Analysis
-
max time kernel
122s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
17-06-2024 18:26
General
-
Target
a5faf4e08934c3e4dd4bc630084f0a6839bc4d454ea369b47ec955c2f62f8f16.exe
-
Size
707KB
-
MD5
a0c14900b386365888755c6d66268f9e
-
SHA1
9751d2dc253c517b49cef93057e7ddcf94bb97f2
-
SHA256
a5faf4e08934c3e4dd4bc630084f0a6839bc4d454ea369b47ec955c2f62f8f16
-
SHA512
3a30f306faf898ed912563172da4d2d305a9fa50664e5d444ed003383c7e8b253fc12219fffaa8a42683e1e571c32d2335abdb3785d69eee327f9d9893c0c723
-
SSDEEP
12288:fJFZqYMOaQ0q9nV/zsnK23KHVI6nodVdyMLiqyVcxwtVxgpMiuzOT/FS799xw:hFZqhOBnVyK23C6OoYMLiVcKtVx4Miue
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Signatures
-
Modifies firewall policy service 2 TTPs 3 IoCs
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass 3 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 6 IoCs
-
UPX packed file 38 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification 2 TTPs 7 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 44 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in Program Files directory 12 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 34 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 25 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 1 IoCs
Processes
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\a5faf4e08934c3e4dd4bc630084f0a6839bc4d454ea369b47ec955c2f62f8f16.exe"C:\Users\Admin\AppData\Local\Temp\a5faf4e08934c3e4dd4bc630084f0a6839bc4d454ea369b47ec955c2f62f8f16.exe"2⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Drops autorun.inf file
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:88/3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff834a946f8,0x7ff834a94708,0x7ff834a947184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7762788072860145193,5837598854964976210,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:24⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
5Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Pre-OS Boot
1Bootkit
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5767e602f459cb637c2dae2f28b5a02c3
SHA100f0c0737548b861a8d72cb0a2da9a110e2b1e4c
SHA256ba1797f68e08e8404bbd5044141c93ef680de52ab3f8653464897da6ba69f3f7
SHA51234b1121f4f3317b5c2c2e822ae39847301e00dce4548b1a3bf57da82e116e962cfa5615f5c5ae836773783bdad72d63b3f17abecf5d0ed623d85bc297ed3d86b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD53ab103af1940c4313b3f57ceb197ff41
SHA1fbb813ca094065e0940793a03531846e0808f7d3
SHA2561788f93df32541724cadfe7c9ff01c0c732610e577b63ae285d7821a445c21d9
SHA512c1ec06f87551a110e728ec652599fe0c49459a4855e2e13b3846b0aae1cb1070346e40d2afe2c576f606adf3bcb7fff34e8f8e49f062b33354ac3f7640f410d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e890198c-c203-4e7f-8cc8-86f4fe914e28.tmpFilesize
6KB
MD54d6549b962e67289155e4120cc1c737b
SHA16dba3bcf45bb429a8659f3525b023af3057b1f4a
SHA256699adbfbd81e2fdc588c5497bce0f9fd3a3acb4dc5cb2d48805449cf620f5c75
SHA5125b60341bebb1f1ca520d738e3492f00fa338e641ba5d1326fa8852b213780a2a56278005108b89a3ba5d66b46cb01da360c3b548401d1aea0b67b260486cf02e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5c98340f744c0d2f04c70996b47cd9383
SHA1e1d9770f47cf8fe1275ff3bd412cb9da1fb9df56
SHA25641b513650c629fc7bc2ba1fade89298e1ea9e9e97e9a0a115a4e148b9cbdb457
SHA512952750cd150bb5b3033c6ad378b39cd927759c3658a37c8db6fb68719de908510bfa866722a6e54778c8469805d0deb9b1cf44e59d0d5d9579792d824772b48d
-
C:\bihjee.pifFilesize
96KB
MD5a4fe05352ee415e8a5374f02688e50af
SHA1108bbc55a413ee19c78b67623037f579d7369aa9
SHA2566169302996c7c039915efd76671f71c81c261a60d9145b24cb2d47db28bbf274
SHA51233e663ad4a6e3d5d3ce6db4f2ca1f8192eef5536151319c3347380a285b89123537d52f2f3352456a3da6e4f738cbaba79f7de06ebfc45fd06f9f0feb55217b1
-
\??\pipe\LOCAL\crashpad_1456_ZTNEVWUHLSNJNENWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2392-51-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-82-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-13-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-8-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-5-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-6-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-10-0x0000000004210000-0x0000000004211000-memory.dmpFilesize
4KB
-
memory/2392-9-0x0000000003850000-0x0000000003852000-memory.dmpFilesize
8KB
-
memory/2392-3-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-19-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-20-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-21-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-22-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-23-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-25-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-36-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-15-0x0000000003850000-0x0000000003852000-memory.dmpFilesize
8KB
-
memory/2392-53-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-54-0x0000000000400000-0x00000000005A9000-memory.dmpFilesize
1.7MB
-
memory/2392-11-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-55-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-77-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-79-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-14-0x0000000003850000-0x0000000003852000-memory.dmpFilesize
8KB
-
memory/2392-88-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-90-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-91-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-12-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-7-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-110-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-109-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-111-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-113-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-120-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-122-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-124-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-126-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-128-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-131-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-134-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-135-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-136-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-1-0x0000000002430000-0x00000000034BE000-memory.dmpFilesize
16.6MB
-
memory/2392-157-0x0000000003850000-0x0000000003852000-memory.dmpFilesize
8KB
-
memory/2392-0-0x0000000000400000-0x00000000005A9000-memory.dmpFilesize
1.7MB