Analysis
-
max time kernel
100s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
15-03-2023 10:13
General
-
Target
c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1.dll
-
Size
2.1MB
-
MD5
adfa9e13af7bff7b9304de834dc620e6
-
SHA1
1eceee464aefad0708f1e5ddcd0550b25da32fe0
-
SHA256
c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1
-
SHA512
c3e459751cd7d36c6fe6934d03144536a3d0f6f85318bf14f798a6ea9d5bee2adf68cb20d2c9ecf861a9bd96b5fd75750fcf283f8fe17a878f19ab7706692c66
-
SSDEEP
3072:DNoM+4+Kci5Cbw8IsklTVhKAgUbV6RWWuZ:DW0NHmt9klHb4
Malware Config
Extracted
qakbot
401.62
abc107
1607078484
32.212.117.188:443
109.205.204.229:2222
72.36.59.46:2222
173.18.126.193:2222
96.225.88.23:443
89.137.211.239:443
110.142.205.182:443
82.76.47.211:443
193.83.25.177:995
67.40.253.209:995
73.244.83.199:443
2.90.186.243:995
189.252.62.238:995
141.237.135.194:443
82.78.70.128:443
185.125.151.172:443
79.117.239.22:2222
86.189.252.131:2222
83.114.243.80:2222
2.50.56.81:443
-
salt
jHxastDcds)oMc=jvh7wdUhxcsdt2
Signatures
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 11 IoCs
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 62 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1.dll,#12⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Create /RU "NT AUTHORITY\SYSTEM" /tn jcgjjoqc /tr "regsvr32.exe -s \"C:\Users\Admin\AppData\Local\Temp\c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1.dll\"" /SC ONCE /Z /ST 11:16 /ET 11:284⤵
- Creates scheduled task(s)
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9ec39758,0x7ffd9ec39768,0x7ffd9ec397782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3312 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5144 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4892 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3396 --field-trial-handle=1820,i,10568610371883904844,2558816799537692643,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ExpandReceive.jpeg" /ForceBootstrapPaint3D1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc1⤵
- Drops file in System32 directory
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\regsvr32.exeregsvr32.exe -s "C:\Users\Admin\AppData\Local\Temp\c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1.dll"1⤵
-
C:\Windows\SysWOW64\regsvr32.exe-s "C:\Users\Admin\AppData\Local\Temp\c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1.dll"2⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 5843⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3312 -ip 33121⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000aFilesize
37KB
MD5d90cb261f4a509d886611473296e188e
SHA123551f9039c8b855b496f017c8f75b32f6e56671
SHA256ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4
SHA5121cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
768B
MD5a1a48db7620434aa865c3eb23043bbb6
SHA1aac75c669ab7213dd70999be615c966f3987b052
SHA2562c69110b6de47835a7ae83fca889c6c2a3dd0b68141a6dd9084d05bb4296084c
SHA512a1195cfb3e8d1e92f49fa95086b816e53559316aa6731a0fdc6c41ff44de047693ad12a9e5ccfbaaf640510936069bb7a5a02d06337ba65427377cb3f83ddc91
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1Filesize
264KB
MD59931ccebc91da3238f732fec45974b3b
SHA111d8d2b4af7d686bd29c42110f07ab93a4b65421
SHA25640de55c6d6fb19467791ddd61568c9039228b79c058aad053d3fee366c76e75d
SHA512b0ac0ae43f2a355c7ffd16ffc1ddc4ed1365f7c4bd59c37ecc6f168ff191d55d9fb8dd8c9e5805afbd90d31d27db58ceaae3da06ca48093117a8372a9152d4d4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD55801232f47405d852728c8b00dd1eb06
SHA1f120d947cc5896e8c9ddd35c8082eb99739d48cd
SHA256126a09c42088bb7e59daaf0b2558f5f808d1ab1a87f82168a1c8b83b12cde153
SHA512d55819b27dc526b899133d092d0a338bcb5db75e6e20c55d00d9754c1dd0a87c9931ce126309d50a918576b6102afa579949e1a1c41a7c55c4d77c0fb8945ccf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
535B
MD5f49da8256458d9e12120d5f3177a4349
SHA1340319dc894d5d3ac0128d45e16d92423f92fa39
SHA256e308b12b4dcf7313a9f8445332be7df770b97cd7a8e0d4c694e03584b188a7f6
SHA512bb7a9754c3bb137627faa6a304ba375fcf5d8fc06fc1d2fb081e99e8d0d9e354c67025941650554fe5cc1be6b92134053bd4e7be2751c1837381e86ac4475597
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
701B
MD5822b7a892b3da55f7306242098daa1d3
SHA17502c62db9bb7e86d2b12d6d1100bcc5cb832c80
SHA256c03b8eb0c5b85457d7b500dfa10e51cd6c193f07dcd04948c6ec697acdb9e531
