA256

                                          0fcf21374dfd042d76e2df3c1e564ee55c4243ec6b7af1d92b6b70464b9d2b35

                                          SHA512

                                          bd336c7461d74ef96993eb57c256753cd0072e6fdcf7b58dce5563d82cd0d7fa5475703a534a7fbdfc4898c54cfa0d6d555919ed8495eed1556ff68383474952

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          ab4c5a72c317b484736bbc6eff6c0cfa

                                          SHA1

                                          eff59dd21e768805134e1eaa5f554542d9179819

                                          SHA256

                                          8ef26ff51b38ee4450f4b587fef9228726f8648760aa4545837f329f5a733a96

                                          SHA512

                                          1f6d3155c5df100ab38817ccb80b82b8a9a339bd74a53d0f7f834b12f82bb81778d3b1d7bd92eeb8af3efb5e3476a742852b7b6e08fe99af425a19faab205b44

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          7KB

                                          MD5

                                          bbe1b57c064b4a0fdf1c80706061e382

                                          SHA1

                                          3cce56c5ff8e6c95de76f369ace577a5d4e96d37

                                          SHA256

                                          7904ecf3f4ab7517919370ec555c5865cf8067461e15a4e6cdcd51c072fa8ebd

                                          SHA512

                                          84ce31f6a3c0bddf1b8544538af10f48c14f285770b20e8d3742b99a86b9adb04e61a8bdc6333100b1fdd628501c84eeed14f113aa8763d97942259a1c85ec34

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                          Filesize

                                          16KB

                                          MD5

                                          020c815a37adade9230b9ee201dddf77

                                          SHA1

                                          ccef89da10a6fda73011dc2382f919a0f26faa15

                                          SHA256

                                          24f1dbfdc263b9361e8f0ea07e3de857fe85c4b59b6e80f63952042640f0d662

                                          SHA512

                                          690396de10321bda0080e897e49371c13f1ed85f4e4837a978bf76285aac82178b077d118d47f3f5ff979bed3d939e13a0e095bef32f72d3e2a117787c707375

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          281KB

                                          MD5

                                          4a209dae4b10eb5989c9a11772a7ef97

                                          SHA1

                                          d95101a597d02c629857f3b0a9ed616cc75b3a3d

                                          SHA256

                                          d906269c1a72426b7ae908db22985d91d87cfa57e3986d8b154999517226e7b6

                                          SHA512

                                          540a39ef231045d1914eb3a674655de4914e4b9342745e18a9910c70b6a7e913676da5cc1daccbb9df6234fbfacdb13632619e68b2d09457e503257629020556

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          281KB

                                          MD5

                                          5d2f0046d68a8f329f62ae749934a0d2

                                          SHA1

                                          90d16bd21848766b06db8b8a6467ec6cf5c49168

                                          SHA256

                                          6af1973969599bdddbcb41dbedfdaaa7fcdb7263df7ae7b7fd525cdb855d7d46

                                          SHA512

                                          1320f4484cc06a0b3a3c7f9d09a030e137cc09029e7da505f0e6a6b51d3ceb20e1963be778b97f7c4d4443545c89d45b24c53f798d329650869465e0da61e0a2

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                          Filesize

                                          264KB

                                          MD5

                                          1ff15e033e737c936ff436ea263b09b6

                                          SHA1

                                          a751f65c9aaa4e9fbf5a28b637c54b228b329975

                                          SHA256

                                          5c0c2d58b38064c89d7db12670481d2074502ab047fd31603203cbfa2d1c0785

                                          SHA512

                                          528b7b3b3e2ad7c9076d15ef72a14c20bb7bf01afb15aa427df2f121d5ea91a31c36559897a010ab85b268b8908d2f52f86a5d591512d36fa4a787e58d98a43a

                                        • C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_gd1rwjpue5ky1rwo1qwl5mnr5ta35yo4\1.0.7.0\bpbknf1n.newcfg

