Analysis

  • max time kernel
    64s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2025, 14:49

General

  • Target

    Vikingers.ps1

  • Size

    55KB

  • MD5

    8f7cae39d5fd60d3cc926d94e45b839f

  • SHA1

    87c3bad45e79f6d89a6840d5580eab24674af89e

  • SHA256

    6a3efb96bf5c84d6adae4fa699aa64f266d3f258cc03619cb03500e46a014caf

  • SHA512

    03fe02e6c3d0f2072112c6037c592ec6472ed6d8a6d1826e30c1fc94ff27497452d9c6baed47d1115a6bf50d82847d845a6ca9bc7ab4d5b9a71eba6977e47211

  • SSDEEP

    1536:kLubTbY0XWNAKh8bXfJZMncznLSxT0puR4wEC:DWAK0R+hDRr

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 12 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Vikingers.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3536
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:692
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2652
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5156
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5664
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4104
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of SendNotifyMessage
    PID:3924
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4244
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3632
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5736
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3732
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:624
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:4616
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2732
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2760
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2428
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:6008
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5676
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5736
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3908
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2572
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5752
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5708
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4608
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:5652
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:3472
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1540
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:412
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:5044
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4680
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    PID:3120
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4080
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5192
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Boot or Logon Autostart Execution: Active Setup
    • Checks SCSI registry key(s)
    • Modifies registry class
    PID:2080
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:3408
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
        PID:6124

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

        Filesize

        471B

        MD5

        9438ca3e3a165181b043945f1dd694ef

        SHA1

        cabc9ef75f1aac438b826a9286639e11058b63ac

        SHA256

        56dd2a747defc9356eb4db73c4661205f08126b8fc12744b7388ae96a5a5858a

        SHA512

        aa86d8844c0bc0eca32350c989ed91731c89c22d8a90bf2ec043b61f0f18ac86dbf499450f591edb39fa3f51d5ceff16bbb2bde677f4375fd095f21547ce32df

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

        Filesize

        412B

        MD5

        8c4610d20094e3a2a939f87c31dc109e

        SHA1

        5e2b9088cdbd37fdd6cdb733cea28761bbfe33d8

        SHA256

        5738864f87c8501af8500c4beb41ff791957ac8d3f00ea73453a8dc0e909269c

        SHA512

        8b30ff9ad8dcba53c747ef9b2cc41698916450374614792131baf1e979c5a944f8f9b24ead712b2a015e389acccfcd216d9031930611a3f9c5e25e3382a70b7e

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres

        Filesize

        2KB

        MD5

        88743a0e0464eb8867b53bf7b9f15709

        SHA1

        99791ac8716234f73b65d3482e5e8dd36628dcaf

        SHA256

        6e45381c49cd103f162d9af6c51a5ea25f55c4ebfe27a4c61816c51cb39e8ebf

        SHA512

        c762f588d274722135932c7757ee29a937aa3d6ecc57ce036699cc078b4d2a8eea7afb1a07f6561a71ee55c50d3aca0feafe4959eb2f490f82ca4777eb417b02

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133848821989474763.txt

        Filesize

        75KB

        MD5

        310a513b12d3977255e52754a9054256

        SHA1

        a7fb4662cc5339c60b5fce6cc58aeaa04d0183f1

        SHA256

        c1deca12ad771e16fc1cf38a50a11346b97b11a979348e7781e356742d0d374d

        SHA512

        5564dfcb44093118299457cce52696ad8c79f38c13612eae0f366720b0822d9ae9dbd5c069fd2d1be724c645ee57b4bd0732da01cfcbab8c75387f7450168a42

      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\HQDQ62NL\microsoft.windows[1].xml

        Filesize

        97B

        MD5

        776938b51cc2c75d02233ab3d355aaf4

        SHA1

        0ecf5423dc20535d1a3b3431fc09850ddd4e51d3

        SHA256

        e31c2dbea08318e9ade7401a8363a77486d19e408ec8e4bf298dd5caff66beff

        SHA512

        5000b8c1e47442cc7acf633d2269cc541e2d7a2790c2b3991fd817d9dc824af171ecc0b7a4974bf2588f96714b11839fc54b689f0512c6993ac78caefa609830

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ibshzhjn.hwp.ps1

        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      • memory/412-1240-0x0000000004C30000-0x0000000004C31000-memory.dmp