SHA5122f06bd95fc3664bde9d6a50399ff2283fc2d198c783de063bf91db43d5b18424e977e03c29d2d21bbc637cf124ab1a779c5a46c34ecd514bf335d01e4bd0bd49
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD54732819d5bb751ba405d6fbc62081557
SHA1f772a575f315a70d3cbf9f8d664726b6ded33365
SHA256fe3c03c3918723c4498ce861368916b48e3fe11d1cef4aee66ca641101364fa6
SHA512193feee64ffdfa8e9683eeaae67725b7b89f3b4da54528e0e4620db2a173d8ea0cebf9cf6d3690e98724ad84f40eb5f083384a58701fb0c9b5791f6e22e420ae
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD54b16b6793a5a29f9f5c260d43493b151
SHA1f7594e88bfc68d881f29e1497468d92283aae870
SHA256d5300d5e7ca342d11b29c591d1ae0024b595a2ee87c0d7156b05f2698ae853df
SHA512551f136d3e57ac934e0cf0bc6fdfb60e96078e086c3d07d05f26f41ac4ead7ed28ae5a657f7f42c47d2ccd19c8e573f0a661aa363db8eff5a3d5893cfb1afd68
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD595b7b53d24825734f7755f0c4990576f
SHA19e675576ca9bfa81a9d8d4db8434f28d34f6c249
SHA256c0ddde7dc49513082a43cdb645e6f24f9d23da865de83289424f5e7afc06ca9d
SHA512e4b32eb44b95467f7ca7a96b8b28fafa06a1873074831c6da8ed7b8229100e20e9ab1286c245a9c89209f40a63f2bc33972a5b9daf8d612a36c8af1ea312c547
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD5c130a2c8fc5a7d79290a53abf0bf274c
SHA1d9889d4ab09edc8204c9fbe4b1fa9ecef741ed91
SHA256b46d4de32fb035e0aad7a9bc821b13341430bd9ac69196800454e0c902bf3cac
SHA512b805ca813e138619c00a07eae12988e9f2a16b6917450d5b5b143f81417ec23391cb4621572630926b34d92846211ff006ca899ed81dc417bdaee78db0238387
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
145KB
MD58ee070985832e36be7b54b95cf19a24b
SHA170bd45ae4b5483094b53b352e099977f309e7b4a
SHA25680c0caced570d9c2b86c8d24427b14cec3a9b1f6e164aa0b85d149c6c0c612c6
SHA512237b84d03800cc1f3bb1df900729353b53aff5f4c8af0dc01de1886366114e131e9f79473ed32d1f6fbeba7f9e4d8552f2da1c739dede3b0800591acd135dac5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
145KB
MD5f618ab08e0c641116c0594bd7d84eb41
SHA1dff13a93b189149c54e4faa6d716a75e56079b30
SHA2569ac36a211a7932f73263855a6a645f72c0ecccdcb8149b4610f15197231d480c
SHA51253cb17144161fa1ab55717779015166889bb30c7c40a00ef6fdfb4d776abcd4d58caca1524dee1a0dec80081353b3846537c47127d64dd6999b8866b240aacce
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Temp\c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1.dllFilesize
2.1MB
MD5001206b3d00447bf8e35c8bf1348b0fe
SHA14e84143258b698c9f6e2a39ab74162b6cc81bf3f
SHA256e5fbbf228db0d4955d893cecc39008438b608ef0ae4977246f5a0431e5d78619
SHA512c98bdaf23844a01ee4a0edbee632ca88f2d362b32a8f06e7821aa09193d8ac7a7a17af7dc431ff449519539d0f957db196bbf72923d4640c672088a353dfb54d
-
C:\Users\Admin\AppData\Local\Temp\c59d033fa3a58112f7520113699c74552c4d12bb10783fa880359ec94affe2a1.dllFilesize
2.1MB
MD5001206b3d00447bf8e35c8bf1348b0fe
SHA14e84143258b698c9f6e2a39ab74162b6cc81bf3f
SHA256e5fbbf228db0d4955d893cecc39008438b608ef0ae4977246f5a0431e5d78619
SHA512c98bdaf23844a01ee4a0edbee632ca88f2d362b32a8f06e7821aa09193d8ac7a7a17af7dc431ff449519539d0f957db196bbf72923d4640c672088a353dfb54d
-
\??\pipe\crashpad_672_PWZKLKFDPLUOSESCMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3908-143-0x0000000000430000-0x0000000000451000-memory.dmpFilesize
132KB
-
memory/3908-141-0x0000000000430000-0x0000000000451000-memory.dmpFilesize
132KB
-
memory/3908-140-0x0000000000430000-0x0000000000451000-memory.dmpFilesize
132KB
-
memory/3908-139-0x0000000000430000-0x0000000000451000-memory.dmpFilesize
132KB
-
memory/3908-138-0x0000000000430000-0x0000000000451000-memory.dmpFilesize
132KB
-
memory/4368-133-0x00000000022F0000-0x00000000024DA000-memory.dmpFilesize
1.9MB
-
memory/4368-134-0x0000000010000000-0x0000000010021000-memory.dmpFilesize
132KB
-
memory/4368-137-0x0000000010000000-0x0000000010021000-memory.dmpFilesize
132KB
-
memory/4796-431-0x00000235A2B50000-0x00000235A2B51000-memory.dmpFilesize
4KB
-
memory/4796-433-0x00000235A2BD0000-0x00000235A2BD1000-memory.dmpFilesize
4KB
-
memory/4796-435-0x00000235A2BD0000-0x00000235A2BD1000-memory.dmpFilesize
4KB
-
memory/4796-436-0x00000235A2C60000-0x00000235A2C61000-memory.dmpFilesize
4KB
-
memory/4796-437-0x00000235A2C60000-0x00000235A2C61000-memory.dmpFilesize
4KB
-
memory/4796-438-0x00000235A2C70000-0x00000235A2C71000-memory.dmpFilesize
4KB
-
memory/4796-439-0x00000235A2C70000-0x00000235A2C71000-memory.dmpFilesize
4KB
-
memory/4796-424-0x000002359AA30000-0x000002359AA40000-memory.dmpFilesize
64KB
-
memory/4796-420-0x0000023599FC0000-0x0000023599FD0000-memory.dmpFilesize
64KB