Analysis

  • max time kernel
    96s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2024 00:27

General

  • Target

    f95bef472a4a27173950a59fbadfe3caf2afcbd27d52afa9503e415a1fb62c75.exe

  • Size

    309KB

  • MD5

    f52e000589991b8a11914d597abb6969

  • SHA1

    0a6434db4292e030fa0497b0e790a49760a99639

  • SHA256

    f95bef472a4a27173950a59fbadfe3caf2afcbd27d52afa9503e415a1fb62c75

  • SHA512

    f81f88e297d4d42b5059900b1712654bf7b300b9cb251edd69ec4e523b6c8c910ad28ca3a70698c6cff97536f1c6aa78d255b0a913695b312fa18050fb278f9a

  • SSDEEP

    6144:l/YWZdWgUY3wyzuRpw9IngBg4tNQp30m3s:l/YiWgNPJBgQNQp30t

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Modifies firewall policy service 3 TTPs 3 IoCs
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

  • Sality family
  • UAC bypass 3 TTPs 1 IoCs
  • Windows security bypass 2 TTPs 6 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Windows security modification 2 TTPs 7 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 18 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs
  • System policy modification 1 TTPs 1 IoCs

Processes

  • C:\Windows\system32\fontdrvhost.exe
    "fontdrvhost.exe"
    1⤵
      PID:788
    • C:\Windows\system32\fontdrvhost.exe
      "fontdrvhost.exe"
      1⤵
        PID:796
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        1⤵
          PID:332
        • C:\Windows\system32\sihost.exe
          sihost.exe
          1⤵
            PID:2556
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
            1⤵
              PID:2572
            • C:\Windows\system32\taskhostw.exe
              taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
              1⤵
                PID:2668
              • C:\Windows\Explorer.EXE
                C:\Windows\Explorer.EXE
                1⤵
                  PID:3380
                  • C:\Users\Admin\AppData\Local\Temp\f95bef472a4a27173950a59fbadfe3caf2afcbd27d52afa9503e415a1fb62c75.exe
                    "C:\Users\Admin\AppData\Local\Temp\f95bef472a4a27173950a59fbadfe3caf2afcbd27d52afa9503e415a1fb62c75.exe"
                    2⤵
                    • Modifies firewall policy service
                    • UAC bypass
                    • Windows security bypass
                    • Windows security modification
                    • Checks whether UAC is enabled
                    • Enumerates connected drives
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of SetWindowsHookEx
                    • Suspicious use of WriteProcessMemory
                    • System policy modification
                    PID:4068
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c \DelUS.bat
                      3⤵
                      • System Location Discovery: System Language Discovery
                      PID:3948
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                  1⤵
                    PID:3548
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                    1⤵
                      PID:3756
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3856
                      • C:\Windows\System32\RuntimeBroker.exe
                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                        1⤵
                          PID:3916
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:4008
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            1⤵
                              PID:3544
                            • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                              "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                              1⤵
                                PID:2248
                              • C:\Windows\System32\RuntimeBroker.exe
                                C:\Windows\System32\RuntimeBroker.exe -Embedding
                                1⤵
                                  PID:4452
                                • C:\Windows\system32\rundll32.exe
                                  "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
                                  1⤵
                                    PID:4912
                                  • C:\Windows\System32\svchost.exe
                                    C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                    1⤵
                                      PID:4152
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                      • Enumerates system info in registry
                                      • Modifies Internet Explorer settings
                                      • Modifies registry class
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SetWindowsHookEx
                                      PID:4608
                                    • C:\Windows\system32\rundll32.exe
                                      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
                                      1⤵
                                        PID:4764

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\DelUS.bat

                                        Filesize

                                        1023B

                                        MD5

                                        1f47de0bd9d75bc04e02e4d837561574

                                        SHA1

                                        e5f40cdb89060a3087454142d34f1200f8ea875f

                                        SHA256

                                        d089b0e31f98b2a85e735594b20cf9ceb118276ec643a4d4872900596cdcb48d

                                        SHA512

                                        c4b0baab74a3f97b99dfccaa65ed327dd3bdd8a5cd6527794390fc26ac68eb66f26c3f343dec19f0c37e76bd3fd262242b7b5bc5c3aee900757ddbfa002591d4

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\QDMNYOLV\microsoft.windows[1].xml

                                        Filesize

                                        97B

                                        MD5

                                        fc48b051a8bb06a5a811cf9ecc569631

                                        SHA1

                                        3d49fcd726bb55b75dd431028899f1e1813a9c62

                                        SHA256

                                        0bb6134632dc9bf1dd672bd7aa5871a314203d081e51bdb1e42030ddd0e3657b

                                        SHA512

                                        59bf96e91084978f4c8d72b4fcc0f342eb4fe74afc21e745e30bae740a1e149cce411ce08788fdd649be43219c7b4044129b85a9d76929e66ba3165f7c4ae113

