Analysis
-
max time kernel
440s -
max time network
454s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
17-03-2024 21:41
General
-
Target
NiptuneRAT-main.zip
-
Size
29.9MB
-
MD5
5602885050f75519abfe95d7501fc5b6
-
SHA1
54214aa8b1a4d5e2692594ba4dea973e740e2c55
-
SHA256
5b054b368eda8d148383e6a64d890b885d9a0b1898493e1008ffe1a531118b6b
-
SHA512
7077ede3acc4b774181ff0866eeb5eb2672cdf2409384b2d46b45f8e182f3fc91bb65788c25bacc8af473a3083cc6bbbd73f5d4646b6f0fe2fb3e850c5eab7b2
-
SSDEEP
786432:IcRNogA1jwkC0OGikNuziqXkY0Ut79NhU8odVsGmtfIC884StIC0Q5k:IcRNojskhms5G0UsVoNIzxC0Qi
Malware Config
Extracted
asyncrat
Default
127.0.0.1:1337
斯Ff2MيdFP8KiZ吉שtQNMSZ
-
delay
1
-
install
false
-
install_file
$77
-
install_folder
%AppData%
Extracted
C:\Users\Admin\Desktop\pp.anarh.txt
hx-_@outlook.com
Signatures
-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Contains code to disable Windows Defender 3 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Async RAT payload 2 IoCs
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Executes dropped EXE 2 IoCs
-
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Gathers network information 2 TTPs 3 IoCs
Uses commandline utility to view network configuration.
-
Gathers system information 1 TTPs 1 IoCs
Runs systeminfo.exe.
-
Modifies registry class 64 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 25 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious use of WriteProcessMemory 40 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\NiptuneRAT-main.zip1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NiptuneRAT-main.zip"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Desktop\NiptuneRAT-main\NiptuneRAT.exe"C:\Users\Admin\Desktop\NiptuneRAT-main\NiptuneRAT.exe"1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Users\Admin\Desktop\$77NiptuneClient.exe"C:\Users\Admin\Desktop\$77NiptuneClient.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\systeminfo.exesysteminfo3⤵
- Gathers system information
-
C:\Windows\system32\HOSTNAME.EXEhostname3⤵
-
C:\Windows\system32\net.exenet user3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user4⤵
-
C:\Windows\system32\net.exenet localgroup3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup4⤵
-
C:\Windows\system32\net.exenet localgroup administrators3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators4⤵
-
C:\Windows\system32\net.exenet user guest3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user guest4⤵
-
C:\Windows\system32\net.exenet user administrator3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user administrator4⤵
-
C:\Windows\system32\tasklist.exetasklist /svc3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\ipconfig.exeipconfig /all3⤵
- Gathers network information
-
C:\Windows\system32\ROUTE.EXEroute print3⤵
-
C:\Windows\system32\ARP.EXEarp -a3⤵
-
C:\Windows\system32\NETSTAT.EXEnetstat -an3⤵
- Gathers network information
