Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
29-06-2024 10:57
General
-
Target
https://mega.nz/folder/cXdH3JjK#gvZibu9MbYFG5Qt0h6XALA
Malware Config
Signatures
-
SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
-
SectopRAT payload 1 IoCs
-
Loads dropped DLL 8 IoCs
-
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Drops file in Windows directory 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 36 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/cXdH3JjK#gvZibu9MbYFG5Qt0h6XALA1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdabb846f8,0x7ffdabb84708,0x7ffdabb847182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4780 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6024 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14251578335029724024,14105528385939411296,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1052 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x40c 0x51c1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Redline_20_2.zip\Redline_20_2\Redline_20_2_stealer-main\ReadMe.txt1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\Redline_20_2\Redline_20_2\Redline_20_2_stealer-main\Kurome.Loader\Kurome.Loader.exe"C:\Users\Admin\Downloads\Redline_20_2\Redline_20_2\Redline_20_2_stealer-main\Kurome.Loader\Kurome.Loader.exe"1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Redline_20_2\Redline_20_2\Redline_20_2_stealer-main\Kurome.Host\Kurome.Host.exe"C:\Users\Admin\Downloads\Redline_20_2\Redline_20_2\Redline_20_2_stealer-main\Kurome.Host\Kurome.Host.exe"1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Redline_20_2\Redline_20_2\Redline_20_2_stealer-main\Kurome.Builder\Kurome.Builder.exe"C:\Users\Admin\Downloads\Redline_20_2\Redline_20_2\Redline_20_2_stealer-main\Kurome.Builder\Kurome.Builder.exe"1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026Filesize
17KB
MD5950eca48e414acbe2c3b5d046dcb8521
SHA11731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA51227e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5db0fc21642645d757ea366b842ef7820
SHA1ac8c0ab8f3da67beb8fc40e0c4839aee0a6eb98a
SHA256ebf9e4541cee72f6884706d05fb6084c6ce4babf149e8933de75690ade955659
SHA5123f4a47757a92a4c3642508622780e393870509cf5903018cdd0d54d1406543bd5f9602f2eee42cecc457db305b548c9f67ba8ad633a3ce0d7e4432e8309a7133
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
188B
MD5008114e1a1a614b35e8a7515da0f3783
SHA13c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA2567301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5801099495547ee588c19c98524a3e23d
SHA1b767ec208285d19ae7d1f9bdf67252580e9ac5c0
SHA256a556ef2af8aac8380c3c2b9b0ae5fffc3ba3f0cbe3c5a1650b250aeb9478732e
SHA512a606f87166093fd7d64a40b5ee9182f8c99bad00a10145c6621a19bde29fad59b23bb3451226c983bab5c9204b4bd52e18ad5e81b83d9851a439899401d2aed9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD54a4a4971feb776a44a4502bf87d0a77a
SHA136c4b44f28c70e023fdf20ae55df520029e6f77a
SHA25625ccd9ae8e6ad5712af1c2eb43936d0a0f7854fb263cb86bff8b890558668315
SHA5126dda1aa5ad3101fe6696c83f219c4923a5b64eebd7291f00faea592e2eb862d8fb35e47bef0327fb5157ec5a3770355f6502bb53e7664de0bd8718a3c2af3ce0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD56e404f7968895584cdbd2f6815ab1c26
SHA1db1e5c8003d4b9af1f22a842580c0d40a30923f7
SHA25608a53602c0ce488ca7d1a4134c7b9121334c9194a43d2faa8dbd62e18ceab95c
SHA512f3c94ec1439c68e3c8c0d8c51baa2534339b18084eca4963f854b63bdf6eea8de06af7323146c32dd24f3b59ad96b42e203f54075b1f825e0fc2dcdb11f135bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD59d044b81dd13ca81487f896b3984ad58
SHA1933b04dbeaff135713ab9004cafc21d122a8052d
SHA2560b9960ffa12f8c9477910e0d2297d996a51e79f92171dcb72f8cada18c15c8ac
