Analysis
-
max time kernel
149s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
22-12-2023 01:35
General
-
Target
4825d64fc548637adedb9b4b808ed7cd.exe
-
Size
1.4MB
-
MD5
4825d64fc548637adedb9b4b808ed7cd
-
SHA1
0deb418a6c28e89dd31ea69f0edb112162fe91c8
-
SHA256
75811ee3e3c7908fc2804cee757e25aefa4bec5f5aa7ae15f45313f000fa0074
-
SHA512
a7530571caed90ec71ec17439afe89030fcbfbfa12d029d9e21de302bd54fc933ab6acb41975b28718d44b372105b34a3cf3becfdf0484765179cc516b939675
-
SSDEEP
24576:ckJ57Lut19vrBg9qm+BZkvgt7DYOl+FbSoLCwcpN5tgLG6OI8mMe2WLPFouzt:T7LG1V/dBZkY1Yo+X+tgLGPi2WLPFoup
Score
10/10
Malware Config
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Detect ZGRat V1 2 IoCs
-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 4 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exe"C:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exe"1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com2⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Dewgkwlbhkrsncbybkhtfpkb.vbs"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Oggnfkemtibcinconsoleapp16.exe"C:\Users\Admin\AppData\Local\Temp\Oggnfkemtibcinconsoleapp16.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com4⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Ddmmvlnwvosotwcisp.vbs"4⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Temp\Hsbvhggsqlrfmuvyptooonsoleapp5.exe"C:\Users\Admin\AppData\Local\Temp\Hsbvhggsqlrfmuvyptooonsoleapp5.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com6⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV17⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection -ComputerName google.com6⤵
-
C:\Users\Admin\AppData\Local\Temp\Hsbvhggsqlrfmuvyptooonsoleapp5.exeC:\Users\Admin\AppData\Local\Temp\Hsbvhggsqlrfmuvyptooonsoleapp5.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 13167⤵
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\Oggnfkemtibcinconsoleapp16.exeC:\Users\Admin\AppData\Local\Temp\Oggnfkemtibcinconsoleapp16.exe4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exeC:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exe2⤵
-
C:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exeC:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exe2⤵
-
C:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exeC:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exe2⤵
-
C:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exeC:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exe2⤵
-
C:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exeC:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exe2⤵
-
C:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exeC:\Users\Admin\AppData\Local\Temp\4825d64fc548637adedb9b4b808ed7cd.exe2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4140 -ip 41401⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Ddmmvlnwvosotwcisp.vbsFilesize
118B
MD58e6ed0e063f11f70636a3f17f2a6ff0a
SHA14eb2da6280255683781c4b2e3e2e77de09d7d3ba
SHA256bfd0eeb6d76e800e9fc6ffc2924ed0f8a4562bd2446ec503362ed325094e7561
SHA512061a55f826961a96609717eb173b3f4bade372e4e26f9eae6b84f45b2bcdb97687e7d79b6d450f6a92a9805c799f623a04c7bb59550e2027ba3cf5d172a34e0e
-
C:\Users\Admin\AppData\Local\Temp\Dewgkwlbhkrsncbybkhtfpkb.vbsFilesize
114B
MD5eedf5b01d8c6919df80fb4eeef481b96
SHA1c2f13824ede4e9781aa1d231c3bfe65ee57a5202
SHA256c470d243098a7051aa0914fcda227fa4ae3b752556a5de16da5d73a169005aa4
SHA512c9db4dff46d7517270dda041eca132368edc87bac7d0926b5179d7c385696a7b648c2b99bb444a08c60c95fd4dbd01700f17a8c9cb678bef680a8f681d248822
-
C:\Users\Admin\AppData\Local\Temp\Hsbvhggsqlrfmuvyptooonsoleapp5.exeFilesize
122KB
MD5d5f746c29badf0ef7c5411208d6bbafe
SHA1aa7bd6a8e54b0be51440a01d197ebf5960929004
SHA2566b6f2352c105fe0d64b5f954fac09e6e30f2bcc2f040aa613bf484910d7ad5a0
SHA5125cf90b809167be948e8f288ca6ecd43b3e0d991d46286bfd1c6a5355e98f43088ec69124794a9bade9d62f4fffeccde62556dcf866ad454dd91ffcc52545ce98
-
C:\Users\Admin\AppData\Local\Temp\Hsbvhggsqlrfmuvyptooonsoleapp5.exeFilesize
112KB
MD5251be722c20739bd71ef1bef82213d12
SHA1f4f37ec65ff8dcdb3912ae64c1d50b98ff846eed
SHA256e304a548754b26c93a01208dd16b0597a1406c8bde784d611dec1fbd865c41f6
SHA51213904ba0c830c586c33b424089600883c2eaed54a5ee310a68088a13d1137691386becfddcefbaa30d1bfc5573f650bfc6ca5cbaf1f80a249091f5ab1377806a
