Analysis
-
max time kernel
145s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
22-03-2023 19:18
General
-
Target
BandicamScreenRecorder.exe
-
Size
52.6MB
-
MD5
d740f2075e4e5138d81379da576f1ec9
-
SHA1
3c916466753ef155c7cd64ae90ed987cb04f7385
-
SHA256
745085510ff4431bb1427bdce3f1eb8396d42175fb66fb28220851a8aadddf54
-
SHA512
b911c2f7c935518e5befc8d53eab0ff6bd52379a51500f7213a3eeee7a20d9443913dc9c538839a92918d412acbf97d1f9f85abe990908e1fa338cb9f6c77b24
-
SSDEEP
1572864:Xxte3/h4OwmO9z/NfdTCCsl0KvqqoVWiI17zdNAx:XxM3Gn/N5tsFvqxVO17zdNAx
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 6 IoCs
-
Loads dropped DLL 15 IoCs
-
Themida packer 26 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Drops file in Program Files directory 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 40 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\BandicamScreenRecorder.exe"C:\Users\Admin\AppData\Local\Temp\BandicamScreenRecorder.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-31JE7.tmp\BandicamScreenRecorder.tmp"C:\Users\Admin\AppData\Local\Temp\is-31JE7.tmp\BandicamScreenRecorder.tmp" /SL5="$70120,54136461,956928,C:\Users\Admin\AppData\Local\Temp\BandicamScreenRecorder.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\WebrootCommAgentService.bat""3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACgAJwBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXAAnACkA4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACgAWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBHAGUAdABFAG4AdgBpAHIAbwBuAG0AZQBuAHQAVgBhAHIAaQBhAGIAbABlACgAJwBVAFMARQBSAFAAUgBPAEYASQBMAEUAJwApACAAKwAgACcAXABBAHAAcABEAGEAdABhACcAKQA=4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exe"C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exe" /install /quiet /norestart3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-TFKQU.tmp\Bandicam.6.0.4.2024.tmp"C:\Users\Admin\AppData\Local\Temp\is-TFKQU.tmp\Bandicam.6.0.4.2024.tmp" /SL5="$101B2,32863982,93696,C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exe" /install /quiet /norestart4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\VCR-2005-2023-09.02.2023.exe"C:\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\\VCR-2005-2023-09.02.2023.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\VCR-2005-2023-09.02.2023.exe"C:\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\\VCR-2005-2023-09.02.2023.exe"4⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exeFilesize
31.7MB
MD5e1378bab2359d0f6f8986da82109b1ab
SHA1b7507228c637d727e32209f6f4562cddbbba0e23
SHA2568bbf1e6510d18a1729864f45cb1a7c74655b28deeee79a722814556f23e00084
SHA51279fa4cdf309f8f114b8b174dd8f2403881a22beeb746a06972b38aca99b152614f59cc8d190402e6108121611b8c7a61838bade180a90425b78ed346fbdc23b0
-
C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exeFilesize
31.7MB
MD5e1378bab2359d0f6f8986da82109b1ab
SHA1b7507228c637d727e32209f6f4562cddbbba0e23
SHA2568bbf1e6510d18a1729864f45cb1a7c74655b28deeee79a722814556f23e00084
SHA51279fa4cdf309f8f114b8b174dd8f2403881a22beeb746a06972b38aca99b152614f59cc8d190402e6108121611b8c7a61838bade180a90425b78ed346fbdc23b0
-
C:\Program Files (x86)\Microsoft Visual C++ Redistributable latest\is-O2UB4.tmpFilesize
