Resubmissions

04-09-2024 06:03

240904-gsefaavhkk 7

04-08-2024 02:00

240804-ce8dzsxdnf 10

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04-08-2024 02:00

General

  • Target

    VDeck Setup.exe

  • Size

    42.9MB

  • MD5

    aa53626f27f7c2d0428d81f5f3ec02ac

  • SHA1

    52dac85b5d3e0491bb05c7dd6d88842409b4e0ff

  • SHA256

    8aad43ed10153b766f0c7077748cbabf4bfe98b62ca6fe1ad6a5a0840f4b7bb2

  • SHA512

    46b57df175879e4879da462cd25fdd8c6e4be800cc9cdae22b6a5452b0755418c69629c793324e1dd799d02972f23065591552e02401499a43bef376ab7c4fd8

  • SSDEEP

    786432:NKiex8/gquJ58B+PEy+Si2csY2rBWHTFvtlVCJd69mVPo7FmzYV5zy397k8/2mEt:NVy8/gN5WNlSuKKjlVCn69mVT85mBz/Y

Malware Config

Extracted

Family

stealc

Botnet

vor2

C2

http://45.152.112.103

Attributes
  • url_path

    /1cf3aa1810feeb67.php

Signatures

  • Detects HijackLoader (aka IDAT Loader) 1 IoCs
  • HijackLoader

    HijackLoader is a multistage loader first seen in 2023.

  • Stealc

    Stealc is an infostealer written in C++.

  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VDeck Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\VDeck Setup.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Program Files (x86)\VDeck\VDeck.exe
      "C:\Program Files (x86)\VDeck\VDeck.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5108
      • C:\Users\Admin\AppData\Local\Temp\226afcd5-d7b2-4c68-9cbb-1423fc6ae98e\snss1.exe
        "C:\Users\Admin\AppData\Local\Temp\226afcd5-d7b2-4c68-9cbb-1423fc6ae98e\snss1.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:2980
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\SysWOW64\cmd.exe
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:1788
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            5⤵
              PID:4168

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\VDeck\System.Collections.Concurrent.dll

      Filesize

      246KB

      MD5

      0f849ea0f9408fdaf999ee8443f9ae02

      SHA1

      be76d857dbda71afd167912bb148ae8406b11490

      SHA256

      5d37561e4b1e8139fa8d83ab5d382643fc72a288cddc2e2ec580c637fe857c42

      SHA512

      3cc7fee424947c2f4b521ad05c718c52f88c6b4152762b4ee256598fba2b823152f90b705c41b0acbae124a8db576ed435e75cdb8440093085d135c433e6a3f6

    • C:\Program Files (x86)\VDeck\System.Collections.Specialized.dll

      Filesize

      90KB

      MD5

      e1f43907949d5d831324d06445a7e5fe

      SHA1

      eef81e1aa9ddbe797585bab6e011e0e7be8d8992

      SHA256

      e399a9419c7d94046fe6f3d7b88224666496b160d1cc2f942a1477061c233f97

      SHA512

      6aa89e289780dde21c1626a6fbbe838118f81463a43ff5ea2196bf1a53d115fe61316ab3da5e119c88115cfddf9fd11a22aaa688d73a318066b015b3aee4984e

    • C:\Program Files (x86)\VDeck\System.Collections.dll

      Filesize

      234KB

      MD5

      1a70954d51a08dffcb4256ad3c978ee6

      SHA1

      5a29053dcbd0d5599a27580f61e2e71aa54666fc

      SHA256

      7aab49f1efcf2db52912eae149937184b1b7e0e8c9953258d8fed5ff58b7a828

      SHA512

      d05d862353be02816085fda4b43d47c2a03af482ad5242e352c4dd5d291ef6a414faa71f430f0294d2c334ebc994e392e21553490f4d55c0383fe9f015981646