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{2F519BF2-C697-59F8-8F6A-1E19509CE66B}

                                        Filesize

                                        36KB

                                        MD5

                                        8aaad0f4eb7d3c65f81c6e6b496ba889

                                        SHA1

                                        231237a501b9433c292991e4ec200b25c1589050

                                        SHA256

                                        813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

                                        SHA512

                                        1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Shell_RunDialog

                                        Filesize

                                        36KB

                                        MD5

                                        bad093419be1135cfe9694ea77088c78

                                        SHA1

                                        76204c7ca72cf666add9c9931389d635c82e8af0

                                        SHA256

                                        136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c

                                        SHA512

                                        3b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_services_msc

                                        Filesize

                                        36KB

                                        MD5

                                        5e2da008f38c7ad813d9fe8e669dddd6

                                        SHA1

                                        3f4ed852167cfb251cce13be4906a0cbea58f021

                                        SHA256

                                        0cf904a532ac487f6b4c080fd01406529ad26ae559128b0aff170f389c278c28

                                        SHA512

                                        8d295af13fa38384923e0db043ef7196ae3cdddc9dc1e765217494461c6c6f24704eb984985c45159cae06e81ca857c4f406b1ec80bc9c8fbccad535a1f77d72

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{06ef8322-e48f-438a-9b86-2768ae3b3488}\0.0.filtertrie.intermediate.txt

                                        Filesize

                                        28KB

                                        MD5

                                        ab6db363a3fc9e4af2864079fd88032d

                                        SHA1

                                        aa52099313fd6290cd6e57d37551d63cd96dbe45

                                        SHA256

                                        373bb433c2908af2e3de58ede2087642814564560d007e61748cdb48d4e9da3f

                                        SHA512

                                        d3d13d17df96705d0de119ad0f8380bfe6b7bc44c618e2fcd0233061a0ab15beae44d38c48a880121b35f90f56c1529e5f4cf1a19acb9e2cbba5d1c402c749c0

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{06ef8322-e48f-438a-9b86-2768ae3b3488}\0.1.filtertrie.intermediate.txt

                                        Filesize

                                        5B

                                        MD5

                                        34bd1dfb9f72cf4f86e6df6da0a9e49a

                                        SHA1

                                        5f96d66f33c81c0b10df2128d3860e3cb7e89563

                                        SHA256

                                        8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

                                        SHA512

                                        e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{06ef8322-e48f-438a-9b86-2768ae3b3488}\0.2.filtertrie.intermediate.txt

                                        Filesize

                                        5B

                                        MD5

                                        c204e9faaf8565ad333828beff2d786e

                                        SHA1

                                        7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

                                        SHA256

                                        d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

                                        SHA512

                                        e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{06ef8322-e48f-438a-9b86-2768ae3b3488}\Apps.ft

                                        Filesize

                                        38KB

                                        MD5

                                        84ac0c242b77b8fc326db0a5926b089e

                                        SHA1

                                        cc6b367ae8eb38561de01813b7d542067fb2318f

                                        SHA256

                                        b1557167a6df424f8b28aabd31d1b7e8a469dd50d2ae4cbbd43afd8f9c62cf92

                                        SHA512

                                        8f63084bd5a270b7b05e80454d26127b69bcb98ec93d9fad58d77203934f46b677a3aaf20f29e73dcd7035deb61f4c0aa3b10acbc4c0fc210632c1d74f705d2f

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{06ef8322-e48f-438a-9b86-2768ae3b3488}\Apps.index

                                        Filesize

                                        1.0MB

                                        MD5

                                        f4514c93191e0efc0f61036e4ebb341a

                                        SHA1

                                        c80478e9a734790c18584f67a43518aa4a7dcf58

                                        SHA256

                                        43da4fa5f62affe399ceaac2d489b7cde610963a48e72d445bebe6f2c63a3600

                                        SHA512

                                        8aecb3491767e040a52f351908004db2c8f2f083397744585c2832212ec8aa288d3492be941a48b04774e16b43672ab167209776cbdef6692fef684fc54666a6

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{093f4feb-5a44-4226-a727-2162e41db9c5}\apps.csg

                                        Filesize

                                        444B

                                        MD5

                                        5475132f1c603298967f332dc9ffb864

                                        SHA1

                                        4749174f29f34c7d75979c25f31d79774a49ea46

                                        SHA256

                                        0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd

                                        SHA512

                                        54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{093f4feb-5a44-4226-a727-2162e41db9c5}\apps.schema

                                        Filesize

                                        150B

                                        MD5

                                        1659677c45c49a78f33551da43494005

                                        SHA1

                                        ae588ef3c9ea7839be032ab4323e04bc260d9387

                                        SHA256

                                        5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb

                                        SHA512

                                        740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{093f4feb-5a44-4226-a727-2162e41db9c5}\appsconversions.txt