3.1MB
MD536e34dc23ecd815b2eb7131d2dcea0e7
SHA17f62c66ffa03eef056fd1c8a9f108dfdf8bdd577
SHA256b15c14f5b033aff75e3454c6e6a8304624da6ebf799de054d9ca0157b61b0815
SHA512ff7f99bf3d13f57d1f61c3bbee410569035b1307ade373a1ca0cb3210139a1e7de2e69fc2d437b165c4a8058e1027022684ac0dfee95f3a296cecaa245a69f03
-
C:\Users\Admin\AppData\Local\Temp\_MEI19122\python39.dllFilesize
4.3MB
MD57e9d14aa762a46bb5ebac14fbaeaa238
SHA1a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9
SHA256e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3
SHA512280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023
-
C:\Users\Admin\AppData\Local\Temp\is-31JE7.tmp\BandicamScreenRecorder.tmpFilesize
3.1MB
MD536e34dc23ecd815b2eb7131d2dcea0e7
SHA17f62c66ffa03eef056fd1c8a9f108dfdf8bdd577
SHA256b15c14f5b033aff75e3454c6e6a8304624da6ebf799de054d9ca0157b61b0815
SHA512ff7f99bf3d13f57d1f61c3bbee410569035b1307ade373a1ca0cb3210139a1e7de2e69fc2d437b165c4a8058e1027022684ac0dfee95f3a296cecaa245a69f03
-
C:\Users\Admin\AppData\Local\Temp\is-31JE7.tmp\BandicamScreenRecorder.tmpFilesize
3.1MB
MD536e34dc23ecd815b2eb7131d2dcea0e7
SHA17f62c66ffa03eef056fd1c8a9f108dfdf8bdd577
SHA256b15c14f5b033aff75e3454c6e6a8304624da6ebf799de054d9ca0157b61b0815
SHA512ff7f99bf3d13f57d1f61c3bbee410569035b1307ade373a1ca0cb3210139a1e7de2e69fc2d437b165c4a8058e1027022684ac0dfee95f3a296cecaa245a69f03
-
C:\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\VCR-2005-2023-09.02.2023.exeFilesize
137.6MB
MD56e1c904dcd8d150268692a02759dd383
SHA1d1cb0e6ec3182c61d79a8e6c8b032cb1a1b3b049
SHA256aec83ead5bcc9c717b8d9ecf7b92eb4ccd1c33fc3caeca241c088c7f347ef673
SHA51285fcc9c0e5ebc59533bc7e95ba47fadf642c39ae61e9849baa01d820910e63a5ecda35e8de7722716b4e0cf2391190b1bc9a9feb92bc46f2c87ca804f2004729
-
C:\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\VCR-2005-2023-09.02.2023.exeFilesize
120.7MB
MD56fad473fb5be10a6e93feb3af844e9a5
SHA1e9630b0f6fd4d3b3b810a985f968d4c1788a9345
SHA2569d09420709d20864dd066651238f03f7a49682eeec261d56ff0270b8b0b45ba8
SHA512fc157cd3f70c7346d1fc99b5b8ce9aa36744c727c18fd61d9ac1c5055f5a2368de49c6a0b34b1a2ab5e377b4161455a56d81c7953aa33e4533c8bc0fd1bf4f88
-
C:\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\VCR-2005-2023-09.02.2023.exeFilesize
112.1MB
MD58cdb11a4c2eb3511301acab594fcc6ec
SHA1ef32314a6da760a738cb1452d5164815eaca420d
SHA256e8a594c3aed463b4e269d019523175b00874c4a7f15557d085192db645262e26
SHA512e396cfb087f0e6c6c237307c44850265b5dfbdb78b866cf65b3e7b444de426e1fa1ab9e1bafd242dcd619edfbbfbffab30d0633ae63e0ea6b268d9e5db57578e
-
C:\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\WebrootCommAgentService.batFilesize
619B
MD5f2f6b265ffde779f57c23e594a6e11ce
SHA1da75a5fdb63be5f4d3a51369353e3e117e4dba48
SHA25602303d4fe27c3102e24e0a8349b3af9310e440d1f355c37dcf30b2cf5b8f366b
SHA512784ec181151752acff14ed4f97c242c726baebe24b40a423faa6a727958095e05eecfbdbac7d80ad194a4659c653611aa3b4d0de15e1a1fbba3530ffa9adb05a
-
C:\Users\Admin\AppData\Local\Temp\is-TFKQU.tmp\Bandicam.6.0.4.2024.tmpFilesize
939KB
MD52624dd7f54b9132196ea129114ac9828
SHA150082f8b6e179fa509d1575fd4536abdcbf229fe
SHA2569b92942e7066168d9b95fb9004abe21254b28a076ff1988bea781d75fc48276f