    • C:\Program Files (x86)\VDeck\System.ComponentModel.Primitives.dll

      Filesize

      74KB

      MD5

      158fdbf63c6374da304beb31a524565b

      SHA1

      644aa4a08565057d0cf541ec40a0059f019fd56e

      SHA256

      017fefedaa96d8aea524053cb887f8432b8e5e2500366c10c78978db60d5e87f

      SHA512

      53f020a93f6924a4b97a1e1f3036494df8d599a724ad7e7e8c46a25ed54b5cc33e0cd4682a90006e392c064e542e1f683c15b8f07cc6d26232ed676a3e080dea

    • C:\Program Files (x86)\VDeck\System.Drawing.Common.dll

      Filesize

      1.3MB

      MD5

      32e951b1a27f1269ec64a66b1fe81965

      SHA1

      7b54cce3c5b6611c436ef1169c871449a8263fe2

      SHA256

      01b1d64a1f11788155cc977fd39a64e043e5a09331113b6a3466e55dfe5aecfb

      SHA512

      3713adce1c489f2d2ac8935f0489744f6dfb12ccdb616eb0df656940c6f1dfc60be2af13bf4596df03b3d7bbc0b714aef9f5efb4358a57984543685b60415f45

    • C:\Program Files (x86)\VDeck\System.Drawing.Primitives.dll

      Filesize

      126KB

      MD5

      153b0a87313d2d08e66c7df74005d41e

      SHA1

      171afa42580c83459028a8ea4536db3ad55d4751

      SHA256

      bfa47355b7048e91f0a5886bc49bff1a7c48b930883f01078981511fa226c515

      SHA512

      eb0196db1adfec0e315b18a5ceef460fd37f2d2ffc2123119926eb0cf78c9fcc31d4d99da208eac4118a18633178cc89b155a21e13e3e0ebbcee43efef763618

    • C:\Program Files (x86)\VDeck\System.IO.FileSystem.dll

      Filesize

      15KB

      MD5

      35e27f4c681085a4b096826ee8ea4f53

      SHA1

      cf3ea4304e5558c8fdd4422e4d72509cd91ea719

      SHA256

      7bd41c6b12b73e6e90476f2d56db8581664abe07e7ab9bf2917bb254ed1d75ad

      SHA512

      1f9e6519ff29524e57cb0b3576ab118014293aade8f30027ef44b1f29a8e9a54e7bcb3b288a92dba996053b16016807d93fa9f44f2c43666ddc6425ddd7ae4b9

    • C:\Program Files (x86)\VDeck\System.Memory.dll

      Filesize

      142KB

      MD5

      38baaab0c6b7954f5e10ec726f900bab

      SHA1

      c96fdc8e192bc0830e7e90e3f0c604ac3d8018a2

      SHA256

      95983565ff4d3a9a90870c9279e3b047aaef00350c0f88a05704e7623110e5a4

      SHA512

      68749fdf1d7a090cd974e9a571d3625e62f5a91904df1279220c4fdad665bf94659b72b0448b23019c3f9101dc793f7f1efeed49c430404a0e6e4db6998ef992

    • C:\Program Files (x86)\VDeck\System.Private.CoreLib.dll

      Filesize

      12.0MB

      MD5

      ffbb715d8ddf1f50aceaec01830c6b62

      SHA1

      7797e33b410c08b71402d19d34cae0eb27ffc783

      SHA256

      08f5bf904290c6a251f0b685b2a625982aeb1cee9b4388cf4a6639b4101da599

      SHA512

      d9ad6f3eb4336fbe17ef783fd58cf412483a6eb19d4a190d2d682fb32b5912d7e32249c5614b98f9fd1190f0a91386b65d6cce6463132320f41c709bdfcf6e25