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\ipconfig.exeipconfig /displaydns3⤵
- Gathers network information
-
C:\Windows\system32\sc.exesc query type= service state= all3⤵
- Launches sc.exe
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\pp.anarh.txt1⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\NiptuneRAT\NiptuneRAT.exe_Url_2virb1mjsp4und03eye3evhna3xsy40a\4.1.0.0\u04otmyy.newcfgFilesize
927B
MD567ae3b067855a1e16f01e16ee389c8f0
SHA13bef83c7922cda26497a45bbfe209e65b14234a0
SHA25607e9e4841eeace951264cf7b4cf5e8c6993fc923b851cb2360122fe7fec2ef0a
SHA512db73d3a4a9523db12264d1cf53e50d44589af8dc83bdbb041eff8977f6134666d1836014ebde472039036a13beabe6adee026712f385453ed654ae5ac504e699
-
C:\Users\Admin\AppData\Local\NiptuneRAT\NiptuneRAT.exe_Url_2virb1mjsp4und03eye3evhna3xsy40a\4.1.0.0\user.configFilesize
807B
MD577d636e08fe9de62cf19ad656409ccde
SHA1827de958d0c46346c9c581be646b8c3a61fab648
SHA2564155b94bb3ef65ff1f15d7f337f2ada62d474ec5ba7557562618e5206e83a558
SHA51260712d620a884d897457f56d4ecc758c9a753c31f58fcb9d814af58dbc2e105435c9a73f837b4146e2e8edb7834b83f51dcecaaf39cd6f69be59d7bb5c28b839
-
C:\Users\Admin\Desktop\$77NiptuneClient.exeFilesize
63KB
MD594ac7fdf09c22c9bfd33c451adfc1681
SHA17bb6e40d7d2492d09b281fcd64ec94aa47d75e96
SHA256f7446c1f2f1f0b7882ea06a028c77e17898cdd81b13ad6fd0b92c6d3377bbb9d
SHA512a532faabbe374c8ceb32d7fd8dc41b853c97e6a5831fbbb0dccfc46dbcc28ed9225959bc4bb2468379d53a0e8548ee592468e1c564f16e1a830205aafe1ca1c2
-
C:\Users\Admin\Desktop\NiptuneRAT-main\NiptuneRAT.exeFilesize
11.0MB
MD5e05e2846c2c4eb4c218634e28031122a
SHA1daac3911d4aace4b6fcd5c6d5a2adb9950eacfd4
SHA256178bda21d7735ee8bc2bfb74bc487055853a451ae741b1486fda96125be8e7c4
SHA512181df2727abdaafb985a84588adac451b0d0031912a556a29b3e9071368022ff8119197a16171eaf43e5dfd42e9cb45c1801373a39907d8689fce40d1cc7ce39
-
C:\Users\Admin\Desktop\NiptuneRAT-main\NiptuneRAT.exeFilesize
12.8MB
MD5c9b1ee4563ecf0789bab3fdc31c7c346
SHA1370173eb922e0d3d2f1d2393ef2dac604a6abcca
SHA256783ce12d604d80f75e89cb9b8da650fbd65890ba3ed6c4b1dde3045d0b713052
SHA512aa78e096bfb4a8cc5ce7b30ad7fd639f2f1106b0402da8ea0941f211d909a4a17cd41b272452d602583ba0083216c1e4ac485d869b9facdd71c78153e21dc208
-
C:\Users\Admin\Desktop\NiptuneRAT-main\NiptuneRAT.exe.configFilesize
517B
MD5465c8716dc52edeaf09f0c61fc988934
SHA19cab6cec5f46d7528323fa2ad7aa2fc1a72d689b
SHA2561c6051caeecdd3eeb78cad1b1efa60e56be4193d76f5718c73b8fdfcd61784c5
SHA5120b386615940f254d6a7dd5650fc7da6544beab97d821bab8fe915dcc257729919142bbd6680b06a19f57c8c79c2c04368413fc31a7efef8e9248209f81c1cf3c
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\0guo3zbo66fqoG.dllFilesize
78KB
MD5e4ebcf76ff80ef398d3ab77d577f4c08
SHA1cb9e6b30a63d50ae87610f6855b64abfb25691d2
SHA2569661b1abc9a3e95e591c49c3838a64a066a2ff3c6de08d8aa7b541c4a75cd8e5
SHA5128f37cedd987dd14181fdfa861b8a95271868dac21aa9df80bd6daa831ae20f4b4965c8be3e36f32aa220bd37ded11a7568ae237c9c9641bb4fc087f6fe104b01
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\59Zp7paEHDF7luJ.dllFilesize