SHA512fd07a56e7fd9289cc5e7ebd9b1185950a708ee5edd609be67d38be5364f549ff08014abfabd38b6df7bb223f9f9031f17a53c37614441ac37c2592e6df17b31e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\B4IDKEX4BITW3W6LSJP4.tempFilesize
7KB
MD5a92c1b23fa87bcd31f429509c078120d
SHA17a544ce267190f78d61d3c9dedc0a1f35c477fc5
SHA2566330ea9bf7d64c0cfffa798c4da0ceb4dfde79e973705ff64711f5d9a0ec53d9
SHA512e5ee1cc2ab4ac945b44f4370c0bc7c55bcbaa74a3fee507558b08edd31d5a92be0da5fddcf6fd9ba6dd1573b8f05563dedd157905dfdbd5daccecc44b982e4ce
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-msFilesize
7KB
MD5a92c1b23fa87bcd31f429509c078120d
SHA17a544ce267190f78d61d3c9dedc0a1f35c477fc5
SHA2566330ea9bf7d64c0cfffa798c4da0ceb4dfde79e973705ff64711f5d9a0ec53d9
SHA512e5ee1cc2ab4ac945b44f4370c0bc7c55bcbaa74a3fee507558b08edd31d5a92be0da5fddcf6fd9ba6dd1573b8f05563dedd157905dfdbd5daccecc44b982e4ce
-
\Program Files (x86)\Microsoft Visual C++ Redistributable latest\Bandicam.6.0.4.2024.exeFilesize
31.7MB
MD5e1378bab2359d0f6f8986da82109b1ab
SHA1b7507228c637d727e32209f6f4562cddbbba0e23
SHA2568bbf1e6510d18a1729864f45cb1a7c74655b28deeee79a722814556f23e00084
SHA51279fa4cdf309f8f114b8b174dd8f2403881a22beeb746a06972b38aca99b152614f59cc8d190402e6108121611b8c7a61838bade180a90425b78ed346fbdc23b0
-
\Users\Admin\AppData\Local\Temp\_MEI19122\python39.dllFilesize
4.3MB
MD57e9d14aa762a46bb5ebac14fbaeaa238
SHA1a5d90a7df9b90bdd8a84d7dc5066e4ea64ceb3d9
SHA256e456ef44b261f895a01efb52d26c7a0c7d7d465b647a7b5592708ebf693f12a3
SHA512280f16348df1c0953bbc6f37ff277485351171d0545ebe469bacd106d907917f87584154aec0f193f37322bc93ac5433cd9a5b5c7f47367176e5a8b19bbd5023
-
\Users\Admin\AppData\Local\Temp\is-31JE7.tmp\BandicamScreenRecorder.tmpFilesize
3.1MB
MD536e34dc23ecd815b2eb7131d2dcea0e7
SHA17f62c66ffa03eef056fd1c8a9f108dfdf8bdd577
SHA256b15c14f5b033aff75e3454c6e6a8304624da6ebf799de054d9ca0157b61b0815
SHA512ff7f99bf3d13f57d1f61c3bbee410569035b1307ade373a1ca0cb3210139a1e7de2e69fc2d437b165c4a8058e1027022684ac0dfee95f3a296cecaa245a69f03
-
\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\VCR-2005-2023-09.02.2023.exeFilesize
138.3MB
MD519ae2c87802f042c7dcef1ccf79b8a13
SHA1f32686b45d4a6ab4f3d658e1e381e25c2ad5779d
SHA2566821d09241ebb0140a2552d8bda41a717281740b05bc94902fe2d91bab2b7e1f
SHA5128dd2bf33c64df2a2291fcb898fb77c81a1965a098f044c4a19738769d1ad1fa2d74b001883d7c9b9f46066564aa0a118fc2675fe0d729a312292129d7b09b3b4
-
\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\VCR-2005-2023-09.02.2023.exeFilesize
111.8MB
MD529048316cfe4e152986e183fba00f150
SHA17a49cf82dbe2878c9f1ac841c2831781eb5eec44
SHA256a842e109d8db7f6b6faae1a953429c9268e6ada53cbed350d6a328e6ab84591e
SHA51268fb21b413ed6014d1e0a815eb35d6f21b6f3b71584e38d37a71324969d588603bfb2779fe188a6d0f2486543d677f23afc50692d4bcb397b85c0f5b1364990b
-
\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\VCR-2005-2023-09.02.2023.exeFilesize
100.9MB
MD5f84a72fc60dcb9b821f562325938987d
SHA1657e171a171d3a30f6e17a31a53ca412db5ef09e
SHA2565abba7a8c94e71e2160dcbb68c05800fa6214cd59941625e4feda515b3ef309f
SHA512bd2400fa3bc4c0d2a77735e83d36ac4f97f0c6f965bd77aa91139c7990610293f5bb228fea5a4c0b9c863ba6308721ea72fb3966fe99e8332fc6ac375fb91fb4