-
C:\Users\Admin\AppData\Local\Temp\Hsbvhggsqlrfmuvyptooonsoleapp5.exeFilesize
367KB
MD581b52a797709cd2b43a567beb918f288
SHA191f7feded933ff4861dd2c00f971595d7dd89513
SHA256ce7db669ec00c7169451964b79a5b3ac018e87c5dfd2ed0c89482c30f74d4bae
SHA51270cfe54f9bf63e5d639b377efbb530b0983dcaaf6f09b0ac74b349ab1640a5eeeb98d9f22f4241a5e2da28868f183574393ffd6823bdfab00c5b102ae9443123
-
C:\Users\Admin\AppData\Local\Temp\Oggnfkemtibcinconsoleapp16.exeFilesize
92KB
MD5863f87d2ea16a32b0d3ec064a8780df0
SHA1026da0470abcc3ac8de9d6ee20ebd111785f327f
SHA256687aa44ec90435a26ef1276133af50807755ddbf32f38da668cff6ccd4653fb3
SHA512b1741638d29d9e9ba678361d9b33f062ad293273ce108cbeead41a56a0e5d6a3d3d25c4fdc7fa1f50cce988613803969b3ced45db0487afb18fdac187f5f4b38
-
C:\Users\Admin\AppData\Local\Temp\Oggnfkemtibcinconsoleapp16.exeFilesize
47KB
MD510ae7be5d2bc8f44221430ab264d9bce
SHA14ea26f9575b33a4da990eb0d111f14f303cfed32
SHA256b51440dac80c45afbe3c81eeb8c5c61a9ffff7e93d7c85948ee394682a0b903d
SHA512a53cffe224c338f5705156573ff3e59eb48c11f73c9c94bd7b29c23fea5f0598be6ca59f7cccb832a835a448e4531a0165bf04ef2a3669b70e540ca2f73c6196
-
C:\Users\Admin\AppData\Local\Temp\Oggnfkemtibcinconsoleapp16.exeFilesize
202KB
MD53b94faedad67c05a967ee4594fa2e670
SHA1177fbd2bc7279fcfb8af1aaa39ed82d96a8d0dac
SHA256f643d558fdfe789181bc7c4e2fcfbf5a3d29cc1c56839964f695da1ffeaa70bc
SHA5121bd548fd554cc8f5b567933814784475c3e457665a0e580de2e2dfc0ca96672258acbaa7de977a396c208222c7814789da8bea6f7810bdb211f996e0ae73023a
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u4zmgb5i.y5u.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
memory/224-7-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/224-26-0x0000000002440000-0x0000000002450000-memory.dmpFilesize
64KB
-
memory/224-12-0x00000000055E0000-0x0000000005646000-memory.dmpFilesize
408KB
-
memory/224-13-0x0000000005780000-0x00000000057E6000-memory.dmpFilesize
408KB
-
memory/224-10-0x0000000004F40000-0x0000000005568000-memory.dmpFilesize
6.2MB
-
memory/224-11-0x0000000004E00000-0x0000000004E22000-memory.dmpFilesize
136KB
-
memory/224-23-0x00000000059D0000-0x0000000005D24000-memory.dmpFilesize
3.3MB
-
memory/224-24-0x0000000005DD0000-0x0000000005DEE000-memory.dmpFilesize
120KB
-
memory/224-25-0x0000000005E20000-0x0000000005E6C000-memory.dmpFilesize
304KB
-
memory/224-8-0x0000000002440000-0x0000000002450000-memory.dmpFilesize
64KB
-
memory/224-27-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/224-9-0x0000000002440000-0x0000000002450000-memory.dmpFilesize
64KB
-
memory/224-6-0x00000000024A0000-0x00000000024D6000-memory.dmpFilesize
216KB
-
memory/776-134-0x00000000046E0000-0x00000000046F0000-memory.dmpFilesize
64KB
-
memory/776-132-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/776-144-0x0000000005760000-0x0000000005AB4000-memory.dmpFilesize
3.3MB
-
memory/776-133-0x00000000046E0000-0x00000000046F0000-memory.dmpFilesize
64KB
-
memory/1308-29-0x00000000051F0000-0x0000000005200000-memory.dmpFilesize
64KB
-
memory/1308-41-0x00000000051F0000-0x0000000005200000-memory.dmpFilesize
64KB
-
memory/1308-45-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/1308-28-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/1308-36-0x00000000061C0000-0x0000000006514000-memory.dmpFilesize
3.3MB
-
memory/1308-30-0x00000000051F0000-0x0000000005200000-memory.dmpFilesize
64KB
-
memory/1444-112-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/1444-99-0x0000000002D60000-0x0000000002D70000-memory.dmpFilesize
64KB
-
memory/1444-87-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/1444-89-0x0000000002D60000-0x0000000002D70000-memory.dmpFilesize
64KB
-
memory/1444-88-0x0000000002D60000-0x0000000002D70000-memory.dmpFilesize
64KB
-
memory/1636-162-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-194-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-164-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-168-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-172-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-174-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-226-0x0000000009C00000-0x0000000009D1E000-memory.dmpFilesize
1.1MB
-
memory/1636-225-0x0000000009C00000-0x0000000009D1E000-memory.dmpFilesize