        Filesize

        4KB

      • memory/624-340-0x000001722F800000-0x000001722F900000-memory.dmp

        Filesize

        1024KB

      • memory/624-341-0x000001722F800000-0x000001722F900000-memory.dmp

        Filesize

        1024KB

      • memory/624-342-0x000001722F800000-0x000001722F900000-memory.dmp

        Filesize

        1024KB

      • memory/624-345-0x0000017230870000-0x0000017230890000-memory.dmp

        Filesize

        128KB

      • memory/624-362-0x0000017230830000-0x0000017230850000-memory.dmp

        Filesize

        128KB

      • memory/624-377-0x0000017230C40000-0x0000017230C60000-memory.dmp

        Filesize

        128KB

      • memory/1540-1094-0x00000154E0570000-0x00000154E0590000-memory.dmp

        Filesize

        128KB

      • memory/1540-1112-0x00000154E0940000-0x00000154E0960000-memory.dmp

        Filesize

        128KB

      • memory/1540-1098-0x00000154E0530000-0x00000154E0550000-memory.dmp

        Filesize

        128KB

      • memory/2428-640-0x0000000004B90000-0x0000000004B91000-memory.dmp

        Filesize

        4KB

      • memory/2572-795-0x000001A3CC550000-0x000001A3CC650000-memory.dmp

        Filesize

        1024KB

      • memory/2572-813-0x000001A3CD470000-0x000001A3CD490000-memory.dmp

        Filesize

        128KB

      • memory/2572-830-0x000001A3CDA80000-0x000001A3CDAA0000-memory.dmp

        Filesize

        128KB

      • memory/2572-798-0x000001A3CD4B0000-0x000001A3CD4D0000-memory.dmp

        Filesize

        128KB

      • memory/2572-794-0x000001A3CC550000-0x000001A3CC650000-memory.dmp

        Filesize

        1024KB

      • memory/2760-526-0x0000023CC2F00000-0x0000023CC2F20000-memory.dmp

        Filesize

        128KB

      • memory/2760-489-0x0000023CC1750000-0x0000023CC1850000-memory.dmp

        Filesize

        1024KB

      • memory/2760-494-0x0000023CC2940000-0x0000023CC2960000-memory.dmp

        Filesize

        128KB

      • memory/2760-504-0x0000023CC2900000-0x0000023CC2920000-memory.dmp

        Filesize

        128KB

      • memory/3120-1385-0x0000000004CA0000-0x0000000004CA1000-memory.dmp

        Filesize

        4KB

      • memory/3536-13-0x00007FFC20120000-0x00007FFC20BE1000-memory.dmp

        Filesize

        10.8MB

      • memory/3536-15-0x00007FFC20120000-0x00007FFC20BE1000-memory.dmp

        Filesize

        10.8MB

      • memory/3536-17-0x000002A4B2AC0000-0x000002A4B2AE4000-memory.dmp

        Filesize

        144KB

      • memory/3536-10-0x000002A4B2920000-0x000002A4B2942000-memory.dmp

        Filesize

        136KB

      • memory/3536-19-0x00007FFC20120000-0x00007FFC20BE1000-memory.dmp

        Filesize

        10.8MB

      • memory/3536-20-0x00007FFC20120000-0x00007FFC20BE1000-memory.dmp

        Filesize

        10.8MB

      • memory/3536-11-0x00007FFC20120000-0x00007FFC20BE1000-memory.dmp

        Filesize

        10.8MB

      • memory/3536-21-0x000002A4B25A0000-0x000002A4B27BC000-memory.dmp

        Filesize

        2.1MB

      • memory/3536-22-0x00007FFC20120000-0x00007FFC20BE1000-memory.dmp

        Filesize

        10.8MB

      • memory/3536-12-0x00007FFC20120000-0x00007FFC20BE1000-memory.dmp

        Filesize

        10.8MB

      • memory/3536-0-0x00007FFC20123000-0x00007FFC20125000-memory.dmp

        Filesize

        8KB

      • memory/3536-16-0x000002A4B2AC0000-0x000002A4B2AEA000-memory.dmp

        Filesize

        168KB

      • memory/3536-14-0x00007FFC20120000-0x00007FFC20BE1000-memory.dmp

        Filesize

        10.8MB

      • memory/3632-190-0x000002423BF00000-0x000002423C000000-memory.dmp

        Filesize