    • C:\Program Files (x86)\VDeck\System.Private.Xml.Linq.dll

      Filesize

      358KB

      MD5

      4f2a07bfac64a0ccd44dc4bff3c2c1d9

      SHA1

      bb83173f90581e2b834485286a69d6de3736b6c5

      SHA256

      9a7574bda3747cb1bb0a7897b01b83f0844e4eee68e5cf62c5adb4d747560a37

      SHA512

      e61db3fa1ce20c968bf3e9cbc2eb5a8ca079fda2a2dabfb3f620a3f7f239be9a8c8885f707aaa9b41460e707adb63cc830bcf8fc7392b3501cf39cef5e260477

    • C:\Program Files (x86)\VDeck\System.Private.Xml.dll

      Filesize

      7.1MB

      MD5

      f272d38a8fe09920da2aecd1b2daa743

      SHA1

      24013eae19f22f445b849db3b28b6b4698f9067c

      SHA256

      52df59be36a0cf35b26ec2b504386cbb88a4804107d700e9e12b6d5caf4c7fc0

      SHA512

      bc979a847caadb683a84948742e84054fcaa3cf78abb5e1f3e65b09d50cfa13dc26a90b814e6e89cb72a112dac1b034eb23319cd39d9da6edd5f418e94d49190

    • C:\Program Files (x86)\VDeck\System.Runtime.InteropServices.dll

      Filesize

      86KB

      MD5

      bbed39118d0fb818c4cfe583e76832b6

      SHA1

      576058cc3003af3a30654e640db5978863b65393

      SHA256

      81c16f06b76f9c47d53610c884397cb2d93ea975ec042970cbcd1ae2ff31735d

      SHA512

      230387d18249cdc6efb65a67509d17def5a4c81b6de008805fe72b5daca3653c90fe6b2c0d7810f036472144b92454f5a784dbd63b956921712ee3167736aec1

    • C:\Program Files (x86)\VDeck\System.Runtime.dll

      Filesize

      42KB

      MD5

      53501b2f33c210123a1a08a977d16b25

      SHA1

      354e358d7cf2a655e80c4e4a645733c3db0e7e4d

      SHA256

      1fc86ada2ec543a85b8a06a9470a7b5aaa91eb03cfe497a32cd52a1e043ea100

      SHA512

      9ef3b47ddd275de9dfb5ded34a69a74af2689ebcb34911f0e4ffef9e2faf409e2395c7730bce364b5668b2b3b3e05a7b5998586563fb15e22c223859b2e77796

    • C:\Program Files (x86)\VDeck\System.Security.Cryptography.Algorithms.dll

      Filesize

      17KB

      MD5

      8f3b379221c31a9c5a39e31e136d0fda

      SHA1

      e57e8efe5609b27e8c180a04a16fbe1a82f5557d

      SHA256

      c99c6b384655e1af4ae5161fe9d54d95828ae17b18b884b0a99258f1c45aa388

      SHA512

      377f4e611a7cf2d5035f4622c590572031a476dd111598168acea1844aaa425c0fe012c763fbc16290c7b32c6c7df7b2563c88227e3dbc5d2bd02250c9d368d9

    • C:\Program Files (x86)\VDeck\System.Security.Cryptography.Csp.dll

      Filesize

      15KB

      MD5

      c7f55dbc6f5090194c5907054779e982

      SHA1

      efa17e697b8cfd607c728608a3926eda7cd88238

      SHA256

      16bc1f72938d96deca5ce031a29a43552385674c83f07e4f91d387f5f01b8d0a

      SHA512

      ae0164273b04afdec2257ae30126a8b44d80ee52725009cc917d28d09fcfb19dfbbb3a817423e98af36f773015768fed9964331d992ad1830f6797b854c0c355

    • C:\Program Files (x86)\VDeck\System.Security.Cryptography.Primitives.dll

      Filesize

      15KB

      MD5

      777ac34f9d89c6e4753b7a7b3be4ca29

      SHA1

      27e4bd1bfd7c9d9b0b19f3d6008582b44c156443

      SHA256

      6703e8d35df4b6389f43df88cc35fc3b3823fb3a7f04e5eb540b0af39f5fa622

      SHA512

      a791fa27b37c67ace72956680c662eb68f053fa8c8f4205f6ed78ecb2748d27d9010a8de94669d0ee33a8fca885380f8e6cfad9f475b07f60d34cdcb02d57439

