Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
15-06-2024 18:08
Static task
static1
Behavioral task
behavioral1
Sample
00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe
Resource
win7-20240508-en
General
-
Target
00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe
-
Size
3.8MB
-
MD5
4ecd0ac0f9b8d6115f76077b6838340c
-
SHA1
bb108e7eff22db0dc2010e70718cbaf034d076e5
-
SHA256
00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc
-
SHA512
fd0251043ede3bc9f25eec724992362dd55efe6be00520c4baa330409e666bb104047556461ce5258a9d8a7e6fb79c70555f8e429741334c5146a7b446cf7009
-
SSDEEP
98304:k+mwYjViFrjl6wcODej0cNMynr+HKXMZeNLC8:2w2wlj20cN3rwKwk
Malware Config
Extracted
cryptbot
vetiir14.top
moriiikk04.top
Signatures
-
CryptBot payload 14 IoCs
Processes:
resource yara_rule behavioral1/memory/1992-256-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-262-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-264-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-266-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-269-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-272-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-274-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-277-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-279-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-282-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-284-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-287-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-289-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot behavioral1/memory/1992-292-0x0000000000BD0000-0x00000000010B7000-memory.dmp family_cryptbot -
Detects executables containing SQL queries to confidential data stores. Observed in infostealers 14 IoCs
Processes:
resource yara_rule behavioral1/memory/1992-256-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-262-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-264-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-266-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-269-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-272-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-274-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-277-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-279-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-282-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-284-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-287-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-289-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore behavioral1/memory/1992-292-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore -
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 14 IoCs
Processes:
resource yara_rule behavioral1/memory/1992-256-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-262-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-264-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-266-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-269-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-272-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-274-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-277-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-279-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-282-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-284-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-287-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-289-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store behavioral1/memory/1992-292-0x0000000000BD0000-0x00000000010B7000-memory.dmp INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
Processes:
00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exescaukimwrsk.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ scaukimwrsk.exe -
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
scaukimwrsk.exe00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion scaukimwrsk.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion scaukimwrsk.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe -
Executes dropped EXE 1 IoCs
Processes:
scaukimwrsk.exepid process 1992 scaukimwrsk.exe -
Identifies Wine through registry keys 2 TTPs 2 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exescaukimwrsk.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Wine 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe Key opened \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Wine scaukimwrsk.exe -
Loads dropped DLL 2 IoCs
Processes:
cmd.exepid process 1384 cmd.exe 1384 cmd.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 10 ip-api.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exescaukimwrsk.exepid process 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe 1992 scaukimwrsk.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2324 3060 WerFault.exe 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exescaukimwrsk.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 scaukimwrsk.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString scaukimwrsk.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exescaukimwrsk.exepid process 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe 1992 scaukimwrsk.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
scaukimwrsk.exepid process 1992 scaukimwrsk.exe 1992 scaukimwrsk.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.execmd.execmd.exedescription pid process target process PID 3060 wrote to memory of 2752 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe cmd.exe PID 3060 wrote to memory of 2752 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe cmd.exe PID 3060 wrote to memory of 2752 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe cmd.exe PID 3060 wrote to memory of 2752 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe cmd.exe PID 2752 wrote to memory of 288 2752 cmd.exe WScript.exe PID 2752 wrote to memory of 288 2752 cmd.exe WScript.exe PID 2752 wrote to memory of 288 2752 cmd.exe WScript.exe PID 2752 wrote to memory of 288 2752 cmd.exe WScript.exe PID 3060 wrote to memory of 1384 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe cmd.exe PID 3060 wrote to memory of 1384 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe cmd.exe PID 3060 wrote to memory of 1384 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe cmd.exe PID 3060 wrote to memory of 1384 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe cmd.exe PID 1384 wrote to memory of 1992 1384 cmd.exe scaukimwrsk.exe PID 1384 wrote to memory of 1992 1384 cmd.exe scaukimwrsk.exe PID 1384 wrote to memory of 1992 1384 cmd.exe scaukimwrsk.exe PID 1384 wrote to memory of 1992 1384 cmd.exe scaukimwrsk.exe PID 3060 wrote to memory of 2324 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe WerFault.exe PID 3060 wrote to memory of 2324 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe WerFault.exe PID 3060 wrote to memory of 2324 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe WerFault.exe PID 3060 wrote to memory of 2324 3060 00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe"C:\Users\Admin\AppData\Local\Temp\00aa5baecab9124a3797677028217f04878d7e865ffa1bddd10fea145598e5fc.