SHA5126e7286d105c736988f85ded2b0304f381c19770182b0b6018ef960683718cfe6a377b9f8250df19ccfe7134e476a3010afc3cdaba090469817a9c72f9376dce4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57955a.TMPFilesize
48B
MD5a16cc6a4ab79d95317042e0bd5c61a12
SHA1d41c8c49858b5ceb9eab76a4e2721f3ab8dd128a
SHA256b27394a1cb56def99bb941b3a61acb5fe9d7c3c462aa2571b8aed4a2ca311067
SHA512d6214976decb523f2161505aab2e6dd984ea8f2b52cddab3a66a65cc56849b4e2236ed18dc0a9f9844645ad185d22920eebf26a8b26b13de3a9bd357f70d2081
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5d2fa6f08e29b3724d4209d5a8c54627a
SHA1ba668a06a28f7049dbd116aa356c732fa5b18da7
SHA2563ff7fc168c65ecc0d108d6423f58b5958b0bfda4ee59e4d41b017815e193012c
SHA5122eb5406e7613bacb7be309d989d31ea8ef1d1e08a574a587fa02ce46a562c2de7c0697d296fd885920d821ecbd1bdbb551238d87a7f751e824ca77ba17c220e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5db8a58e64ab0d8cfd4f140d00337d319
SHA1642ebb969e238300a431d0b9ce0d4e43221be50e
SHA2566ec6e83188a86043d70ab634ae031dc601d7c815f76d8c56a6691c62bb471522
SHA5120dead92bf6c713818a38667221ba8c43dcf6cd01023e1dde02f10c3ff61e9fc6f98dec2796f27687754a09ad30d49c23e23613b285125e133894562e81f61b29
-
C:\Users\Admin\Downloads\Redline_20_2.zipFilesize
24.7MB
MD576dfff9ca583e5f6375137d2093467b9
SHA1b5688c7f4cdc0a1b9cef12f0e7290f490ea5d82d
SHA256f1bfec7c5ab45c524ece7dfdb79bcf5d88ef5654523d2fb51a2d91eadc545663
SHA5129c2474377a882cac31bec79a516621918cdfa36949cbe29a5405c56644f11df263c35e021fab45f98fb3cef60ecc3f5b7c59f62d173c5843334d22d5a4159472
-
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dllFilesize
3.4MB
MD5059d51f43f1a774bc5aa76d19c614670
SHA1171329bf0f48190cf4d59ce106b139e63507457d
SHA2562eaf3d548927ebd243362f7bcb906bb1bbff3961223fb9521cb2846b6b8d523d
SHA512a299cb18c8a47fc27c46db0011266b7fa273852b302374eb98a54034e1281150af8e54e58f76a384d3b92fbcb1a67fc0452cabe592a379e15cce2c5f9a4b6cb7
-
\??\pipe\LOCAL\crashpad_3200_RBGLDTRRKLDYXSSNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1576-555-0x0000000005100000-0x000000000514C000-memory.dmpFilesize
304KB
-
memory/1576-560-0x0000000005F60000-0x0000000006060000-memory.dmpFilesize
1024KB
-
memory/1576-554-0x0000000005390000-0x0000000005616000-memory.dmpFilesize
2.5MB
-
memory/1576-547-0x0000000004C10000-0x0000000004F72000-memory.dmpFilesize
3.4MB
-
memory/1576-548-0x0000000004F80000-0x00000000050FC000-memory.dmpFilesize
1.5MB
-
memory/1576-549-0x0000000004950000-0x0000000004976000-memory.dmpFilesize
152KB
-
memory/1576-550-0x0000000005720000-0x0000000005D38000-memory.dmpFilesize
6.1MB
-
memory/1576-551-0x0000000004A50000-0x0000000004A62000-memory.dmpFilesize
72KB
-
memory/1576-552-0x0000000004AE0000-0x0000000004B1C000-memory.dmpFilesize
240KB
-
memory/1576-556-0x0000000005220000-0x00000000052EE000-memory.dmpFilesize
824KB
-
memory/1576-561-0x0000000005D50000-0x0000000005D80000-memory.dmpFilesize
192KB
-
memory/1576-541-0x0000000000080000-0x00000000000A4000-memory.dmpFilesize
144KB
-
memory/1576-553-0x0000000004B90000-0x0000000004BF6000-memory.dmpFilesize
408KB
-
memory/1576-557-0x0000000005E50000-0x0000000005F5A000-memory.dmpFilesize
1.0MB
-
memory/1576-558-0x00000000051B0000-0x00000000051D8000-memory.dmpFilesize
160KB
-
memory/1576-559-0x0000000005340000-0x0000000005390000-memory.dmpFilesize
320KB
-
memory/2344-570-0x0000000005B70000-0x0000000005BCE000-memory.dmpFilesize
376KB
-
memory/2344-562-0x0000000000410000-0x0000000000438000-memory.dmpFilesize
160KB
-
memory/2344-567-0x0000000005C00000-0x00000000061A4000-memory.dmpFilesize
5.6MB
-
memory/2344-568-0x0000000004EE0000-0x0000000004F72000-memory.dmpFilesize
584KB
-
memory/2344-569-0x0000000005070000-0x000000000507A000-memory.dmpFilesize
40KB
-
memory/5836-514-0x0000000000420000-0x0000000000656000-memory.dmpFilesize
2.2MB
-
memory/5836-515-0x0000000007600000-0x0000000007C10000-memory.dmpFilesize
6.1MB