    • C:\Program Files (x86)\VDeck\System.Security.Cryptography.dll

      Filesize

      1.7MB

      MD5

      8903578453b0b54962f8db611c0f59f9

      SHA1

      8472232be661ec1922ae550805b448a9ed9c3d72

      SHA256

      fc76d70d439b43b747ef2ba15134dfd8d1703499398830778dedfeb58736d876

      SHA512

      a1436d787332eee1c666a4f8d8cddf903319648ba6be43689d1a2c0d3c25a9587d0f34939ea686883bb20e1d73a3dc85ff2c8e0c644cb0535d0809a131ca7125

    • C:\Program Files (x86)\VDeck\System.Threading.Thread.dll

      Filesize

      15KB

      MD5

      72d839e793c4f3200d4c5a6d4aa28d20

      SHA1

      fbc25dd97b031a6faddd7e33bc500719e8eead19

      SHA256

      84c9a95609878542f00fe7da658f62d1a6943a43e6346af80d26bcff069a4dbd

      SHA512

      a414cd9d7cf6a04709f3bdbef0295349b845a8301171ed6394e97b9993f35816383b958736c814f91c359a783cca86ee04802856486d4b4e0ab90a45da39db1d

    • C:\Program Files (x86)\VDeck\System.Threading.dll

      Filesize

      78KB

      MD5

      6052426c5bca2a85cf643b67f2d427d5

      SHA1

      0d8d654e361e7a738205fb18b47635661696cad3

      SHA256

      805d22cd608633508dc74cfe1941c46df4f7150cf53e7bf07d9ca99761c64d03

      SHA512

      2204c5a11b18687fde815ec88e5f7ce34c0572f80645f4bca8a572ed50b50411b6eeb8a0ac25e49fdd32ba97326e7aab5617f83f2a54f64dcbe2f64380cbfe10

    • C:\Program Files (x86)\VDeck\System.Windows.Forms.Primitives.dll

      Filesize

      2.6MB

      MD5

      d13f42b37b1bd87b1c01764d0cefa60e

      SHA1

      add9a4ccafb46c2ddf3f4128acf53d890b20e422

      SHA256

      6f8f12f680528db2af7ac46acda8f361dde3715ece345cf02b35a51db76a0752

      SHA512

      f6414ad66da3c6da3a0475f4c050746ef2fa1b6240f4ef2b0582e59acdb75b3d0189c8ce5b423423f32558821a331d7be70555f4f9e3e82e71175e7aacfc2fd7

    • C:\Program Files (x86)\VDeck\System.Windows.Forms.dll

      Filesize

      12.2MB

      MD5

      31fe7c80a7b253d0bb297fad937ebb32

      SHA1

      1addcf55e1ac796e086b25b03c1a61709dd754d1

      SHA256

      cea0f47c1d5737d454646c4ea89ff4c5430f21ffc84e44f9eb1996ca9b0e83c4

      SHA512

      352d3ba22d6479224b7bc96e09474478b0dbd9cfbe9dce3efbd3897ac29f4532a6acd4d5642f8d9f96f3a322676499efac0d4b1c6b50512d742ebce92c988766

    • C:\Program Files (x86)\VDeck\VDeck.dll

      Filesize

      707KB

      MD5

      a171e22080164d7d67e75ce0e48029d4

      SHA1

      eaef3f5fe04c5d69af1c7cd1a46e109499e80008

      SHA256

      8235088f8685df121dccfcf1ffcc6bd9a7eb9728bb1cfb4d86479f5363aa8dff

      SHA512

      26bede3ebfc39846d08f620cbff6f3ec93c1cb94c07804a2665576bb4a30b79973eddec07cd7bfcdf4781b8c2b604f3c0c142522d458b6605bfd5f99945cfef4

