Analysis
-
max time kernel
265s -
max time network
263s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
04-06-2024 11:31
General
-
Target
https://ki.tc/file/instrumentality.headcount.receptacles
Malware Config
Signatures
-
Obfuscated with Agile.Net obfuscator 3 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ki.tc/file/instrumentality.headcount.receptacles1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd156bab58,0x7ffd156bab68,0x7ffd156bab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2124 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4936 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5048 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2336 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5304 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3096 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:82⤵
- NTFS ADS
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5912 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5700 --field-trial-handle=1776,i,12307878770032481768,6844864932762556467,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Flash Counterfeit Bitcoin [FCB] Mode 10.E (1)\Flash Counterfeit Bitcoin [FCB] Mode 10.E\Flash Counterfeit Bitcoin [FCB] Mode 10.E.exe"C:\Users\Admin\Downloads\Flash Counterfeit Bitcoin [FCB] Mode 10.E (1)\Flash Counterfeit Bitcoin [FCB] Mode 10.E\Flash Counterfeit Bitcoin [FCB] Mode 10.E.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 13122⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 1728 -ip 17281⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"1⤵
-
C:\Users\Admin\Downloads\Flash Counterfeit Bitcoin [FCB] Mode 10.E (1)\Flash Counterfeit Bitcoin [FCB] Mode 10.E\Flash Counterfeit Bitcoin [FCB] Mode 10.E.exe"C:\Users\Admin\Downloads\Flash Counterfeit Bitcoin [FCB] Mode 10.E (1)\Flash Counterfeit Bitcoin [FCB] Mode 10.E\Flash Counterfeit Bitcoin [FCB] Mode 10.E.exe"2⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5c7f2aa2317235afee3d2c9b768731efb
SHA1a575c3595ef797cd1db938980f9c213d05049e32
SHA256de7832c923d715e8962cd95d7b8eb577ba893380a5b81933795563d9c8a95278
SHA512d47c13a5342c05d6afeef21d48d30668b3a24bdb6085c2932e30ef0004172eda8a4d1ed34817245ef88c1ded13adbb52ab31e6c74c477107e2e182556a1ba35e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
312B
MD5e321f903e0e8f6ce3ddeb04c4c169700
SHA1789dbbf63809100280adc2343a83663214e8d6c4
SHA2565543821053263b8e4993c79536422cc0311e297ab60831de8b3075182ecc3781
SHA51276dedeb824a87fe6c8606c6bbdaeeabcdb4842e822d6709787a16c6e91a23842c46e1452528f9afabfad0e92a5a2278622731e0ebf498be6f03aa13fa83d4495
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD590c73ab8ccf61364cc0ffe153070292a
SHA12030443081a51d2167cc4a39678a9775fdb6a524
SHA256c5ac2e2d30b3ac90ae0ccfc7060bd436663435c83215372d9961a2eb487a0d19
SHA51290e1073d5d43e70e4e56fb4e19e5f47ef6a2ca7625140ed548fbabeaa2243c5d4f31b93369bd95e73488095e71c91b3c5a86a58a34514622683136f60575fd9e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5416eb222b6f1bc534fcd740ffbceffb1
SHA13c1551364ed378a89be9c8ee20c871ac09bfadc7
