Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 21:24

General

  • Target

    49b5a95d6794e15745fb356f6ae713d0a5f9c2116fe4eac3b9d2b7d3bb4ba1d9N.exe

  • Size

    3.3MB

  • MD5

    ee54949235f4f54554ba0e0a71967590

  • SHA1

    5915909319f05034d66202ece9b45a106534bcda

  • SHA256

    49b5a95d6794e15745fb356f6ae713d0a5f9c2116fe4eac3b9d2b7d3bb4ba1d9

  • SHA512

    393c2a77e3556938deec9a0b5cc993c05c5cfc536587097e5e16da4fcaa85a692058b05ae6d9f218db19d4e159e12e3276f9ee5160ef1fd7c125aa078cd5e37d

  • SSDEEP

    98304:SCZ9i2QPOTCUqt3T7uUlHVTKpoMhXKTRs8lZw:SCZ3QmOrp71HAnia8lZw

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 10 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 21 IoCs
  • Drops file in Program Files directory 10 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49b5a95d6794e15745fb356f6ae713d0a5f9c2116fe4eac3b9d2b7d3bb4ba1d9N.exe
    "C:\Users\Admin\AppData\Local\Temp\49b5a95d6794e15745fb356f6ae713d0a5f9c2116fe4eac3b9d2b7d3bb4ba1d9N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1868
    • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
      c:\users\admin\appdata\local\temp\\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2200
      • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
        c:\users\admin\appdata\local\temp\\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1652
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 272
          4⤵
          • Loads dropped DLL
          • Program crash
          PID:1248
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2016
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2720
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3028
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:537606 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e699d5e94d3a191e83854a4a57aff988

    SHA1

    a95a3c17362c3a0f1a8c7f2cea46ffc35b4d49a2

    SHA256

    ef5c6ae4b7282e30ff37471a33205af2fa555abdb6f9d5b214ae0c6ff4b5bb5a

    SHA512

    cbef3b4964e51a8afeaf26897c23bf561e49c2117ac07b2bc6b64862446ac69da4f9a0e1ac2185f21929e7fa313ad39419707a99d920572960356138c9da491f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3f66bf5fe0ed001390ed1669252dbe6a

    SHA1

    5f540632bb26c951ff6db1c0899fe54d94af51cf

    SHA256

    aa926867ee9d69c161a599c5d9bfe1b979c940b057764052ebb8ef0e4f370723

    SHA512

    534821bfa63235249a140feca1cfb79925c80a23f4ee23e9c1b9442a470a913ef92bf82a791375636ec491b2e16a49904f044f856efdc5a2486bd92d77ccb85e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    144e39ab4fb6fe2eeff76a39f1978156

    SHA1

    bb37ca3221fe7f7f5a1fa3b88452df153f43c1e1

    SHA256

    9b286a6073aeadf6a1f6ea72322dd82be71cf341925fe0df72b84f0fdbea09fd

    SHA512

    4c9c4a662eb12c096077aa68aeb69b161d51df29907313f1173c326f98866410f9c129080dbd2a5690552d7c2b29f8a1edb39d769131847782f5e0c1c84d43bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    adbd8cfad64c4b0ed187a320c2ee791c

    SHA1

    6bd4b7a84eadcb74dfd1da199a339e9c24828c8e

    SHA256

    571f1227dabff242e32e700b390a6c32c3585013c3b29aff9c95a4ee551d8c67

    SHA512

    e83c33b4dc392e62c90109277a29d7491f6b925ae5f84d46339cfe5d051f975279abd5b08286a8c453821d958b26a47989912c9e90fda2f342fd3e0f496e5229

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1e847d0955d402e0092d3718e2eb419b

    SHA1

    d5f937eb7898be4f8993071de31eb9d55a019ba8

    SHA256

    501ab426125065d67b0a8125461e286dba1ed7dac9c20e6a43f21e0c81c905c0

    SHA512

    37531a487ecb829958887f70478afe2bc63ff687fc182aaa4d8b7219cf7d36626aa918f3180104c6d40bd08a907947012642ac950c1720954dafd72019b38676

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c7ddba85f4b0a4c579549f16daa2fd45

