Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/01/2025, 11:40

General

  • Target

    $PLUGINSDIR/iwintoolbarinst.exe

  • Size

    1.3MB

  • MD5

    812c78e2353600e2d02428f8ca340b2c

  • SHA1

    94e477d80f9f3e48acb92ee4f1362315b45be8f9

  • SHA256

    e9fe09ce34aa626fae85aa4f39d595fdcdbe0904cb2cf152cbc74d543aa8d0ea

  • SHA512

    a2aa3082b86a41193bbdff8d27560817640e49454d35856ffa790ee37e1d9136af43e5be8444f6eb0d96f818377dc082fd435e783a998c59a27af78c3a7041cc

  • SSDEEP

    24576:bk9MoABRFXCwW4HtDBx0TPOFevdoXIOAPAdUhD5xMHjnxbYtwXghDQ:bkrABRNCwVHeTPiTX00UBLMHbxywwh0

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 12 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\iwintoolbarinst.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\iwintoolbarinst.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Users\Admin\AppData\Local\Temp\GLBBDE1.tmp
      C:\Users\Admin\AppData\Local\Temp\GLBBDE1.tmp 4736 C:\Users\Admin\AppData\Local\Temp\$PLUGI~1\IWINTO~2.EXE
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1648
      • C:\PROGRA~1\INTERN~1\iexplore.exe
        "C:\PROGRA~1\INTERN~1\iexplore.exe" http://iWin.OurToolbar.com/SetupFinish
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:384
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:384 CREDAT:17410 /prefetch:2
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:472
          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=80240
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:2804
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=80240
              6⤵
              • Enumerates system info in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2740
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95a2a46f8,0x7ff95a2a4708,0x7ff95a2a4718
                7⤵
                  PID:1756
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16295645270528732014,8450069065203313113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
                  7⤵
                    PID:1792
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,16295645270528732014,8450069065203313113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
                    7⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1328
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,16295645270528732014,8450069065203313113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
                    7⤵
                      PID:3772
        • C:\Windows\System32\CompPkgSrv.exe
          C:\Windows\System32\CompPkgSrv.exe -Embedding
          1⤵
            PID:732
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:432

            Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\PROGRA~2\iWin\IWINTO~1.EXE

                    Filesize

                    37KB

                    MD5

                    75568ac665c46fcbcb1516b0ee4c88f8

                    SHA1

                    347174b695105f1d64321dafc3497bf1ad4cd4e6

                    SHA256

                    693bd052006f539de10122c189642d9d2ee959d622f48c583852ce86b689f370

                    SHA512

                    ca77f8eeebc1feed53c93ad6502dd8934d0b15b570baa6df9a2eb0d7797d7416f5a3666b2be8eddae4e8c0af210ce5f57701d22dd93085bcce998831160ad1b6

                  • C:\PROGRA~2\iWin\UNWISE.EXE

                    Filesize

                    149KB

                    MD5

                    973567b98cdfc147df4e60471d9df072

                    SHA1

                    3c4735750c99c63e6861170a8c459a608594211e

                    SHA256

                    69b9dd6160524e0eb44905224f5b1747dfce43243c00c11c87f5c2ec55102876

                    SHA512

                    e891e3a413691eddd895a31293117aec8d151ecf18f84d3aa73bc1c4eb95582df1dfe04d51b7011eb55b5e754e2240de4c6269f9547f3cab3519985da1e07294

                  • C:\PROGRA~2\iWin\toolbar.cfg

                    Filesize

                    16B

                    MD5

                    db5e44981103b391040809f6e80886f5

                    SHA1

                    599d026c862449e4be99efaf0d7184558ed52157

                    SHA256

                    469fa324e20c314515f4b036bce0e4ad7eb2a5efb69d0cd30b2434a8a742a5c9

                    SHA512

                    e758bd98a29f7800425a96ab64bc1959b92f4144937bfa49b47e5382ee2324adbd8e2ae7e91ac53e2827afe3dad6f6e06b33a3eb907b7f706cf95a877dd78a8b