SHA25646c16c97c8a04e8f0788986743600d87bdd9dd29db8711190509a124f20da6a7
SHA51209564bf43d5f7dbd64638f06f3956c7315bfbfe292bf2e03188884bbd1ae15ccdd860a3044a24ac93781ee06b158951830b8cfccb7ae833f0316cd9550dd3842
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
859B
MD55f24d5b182a587076b28b7515d73a9cf
SHA18bf4ba3f4d343b0e72d6304b78835ae8ded50cec
SHA256d4ff8cb219365b060499139d18391d8e6b80f54a7a1851e97d031387ff27b853
SHA5123d3b5d1f4fe3a9ad87e374300403b5f69a0bc7071462d2dc65482fc574646142c0438e925e6eb44c0b77aeca44cb7cabf56e9b10bb0735e2a38ef37854531653
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
859B
MD5842d89f00364e0d5abf69f055e71c217
SHA14e34855ad5de0f8c864cdc96f20a471627416115
SHA256f3545f3066d8d295d0c2c4fa9966f0d623937eb40d9c4278548057a847987748
SHA51244c8c0689ec4f2ff3ff3c7d31bd8abeecd58df92d802fcc2c7e9a0dd98e2d4445778232e51066a4deb98bee2bf7377d31e0e6f956f371cff3b4a99a45540dc5f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD52663a06cda6d7830b93bd6cf9bbfc7c2
SHA1b33da23d356537faf2068a989980442a142bcbdf
SHA25675506bf8480024d3ecdb48139165b9f0003c4553c25bcf145dd4d0cd74eb2f98
SHA51206954c63cd8d32ac3e494fc2d11be6c55d000622861e2822dd7df2ea515e7bea215fd899ca6ae47a8606b9556309d9a8ff40af13d3fc1384fef0fd059a2211b3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD56963a68ef81f154f5cd44578c1a200ee
SHA1b314c80b1921a2c584412ff20876334c01f3ee38
SHA25665823a8a926b6f07b66e6cec149864d5a1e0ac0bc6e65d2165089ab37950dd46
SHA512b15f65d7ee62f0852788ec0f3891ea7c4fdf3a201902f20a99d8a1f6a425af552769831c132fe9dfb37873330726cd92efd012b909465c2cdfc06cce0a207af8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5d7d349112993b1b05eb0453d073ee7e7
SHA1d805a1610b2af5ff89b1c4abf93a1a9db934b61a
SHA256654fb31e2188639f2456f1e57989692357c098c1287b402efdd38fe91224c8d6
SHA512723d7bfd41aabf4d54c6078fdbf7b6ada478bc198eb225da3de02695eac4a68b6f979553b7b55ebb4ae4df454017eac36025a937d58bc5fcdf01097afa1dfd4f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5d9485bb775636dca79acd66cd2e17c6e
SHA15331b305ce5d77a6c0b11945ec4b210b4bc66086
SHA256e0da6020e5f46f460d28a137d6ad538e0a5d13b4eddcde7a74a513e3e264dfca
SHA512153b39cd5ffd9244fa5565e7d3a53cce3b0e78a5775641d3760f4fdb0856d06717bc9758dc9aac4cc27fc5143263fdaa20fffec9f1f610ce64927a06563a2852
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
129KB
MD5944160ddc3bcc8c07032e99dd5008793
SHA19c95d426b641586d5c9f399e714a564907d26c34
SHA2560f591436283d653aa9d4422f375785c99c3accfaba672b677496ffc7f37c9823
SHA512ed49cf461709dd574b0c47d91eb2fea533ccbae5c0a19b3e11eb9c84900b705a61c5380e8ec1b606b7e128a16061ed346dba66329dbb6c23d0ef4c3e8f27de41
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
129KB
MD50e99bac06a70f1a3ff6605c445f41c3e
SHA1dc7b53aeed4e03c8e2507dbc56f19b12a9a8d4d9
SHA256ae8b7781afcc96fcc169f9bd5429f3a45664f66b8ae1a55ab2f04d4df81fba44
SHA5128fa72f169576d9d329ef78cd030d58bd2fbf997ba21b2c989aa9cb69877fe4a83ec7ca04c37ca87917bcef268d32ed67b379f7be51179b17c205bbd07f1eaddc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
129KB
MD539ecdfeb7d2060231460b604d8842fa3
SHA1872a44b9276c25f0ef8aef4864698b3a308cbe02