                                        Filesize

                                        1.4MB

                                        MD5

                                        2bef0e21ceb249ffb5f123c1e5bd0292

                                        SHA1

                                        86877a464a0739114e45242b9d427e368ebcc02c

                                        SHA256

                                        8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307

                                        SHA512

                                        f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{093f4feb-5a44-4226-a727-2162e41db9c5}\appsglobals.txt

                                        Filesize

                                        343KB

                                        MD5

                                        931b27b3ec2c5e9f29439fba87ec0dc9

                                        SHA1

                                        dd5e78f004c55bbebcd1d66786efc5ca4575c9b4

                                        SHA256

                                        541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e

                                        SHA512

                                        4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{093f4feb-5a44-4226-a727-2162e41db9c5}\appssynonyms.txt

                                        Filesize

                                        237KB

                                        MD5

                                        06a69ad411292eca66697dc17898e653

                                        SHA1

                                        fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d

                                        SHA256

                                        2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1

                                        SHA512

                                        ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133790416667500822.txt

                                        Filesize

                                        73KB

                                        MD5

                                        4c036314f080c753345c8481caf9ae5f

                                        SHA1

                                        c90add2903b9de1bfac12a139e2551af8ec71745

                                        SHA256

                                        ca7a49706055df15b0d7f15795ca9846c18f76f20ce135c039f99096bf164b71

                                        SHA512

                                        2c42b710436c2153a935fdbee7399177deca03c9c877cff99ef2dfa237fc7da5cc0dfbd93129122b268f8eda79f34e41ea5f9c901e5dee35861a2c9dce09bc38

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ShellFeeds\IDX_CONTENT_TASKBARHEADLINES.json

                                        Filesize

                                        213KB

                                        MD5

                                        b8e59ba4b1a5081249df697962e09232

                                        SHA1

                                        7c0884d638fbfa3854a64bc14ab1d010a94a4a46

                                        SHA256

                                        888266cdcf860985e22bbcdd850920225dcad5ec7facd8301a8a642cd67a6282

                                        SHA512

                                        2b80148237ee0f1424fe6fc4f658789d3b9928e9b570889078d81be4f26acd048fbdd2f3beca296643c5bf149191cc892c45e0f4a0614151975e9570c101b0c1

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

                                        Filesize

                                        10KB

                                        MD5

                                        4f7508b1b995530d06834c4229ceed02

                                        SHA1

                                        a4754c495d099dbbd4d47a8f30eee59a0dac8470

                                        SHA256

                                        9f161ba3179bea839292ab287aa786ce50fc7976b00b92e02cd606053f256bf2

                                        SHA512

                                        54cf64bf3ffb2aeee0113ae383ff7f0c9f72d24bec7517a2da37177c413bbd7d70e5fbdf87b0b0dde78bec823a6e1bb3e055fbf705b278585c9b5561bdc52369

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

                                        Filesize

                                        10KB

                                        MD5

                                        9ff348b0bdfea42d3a02a4f700781183

                                        SHA1

                                        0e62176fe500f647e20ed8c3632bd977456468d9

                                        SHA256

                                        bab7a9cf0106cfee60709cba88ab451f2f05b9bf1b41b58eb100070ee191f7f1

                                        SHA512

                                        4c01c261dbd7a2fce9a002b42b45388a9728c8850af11f38ebca9f533c1d8c7897295e48a56bb189c1caa93d746d9abdbc2c59e9e2122f105fb60dfa500648de

                                      • memory/4068-17-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-7-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-31-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-50-0x0000000000400000-0x0000000000450000-memory.dmp

                                        Filesize

                                        320KB

                                      • memory/4068-40-0x0000000000B60000-0x0000000000B62000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/4068-51-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-26-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-3-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-5-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-25-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-24-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-22-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-23-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-8-0x0000000000B60000-0x0000000000B62000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/4068-9-0x0000000000B70000-0x0000000000B71000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/4068-4-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-0-0x0000000000400000-0x0000000000450000-memory.dmp

                                        Filesize

                                        320KB

                                      • memory/4068-18-0x0000000000B60000-0x0000000000B62000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/4068-19-0x0000000000B60000-0x0000000000B62000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/4068-28-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-20-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-21-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-16-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-15-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4068-6-0x0000000002440000-0x00000000034FA000-memory.dmp

                                        Filesize

                                        16.7MB

                                      • memory/4152-53-0x0000014DA2540000-0x0000014DA2550000-memory.dmp

                                        Filesize

                                        64KB

                                      • memory/4152-69-0x0000014DA2640000-0x0000014DA2650000-memory.dmp

                                        Filesize

                                        64KB