                  • C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll

                    Filesize

                    458KB

                    MD5

                    73f03e72aee5a85545befa0dc7a90f82

                    SHA1

                    60fac1a13b251193c01a1e17137d27edff6e7c15

                    SHA256

                    3cfcdbf44c3332c3b47b48de28c721da09f910977c771f30216551ce5982d5fd

                    SHA512

                    dd489d7b57fca25707b8577d86958414ad343e8937a92624c03c0f51a920d749fddae146274da5f698cd00ae74abe56b15f71be54d353dfbbb4151fd9130fc1f

                  • C:\Program Files (x86)\iWin\tbiWin.dll

                    Filesize

                    1.7MB

                    MD5

                    23ae0fe0e1c5e8e9e4bfc64563db9027

                    SHA1

                    7b15b45aea509952495f03be35706d1169968fd8

                    SHA256

                    10a757922df3e3fc104538ae76fa388c3696a63f220e2c72458b85ac4a16e135

                    SHA512

                    2f32eb91285cdfda24844926d07e66c73c6fa07037bf9b27c2fdb0bf93c2b37403a89d59210e4b03f86c022de324f00d29c631afc08d7477203bedaf1db8264c

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

                    Filesize

                    471B

                    MD5

                    0ada2095c461df5a751955aa41dd491e

                    SHA1

                    8366c54b31e1ddc8016aa22aab8c83f73c690810

                    SHA256

                    80cd542688ed3a45669b53243c3f4922d6eb21a34d8dfeebc6c101484d3bac09

                    SHA512

                    135991affe343d4358bb15a693effa7a6813d6715e555729d2aa04a98555e13fded55d3100a41a92a5beb57c68fbdacb199a3e66407944e37880b28d42d79e7c

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                    Filesize

                    471B

                    MD5

                    a8b8e97f35e913d8380de208cbae2610

                    SHA1

                    1ad6c0148e1a302dee28f8171835bc2e9ac81f09

                    SHA256

                    11851918cc117f9802eb386e3f018460eb49861af54c5797287bca248675bc92

                    SHA512

                    cb995c892dc668e7b8427f99e3a054218a834fd030eec1660b96a5b12c5518b1dfd8370eea5e7bf09a9dd93caf3b6fc23f6c07269071cab13ba121710f6e5f9b

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

                    Filesize

                    404B

                    MD5

                    dba378d67b0b1309c2118ce68be6895f

                    SHA1

                    2afcbe6be074a946042638cb086938cd2394bae8

                    SHA256

                    d12f835f28ebab55c598f2ff3526a239ec2a5bb37664a07c3b4d3567ba2b8e66

                    SHA512

                    c347bc9a6988fdb6b45bb8e1715669ba905b313c896168795a4855e3f2d12a26c95a38d268927e797728fc309e6c43e24f91514e552cbd618f70d75aa047a054

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

                    Filesize

                    412B

                    MD5

                    c3dc3c9841c098445f32117c0513ba06

                    SHA1

                    1d6b9ee29a87d7392ab26d886809c0cd7a4eb5d0

                    SHA256

                    b505abf9699df707538aa40d0a8370dfa7845ce8ea75e3262d1dafe900bf8a27

                    SHA512

                    e8bac5368227d41162a6a85992f1754b66c44de682f2eb475d4d93ef73401c5e82dc132f97c9e6f4821c05a2e750c49edc9bc40ac1d0a6bd7e9477befcfc45b1

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                    Filesize

                    152B

                    MD5

                    37f660dd4b6ddf23bc37f5c823d1c33a

                    SHA1

                    1c35538aa307a3e09d15519df6ace99674ae428b

                    SHA256

                    4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

                    SHA512

                    807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    5KB

                    MD5

                    a02f12e01162ce60af36c1f6981ca006

                    SHA1

                    367210dddb0f51377e0fd51be5ee055bd1f5d243

                    SHA256

                    ceffed2ab7690e5e4cfe68c234c9d66ce6d35b156161197f998966258b75261d

                    SHA512

                    89b5f2aacd4b81cdea5833876d7fbaca0d7ea059af68f67bec99c60d51bf9a6ff5fc36598f92e25d037a785f1a4ce6406f8c393a6156a22f00e80e74eb350abd

