Resubmissions
05-07-2024 16:54
240705-vesbwavapf 1005-07-2024 16:49
240705-vb469ssamr 704-07-2024 16:17
240704-trmrgs1eja 1004-07-2024 16:14
240704-tpl26syfqj 704-07-2024 16:11
240704-tmx2na1dne 10Analysis
-
max time kernel
90s -
max time network
81s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05-07-2024 16:49
General
-
Target
https://gofile.io/d/SRT9tP
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 10 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/SRT9tP1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0d1746f8,0x7ffe0d174708,0x7ffe0d1747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5588 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3588 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8897040114890654631,8203074937072823072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Redline Crack\" -ad -an -ai#7zMap3744:88:7zEvent159911⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Redline Crack\Redline Crack\ReadMe.txt1⤵
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Loader\Kurome.Loader.exe"C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Loader\Kurome.Loader.exe"1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Host\Kurome.Host.exe"C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Host\Kurome.Host.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Panel\RedLine_20_2\Panel\Panel.exe"C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Panel\RedLine_20_2\Panel\Panel.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53c78617ec8f88da19254f9ff03312175
SHA1344e9fed9434d924d1c9f05351259cbc21e434d3
SHA2563cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed
SHA5125b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD509c7ae658385f6de986103443217840b
SHA1298d880503edce4413337c09d3525f27a2edcd28
SHA25691e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7
SHA5124e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD56ee405d1ae1268b0c60bceb368e84abc
SHA14d1f3fe4fa35abe4cbf46485554b5c6de59d5199
SHA2564d3fcb0413e85ee6f212946807db4bd21d4db243e1aac43a34e22a4fe349c5b1
SHA5129a7ec3c39cf4e82c25791ef66af0de4236a6efc90153de0a5fc78666efc3136fdf4af3c736e7f1875e893f9bc630912e6bdd0fc6a5cf9383b004acb227d27c36
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
317B
MD5afc6cddd7e64d81e52b729d09f227107
SHA1ad0d3740f4b66de83db8862911c07dc91928d2f6
SHA256b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0
SHA512844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55f5927b2c30b93913eeea4b349ec75b8
SHA17f443467594be2cdcd1f2421ea0dab315b9572ae
SHA256ad9de075981e450c9a1c670c63effde5a9dcef5a995ee83b32a9469e470c3053
SHA51237d0e70072105c49bb5ed0ae6ed04adf62823213ae7be799ad87c07738b07ebe3c735390188de9e7c0dd9a0899145befe97afc6c6982a94a60acc6b7798b1a31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c7b2e4b348c725752b0bf221a1175943
SHA16e0ac2c51eed44940bd5a9fb7453a7fd927bea2a
SHA2569c01fc256805c7966d07f026e3c62c701f0b895c5d9c44624ac9294ba05c6bfa
SHA5129805057442465dc3647cbf21dce24248b9987dd39c3c33f2968c855239890d5746d898f61e80de109cc3dd6b24c1a33f2cce9fdbd41236f2a2f76b957f321752
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ead01bb2088c65a461609ca4357be060
SHA1e2862a20c371ba8643002810dee056cd3511154d
SHA2567cf5ef15f5fe8d2ca859417931ebb095368e7cf6f4b0d7ef75eaa1af09ed3863
SHA51273ea293a1168bee22b32e1c0c53ecb4b386faac61183705316314fd53b386deb8a3e7887620844b13b774c0a3db19ae3fc692d3e273d0ffaa84530a8d8fb9528
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51bd249d02b23b7ebdc5adbe68dc224c3
SHA1df80820ca184ea154da2d9db332f3fcc011f093c
SHA256b3efac4490b2987318f3577bae62b1a4dc52fbcd892352fe939c0292694c5da0
SHA5125b29e6b7881cf1001b518d3a4328fc09d6453af5398ed26976e8d958fa4d098780354d83b1b549057be8d9417f3e820266631c684fd11f3656d3ffe77f86ba3c
-
C:\Users\Admin\Downloads\Redline Crack.rarFilesize
8.1MB
MD5074ab00a6884e6ae21bd0ec676484c84
SHA12ae50e1fe181a80467f5aaca6978857381599e15
SHA2564e33bacb99e5faef2d9d99dc712dd0b6b053414fafa29a83905e6ccb2afc2eb7
SHA51213bd0745f497749038e032de2735ffff2f879c1eed69a83416c785c1435a4cd3de4e239603b5085eb2ba910fba67a4d5fe1182de5730d1fcd13d1d6b0a3ef129
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Host\Kurome.Host.exeFilesize
119KB
MD54fde0f80c408af27a8d3ddeffea12251
SHA1e834291127af150ce287443c5ea607a7ae337484
SHA2561b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb
SHA5123693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Host\Kurome.Host.exe.configFilesize
189B
MD55a7f52d69e6fca128023469ae760c6d5
SHA19d7f75734a533615042f510934402c035ac492f7