-
\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\VCR-2005-2023-09.02.2023.exeFilesize
99.2MB
MD5d741e37ac1d6d262983d993f930f8a5b
SHA1226e4852809a6ae9000e31f15bdcf9d557baaf77
SHA256f1804fab64ec4838bf96e27ec681713ed22f43632357d51c6796ffa42eaa530a
SHA512b44f4b2507de280df08449816f12288b84fa696265d53c65d27b8bb26e2149265ffd4d0ea2ac897d3079c5eed9f7859f8b8f6a4490353fdc13f3d8f77f187bc5
-
\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\_isetup\_iscrypt.dllFilesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\_isetup\_isdecmp.dllFilesize
28KB
MD5077cb4461a2767383b317eb0c50f5f13
SHA1584e64f1d162398b7f377ce55a6b5740379c4282
SHA2568287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64
SHA512b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547
-
\Users\Admin\AppData\Local\Temp\is-3HM9G.tmp\innocallback.dllFilesize
63KB
MD51c55ae5ef9980e3b1028447da6105c75
SHA1f85218e10e6aa23b2f5a3ed512895b437e41b45c
SHA2566afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f
SHA5121ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b
-
\Users\Admin\AppData\Local\Temp\is-G6TVO.tmp\_isetup\_shfoldr.dllFilesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
\Users\Admin\AppData\Local\Temp\is-G6TVO.tmp\_isetup\_shfoldr.dllFilesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
\Users\Admin\AppData\Local\Temp\is-G6TVO.tmp\b2p.dllFilesize
22KB
MD5ab35386487b343e3e82dbd2671ff9dab
SHA103591d07aea3309b631a7d3a6e20a92653e199b8
SHA256c3729545522fcff70db61046c0efd962df047d40e3b5ccd2272866540fc872b2
SHA512b67d7384c769b2b1fdd3363fc3b47d300c2ea4d37334acfd774cf29169c0a504ba813dc3ecbda5b71a3f924110a77a363906b16a87b4b1432748557567d1cf09
-
\Users\Admin\AppData\Local\Temp\is-G6TVO.tmp\botva2.dllFilesize
37KB
MD567965a5957a61867d661f05ae1f4773e
SHA1f14c0a4f154dc685bb7c65b2d804a02a0fb2360d
SHA256450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
SHA512c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b
-
\Users\Admin\AppData\Local\Temp\is-G6TVO.tmp\iswin7logo.dllFilesize
39KB
MD51ea948aad25ddd347d9b80bef6df9779
SHA10be971e67a6c3b1297e572d97c14f74b05dafed3
SHA25630eb67bdd71d3a359819a72990029269672d52f597a2d1084d838caae91a6488
SHA512f2cc5dce9754622f5a40c1ca20b4f00ac01197b8401fd4bd888bfdd296a43ca91a3ca261d0e9e01ee51591666d2852e34cee80badadcb77511b8a7ae72630545
-
\Users\Admin\AppData\Local\Temp\is-TFKQU.tmp\Bandicam.6.0.4.2024.tmpFilesize
939KB
MD52624dd7f54b9132196ea129114ac9828
SHA150082f8b6e179fa509d1575fd4536abdcbf229fe
SHA2569b92942e7066168d9b95fb9004abe21254b28a076ff1988bea781d75fc48276f
SHA512fd07a56e7fd9289cc5e7ebd9b1185950a708ee5edd609be67d38be5364f549ff08014abfabd38b6df7bb223f9f9031f17a53c37614441ac37c2592e6df17b31e
-
memory/584-216-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/584-219-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/584-241-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/584-215-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/584-240-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/584-233-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/584-217-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/584-221-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/584-225-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1284-91-0x0000000002220000-0x0000000002260000-memory.dmpFilesize