1.5MB
MD56b24cb03ca441f81764f14412abe22c4
SHA137eefe413b01080c85f437e5845add5f9e3c2c10
SHA256057313c967420c8a6ef644a78109af3f681fb332f9e8ebb55e4a29efeb093afe
SHA5129ef792c0b90f6eb1a6ed23402fd19bcf7ddb48ec0b7a18eaf7d708e873a060b4698e3174400162f2436a0180ebac72400883dd5cebe246a8690a053a431877a7
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\Audio.dllFilesize
128KB
MD5cf863d12b476133d97f3827007f53fa1
SHA197478287ae4ad542671fce20b39ccc47c230b5d8
SHA2569e80ce9cd2c8d4b15a1f7326a0b6674f3da617f4704cf5a49bb99b7dceed1b5e
SHA5129ebfab2f4af63b69156aacbdd6e9f4ff581bb7c1cbf0d4d1f7faa35c838fcfbc77446ae3c735f8bb927c744ae81d9645b2c11c365ac49bb8732523520712ed5d
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\EVa7gBMKoaHmLC.dllFilesize
116KB
MD5ec4f4d4e9f133b53f5cab8a01193bdbc
SHA18a9539f232f1ee7437308af216c80efef434b3d7
SHA25663b132fb283869799d218b453ba8a032b5a2fea372a27871326536776fae9481
SHA512009967c45320248cbc5dab177f725c8b91e1f540e4651cfc59e25137f8c9933a84580f364057d1f6c11efd783b2bd782ecf7274ef6cf3a45252cf65ae339c6b3
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\FBSyChwp.dllFilesize
116KB
MD5841ff739bd70a4c6f61a43793feea007
SHA1ec73f4b50c2e36568bfb21b3f87cb8ca55ae5722
SHA256cda6e05e54f1da8511958683aa100eb4bc6bb749ad4699676755dda18c152d84
SHA512086c1ac156b380ce850dcbbbd3ca59477953f665dc592944d851e89aa17f846c94a1003b57f5c842cf3e5536523828b407ee2a0b170f01605d7d72eb5c7db2f8
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\G3nl0mDcABnDuZ.dllFilesize
128KB
MD57884b35cfe1ba24ad7e4cd78f48a1a09
SHA186cf35919ead978c5fe817d6c4f2e18bb32727fb
SHA256ed4562e5b6527f2ebb2318f83f31a3af4dbe06dbf8e764ebf5706b0790346b88
SHA51230a57bc171ec76c7295766df01f8970ff98dbb3a13a5c52a1e75329fb45b69b7fa8c199da0cb6648258b90c48c3341c3bde73088e773f5037f3de323192bcf8f
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\K8oCBS3ThnW0WP.dllFilesize
128KB
MD5081ea64eb8b4f333014276d59fdec0b4
SHA10791627bb38d6818ceb2bf419f19376aef14e494
SHA256b5022706fec021abf416d4b4f806485a2915f3a47b71e73241ef73e7845b21f9
SHA512b5b9e2c1927313919de6ddc8cc5ddc3438846be8817e022f964ec52612f6ad5301a83c88888fffa1cdabc9a29f42431a4c84668987edb32b4bd6587d64dedd54
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\KNTmoSnG.AnarHs.dllFilesize
373KB
MD51681e0f3311751361030ff30a957a1ed
SHA18f3b55e130af507549817fda37474a1391e6b8f2
SHA256234724f14dbb999853aeb872d7e6c3ed0b3de5b105009b5c66131a2af8d0dbb4
SHA51260690b2c1e2816a640f5763f9c20de9a39cb9735ea4a3f0bf4f477d3e184f8791e556313a7523c70ed2fb9182d520842bce70057cedd5cb89b923fd6f9067dd1
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\PK0TcnqTGFagQTS.dllFilesize
174KB
MD5fa90a2aee0d172000257c4faca31237c
SHA1b317281b4acaaf1d7b7255c5e92887322abae892
SHA256991fc53fa1aa7b5cd0b6e19dab536873d68e4413fd55b533601a3a2582d38a49
SHA512b05c0b52e011089258ad31dd23a1f8a0cc8145b202e42e2a9d4fdf892c12d4a7b5843cc7721041295ab796e8bc98747b9e321c4e54bfd1a7c9a02dd2796fc405
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\Recovery.dllFilesize