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    5KB

                    MD5

                    b2826e2857fe1e404bae12c545c0dd98

                    SHA1

                    1c1348f495510e56f5429880774eedcd7331a36d

                    SHA256

                    e08a043a87a49b52382cb7e105d11bedb31e3135a0f5a1135b0190f1f360a797

                    SHA512

                    cbd22930370bb7ac0228a16b6d80a1a942dce6d51a68f2d0f48683965835ca29f09d790abb87ba9b4f9b94af2eb2589f078d1cc6c1c4862d6c9ec7d73cba5ce2

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                    Filesize

                    5KB

                    MD5

                    648d1c41ae7ea5b21bfbe9f639cecfef

                    SHA1

                    ec61d7bc8108177d37a1e35b5a022da175900b4a

                    SHA256

                    a50dd3950bbdf8592b3e56b71c3e1b426443fac5323f9b3d77eb750f707bc1ef

                    SHA512

                    139ac4b1e43eb1835c5045a1fad6bd30465073e5f3e24845ecaf58d327151ec5aaa5f70b8994ba9dc512a4e28a712a9b11603340283a2be5f283ec002078111b

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                    Filesize

                    10KB

                    MD5

                    4f9ec74dee46efcc286cd025df6e04ed

                    SHA1

                    889930b72862f5d94f08a26c06696d5da1f1e81b

                    SHA256

                    f97bf6fbb9eb5a213d10df10862a57d83547ee1d9fb923a237eea9c765fa36ab

                    SHA512

                    c268ba261fd3bf11558eee7d6357efc279947ac5c093e3af3eda0d5427438d6e6ce50a5083f724899f759f193a30b6143b34744ac2f2d61c2ddfb398a4e25b1c

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\EFY08QA2\v1[1].xml

                    Filesize

                    742KB

                    MD5

                    25a40f949855471562a1a9e465cfed7c

                    SHA1

                    c3a563c56fb8323e6c2ee7fa417c45d8384a4156

                    SHA256

                    075f1f4ec57dcfdbb2f1b60ffbf9efe0286216c43d0a65f82eae86af66b36127

                    SHA512

                    e5b4ed8df62488e7bb9ccb77f1daac251f65cd3251257ab94094df1316fa50a96901b32e7e76e47a4616d763ae54d7134f5d29f030ee7d2399bbe728498fedd4

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G94T3PNL\suggestions[1].en-US

                    Filesize

                    17KB

                    MD5

                    5a34cb996293fde2cb7a4ac89587393a

                    SHA1

                    3c96c993500690d1a77873cd62bc639b3a10653f

                    SHA256

                    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                    SHA512

                    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                  • C:\Users\Admin\AppData\Local\Temp\GLBBDE1.tmp

                    Filesize

                    70KB

                    MD5

                    129809893b55085066d87b46f26c995a

                    SHA1

                    929a1826a14df6b51afa30827e6e0be812750524

                    SHA256

                    bf24083f39506d92458d4d1c3d3edf0f6fd76bc2e88f17b99d64d5f9e3da8c37

                    SHA512

                    69175e301e84cd57d19dc14386e0064372e4f62e46afe0b62cf6dfb7706d9e93fcc161b043ea6e83fc288e48f3761ad2dc8a4db21d64ea0a4d227dae4a2384a1

                  • C:\Users\Admin\AppData\Local\Temp\GLCBEDB.tmp

                    Filesize

                    161KB

                    MD5

                    8c97d8bb1470c6498e47b12c5a03ce39

                    SHA1

                    15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

                    SHA256

                    a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

                    SHA512

                    7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

                  • memory/384-88-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-101-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-75-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-74-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-73-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-71-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-65-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-64-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-63-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-62-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-61-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-81-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-92-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-91-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-60-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-57-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-97-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-98-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-94-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-99-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-100-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-79-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-106-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-116-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-118-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-121-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-119-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-117-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-86-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-115-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-87-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-85-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-82-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-77-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-168-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-172-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-76-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-69-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-66-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-67-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-68-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/384-58-0x00007FF96A320000-0x00007FF96A38E000-memory.dmp

                    Filesize

                    440KB

                  • memory/1648-37-0x00000000042C0000-0x0000000004475000-memory.dmp

                    Filesize

                    1.7MB

                  • memory/1648-48-0x00000000042C0000-0x0000000004337000-memory.dmp

                    Filesize

                    476KB