SHA256498c7f8e872f9cef0cf04f7d290cf3804c82a007202c9b484128c94d03040fd0
SHA5124dc8ae80ae9e61d2801441b6928a85dcf9d6d73656d064ffbc0ce9ee3ad531bfb140e9f802e39da2a83af6de606b115e5ccd3da35d9078b413b1d1846cbd1b4f
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Host\Kurome.WCF.dllFilesize
123KB
MD5e3d39e30e0cdb76a939905da91fe72c8
SHA1433fc7dc929380625c8a6077d3a697e22db8ed14
SHA2564bfa493b75361920e6403c3d85d91a454c16ddda89a97c425257e92b352edd74
SHA5129bb3477023193496ad20b7d11357e510ba3d02b036d6f35f57d061b1fc4d0f6cb3055ae040d78232c8a732d9241699ddcfac83cc377230109bf193736d9f92b8
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Loader\Kurome.Loader.exeFilesize
2.2MB
MD5a3ec05d5872f45528bbd05aeecf0a4ba
SHA168486279c63457b0579d86cd44dd65279f22d36f
SHA256d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e
SHA512b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Kurome.Loader\Kurome.Loader.exe.configFilesize
186B
MD59070d769fd43fb9def7e9954fba4c033
SHA1de4699cdf9ad03aef060470c856f44d3faa7ea7f
SHA256cbaf2ae95b1133026c58ab6362af2f7fb2a1871d7ad58b87bd73137598228d9b
SHA512170028b66c5d2db2b8c90105b77b0b691bf9528dc9f07d4b3983d93e9e37ea1154095aaf264fb8b5e67c167239697337cc9e585e87ef35faa65a969cac1aa518
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Panel\RedLine_20_2\Panel\Panel.exeFilesize
181KB
MD5d12407c805a128099e2ae7929ec81030
SHA1d5de8f0adff0d33780d1307ddbaa08c210b21432
SHA25674e5079e7eb3e39ecf0f0d2d48a119770100bfd44f7f776a12ec0c25ed5936b8
SHA512bc67efe96ef236eec83dbfd6b5258f79c2e99e1454132f75e399fdcede06f4468e355d263c06c507f47dc0c7273b87e99fd142a1f6841d9c56ef318908f8bef1
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\Panel\RedLine_20_2\Panel\Panel.exe.configFilesize
26KB
MD5494890d393a5a8c54771186a87b0265e
SHA1162fa5909c1c3f84d34bda5d3370a957fe58c9c8
SHA256f2a5a06359713226aeacfe239eeb8ae8606f4588d8e58a19947c3a190efbdfc7
SHA51240fbd033f288fee074fc36e899796efb30d3c582784b834fc583706f19a0b8d5a134c6d1405afe563d2676072e4eefc4e169b2087867cab77a3fa1aa1a7c9395
-
C:\Users\Admin\Downloads\Redline Crack\Redline Crack\ReadMe.txtFilesize
401B
MD50e9ea2262b11db9e8c1656c949da4495
SHA1f332749e10817048cea5e1584edf5e88f47024eb
SHA256ad8361226621c8261d69e1202e7f9831a00f3bb6549d77219d5deb0e8a6cbde6
SHA51200aae0c559823ff27ca8af431d24d4fe8a3f4683b0d776a80fb14a96d82030cedf6ec1ddf2efd7fc229e2c2b3ab3ac0b15326dc1912cdd07932ec7ff8f80975c
-
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dllFilesize
3.4MB
MD5059d51f43f1a774bc5aa76d19c614670
SHA1171329bf0f48190cf4d59ce106b139e63507457d
SHA2562eaf3d548927ebd243362f7bcb906bb1bbff3961223fb9521cb2846b6b8d523d
SHA512a299cb18c8a47fc27c46db0011266b7fa273852b302374eb98a54034e1281150af8e54e58f76a384d3b92fbcb1a67fc0452cabe592a379e15cce2c5f9a4b6cb7
-
memory/2380-204-0x0000000005270000-0x00000000053EC000-memory.dmpFilesize
1.5MB
-
memory/2380-217-0x00000000054A0000-0x00000000054C8000-memory.dmpFilesize
160KB
-
memory/2380-203-0x0000000004F00000-0x0000000005262000-memory.dmpFilesize
3.4MB
-
memory/2380-209-0x0000000005A10000-0x0000000006028000-memory.dmpFilesize
6.1MB
-
memory/2380-210-0x0000000004D30000-0x0000000004D42000-memory.dmpFilesize
72KB
-
memory/2380-211-0x0000000004DD0000-0x0000000004E0C000-memory.dmpFilesize
240KB
-
memory/2380-212-0x0000000004E80000-0x0000000004EE6000-memory.dmpFilesize
408KB
-
memory/2380-213-0x0000000005680000-0x0000000005906000-memory.dmpFilesize
2.5MB
-
memory/2380-214-0x00000000053F0000-0x000000000543C000-memory.dmpFilesize
304KB
-
memory/2380-215-0x0000000005510000-0x00000000055DE000-memory.dmpFilesize
824KB
-
memory/2380-216-0x0000000006140000-0x000000000624A000-memory.dmpFilesize
1.0MB
-
memory/2380-208-0x0000000004C40000-0x0000000004C66000-memory.dmpFilesize
152KB
-
memory/2380-218-0x0000000005630000-0x0000000005680000-memory.dmpFilesize
320KB
-
memory/2380-219-0x0000000006030000-0x0000000006130000-memory.dmpFilesize
1024KB
-
memory/2380-220-0x0000000005920000-0x0000000005950000-memory.dmpFilesize
192KB
-
memory/2380-197-0x0000000000370000-0x0000000000394000-memory.dmpFilesize
144KB
-
memory/4660-232-0x00000000003B0000-0x00000000003E4000-memory.dmpFilesize
208KB
-
memory/4660-233-0x0000000005280000-0x0000000005824000-memory.dmpFilesize
5.6MB
-
memory/4660-238-0x0000000004D70000-0x0000000004E02000-memory.dmpFilesize
584KB
-
memory/4660-239-0x0000000004F80000-0x0000000004F8A000-memory.dmpFilesize
40KB
-
memory/4660-240-0x0000000005060000-0x00000000050D6000-memory.dmpFilesize
472KB
-
memory/4812-182-0x0000000007850000-0x0000000007E60000-memory.dmpFilesize
6.1MB
-
memory/4812-181-0x0000000000610000-0x0000000000846000-memory.dmpFilesize
2.2MB