                                          Filesize

                                          693B

                                          MD5

                                          cfc46b49161d7d887f90489823ebde9f

                                          SHA1

                                          31b1decc98c6e232cafb2ac18d689b11967675f6

                                          SHA256

                                          56c7d323f68deb8e64e4a9ac5aaee4b8ce8e8b72b3f4817f3dc8eb826e557e10

                                          SHA512

                                          697934b591747282c2714f65c47698989af049d1ffb927f05fab7659c78e838e03a33ca2ef1ec119343537a8628f8b6df0c4dc3d5264376ff604841116e2bf75

                                        • C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_gd1rwjpue5ky1rwo1qwl5mnr5ta35yo4\1.0.7.0\user.config

                                          Filesize

                                          309B

                                          MD5

                                          0c6e4f57ebaba0cc4acfc8bb65c589f8

                                          SHA1

                                          8c021c2371b87f2570d226b419c64c3102b8d434

                                          SHA256

                                          a9539ba4eae9035b2ff715f0e755aa772b499d72ccab23af2bf5a2dc2bcfa41c

                                          SHA512

                                          c6b877ff887d029e29bf35f53006b8c84704f73b74c616bf97696d06c6ef237dff85269bdf8dfb432457b031dd52410e2b883fd86c3f54b09f0a072a689a08c0

                                        • C:\Users\Admin\AppData\Local\Server\BoratRat.exe_Url_gd1rwjpue5ky1rwo1qwl5mnr5ta35yo4\1.0.7.0\user.config

                                          Filesize

                                          422B

                                          MD5

                                          389aafca07a441b28d6e8997e55938d8

                                          SHA1

                                          b20636d21fc2643649a497b4ccc29e566b980e75

                                          SHA256

                                          f1b0349f3c2a25efb0b7ffc9a09c3ed6d9c684b9ee592bba2fbe6b4b11263fa8

                                          SHA512

                                          e0cc2fc0975264159f44ba15c4291bc6843e6ac94425da843a431630af7c1eabb4f739aedb2816c82b09925385d5515a57cf5ef64b15e6415557eaa4220c818d

                                        • C:\Users\Admin\Downloads\Client.exe

                                          Filesize

                                          56KB

                                          MD5

                                          9c722da4cf215d6fbb5717f638e0991d

                                          SHA1

                                          d40d0c454aa0fab75c48216c41743f2782a69a48

                                          SHA256

                                          eba63358762f36ca02e6081636206a3cd832b3d3e6edd04ae643b14467c725fe

                                          SHA512

                                          728c64f6fd9a63649398a03fb763a40bf771620c9b5468f7437aa38668f7956365c0b0b6042f751c0a3f1b786ffe62c30ba529ea454f21327913c6edd5537038

                                        • \??\pipe\crashpad_3124_WVDHMIDOATIWLTKM

                                          MD5

                                          d41d8cd98f00b204e9800998ecf8427e

                                          SHA1

                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                          SHA256

                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                          SHA512

                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        • memory/376-11-0x00007FFFE4250000-0x00007FFFE4D11000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/376-26-0x00007FFFE4250000-0x00007FFFE4D11000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/376-25-0x00007FFFE4250000-0x00007FFFE4D11000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/376-129-0x00007FFFE4250000-0x00007FFFE4D11000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/376-24-0x00007FFFE4250000-0x00007FFFE4D11000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/376-12-0x00007FFFE4250000-0x00007FFFE4D11000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/376-0-0x00007FFFE4253000-0x00007FFFE4255000-memory.dmp

                                          Filesize

                                          8KB

                                        • memory/376-8-0x00007FFFE4253000-0x00007FFFE4255000-memory.dmp

                                          Filesize

                                          8KB

                                        • memory/376-7-0x00007FFFE4250000-0x00007FFFE4D11000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/376-4-0x00007FFFE4250000-0x00007FFFE4D11000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/376-3-0x00007FFFE4250000-0x00007FFFE4D11000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/376-2-0x00007FFFE4250000-0x00007FFFE4D11000-memory.dmp

                                          Filesize

                                          10.8MB

                                        • memory/376-1-0x00000253DA1B0000-0x00000253DB5BA000-memory.dmp

                                          Filesize

                                          20.0MB