Analysis
-
max time kernel
33s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
29-06-2024 23:27
General
-
Target
PornoK1d.exe
-
Size
150KB
-
MD5
bfe2ce9a03e202907315519a601ec49c
-
SHA1
6c5b3c5d0628a5f59cad599ff5a5284a3ce9ef27
-
SHA256
f23d6c7169a3df4e47c6773884b98507e145ac38ca007aed55e45b72565b9dba
-
SHA512
aec9ab17e52479cbe594a4318f3ed5b6480610a1a827ffb8e29d8a43cb5538ea36997bc5b5dde51a25483bbbd74bed075fad58c6602226279ee647ba08efecee
-
SSDEEP
3072:ek2csT/8rJFf9HxOMo4NpVq8BxFRzaqF+o2GQJ7/JzqVfGv1:eDT/uf9QgVqwlL
Malware Config
Extracted
xworm
5.0
york-latinas.gl.at.ply.gg:51154
bhDm93QvQg6Pocut
-
Install_directory
%AppData%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 31 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 59 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 25 IoCs
-
Suspicious use of FindShellTrayWindow 51 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PornoK1d.exe"C:\Users\Admin\AppData\Local\Temp\PornoK1d.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SubmitShow.mp3"1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feee589758,0x7feee589768,0x7feee5897782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2320 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1232 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1248 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3388 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3360 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2764 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2716 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2728 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1184 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3772 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2784 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 --field-trial-handle=1220,i,4408273247625534404,12287715052376547242,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010Filesize
115KB
MD5cfca50e3ebae60cc2b92e9a98e519b62
SHA1624ed9cfa167af526c3317f827042651c7381da6
SHA25638590da5a07ef0efe440e95f999acda9a843665b405926d97ba4813718f0ae40
SHA512d4cc4a0a5b73d48f87983ffd71ef714c8072f7f6efdeaa4ec338798625e4f2e6acc63a38f9ad3876978d6a0dac3817ea514d1d069cc65be92efd83147d9850d2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016Filesize
29KB
MD5bbeeb0da67a44a892b70e61f33518b28
SHA1e86a88f91dce90c9469048cfc083ecced6769573
SHA256000f0b5bfc8ee3f443a277e675366b6b5a0713e80a49245ef32bb0d3f73f3818
SHA512812c9ad3a1473fa91649f59691aebb703b015766353f179127360c889ad255d78830813c832e78762bf23cceadf9bdb6e81f2ca0263ba791a8a0ab3a63868d92
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019Filesize
42KB
MD553189064db745af8869b5f2a4fb5ad09
SHA11d1a4e7e457fb689c9c2e1b2bc9137931cf50efa
SHA256d23d860cee0d3a53562627a4e2d2d635ea48262e0db0b7280ceffab6191d0897
SHA512b8573059bd13699f520ba2c814891675cd3ea14c9a463fa35b11d1184f6be1e0a3ce9e26c834b7e1e13ed78349cd6530a30c75e0971a98fd62edb7094a4d513b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001aFilesize
326KB
MD55301881789d96ce7e6c0d24318775236
SHA1da0b8c10f56310046c73231b33bd12a25d7acf29
SHA2560473bae3b75c74f10950df314a9008ba67913cbb38024c72af2e7c7022018c82
SHA512faaf83419686d3b467403e3135df5f9331dc55a260be6d064d4f597218bfc7002817c96856325185a7606d927651a192a42ad1f958ddbfe4bbd228d9d5520a43
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
672B
MD565c96e37e7fcd48a28d9d4ae3c0e14fb
SHA147b0266308cfc5aef82261fdd29d8452f543befd
SHA2567c3a3b6ffc7d82bbcc15a5880f542f5410f2c40e0449c09d4fc42a68967a5717