    SHA1

    e8a18be4fd3f5a6a6aed6ebd4cac6ad049b1713b

    SHA256

    6ae4cc8f4d2053518af67466f8898963886436b8332b953cb1e6eae9061f9a97

    SHA512

    a847567d3fd362ddf75fa593f11360e4f42f2dc05fe3d929ee2c15e333a01985a449bba30eb52e077d7e6b1a9818a721e6eecb8be824be39c676bcf1466c046e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    26e47a30a01001b7955e5b0d0a233633

    SHA1

    0f29397e01e18e59c3fd84a6878506486185fe92

    SHA256

    deff90cd46472fc05902c180c5909dc7a4a43144546b157c2277a13d00f8a8b0

    SHA512

    e3f554ca699564cd7a0a0195a3e36364e5c60c7f06b71fba8f0a4ac46e149707ca4f54a1a4718e640744268d5569a8c5ea4ba52bbda64e597ad4d2778accfd6c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4b98bd9e64222e21557fc81e93e9c651

    SHA1

    54b7bccf736cac381a30fd38894ac87173e862e5

    SHA256

    c058f8c0dca72550b0859115937fce6388b111b2c7dfc05709ca4c22c0021241

    SHA512

    1f19e3aa5d7571f5cf0d2a3e47ffbeab1915440344308e0cc9aed17939722d3f936f09312bab7462a16f0b2aade82395f794667cc0ea6fb9c0b6bd7d0d2f1a4b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a0c528677ea8ca49af8584279e242854

    SHA1

    f336a7cc23f58bea1f1a4885caf8a4d3f2f82cbb

    SHA256

    0bce3b14a16f090f937d4169997b751bb15cabe1c4b1ddd79f5a183f83b88e3c

    SHA512

    5df671040d02b618cebfe7a0f7811fa8412ca53f6e9e2d257324dc0f2b9b4d66619e8df2336458157355ec851a47ee1284bf7c4122677e3ddf109b032f8e401f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    88b64a419740f39bd31ac5281601e4ff

    SHA1

    e636357638e504baa7b3e8b69645c7f75de47a9a

    SHA256

    cb331019861ff77d205e80ad6be78a044e02122b3d68d0afa1bed649149dd6e8

    SHA512

    918a91ed4fa4c87c1eaa4d257b2778235fb0a2493910787852bfa2cce9d2e2c0a8b8b822994a3c774c1303faa4b7d1629b2b338ed7b458d950dc41419d5d6f6e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7be67d3d793300302822dfd4d614f8b5

    SHA1

    5546941f1f6317640c0ce8e991f59d6fbcf731e2

    SHA256

    8d133b7801627043f7eeae4b3929e0a0da43f80f01ccfd163bf212001023f12c

    SHA512

    b4c913c65829444cdd62cc0f47f64f176fe925a87253f865768a20e9fb59c222bcec552209ca781ba8981011c35e871606b1766ddf997738c6e6b0e9d55a858f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a8ba41b884acc73207154b8405f72ccc

    SHA1

    9bb801ff5624eae385d98cfa40f9dd41cb63a7c0

    SHA256

    5bf03e4d7c89317d3f4fb24d6b1ad8742fc53273e35c8f6f2f056aec9ea9a86b

    SHA512

    12e6141564f4b829934abca0b33a7934f99718950f2e9738dab7f37bd8d4c07e90702f03fbda8ee955a776b54cba2640b60d174830eefd9e421a9a9845e86cc2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    212abf52fe1abf8b936e6f824a3077ef

    SHA1

    8cf89cac85d5c546d8127940c37cf097171e87cc

    SHA256

    5c3c2b1f6075d80f80361b15e16c9ed07112173538954749318ecd6b0edb0eec

    SHA512

    e128399a34ceb7dc7d3bae1ace3623fb553ae4c904510abf1dc5646845918f1fe0ed3e1efc4f28757a12cae867b4f5f2840f93bc551e770cad62abd56db8e471

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    658691f73be4d39faa17a70e026d18ed