256KB
-
memory/1284-92-0x0000000002220000-0x0000000002260000-memory.dmpFilesize
256KB
-
memory/1284-90-0x0000000002220000-0x0000000002260000-memory.dmpFilesize
256KB
-
memory/1632-168-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/1632-107-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/1912-175-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1912-214-0x0000000001F20000-0x0000000002C73000-memory.dmpFilesize
13.3MB
-
memory/1912-166-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1912-167-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1912-267-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1912-169-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1912-141-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1912-232-0x0000000001F20000-0x0000000002C73000-memory.dmpFilesize
13.3MB
-
memory/1912-209-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1912-197-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1912-174-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1912-176-0x000000013FC30000-0x0000000140983000-memory.dmpFilesize
13.3MB
-
memory/1924-155-0x0000000001F90000-0x0000000001F92000-memory.dmpFilesize
8KB
-
memory/1924-170-0x0000000000400000-0x00000000004FE000-memory.dmpFilesize
1016KB
-
memory/1924-269-0x0000000000400000-0x00000000004FE000-memory.dmpFilesize
1016KB
-
memory/1924-172-0x00000000747B0000-0x00000000747C1000-memory.dmpFilesize
68KB
-
memory/1924-150-0x0000000000790000-0x00000000007B0000-memory.dmpFilesize
128KB
-
memory/1924-236-0x0000000000400000-0x00000000004FE000-memory.dmpFilesize
1016KB
-
memory/1924-173-0x0000000001FA0000-0x0000000001FAF000-memory.dmpFilesize
60KB
-
memory/1924-149-0x0000000074960000-0x000000007497B000-memory.dmpFilesize
108KB
-
memory/1924-171-0x0000000074960000-0x000000007497B000-memory.dmpFilesize
108KB
-
memory/1924-148-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1924-163-0x00000000747B0000-0x00000000747C1000-memory.dmpFilesize
68KB
-
memory/1924-154-0x0000000001FA0000-0x0000000001FAF000-memory.dmpFilesize
60KB
-
memory/1924-198-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1928-80-0x0000000003300000-0x0000000003315000-memory.dmpFilesize
84KB
-
memory/1928-61-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/1928-96-0x0000000003300000-0x0000000003315000-memory.dmpFilesize
84KB
-
memory/1928-94-0x0000000000400000-0x0000000000732000-memory.dmpFilesize
3.2MB
-
memory/1928-87-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/1928-71-0x0000000003300000-0x0000000003315000-memory.dmpFilesize
84KB
-
memory/1928-160-0x0000000000400000-0x0000000000732000-memory.dmpFilesize
3.2MB
-
memory/1928-79-0x0000000000400000-0x0000000000732000-memory.dmpFilesize
3.2MB
-
memory/1928-114-0x0000000003850000-0x00000000045A3000-memory.dmpFilesize
13.3MB
-
memory/2024-54-0x0000000000400000-0x00000000004F7000-memory.dmpFilesize
988KB
-
memory/2024-161-0x0000000000400000-0x00000000004F7000-memory.dmpFilesize
988KB
-
memory/2024-78-0x0000000000400000-0x00000000004F7000-memory.dmpFilesize
988KB