309KB
MD508131d6801c109f0764a4fe690aba8ef
SHA1e732af02326483700eda52ff40dc70cff6b7afcb
SHA256bc3a9390c043f8002e356ad34b2b11d3486682d0c275ab6729bb4a312e324f51
SHA512228ab0aa0ddfdb0c099f1db5112304d776cb97ab2dab376d38023e446cb2aec30d9585eba444818f3241ffbc28565a1aef11f97b5b42bf57037de8e4a8536e2a
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\RssCnLKcGRxj.dllFilesize
181KB
MD5f6808c4fbbe0275db03b2cc5b4c2bc0d
SHA1e40b61c64c68f72fc5144f5057d54229babdecf8
SHA256e204d15f0e7269d364157aaab265a5dfbe7e76c9f6202bf90998f0edd77ca248
SHA512f077c49f6943d0e40799b3b42d1e11f50dabca48305c36ef2acd3258c990e0e0f982fbb0c27b1243aa15d2ed7b398b70f07dddc9ba76ff032ba74a24c8e08fb4
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\mML6WKMqdxjDGA.dllFilesize
173KB
MD5e03b206eec8a7efbd1a47909071226e5
SHA121163989ea524920e874bc7932adfcd5e94f854e
SHA256778877431354a9584325dadb663be077f757227eaae8bcad33e4bf26efd6b965
SHA512831ed74419f1b4c3250fbff20be16ed7058a851d7168a17e8a4dcf284a19412feee42a8c198af34b37571de33a80c48ac855f5d018ea9e2cfdcd846b832155ff
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\maSN8TBMgUEC.dllFilesize
570KB
MD5d5a278acdafa0c8b4380efb7d83e053e
SHA1376218e3aa607a3b82be55cfa718826991953654
SHA256d93d72c6e929bd9cea468458e6c0558908a92f0ecd11f4f4db0f49acfe9d4fc5
SHA512138def485e02fdcf1809f0d8162fdd2a50575f3cab56968fbc6d09d0c1e9fe6803860315e45c1a7e0eff75958988ed6b08735fa680fa66527630c6789a23a00b
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Plugins\oYsKwDG.dllFilesize
4.0MB
MD519f8d8099cc9b7b6a68e7efebc44ac18
SHA15a5cca2ad1168252d79ef7c0ffda58726de7f79c
SHA2569157a6021901939611c80c4246dbec6007200b2f2457d348ce8834bef9872535
SHA5126bb58b3157feb010555382c5b5b5d0ee982af324f1d88512ea5d5b984b949995d7387a9496388cb7b9589007ae9ec651e5f8219085517d82eef093e4ebb7ecbc
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Stub\Stub.exeFilesize
59KB
MD50da861f192f8e722505826c141c05a40
SHA14d717f9d2a64caf68374ed1e246cf38dd208227b
SHA2564c6a73271e3a0794bff16fa39b45771e9e39b873e12fdc7031e03fbda238667b
SHA5127b61ac15ba95e0b8a9ebac2f33e7137083b18204de503e7a2946af65e9d5b6ad9e826a27770e10862dc825f3e20e8bd72463593528a623c4603f9628f8c27280
-
C:\Users\Admin\Desktop\NiptuneRAT-main\Usrs.p12Filesize
1KB
MD5e22a0515af0220bc5c4497f85e518e24
SHA12702b7cf46f8ae5ed920469b169c03b07a5d14e7
SHA2564512413f9478d03074b4bea5deaff1681ec28c74839c16f3cf7d56b0418a8f92
SHA512cbee300346822a3cd9da43985143258085513bf4515287974f9def05c047477f313648f4017118167f30f1eb241b5c490a11128f98352f96b24f0d2e62840d92
-
C:\Users\Admin\Desktop\pp.anarh.txtFilesize
993B
MD59be9355dfef9f635bef4a94e4c040209
SHA1b69a9fccf3391e898dbf8755ef71f7fc52e15880
SHA2569017a399259db69ba7e4a84f38843ca91df676a0b44ecec5ef884f83ed5fd44f
SHA512ad8dd6525d98214eb92c825bff6a197a7fe8bdda37f7b608725b4dc14780570104a0a2726ab971358b9b0ac40b8499b852b96d60a3aded254487d1c3f369b410
-