    SHA1

    7736990564c88c48bcb463a62dc1ae6a682b90a5

    SHA256

    38059a29ee67071e54f7274ac06b152f1bc3c185058a12c45f4c4be5da8f4a04

    SHA512

    5eaa9dbac9b9cd84965fbdbc8ad1757eb148ba822d3b5e12b3b4e0dc1839640ae933200dab31174043d524708d405594c4979f1437961bc3b09f51a8f8b54383

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b4d531a0f0a0a9e9c2520e70001740b2

    SHA1

    e1778ec04c2a675ea6f7848351372d2e3b2337f1

    SHA256

    3e7a20a0f8d2d9208080ba789958c8b255357acdf11d153b807dab809cf30747

    SHA512

    78cb6b04afccce9d7793673a96e5a6cce5b7a552ddb8d8216fef5d83a9685c0e3786ffc44d19b09aa785d5494782da426d0261f0efeadf86814e895e160445a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cf089c3ae21e934bc9db7e3018502159

    SHA1

    aa95367914ea5206b0290f30804b9e8bb0b5784f

    SHA256

    2585a3ab680b03e824c5544906ecc5cd1090ba2bb7e7a1c6104f91ad949929cd

    SHA512

    5ff42b5a8d16738a68b5e2804eddb8a20982af5f0aff7cfc0ff4c37f482372bd11fff7ee08571bca07db220a6135421e6685289d5df95a72f7c847a6173af792

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    75d0cec6fa0ad974704ee2e8a447e641

    SHA1

    cb7dfa6fbeb7c928a179bfd10abc129218fc562f

    SHA256

    30253e763449929bb85dc32d352bedbbf1ab6fdf9a68c48f2b1c229b8b8163af

    SHA512

    4dc55526a560da87df04f1801ff0ef8336a2bc29dbde3113d3c0ad404eefe36d60c33f17e285bf10e6a134b58b902fe343f30cb4efcbf8fdf938118094a7735a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    67af962e138fe028d5c73c05c656b5bf

    SHA1

    ab0d90d09d9577dc5b4067736a7381ecc633a9bf

    SHA256

    4c8e15031d670362d9bf78aa99122ad8fbf4acf4d298c65cce6cddfd99f16976

    SHA512

    a73bffc8b9a13b95e7d73863506aeb06153755eca52fe1e398e697599cf519d824fae1f59855664d81074c8821cb2e5d6926d4214abfa1e6bb387b44e0ac4a3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee723000a0e259d0731d8580bff3a673

    SHA1

    3cdf6f6b58abb987cbb2f2af0fd439ccc7eb4589

    SHA256

    d9d56ac4e3cd4a2e9b76ae86f3caac73133ae1eaac89d69e298936f1fcbffa35

    SHA512

    c7c59cb7c24674821a9988f3774526ffdbefaf70598ad801990d05f4d280eab0a589d95e2429c8f66bcfaf5e49cda16ca4abe3272344954a2184db934eb4a189

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e73917c0b8791d4ee534aef0467ad964

    SHA1

    9bb11b65617d05b492c29fe166806acf49850b1c

    SHA256

    bbb5870479326bc096b29f3bb24438d57f63010260fc3c34a80964aceda421e9

    SHA512

    8c69774b435e6d05fa5ee3cac4a65926021d186f0e0bcb87e740070275ba6a8187e6a55e736d5a8735e6b0b87f70085616647bf7d1f99fe76bce5006410f89e5

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01LB6K3J\bkSlltbjV[1].js

    Filesize

    34KB

    MD5

    ce07affa04803b8889da4add31fd43dc

    SHA1

    0fb5a8fcee96a30571493eab29d0e2a6555a16ff

    SHA256

    8c1495c44aec0fa67b5ea6caf921a72de269aff5387ae21fc97e22f94f4f7f3f

    SHA512

    f79974074d4f5f991d2acb486189d8c8668dc854c40dc586836359fc20d38c66d0f98303962c072e119a4ca0daf1156cb8ff476c9b3cebf785f37ae73b88567f

  • C:\Users\Admin\AppData\Local\Temp\Cab602C.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar608D.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe

