Analysis
-
max time kernel
638s -
max time network
458s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
15-06-2024 04:28
Static task
static1
Behavioral task
behavioral1
Sample
You-are-an-idiot.zip
Resource
win11-20240508-en
Behavioral task
behavioral2
Sample
Flash.swf
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
Google Chrome.exe
Resource
win11-20240611-en
General
-
Target
Google Chrome.exe
-
Size
26KB
-
MD5
403939b2425a7df005f44befea8def6f
-
SHA1
7421540a7f9c1fe3062e3e8f074452f1fd252654
-
SHA256
a59d6df0ae2c12f5d0249c1f7f8b66db170252de8406124bea2311802d6a27a0
-
SHA512
7f87cb3ba2635fe372345f066d47df187b499856d756b2a6172cae0a0847afcecad9afede9d3a7f0bdede2f19b960b55bec0727aa5ecc5a9daa2d10964386414
-
SSDEEP
768:fKH2QbtBI9n7tANtj0ciJV554H40ycNVV3CWE:Z8BI95ANt4HRCYFyVV3Y
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628994259649328" chrome.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
vlc.exepid process 2588 vlc.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 2404 chrome.exe 2404 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid process 2588 vlc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
chrome.exepid process 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe -
Suspicious use of AdjustPrivilegeToken 20 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe Token: SeShutdownPrivilege 2404 chrome.exe Token: SeCreatePagefilePrivilege 2404 chrome.exe -
Suspicious use of FindShellTrayWindow 30 IoCs
Processes:
chrome.exevlc.exepid process 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2588 vlc.exe 2588 vlc.exe 2588 vlc.exe -
Suspicious use of SendNotifyMessage 14 IoCs
Processes:
chrome.exevlc.exepid process 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2404 chrome.exe 2588 vlc.exe 2588 vlc.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
Google Chrome.exevlc.exepid process 540 Google Chrome.exe 540 Google Chrome.exe 2588 vlc.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2404 wrote to memory of 3440 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3440 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 3004 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 4836 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 4836 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe PID 2404 wrote to memory of 1484 2404 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Google Chrome.exe"C:\Users\Admin\AppData\Local\Temp\Google Chrome.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe2567ab58,0x7ffe2567ab68,0x7ffe2567ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1840,i,12282038206625048111,11779349531199007023,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\a5adfb2cdf69445b87180c8365a03079 /t 3736 /p 5401⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ExitClear.avi"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5450e4645332948483aed0d9877498299
SHA14e354d2605d3b064cd86aca1f858972a53916029
SHA25688ee45f24e79d6a581d524f0ef7011a1f92b62c98f9b8c23fec58b13bcf33497
SHA512ccc045125d72b659fece31467faa467c83254e5b2c9e318744f273d7de9af28df849f3fac8fb7a845d874c2df1f8830c04fdd31c8033ce26c1375c11e3921179
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD5a777d1a08f97000678858ebc12b0349b
SHA1da9178e4c7e3c1d556160a58c43b385cdf3259b6
SHA256378eba509c9b71bf4fbf317a8b77f4c0c284403952b3bb3ea5a0ca7f6e59dbb3
SHA512bf8dc8a9912cfcf367d7df1b934763e7dc26fe2cdc2f3e82c44f7e74f6ef8c6d8f555b6e172ae30d77842bd59480a0a52a5f45cb53b361024968192872e3e56d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD50cb74cd173f1b9abdb442a8275640ab0
SHA133b5fcbaee0e11f730b4136fe828459406d635f0
SHA2564b5e171579693ef37edfbd8042d41eaf4881bd60b2fabdf071fa21ffbbaf4c92
SHA512460a985ec0ffa84ac5b363c5d1d6e3b365cc71e0498da84393b669491a4077b60c245146d27480ba40d3163c384a4997b9352c0bf99c8e1974179ff28964eed3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD52ba64da670b788c68129761bc7424793
SHA17fbbc464035c07a2ef8acc6b9669f452df5867e3
SHA256af740f3a5953401031ec4b540b410a85055e3b31ca199295af13f6aaa2d4d4e2
