Analysis
-
max time kernel
133s -
max time network
144s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
30-06-2024 21:35
General
-
Target
P03SkzED.exe
-
Size
1.9MB
-
MD5
8a1c6ab6aeeec522d4d2d483543cb6ad
-
SHA1
9133c7c95c6639c85f5880d97bfa4187905735b7
-
SHA256
bd275a1f97d1691e394d81dd402c11aaa88cc8e723df7a6aaf57791fa6a6cdfa
-
SHA512
86ca27ffa211847d772e2193540eb5da4ad8d6f8d62859cc86970b4053f6968521898ec63aafe4faaa30afbff513c12709bf46b917c5064de45398dab23fcd20
-
SSDEEP
49152:gK2O5r4MM1BBE+qTSMBi9Rbpt/aaxJGC/0UhlHLomjqD:gK2O5rfMLByTSMBap9BxJG4zhlHU
Malware Config
Extracted
quasar
1.4.1
Moveit
193.142.146.212:4782
4b1cd0e7-d736-4aba-b4c8-067d2567b03d
-
encryption_key
E12B8859E2195F69A0C4E8D7025D91C844CB8B49
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
PureLog Stealer
PureLog Stealer is an infostealer written in C#.
-
PureLog Stealer payload 1 IoCs
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar payload 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies registry class 13 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 29 IoCs
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\P03SkzED.exe"C:\Users\Admin\AppData\Local\Temp\P03SkzED.exe"1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell set-mppreference -exclusionpath C:\3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\GroupEnable.png" /ForceBootstrapPaint3D1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.0.817913944\391496893" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99478542-5a4c-4ecc-ae57-8a3a49900d3e} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 1812 2b5fd2da658 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.1.2005905373\1753157234" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09c3ab39-d0b2-4a36-a062-0ce556b57b50} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 2168 2b5f2170458 socket3⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.2.962054628\786152000" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa5c60b8-d2d8-45b6-b8b1-3dfea4f68789} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 3164 2b5823a5f58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.3.2094124511\73283555" -childID 2 -isForBrowser -prefsHandle 2824 -prefMapHandle 2788 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0487e1f-9737-42f3-93a5-2c166e6ca765} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 2816 2b5832cb358 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.4.515613081\610030632" -childID 3 -isForBrowser -prefsHandle 4340 -prefMapHandle 3912 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09fbccae-894d-448c-9832-7d875a9297b5} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 4352 2b58453a358 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.5.696174980\157412303" -childID 4 -isForBrowser -prefsHandle 4980 -prefMapHandle 4976 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdb560be-c7aa-4826-b056-fa3c008251e5} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 4988 2b5829b8d58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.6.891764160\1719951571" -childID 5 -isForBrowser -prefsHandle 4964 -prefMapHandle 4968 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33ede692-b67e-4bb5-9dbd-d3409b40f4c0} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 5004 2b584a2fb58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.7.445111508\1986616644" -childID 6 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4d657ed-4615-4c48-8e85-c0209a0c08b9} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 5300 2b584c6c858 tab3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.jsonFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.jsonFilesize
232B
MD52030c11817c15683387eac36ce54256a
SHA1145ac1273192bf74fd6de7437648cb9d2f12e356
SHA25647d4927aed23b3f3426de4de8d58c6be81b95d65cddeaa9c6752873d6bc09f8b
SHA5123142a913baa0994311e93bdda03e7e61e9df2a888fa7a12d488c573ccd9dc0fd5e87cda0f1ec9f8150b119f56c2c78c1f30d8bc65ce8ca158648a71add02a845
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.jsonFilesize
2KB
MD5404a3ec24e3ebf45be65e77f75990825
SHA11e05647cf0a74cedfdeabfa3e8ee33b919780a61
SHA256cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2
SHA512a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rtpbngwd.mzu.ps1Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD5091604698a251a2e7ccbd7c546cff962
SHA13f7a4d189c3e5510970cb81810a9caeece82edd0
SHA256f36dca90fef5ba58f0c9929820c37ba3e6ed7bed5c136dbaa380a05ccca450d2
SHA512fce6109deb7c28335976d502b36181dd077f9923cea32a91f567b2da5605b3eb00e1461e29b7d3c1f718e5b0ce8702cd2aefcc69e8ebf23a0651eed39364e9de
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\5d1518d7-23a7-458d-a69e-73ab5c29b16dFilesize
11KB
MD5b395ef789a40cace63165a780acdc707
SHA14765ffdff40bc7e6a14e86dcacacde3c90d2f6ef
SHA256061055338a48a794f6979ab57b8d2b125e74536d7905bde4c1f827584431e097
SHA512ba06b18a19eb39330460f66e9a9170dc664f358b8baf4f914efcf5db581ddc584686ab13ff7512ec1089f2fda49f4d63c6cc2cc3d2d02da5b20b56601f959868
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\5e859b14-29b1-439f-94a9-60187126aaa0Filesize
746B
MD5012790e25d4ce5f18e2101b8a8961dae
SHA104e344994056cdbf96a754b9d714b8657133c81e
SHA25697ac2fe972563546622b5d5045ec5257af5d913e82ec79bf221c3c5869070769
SHA5128e10bd1f1842640ec335e10c6be48fdd5f64f15400b8a69f3cf4944c84b1fe25c561aecaf7fe2f6ed5e24d5045c4e1ea4e7b350318b8434393c4bd025e6e64b5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.jsFilesize
6KB
MD5e480483391df950a285b31d384fa071e
SHA19834587a5cb1b7f8272f7ad77f75cdd919d107da
SHA256029d70807cdc417d76afc0cd5059711955c28104f8798134ea55c7a866e43888