    Filesize

    3.3MB

    MD5

    444f79a0afb562b59d0a340357717397

    SHA1

    66e504d673b92cb3291c5469f86130662cb03ba5

    SHA256

    eb5bcd420b8d8db8e852cac02771bf9c85532b5dcaef03b20eaebf4cfe472fda

    SHA512

    391def8cf6a6821ff1686962d4a6797993e70788ef280a0ce8d75e4531494f8bd2fbcc60921da5e4c439934cfd4136476d0fd5eb853e4f74a7a19aa5393dfd7e

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OXCE5RZ5.txt

    Filesize

    107B

    MD5

    c6725fdf848513905aecca254ae9c9e4

    SHA1

    d0f823395cf192ba63c2cd7a4d75b991a62f50e6

    SHA256

    de3f3c555733da57c252c6f72dffe0cc06536bf118144a6efdc5dbf19241cb38

    SHA512

    f65650c904981bc0f706083735cff5aace38ca0c43090410380786ccb55bdff047dc3a2336a1e148fb2f49283e96525d64fcae43d68291f6ebd99868fb2616dc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QA6KMSXO.txt

    Filesize

    123B

    MD5

    9cb045e7cec67f4fa8119b9816170e4f

    SHA1

    14a132bfdcc777a988cea1c7d00c4d6a31db56b0

    SHA256

    49afe12c7bb4c7eb54e5651e77c118974e7f5ebb2a3bc6571bdd01e8db51208f

    SHA512

    1a7b5927ed38aac2596da9ceb0ef237544253874a6b20c235a209f36b0d71200b3fef476ff2ef46b5ab90a922a283468f2c2d4e46953c1d0b8a5c5a4d13825b8

  • \??\c:\program files (x86)\microsoft office\office14\bcssync.exe

    Filesize

    3.3MB

    MD5

    93b4be302cb18a7513b72309fa37ca98

    SHA1

    ccfeffe9bb8b12abf68827c46a14da6ae14e4aa7

    SHA256

    607f0646370b167938f7381665f44c4840c499c47c157cf86536bebfa7e43644

    SHA512

    fe7e1bece2818238a24ca7fe375db6b065775f838d9de58d2a7e1bc1bed4d5e40746c9896d8de21eda5c864e3f1a7d45ad1a1f6cdd8525de76187c6a206de1f4

  • \Program Files (x86)\Internet Explorer\wmpscfgs.exe

    Filesize

    3.3MB

    MD5

    efe6c111110cdd4ed1eb18af4ef09481

    SHA1

    d49d0c2a690c76f07c1fcfa1237e9ce59e1089c7

    SHA256

    68243cb7c1e9f51c89dc59850dba601c0d39220441e5b6c7a76e05dfde5264c4

    SHA512

    8efee3e5a80ea8156ff0b583beab922ed14b0cc26d0fe8495f7d684bb19b9359a7db3a6b7843d2f40482abb577b427c8a001a55b4c1eba76873bf6830d993619

  • memory/1652-98-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/1868-0-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/1868-25-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

    Filesize

    3.8MB

  • memory/1868-26-0x0000000005030000-0x00000000059EB000-memory.dmp

    Filesize

    9.7MB

  • memory/1868-27-0x0000000005030000-0x00000000059EB000-memory.dmp

    Filesize

    9.7MB

  • memory/1868-28-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/1868-2-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

  • memory/1868-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

    Filesize

    3.8MB

  • memory/2016-73-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-543-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-542-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-63-0x0000000004AE0000-0x000000000549B000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-527-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-529-0x0000000004AE0000-0x000000000549B000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-1002-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-530-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-78-0x00000000028E0000-0x00000000028E2000-memory.dmp

    Filesize

    8KB

  • memory/2200-987-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-40-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-65-0x0000000004AE0000-0x000000000549B000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-545-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-546-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-986-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-56-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-29-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2200-33-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

  • memory/2200-39-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2720-531-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2720-42-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2720-41-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2720-50-0x0000000000EC0000-0x0000000000EC2000-memory.dmp

    Filesize

    8KB

  • memory/2720-30-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2720-57-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2720-537-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB

  • memory/2720-528-0x0000000000400000-0x0000000000DBB000-memory.dmp

    Filesize

    9.7MB