    • C:\Program Files (x86)\VDeck\VDeck.exe

      Filesize

      289KB

      MD5

      1ffd8066011d15e46c033fdc7c5bd16d

      SHA1

      ed4ed53aab7ba5f6288942584df4cb85be18003e

      SHA256

      507c6afeba30106b391d0304d354254a90404a4ba62d867c09b69044be841de5

      SHA512

      adec4f6416c39602acc635dd0e0f683e176df371e7210405dd89c3563e95aede96d21efcc62edd02ce13351e4dc11137552958d4603cf5a2a7d977069146c273

    • C:\Program Files (x86)\VDeck\clrjit.dll

      Filesize

      1.5MB

      MD5

      30f426cc5f54a918c9e72a20413b4853

      SHA1

      d3c8ed69652cf84e246aa946d99cd93d0f83b547

      SHA256

      7b2ac32ef1931e8ace2611522a727eda5bf7703356a137f2bec29af9a17f66fd

      SHA512

      efca28baa3b150d7c28e954391252c628ae703daba715d2ca3393b6fe337f861acdd8fcfdfa2d974eddd53c48f16bb546a41ae83ad005b8d54896d52acd4b16f

    • C:\Program Files (x86)\VDeck\coreclr.dll

      Filesize

      4.0MB

      MD5

      8e9dfff41edfdc5f1b312390b7c3ee00

      SHA1

      1e7751697de8731594c3dcdb1a64cd0bc36b73d6

      SHA256

      3d922f86ae7361b77d76840ea7e13444960dabe96e76ce0ce3742f98ebdb9e60

      SHA512

      287817da8df0301656978b98129d0e7833c7f6dd49bc4e661efcdc201744cb4fa7cbcef2d6fe384074dacb083a2196b522655bf806c5ce42e59a9f8579149d38

    • C:\Program Files (x86)\VDeck\hostfxr.dll

      Filesize

      286KB

      MD5

      9a7150ea9b6f4841edd6b67bb36ee68e

      SHA1

      14a9b59defef035d73be3e0d36eb231a18e44228

      SHA256

      0a0b8871ab1ff0b8b3d6a33bd830c36efac5447422a05cb42597650579351148

      SHA512

      69e0fd818fdb228bbfad59f979746ba20d2a1063f810aaee02088374b7d9c7bc6c89c6433639bcbcacd47ee81b3c40b575c377b958d8748885186a07577cd265

    • C:\Program Files (x86)\VDeck\hostpolicy.dll

      Filesize

      326KB

      MD5

      6e311781b44dc42bb9d032faf049a49a

      SHA1

      04bd8b1f0ec632db34a632c79a1805de93088dac

      SHA256

      a0fae8cd9409038ee4f7a58f54f65847c96d33bf76e690e5430e975320b05a08

      SHA512

      4c723176695e573269c4406deb421e05c41e31cab8f6329a40d26914c3ead960952e98558b418b294fb1e41d45863e4ca01074f8716dcbd8563c18d5e9a1b5e1

    • C:\Users\Admin\AppData\Local\Temp\nsu9FBC.tmp\InstallOptions.dll

      Filesize

      15KB

      MD5

      d095b082b7c5ba4665d40d9c5042af6d

      SHA1

      2220277304af105ca6c56219f56f04e894b28d27

      SHA256

      b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

      SHA512

      61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

    • C:\Users\Admin\AppData\Local\Temp\nsu9FBC.tmp\LangDLL.dll

      Filesize

      5KB

      MD5

      50016010fb0d8db2bc4cd258ceb43be5

      SHA1

      44ba95ee12e69da72478cf358c93533a9c7a01dc

      SHA256

      32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

      SHA512

      ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

    • C:\Users\Admin\AppData\Local\Temp\nsu9FBC.tmp\System.dll

      Filesize

      12KB

      MD5

      4add245d4ba34b04f213409bfe504c07

      SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

      SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

      SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • C:\Users\Admin\AppData\Local\Temp\nsu9FBC.tmp\ioSpecial.ini