SHA512292413cddf61216bf30422f0f95fdb439f339905363d38d42a7a21b03dd3bf986545685a4b1e3040e1c9d54df4065e8ab14fe28ca4c00594c42b41b6f56407a8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.jsFilesize
6KB
MD583e0832cdc59a1cd860e32bfcab19102
SHA1b031bb8b7e84b76a12c0ad8d6cb904bb8e2ea9db
SHA256d1103f9b1fddf08fe5886e27594c0d1b174c79dca4b316bc9e72972a0f6d7704
SHA51241717dbe8d268cec6ab9f4aac94822209f2a38d9cc32f144ab68fdab9072934096180b6d7573392635b8a85b84b085b72024a25fa633879440e69e342d70669f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4Filesize
882B
MD51f844e2e9c781139a65061b5fe52b41d
SHA174e8c839c4e84f26cc086a46ee86722079dca065
SHA2566f7b38983da23373566e31e3277b0430dec54c2bc8373733101d763afe5ef5b3
SHA5120f6a55411abe90f1263117202c8e0964b14cb7eb2a27c0c744a30933791cd80263dbc8d45e3dc0d562b5500d477d6bb2701c1e621b9cc16d4f1cdc62f6d025e4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
184KB
MD50ed2663971e8051b2bcb574926400fa8
SHA1467756bf41c377bdb07c8be10d5391f1df1d80a7
SHA2560c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c
SHA512e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898
-
memory/32-8-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-18-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-66-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-64-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-60-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-54-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-52-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-50-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-48-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-46-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-44-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-40-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-38-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-36-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-34-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-30-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-42-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-32-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-24-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-22-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-20-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-70-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-16-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-12-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-10-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-28-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-26-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-0-0x000000007343E000-0x000000007343F000-memory.dmpFilesize
4KB
-
memory/32-7-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-1083-0x0000000073430000-0x0000000073B1E000-memory.dmpFilesize
6.9MB
-
memory/32-1084-0x0000000007CE0000-0x0000000007E34000-memory.dmpFilesize
1.3MB
-
memory/32-1085-0x0000000007E80000-0x0000000007ECC000-memory.dmpFilesize
304KB
-
memory/32-1-0x0000000000980000-0x0000000000B74000-memory.dmpFilesize
2.0MB
-
memory/32-68-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-1092-0x0000000073430000-0x0000000073B1E000-memory.dmpFilesize
6.9MB
-
memory/32-2-0x0000000005970000-0x0000000005E6E000-memory.dmpFilesize
5.0MB
-
memory/32-3-0x00000000053C0000-0x0000000005452000-memory.dmpFilesize
584KB
-
memory/32-4-0x00000000053B0000-0x00000000053BA000-memory.dmpFilesize
40KB
-
memory/32-5-0x0000000073430000-0x0000000073B1E000-memory.dmpFilesize
6.9MB
-
memory/32-6-0x0000000007A70000-0x0000000007C4A000-memory.dmpFilesize
1.9MB
-
memory/32-14-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-56-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-58-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/32-62-0x0000000007A70000-0x0000000007C44000-memory.dmpFilesize
1.8MB
-
memory/956-1094-0x0000000000400000-0x0000000000724000-memory.dmpFilesize
3.1MB
-
memory/956-1129-0x0000000005F10000-0x0000000005FC2000-memory.dmpFilesize
712KB
-
memory/956-1119-0x00000000062C0000-0x00000000068C6000-memory.dmpFilesize
6.0MB
-
memory/956-1120-0x0000000005CB0000-0x0000000005D00000-memory.dmpFilesize
320KB
-
memory/4704-1344-0x0000000073430000-0x0000000073B1E000-memory.dmpFilesize
6.9MB
-
memory/4704-1101-0x0000000007F20000-0x0000000007F6B000-memory.dmpFilesize
300KB
-
memory/4704-1128-0x00000000091E0000-0x0000000009285000-memory.dmpFilesize
660KB
-
memory/4704-1122-0x000000006FCC0000-0x000000006FD0B000-memory.dmpFilesize
300KB
-
memory/4704-1130-0x00000000095F0000-0x0000000009684000-memory.dmpFilesize
592KB
-
memory/4704-1323-0x0000000009550000-0x000000000956A000-memory.dmpFilesize
104KB
-
memory/4704-1328-0x0000000009530000-0x0000000009538000-memory.dmpFilesize
32KB
-
memory/4704-1121-0x00000000090B0000-0x00000000090E3000-memory.dmpFilesize
204KB
-
memory/4704-1102-0x0000000008150000-0x00000000081C6000-memory.dmpFilesize
472KB
-
memory/4704-1123-0x0000000009070000-0x000000000908E000-memory.dmpFilesize
120KB
-
memory/4704-1100-0x00000000079E0000-0x00000000079FC000-memory.dmpFilesize
112KB
-
memory/4704-1099-0x0000000007BD0000-0x0000000007F20000-memory.dmpFilesize
3.3MB
-
memory/4704-1098-0x0000000007A80000-0x0000000007AE6000-memory.dmpFilesize
408KB
-
memory/4704-1097-0x0000000007A10000-0x0000000007A76000-memory.dmpFilesize
408KB
-
memory/4704-1096-0x0000000007120000-0x0000000007142000-memory.dmpFilesize
136KB
-
memory/4704-1095-0x0000000007190000-0x00000000077B8000-memory.dmpFilesize
6.2MB
-
memory/4704-1091-0x0000000006A60000-0x0000000006A96000-memory.dmpFilesize
216KB
-
memory/4704-1093-0x0000000073430000-0x0000000073B1E000-memory.dmpFilesize
6.9MB