1.1MB
-
memory/1636-61-0x00000000051C0000-0x00000000051D0000-memory.dmpFilesize
64KB
-
memory/1636-57-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/1636-182-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-184-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-188-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-5-0x00000000050D0000-0x00000000050DA000-memory.dmpFilesize
40KB
-
memory/1636-192-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-214-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-0-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/1636-216-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-218-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-222-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-220-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-212-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-198-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-202-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-4-0x00000000051C0000-0x00000000051D0000-memory.dmpFilesize
64KB
-
memory/1636-3-0x0000000004F30000-0x0000000004FC2000-memory.dmpFilesize
584KB
-
memory/1636-2-0x0000000005400000-0x00000000059A4000-memory.dmpFilesize
5.6MB
-
memory/1636-1-0x00000000003D0000-0x000000000053C000-memory.dmpFilesize
1.4MB
-
memory/1636-161-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-166-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-170-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-176-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-180-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-178-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-186-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-190-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-196-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-200-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-204-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-206-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-208-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1636-210-0x0000000007070000-0x00000000071C3000-memory.dmpFilesize
1.3MB
-
memory/1712-115-0x0000000005440000-0x0000000005450000-memory.dmpFilesize
64KB
-
memory/1712-131-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/1712-129-0x0000000006D50000-0x0000000006D6A000-memory.dmpFilesize
104KB
-
memory/1712-130-0x0000000006DA0000-0x0000000006DC2000-memory.dmpFilesize
136KB
-
memory/1712-128-0x00000000079C0000-0x0000000007A56000-memory.dmpFilesize
600KB
-
memory/1712-127-0x0000000005440000-0x0000000005450000-memory.dmpFilesize
64KB
-
memory/1712-116-0x0000000005440000-0x0000000005450000-memory.dmpFilesize
64KB
-
memory/1712-114-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/3528-126-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/3528-113-0x0000000002DC0000-0x0000000002DD0000-memory.dmpFilesize
64KB
-
memory/3528-100-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/3528-101-0x0000000002DC0000-0x0000000002DD0000-memory.dmpFilesize
64KB
-
memory/3528-102-0x0000000002DC0000-0x0000000002DD0000-memory.dmpFilesize
64KB
-
memory/4464-56-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/4464-42-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/4464-43-0x0000000002820000-0x0000000002830000-memory.dmpFilesize
64KB
-
memory/4464-44-0x0000000002820000-0x0000000002830000-memory.dmpFilesize
64KB
-
memory/4464-55-0x0000000002820000-0x0000000002830000-memory.dmpFilesize
64KB
-
memory/4868-86-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/4868-72-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/4868-74-0x0000000002CC0000-0x0000000002CD0000-memory.dmpFilesize
64KB
-
memory/4868-73-0x0000000002CC0000-0x0000000002CD0000-memory.dmpFilesize
64KB
-
memory/4868-84-0x0000000002CC0000-0x0000000002CD0000-memory.dmpFilesize
64KB
-
memory/5104-71-0x0000000004DB0000-0x0000000004DC0000-memory.dmpFilesize
64KB
-
memory/5104-58-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB
-
memory/5104-59-0x0000000004DB0000-0x0000000004DC0000-memory.dmpFilesize
64KB
-
memory/5104-60-0x0000000004DB0000-0x0000000004DC0000-memory.dmpFilesize
64KB
-
memory/5104-85-0x0000000074F40000-0x00000000756F0000-memory.dmpFilesize
7.7MB