      Filesize

      1KB

      MD5

      da9addbe97ccbcb4ab01494245ad87db

      SHA1

      32f9785a9375c0411d6dce2cef06c12cdf5323c1

      SHA256

      6a0b608d150eb6750ccbce0f8eee0a2f0ecdc388942bb388f2ff9e9261340589

      SHA512

      46c0b804d3d3e6a5992b3c599b2675d4a1e4f25b92bd2c8ba15e756459a6f05e44afc23b29f0ab5edde0b27688236a333ebf82afce701dd7a7690cae3245b2b7

    • C:\Users\Admin\AppData\Local\Temp\nsu9FBC.tmp\ioSpecial.ini

      Filesize

      1KB

      MD5

      e2d471b3e9051318d6daab818fb79011

      SHA1

      9dcf67027566cd372e163f2814eee2fd38d14333

      SHA256

      ea53736a22c75fb3b297f7007542b0ede284388891f9b001b83e7906bb5f0932

      SHA512

      cb686beecbe5943131eab31433127178fc9a9ae03947f8c082b1e2591fe291d3c58f9640cd742319d2a98b7a84439b2284cef300546bbcbbac5445d95e780bed

    • C:\Users\Admin\AppData\Local\Temp\nsu9FBC.tmp\ioSpecial.ini

      Filesize

      1KB

      MD5

      86bd276b20e5b6abf80d4ee08234e6df

      SHA1

      1b1b7cd0c102c3c0d9217acb04af810d0ccf4f42

      SHA256

      a15d3fdf700d5171d0130f5d8ce3bec4d60c6e301d288fc45808c58c957fafaf

      SHA512

      3bf61a5040d972c19d3508654a64fd375c65045179cd75b036843c12ca1e1d898a788a1ca45e2e3b9adb0819355ce91ff4074e1f83abe021a4cb1a0ae2814d8d

    • C:\Users\Admin\AppData\Local\Temp\nsu9FBC.tmp\ioSpecial.ini

      Filesize

      1KB

      MD5

      c5d2e579b3242077c1efe16a77790396

      SHA1

      23b8c11976fc98b71e4236b6c070f8a7bf006657

      SHA256

      8e28d44caecf95734a6e2d1c6c6c70e23ad0358598d63475dd50936c93c25da1

      SHA512

      e8980d4be7a5684204e713a5fe866aab7a06f03b3c29f2c8d4a4f3d6323bae57a96cdebe6c876d381e097db54d939c5a8d074b990f38a41b0ca6fce05433353a

    • memory/1788-739-0x0000000070280000-0x00000000703FD000-memory.dmp

      Filesize

      1.5MB

    • memory/1788-738-0x00007FFE486A0000-0x00007FFE488A9000-memory.dmp

      Filesize

      2.0MB

    • memory/2980-732-0x00007FFE486A0000-0x00007FFE488A9000-memory.dmp

      Filesize

      2.0MB

    • memory/2980-731-0x0000000070280000-0x00000000703FD000-memory.dmp

      Filesize

      1.5MB

    • memory/2980-733-0x0000000070293000-0x0000000070295000-memory.dmp

      Filesize

      8KB

    • memory/2980-734-0x0000000070280000-0x00000000703FD000-memory.dmp

      Filesize

      1.5MB

    • memory/2980-735-0x0000000070280000-0x00000000703FD000-memory.dmp

      Filesize

      1.5MB

    • memory/2980-729-0x0000000000400000-0x0000000000566000-memory.dmp

      Filesize

      1.4MB

    • memory/2980-730-0x00000000023B0000-0x00000000023B1000-memory.dmp

      Filesize

      4KB

    • memory/4168-741-0x0000000000870000-0x0000000000AB5000-memory.dmp

      Filesize

      2.3MB