SHA256857000b22e9a3a3f9892fc5e24038c352518dd00243895652a366d144bc968ac
SHA512619b5c091f49b841a631cbd1e7e3d93368091c98536635a5d1112cd1e690c96d2bd1fde758dea7288a224a8f54535b2bd8b5f743d0b7a0c45d5fb2cfa6cfae95
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.dbFilesize
14KB
MD59eebad8c5d8690401b28dea08d0c9dd1
SHA1f47fb51fc8df77dd347be5d0111fe3399f4597d5
SHA256509818f6c3545a020fb0a7f79ef575bea2030ba63c7f0e1af6ebc47224a41eb7
SHA512209e92788e48cb2ba4fc1213a7070cfa92b5255e412fdaf8185b18fdcebf848cfcc4acf1379494e1b21e17e6759bc7f65c39be16d1d79e51a1bba23970936e7e
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
10KB
MD5a71ab244d565671f741686cb2c5ed11b
SHA1b6e766a85f1f878d512f752df2dd4873971755e2
SHA25606a5716962f3b50a8aa3acd30e33d6c75664465c3d795196ad6dce5e33a80faa
SHA5120826c8e52b0f5dbcbda745f06390fd59ce9eee8e0e845cdb007f4a97b19065f2544ca63226b34d361adf9e1cf26644672abfe5dcfd75651cd2aeb1ae27f16f84
-
C:\Users\Admin\Downloads\Flash Counterfeit Bitcoin [FCB] Mode 10.E (1).zip:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
\??\pipe\crashpad_3716_JGVYPKWCKIWWYSREMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1728-231-0x0000000013660000-0x0000000013776000-memory.dmpFilesize
1.1MB
-
memory/1728-233-0x0000000075190000-0x0000000075941000-memory.dmpFilesize
7.7MB
-
memory/1728-224-0x0000000010290000-0x0000000010322000-memory.dmpFilesize
584KB
-
memory/1728-225-0x0000000010160000-0x000000001016A000-memory.dmpFilesize
40KB
-
memory/1728-226-0x0000000010330000-0x0000000010386000-memory.dmpFilesize
344KB
-
memory/1728-227-0x0000000010390000-0x00000000103BA000-memory.dmpFilesize
168KB
-
memory/1728-228-0x0000000010410000-0x000000001046A000-memory.dmpFilesize
360KB
-
memory/1728-229-0x0000000075190000-0x0000000075941000-memory.dmpFilesize
7.7MB
-
memory/1728-230-0x00000000130C0000-0x000000001320A000-memory.dmpFilesize
1.3MB
-
memory/1728-222-0x00000000101F0000-0x000000001028C000-memory.dmpFilesize
624KB
-
memory/1728-232-0x0000000013780000-0x00000000137B0000-memory.dmpFilesize
192KB
-
memory/1728-223-0x0000000010840000-0x0000000010DE6000-memory.dmpFilesize
5.6MB
-
memory/1728-221-0x0000000000CF0000-0x0000000001CF0000-memory.dmpFilesize
16.0MB
-
memory/1728-220-0x000000007519E000-0x000000007519F000-memory.dmpFilesize
4KB
-
memory/4868-242-0x0000027729820000-0x0000027729821000-memory.dmpFilesize
4KB
-
memory/4868-241-0x0000027729820000-0x0000027729821000-memory.dmpFilesize
4KB
-
memory/4868-247-0x0000027729820000-0x0000027729821000-memory.dmpFilesize
4KB
-
memory/4868-252-0x0000027729820000-0x0000027729821000-memory.dmpFilesize
4KB
-
memory/4868-251-0x0000027729820000-0x0000027729821000-memory.dmpFilesize
4KB
-
memory/4868-250-0x0000027729820000-0x0000027729821000-memory.dmpFilesize
4KB
-
memory/4868-249-0x0000027729820000-0x0000027729821000-memory.dmpFilesize
4KB
-
memory/4868-248-0x0000027729820000-0x0000027729821000-memory.dmpFilesize
4KB
-
memory/4868-246-0x0000027729820000-0x0000027729821000-memory.dmpFilesize
4KB
-
memory/4868-240-0x0000027729820000-0x0000027729821000-memory.dmpFilesize
4KB