SHA512a5b3b45a44b1d1c26d337c01fa99c9208b251b6c423f9e5b9d00b7e2530dd74d8cb2e563fc5d96939eef9b05ceed9463c9b9336a975b6827c2f28574217ed2f8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.xnxx.com_0.indexeddb.leveldb\CURRENT~RFf776a76.TMPFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
361B
MD5d9b3d9f4fa145d359995f0ebc41640e9
SHA12de17ce507dded8bd982c488df59a21d2399bf1f
SHA2568ee810e9d790ca02cc106c9b10a93e1084985350647a45d70f88151714a03b6d
SHA5121f039df1c4426548abeb7ac3aadb31d8759e4f756c755e622d869bf5abb92210c49aeeaa553624e4581a8473cc32e5d100460a54ee04b4d773aef687a69e4ce1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
361B
MD5d5fd2dcf39189fad5b38b0d89c6cbc92
SHA1f4e05c6e9df9d1c92462bed3983cbf149e70d3a2
SHA256edff1b2fc56bea6b337659dc7b9c47e5807e434a45f6104a51b3bc6fe53b300f
SHA51234a7e6acf22570835abc7c61734470b6ccfd1ea33e33e0242369f347707e94238ac099f3af1c0679e8dafa8749519bea2e1f9bb7aae46a39f1aa4e62dbaab4ae
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5dca3c3d63c7738318deac88bdde5a1f8
SHA1319952938265996063504c7615df516051a4e963
SHA2567fdb62e02f4cd16f4a001165454ebd017006bbe3d8c71f74b57f02bd8678d6c5
SHA51265bbeb8be3b22a7e0bb53589112c16dbed86bee102d317832d7245c0c31e0fd5147016f15aedd21a3f682ebafcbf6282be7247de4f6451092412bc0581d52413
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5e19bd41e9768de9338ecb755693f4587
SHA174405ddb7899df54659777ca76c9c6991d3315f9
SHA256bffa226a8dd04b49e2ef42cfde2e6d1acf4461e9c351a222a811c37f54a80148
SHA512c4ee669c16670c7edf8eae955af4f4be2faedadf25739928d9f40bf12025c9d0f055ffa84cf83438d194bf62739579d1cf563e58c9f69c7eaec449e54af8a852
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
4KB
MD5fd8c0c305482d83fe66c4ff2e35fde35
SHA13e3de749a77f68d75eab6dc634be1c21ab035397
SHA256ba35c349de59cc91af91768d1b0355bf5966f0121ed418be648618fdfd21eb6d
SHA512792a082be355c2fcc48a4bd3c7a8a01059f8bd5abe1ad8bc8edd90ad555d7e7940b9567fd92f2c6bd975c88fbb8aa84101d48769803a70694b89e13f933f1279
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmpFilesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
76KB
MD5c4975d3eb870ead52d1cec24f605c6a3
SHA155aa0dad9967a0cf90997b383f252b029b10d7f5
SHA256d52bd92351aa9de19f85246a7abca4141e1a07e2aeecd8ad47b32f277991605b
SHA51224e34a2af13aedec73b93049102553ec95ea9950b9162264861746ce5e8f202d4af77265a30bb3045e4001978fb97e097575126dd37f81d202577fc5401e9593
-
C:\Users\Admin\AppData\Local\Temp\Cab43C6.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\Tar4417.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
\??\pipe\crashpad_1916_PFQWPMDDALJCJUSRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/840-0-0x000007FEF5143000-0x000007FEF5144000-memory.dmpFilesize
4KB
-
memory/840-15-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmpFilesize
9.9MB
-
memory/840-9-0x000007FEF5143000-0x000007FEF5144000-memory.dmpFilesize
4KB
-
memory/840-3-0x000007FEF5140000-0x000007FEF5B2C000-memory.dmpFilesize
9.9MB
-
memory/840-1-0x0000000000FB0000-0x0000000000FDC000-memory.dmpFilesize
176KB
-
memory/3036-54-0x000007FEEA6E0000-0x000007FEEA70F000-memory.dmpFilesize
188KB
-
memory/3036-40-0x000007FEECEF0000-0x000007FEECF01000-memory.dmpFilesize
68KB
-
memory/3036-32-0x000007FEEF5A0000-0x000007FEEF5B1000-memory.dmpFilesize
68KB
-
memory/3036-31-0x000007FEEF5C0000-0x000007FEEF5D1000-memory.dmpFilesize
68KB
-
memory/3036-41-0x000007FEECED0000-0x000007FEECEE8000-memory.dmpFilesize
96KB
-
memory/3036-47-0x000007FEECDA0000-0x000007FEECDB2000-memory.dmpFilesize
72KB
-
memory/3036-48-0x000007FEECD70000-0x000007FEECD91000-memory.dmpFilesize