        1024KB

      • memory/3632-191-0x000002423BF00000-0x000002423C000000-memory.dmp

        Filesize

        1024KB

      • memory/3632-195-0x000002423CFD0000-0x000002423CFF0000-memory.dmp

        Filesize

        128KB

      • memory/3632-207-0x000002423CF90000-0x000002423CFB0000-memory.dmp

        Filesize

        128KB

      • memory/3632-227-0x000002423D3A0000-0x000002423D3C0000-memory.dmp

        Filesize

        128KB

      • memory/3924-188-0x0000000004270000-0x0000000004271000-memory.dmp

        Filesize

        4KB

      • memory/4104-37-0x000001FAFA810000-0x000001FAFA830000-memory.dmp

        Filesize

        128KB

      • memory/4104-58-0x000001FAFABE0000-0x000001FAFAC00000-memory.dmp

        Filesize

        128KB

      • memory/4104-32-0x000001FAF9700000-0x000001FAF9800000-memory.dmp

        Filesize

        1024KB

      • memory/4104-34-0x000001FAF9700000-0x000001FAF9800000-memory.dmp

        Filesize

        1024KB

      • memory/4104-47-0x000001FAFA7D0000-0x000001FAFA7F0000-memory.dmp

        Filesize

        128KB

      • memory/4608-942-0x0000020EED860000-0x0000020EED880000-memory.dmp

        Filesize

        128KB

      • memory/4608-950-0x0000020EED820000-0x0000020EED840000-memory.dmp

        Filesize

        128KB

      • memory/4608-963-0x0000020EEDC20000-0x0000020EEDC40000-memory.dmp

        Filesize

        128KB

      • memory/4616-487-0x0000000004B00000-0x0000000004B01000-memory.dmp

        Filesize

        4KB

      • memory/4680-1241-0x000001ACEF240000-0x000001ACEF340000-memory.dmp

        Filesize

        1024KB

      • memory/4680-1259-0x000001ACF0360000-0x000001ACF0380000-memory.dmp

        Filesize

        128KB

      • memory/4680-1270-0x000001ACF0770000-0x000001ACF0790000-memory.dmp

        Filesize

        128KB

      • memory/4680-1247-0x000001ACF03A0000-0x000001ACF03C0000-memory.dmp

        Filesize

        128KB

      • memory/4680-1242-0x000001ACEF240000-0x000001ACEF340000-memory.dmp

        Filesize

        1024KB

      • memory/5156-30-0x0000000003660000-0x0000000003661000-memory.dmp

        Filesize

        4KB

      • memory/5192-1387-0x000001B579600000-0x000001B579700000-memory.dmp

        Filesize

        1024KB

      • memory/5192-1415-0x000001B57AD20000-0x000001B57AD40000-memory.dmp

        Filesize

        128KB

      • memory/5192-1391-0x000001B57A960000-0x000001B57A980000-memory.dmp

        Filesize

        128KB

      • memory/5192-1403-0x000001B57A920000-0x000001B57A940000-memory.dmp

        Filesize

        128KB

      • memory/5192-1386-0x000001B579600000-0x000001B579700000-memory.dmp

        Filesize

        1024KB

      • memory/5652-1087-0x00000000049A0000-0x00000000049A1000-memory.dmp

        Filesize

        4KB

      • memory/5676-654-0x000001E356920000-0x000001E356940000-memory.dmp

        Filesize

        128KB

      • memory/5676-647-0x000001E356960000-0x000001E356980000-memory.dmp

        Filesize

        128KB

      • memory/5676-664-0x000001E356D30000-0x000001E356D50000-memory.dmp

        Filesize

        128KB

      • memory/5736-339-0x0000000004750000-0x0000000004751000-memory.dmp

        Filesize

        4KB

      • memory/5736-791-0x00000000044F0000-0x00000000044F1000-memory.dmp

        Filesize

        4KB

      • memory/5752-935-0x00000000049C0000-0x00000000049C1000-memory.dmp

        Filesize

        4KB

      • memory/6124-1532-0x00000157F9000000-0x00000157F9100000-memory.dmp

        Filesize

        1024KB

      • memory/6124-1533-0x00000157F9000000-0x00000157F9100000-memory.dmp

        Filesize

        1024KB