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\isfaoyw.vbs"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\isfaoyw.vbs"3⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\scaukimwrsk.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\scaukimwrsk.exe"C:\Users\Admin\AppData\Local\Temp\scaukimwrsk.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 8202⤵
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Eepf7QTr2wi\_Files\_Information.txtFilesize
492B
MD55f7de1b7738822c47ebaa60ec32169d9
SHA17aca3696c4111c617f650066cf13e0157a82cafd
SHA2564e36b19f930aca4cf5487ad29f50f1110a459ada22a01be6df252b750fcf81ac
SHA512e57fc91120247a79b49b4c62ab1b3c8d270fb78191c57da154686421f6b60a4089acc64bdc29d95953c3c0b5fe76ff48f51d831c905b32408fdc1422166cb21b
-
C:\Users\Admin\AppData\Local\Temp\Eepf7QTr2wi\_Files\_Information.txtFilesize
1KB
MD52d0464e210d3322c67706aec464efdae
SHA16ad00f058d2ed046edbad26005dd9064216232bd
SHA2561df04252fbd58bd9f2ac267d63b522ab62a31f9a267bed8d86d04763fd59ba10
SHA5125940c5437b0e82ff14abe27626b72812131397225befbf865d04b5091a4fb6bd721e1d338a488b387daa47c8b7de9f41941daa6d55ede72c9242a18665f51a3f
-
C:\Users\Admin\AppData\Local\Temp\Eepf7QTr2wi\_Files\_Information.txtFilesize
2KB
MD55a52b139a1a2a98eff051380859dd9ae
SHA1a4b3996ce0c75c150a72d1d0f2a10a977abe7d0f
SHA2565eaeab77a40cbe818b5b2104c96486186dc8f001f29cba427d20cf38b71216d7
SHA51281d242b980e8ef6c084811614b80665ec907ec5efaba1cd02c88e5f3422a56b4a7492dd26467ee1d8f0f2e2390a483e949a790c02a41e84b2ec8a8619556a3ec
-
C:\Users\Admin\AppData\Local\Temp\Eepf7QTr2wi\_Files\_Information.txtFilesize
4KB
MD5b6ee0432639c317420aa402eef98ad2c
SHA13fe984325281efca80848e0b7e9fbc4968395dec
SHA256825c50a9b6ffb5c14f38151bc9b3d67b08087f886459900a312fe1ddf492a225
SHA512ee3cef78d5bcb7c92d910ace14e51e9786d9612f6c1314c15cc20e9d4c2ac8e3713ad0c1d532aa665f3d05bafc0290f34e1ca950f9e9c6159569455925c2b28c
-
C:\Users\Admin\AppData\Local\Temp\Eepf7QTr2wi\a6PWTAzypO.zipFilesize
1KB
MD55a1639d52ab573163f522164be717348
SHA10f8ece56f9696c1051bed3780f7ab2335bd81b2f
SHA25677707a4c3f1119a73841ebf2fb913b5246b86b18b30c9b3cdd5b284ecdb0e0f5
SHA512a01661dceeadae9f4b48b73355964aa374108f941cf188f549eeaa7cc4bfc5f8cf004d4aa2eaeae01b96a4c32e357549097dcebd0548ff7f7dbd71c108790539
-
C:\Users\Admin\AppData\Local\Temp\Eepf7QTr2wi\files_\system_info.txtFilesize
1KB
MD5dfe2b72150e5cca67e6123a9f59ad747
SHA1c9559bce945b56b9cc0a2fd5ec6bd4da9dc89509
SHA25627dca3cf1c11102830f9579755fb29640931a44e1641d27dc7d95d8b825bfb94
SHA51281009b2530961f2eb50e683b6125509596207fd6d3e50629dd65ad667b6c0e865edeaa075bd30065c88c4a0505d433fa19714a4ee9ca4f82a9a33ade08f5e9d4
-
C:\Users\Admin\AppData\Local\Temp\Eepf7QTr2wi\files_\system_info.txtFilesize
3KB
MD5820a500a23e2cee8c9a8cc077115b4f3
SHA1ebce2e2474417fdd6ec452c83c517e2a45e85de7
SHA256db5e693c32f7e1d1119349aca850df7a90f922f245a67f78910f3c4027686d1c
SHA512faded27000fb0ebebbad295e41828d6cb1f8cb78f493a66f8129a360c38efe3b627b4370502caf1c5d01e152f960123e5e851decabefa6b977fdb5d468f39f25
-
C:\Users\Admin\AppData\Local\Temp\Eepf7QTr2wi\files_\system_info.txtFilesize
7KB
MD526489df7b9fe13fea401db7ebbe0be97
SHA10fe68499fa67d5e733b2dc39c9fbbb1166ecbcfb
SHA256d15b6fed2ede362a2712a65ca99a09d675df998f13b6774fe47b598b4d8f69dc
SHA512ed0ae7e0c0b76c8d5b73f775eb657d86e05365f825d68d5017d0d5618456185489f692eb43f7bed04927e0db093db9487c00248aee209553b4e954cab51516c9
-
C:\Users\Admin\AppData\Local\Temp\isfaoyw.vbsFilesize
133B
MD547361140e1e1a31e824bdb377363afa7
SHA1385467b70b7ee8305aef67e0766dc224d42c7583
SHA256ced66dd2a7ed5a7298a22aff064fc8dadd15484ac6441b4cc390b37a65261f61
SHA5121be9db531d3caa5016b614625b5ba637bbcd178aaf617090ee0aa28cfde7a0e99976e243f20faa74233bf83c78c8cd1806154d8b4dd773a592914eef52d966bd
-
\Users\Admin\AppData\Local\Temp\scaukimwrsk.exeFilesize
2.0MB
MD5d95dc2626be6a7521e25cb6827efde0e
SHA19694fee4cdc7d23ce1603aa8efdb075cda75efcb
SHA2561f416d24d370b052f130404ecc949e4e6f629a76743b99706af1e0ee2ee009c6
SHA51212a29a8a29bcc5feae65da3be489d9de842739bf5eb514f29e893a80724b67a0e0adc40398491ff0ca2808f4d74785888c473a8f191d3d82a8130c9f3b358bde
-
memory/1992-42-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-266-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-292-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-289-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-287-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-284-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-282-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-256-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-279-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-277-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-274-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-262-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-272-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-269-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/1992-264-0x0000000000BD0000-0x00000000010B7000-memory.dmpFilesize
4.9MB
-
memory/3060-257-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-260-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-268-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-263-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-270-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-0-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-259-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-265-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-258-0x0000000000FD1000-0x00000000011F4000-memory.dmpFilesize
2.1MB
-
memory/3060-1-0x0000000076EE0000-0x0000000076EE2000-memory.dmpFilesize
8KB
-
memory/3060-255-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-254-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-5-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-3-0x0000000000FD0000-0x000000000164F000-memory.dmpFilesize
6.5MB
-
memory/3060-2-0x0000000000FD1000-0x00000000011F4000-memory.dmpFilesize
2.1MB