\??\PIPE\lsarpcMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3012-175-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3012-170-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3012-190-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3012-189-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3012-163-0x00007FFAE7E50000-0x00007FFAE8912000-memory.dmpFilesize
10.8MB
-
memory/3012-262-0x000002224C6E0000-0x000002224C7E0000-memory.dmpFilesize
1024KB
-
memory/3012-228-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3012-164-0x0000022223CD0000-0x00000222255FA000-memory.dmpFilesize
25.2MB
-
memory/3012-230-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3012-251-0x000002224C6E0000-0x000002224C7E0000-memory.dmpFilesize
1024KB
-
memory/3012-233-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3012-188-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3012-178-0x000002224ABD0000-0x000002224AE50000-memory.dmpFilesize
2.5MB
-
memory/3012-177-0x000002224ABB0000-0x000002224ABC2000-memory.dmpFilesize
72KB
-
memory/3012-176-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3012-174-0x00007FFAE7E50000-0x00007FFAE8912000-memory.dmpFilesize
10.8MB
-
memory/3012-173-0x000002224A820000-0x000002224A82A000-memory.dmpFilesize
40KB
-
memory/3012-172-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3012-171-0x0000022249C10000-0x000002224A1F8000-memory.dmpFilesize
5.9MB
-
memory/3012-191-0x000002224D260000-0x000002224D37E000-memory.dmpFilesize
1.1MB
-
memory/3012-169-0x0000022240910000-0x0000022240924000-memory.dmpFilesize
80KB
-
memory/3012-168-0x0000022240780000-0x00000222408CE000-memory.dmpFilesize
1.3MB
-
memory/3012-167-0x0000022240200000-0x00000222403F4000-memory.dmpFilesize
2.0MB
-
memory/3012-166-0x000002223FB90000-0x000002223FDE2000-memory.dmpFilesize
2.3MB
-
memory/3012-165-0x00000222274A0000-0x00000222274B0000-memory.dmpFilesize
64KB
-
memory/3356-254-0x000000001B2B0000-0x000000001B2C0000-memory.dmpFilesize
64KB
-
memory/3356-248-0x000000001D0C0000-0x000000001D136000-memory.dmpFilesize
472KB
-
memory/3356-250-0x000000001B200000-0x000000001B21E000-memory.dmpFilesize
120KB
-
memory/3356-231-0x00007FFB09280000-0x00007FFB09489000-memory.dmpFilesize
2.0MB
-
memory/3356-252-0x00007FFAE7E50000-0x00007FFAE8912000-memory.dmpFilesize
10.8MB
-
memory/3356-253-0x000000001B240000-0x000000001B272000-memory.dmpFilesize
200KB
-
memory/3356-249-0x00000000026C0000-0x00000000026F4000-memory.dmpFilesize
208KB
-
memory/3356-255-0x000000001B2B0000-0x000000001B2C0000-memory.dmpFilesize
64KB
-
memory/3356-229-0x000000001B2B0000-0x000000001B2C0000-memory.dmpFilesize
64KB
-
memory/3356-258-0x000000001D240000-0x000000001D270000-memory.dmpFilesize
192KB
-
memory/3356-256-0x00007FFB09280000-0x00007FFB09489000-memory.dmpFilesize
2.0MB
-
memory/3356-227-0x00007FFAE7E50000-0x00007FFAE8912000-memory.dmpFilesize
10.8MB
-
memory/3356-263-0x000000001B2B0000-0x000000001B2C0000-memory.dmpFilesize
64KB
-
memory/3356-226-0x0000000000500000-0x0000000000516000-memory.dmpFilesize
88KB