SHA51285ea1960c48684f55428166aa523b3d145b91fb64d7c84587a8b73bc5796fa35d6ccf166153bf00aedc6efab445cbe3656f65ffd65e4dc639cae2b1490865a80
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
276KB
MD58542b309aeb4d7f8ee9e78d27ab04ae3
SHA12a4c263d54d4b45b80742703ebb1275c6894eaee
SHA256ae02b21d73e72a7b762b69ebc6f03f50b0114b7d74e698e1e700b2b760c964df
SHA512adff032ecb1215afc8209be97ac8db9c2024c5a0f93121b9b69e1521e6ea1c3d328cc6145ce0bf38bd2ced85a5f3ebb727247a96f49cbabadd798057ecf7b719
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
276KB
MD5edc44412e118c22d294ac40870c6cb5f
SHA1b2dce0ee930ff09adc7e37fc9996ceaa785a4255
SHA256552e5033af2a2adb89403ac7e7394cf4b286245224340a1b98caa1fdbe6f38d9
SHA5123b62e118463ccabc83afb3c6fc7c2b5bb6a22292a72bae2fb0b18f7cb06c193a66f5cba1202e0099a4a82f4f2ea60cda142710b298be842a9d0c6dc55f534e0f
-
\??\pipe\crashpad_2404_PCQSEIWKUAFRNLIKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/540-4-0x00007FFE390E0000-0x00007FFE392E9000-memory.dmpFilesize
2.0MB
-
memory/540-45-0x00007FFE390E0000-0x00007FFE392E9000-memory.dmpFilesize
2.0MB
-
memory/540-5-0x0000000004BC0000-0x0000000004BCA000-memory.dmpFilesize
40KB
-
memory/540-0-0x00007FFE390E0000-0x00007FFE392E9000-memory.dmpFilesize
2.0MB
-
memory/540-3-0x0000000004B00000-0x0000000004B92000-memory.dmpFilesize
584KB
-
memory/540-2-0x00000000051E0000-0x0000000005786000-memory.dmpFilesize
5.6MB
-
memory/540-1-0x0000000000060000-0x000000000006C000-memory.dmpFilesize
48KB
-
memory/540-159-0x00007FFE390E0000-0x00007FFE392E9000-memory.dmpFilesize
2.0MB
-
memory/540-160-0x00007FFE390E0000-0x00007FFE392E9000-memory.dmpFilesize
2.0MB
-
memory/540-161-0x00007FFE390E0000-0x00007FFE392E9000-memory.dmpFilesize
2.0MB
-
memory/2588-172-0x00007FFE178E0000-0x00007FFE17AEB000-memory.dmpFilesize
2.0MB
-
memory/2588-184-0x00007FFE1E960000-0x00007FFE1E9C7000-memory.dmpFilesize
412KB
-
memory/2588-164-0x00007FFE184E0000-0x00007FFE18796000-memory.dmpFilesize
2.7MB
-
memory/2588-162-0x00007FF654B80000-0x00007FF654C78000-memory.dmpFilesize
992KB
-
memory/2588-173-0x00007FFE25710000-0x00007FFE25751000-memory.dmpFilesize
260KB
-
memory/2588-171-0x00007FFE293A0000-0x00007FFE293B1000-memory.dmpFilesize
68KB
-
memory/2588-170-0x00007FFE298D0000-0x00007FFE298ED000-memory.dmpFilesize
116KB
-
memory/2588-169-0x00007FFE299C0000-0x00007FFE299D1000-memory.dmpFilesize
68KB
-
memory/2588-175-0x00007FFE1FC30000-0x00007FFE1FC51000-memory.dmpFilesize
132KB
-
memory/2588-187-0x00007FFE17800000-0x00007FFE17857000-memory.dmpFilesize
348KB
-
memory/2588-188-0x00007FFE173D0000-0x00007FFE1758A000-memory.dmpFilesize
1.7MB
-
memory/2588-186-0x00007FFE1E940000-0x00007FFE1E951000-memory.dmpFilesize
68KB
-
memory/2588-185-0x00007FFE17860000-0x00007FFE178DC000-memory.dmpFilesize
496KB
-
memory/2588-163-0x00007FFE29A40000-0x00007FFE29A74000-memory.dmpFilesize
208KB
-
memory/2588-183-0x00007FFE1E9D0000-0x00007FFE1EA00000-memory.dmpFilesize
192KB
-
memory/2588-182-0x00007FFE1EA60000-0x00007FFE1EA78000-memory.dmpFilesize
96KB
-
memory/2588-181-0x00007FFE1EA80000-0x00007FFE1EA91000-memory.dmpFilesize
68KB
-
memory/2588-180-0x00007FFE1FBF0000-0x00007FFE1FC0B000-memory.dmpFilesize
108KB
-
memory/2588-179-0x00007FFE1FC10000-0x00007FFE1FC21000-memory.dmpFilesize
68KB
-
memory/2588-178-0x00007FFE253E0000-0x00007FFE253F1000-memory.dmpFilesize
68KB
-
memory/2588-177-0x00007FFE256F0000-0x00007FFE25701000-memory.dmpFilesize
68KB
-
memory/2588-176-0x00007FFE28B40000-0x00007FFE28B58000-memory.dmpFilesize
96KB
-
memory/2588-166-0x00007FFE2D270000-0x00007FFE2D287000-memory.dmpFilesize
92KB
-
memory/2588-165-0x00007FFE2D7C0000-0x00007FFE2D7D8000-memory.dmpFilesize
96KB
-
memory/2588-168-0x00007FFE2A280000-0x00007FFE2A297000-memory.dmpFilesize
92KB
-
memory/2588-167-0x00007FFE2A5A0000-0x00007FFE2A5B1000-memory.dmpFilesize
68KB
-
memory/2588-174-0x000001E0B1880000-0x000001E0B2930000-memory.dmpFilesize
16.7MB
-
memory/2588-201-0x000001E0B1880000-0x000001E0B2930000-memory.dmpFilesize
16.7MB