132KB
-
memory/3036-46-0x000007FEECDC0000-0x000007FEECDD1000-memory.dmpFilesize
68KB
-
memory/3036-45-0x000007FEECDE0000-0x000007FEECE03000-memory.dmpFilesize
140KB
-
memory/3036-49-0x000007FEECD50000-0x000007FEECD63000-memory.dmpFilesize
76KB
-
memory/3036-50-0x000007FEEC160000-0x000007FEEC171000-memory.dmpFilesize
68KB
-
memory/3036-44-0x000007FEECE10000-0x000007FEECE34000-memory.dmpFilesize
144KB
-
memory/3036-52-0x000007FEEA710000-0x000007FEEA727000-memory.dmpFilesize
92KB
-
memory/3036-53-0x000007FEFB240000-0x000007FEFB250000-memory.dmpFilesize
64KB
-
memory/3036-29-0x000007FEEF5E0000-0x000007FEEF601000-memory.dmpFilesize
132KB
-
memory/3036-55-0x000007FEEA6C0000-0x000007FEEA6D1000-memory.dmpFilesize
68KB
-
memory/3036-51-0x000007FEEA730000-0x000007FEEA741000-memory.dmpFilesize
68KB
-
memory/3036-56-0x000007FEEA6A0000-0x000007FEEA6B6000-memory.dmpFilesize
88KB
-
memory/3036-43-0x000007FEECE40000-0x000007FEECE68000-memory.dmpFilesize
160KB
-
memory/3036-58-0x000007FEEA580000-0x000007FEEA5C2000-memory.dmpFilesize
264KB
-
memory/3036-60-0x000007FEEA4A0000-0x000007FEEA50D000-memory.dmpFilesize
436KB
-
memory/3036-61-0x000007FEEA320000-0x000007FEEA4A0000-memory.dmpFilesize
1.5MB
-
memory/3036-57-0x000007FEEA5D0000-0x000007FEEA695000-memory.dmpFilesize
788KB
-
memory/3036-59-0x000007FEEA510000-0x000007FEEA572000-memory.dmpFilesize
392KB
-
memory/3036-42-0x000007FEECE70000-0x000007FEECEC7000-memory.dmpFilesize
348KB
-
memory/3036-28-0x000007FEF14C0000-0x000007FEF1501000-memory.dmpFilesize
260KB
-
memory/3036-39-0x000007FEECF10000-0x000007FEECF8C000-memory.dmpFilesize
496KB
-
memory/3036-37-0x000007FEED000000-0x000007FEED030000-memory.dmpFilesize
192KB
-
memory/3036-38-0x000007FEECF90000-0x000007FEECFF7000-memory.dmpFilesize
412KB
-
memory/3036-36-0x000007FEEF520000-0x000007FEEF538000-memory.dmpFilesize
96KB
-
memory/3036-35-0x000007FEEF540000-0x000007FEEF551000-memory.dmpFilesize
68KB
-
memory/3036-34-0x000007FEEF560000-0x000007FEEF57B000-memory.dmpFilesize
108KB
-
memory/3036-33-0x000007FEEF580000-0x000007FEEF591000-memory.dmpFilesize
68KB
-
memory/3036-27-0x000007FEED030000-0x000007FEEE0E0000-memory.dmpFilesize
16.7MB
-
memory/3036-30-0x000007FEF14A0000-0x000007FEF14B8000-memory.dmpFilesize
96KB
-
memory/3036-26-0x000007FEEE0E0000-0x000007FEEE2EB000-memory.dmpFilesize
2.0MB
-
memory/3036-24-0x000007FEF1530000-0x000007FEF154D000-memory.dmpFilesize
116KB
-
memory/3036-25-0x000007FEF1510000-0x000007FEF1521000-memory.dmpFilesize
68KB
-
memory/3036-19-0x000007FEF71A0000-0x000007FEF71B8000-memory.dmpFilesize
96KB
-
memory/3036-20-0x000007FEF6AA0000-0x000007FEF6AB7000-memory.dmpFilesize
92KB
-
memory/3036-22-0x000007FEF5EB0000-0x000007FEF5EC7000-memory.dmpFilesize
92KB
-
memory/3036-23-0x000007FEF15B0000-0x000007FEF15C1000-memory.dmpFilesize
68KB
-
memory/3036-21-0x000007FEF6410000-0x000007FEF6421000-memory.dmpFilesize
68KB
-
memory/3036-18-0x000007FEEE2F0000-0x000007FEEE5A6000-memory.dmpFilesize
2.7MB
-
memory/3036-16-0x000000013FAD0000-0x000000013FBC8000-memory.dmpFilesize
992KB
-
memory/3036-17-0x000007FEFAA40000-0x000007FEFAA74000-memory.dmpFilesize
208KB
-
memory/3036-62-0x0000000004E60000-0x0000000004E70000-memory.dmpFilesize
64KB
-
memory/3036-70-0x000000013FAD0000-0x000000013FBC8000-memory.dmpFilesize
992KB
-
memory/3036-72-0x000007FEEE2F0000-0x000007FEEE5A6000-memory.dmpFilesize
2.7MB
-
memory/3036-71-0x000007FEFAA40000-0x000007FEFAA74000-memory.dmpFilesize
208KB
-
memory/3036-73-0x000007FEED030000-0x000007FEEE0E0000-memory.dmpFilesize
16.7MB