Analysis
-
max time kernel
0s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
01-07-2024 02:51
General
-
Target
902f94aa7222739a873f8f2805428e89822fc34842a0d731828ca0d6fce69dd6.exe
-
Size
2.3MB
-
MD5
a3063deffb695211eacaad97e9c38936
-
SHA1
22c0dcbff864ac7ab665dcaa40fa0e2f5a609d6b
-
SHA256
902f94aa7222739a873f8f2805428e89822fc34842a0d731828ca0d6fce69dd6
-
SHA512
c3365f69bcaf92b73449a58596ac9e37bc2a5eb11c048d336ff296439d9ec55f53f9f23a741305f565d64d449fc3ba508b03657ae73c3ed4108dd38aa8f10ed1
-
SSDEEP
49152:3LeY9/gdSz5eLeorkMy9UVfSpk2+GmC/KrluvCd:9sLeorNg8fcl+Gm8Na
Malware Config
Extracted
xworm
football-emily.gl.at.ply.gg:39625
-
Install_directory
%AppData%
-
install_file
Registry.exe
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Detect Xworm Payload 4 IoCs
-
Xworm
Xworm is a remote access trojan written in C#.
-
DCRat payload 4 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Themida packer 20 IoCs
Detects Themida, an advanced Windows software protection system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes
-
C:\Users\Admin\AppData\Local\Temp\902f94aa7222739a873f8f2805428e89822fc34842a0d731828ca0d6fce69dd6.exe"C:\Users\Admin\AppData\Local\Temp\902f94aa7222739a873f8f2805428e89822fc34842a0d731828ca0d6fce69dd6.exe"1⤵
-
C:\Users\Admin\AppData\Roaming\Bootstrapper.exe"C:\Users\Admin\AppData\Roaming\Bootstrapper.exe"2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Bootstrapper.exe'3⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Bootstrapper.exe'3⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Registry.exe'3⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Registry.exe'3⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Registry" /tr "C:\Users\Admin\AppData\Roaming\Registry.exe"3⤵
- Scheduled Task/Job: Scheduled Task
-
C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exe"3⤵
-
C:\ProgramData\Bootstrapper.exe"C:\ProgramData\Bootstrapper.exe"2⤵
-
C:\ProgramData\SolaraBootstrapper.exe"C:\ProgramData\SolaraBootstrapper.exe"3⤵
-
C:\Users\Admin\AppData\Local\Temp\Boostraper.bat"C:\Users\Admin\AppData\Local\Temp\Boostraper.bat"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Media\TKlkLwYGTbrYwK.vbe"3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Media\3KNj5pJ.bat" "4⤵
-
C:\Media\fontreview.exe"C:\Media\fontreview.exe"5⤵
-
C:\Users\Admin\AppData\Roaming\Registry.exeC:\Users\Admin\AppData\Roaming\Registry.exe1⤵
-
C:\Users\Admin\AppData\Roaming\Registry.exeC:\Users\Admin\AppData\Roaming\Registry.exe1⤵
-
C:\Users\Admin\AppData\Roaming\Registry.exeC:\Users\Admin\AppData\Roaming\Registry.exe1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Media\3KNj5pJ.batFilesize
25B
MD57e45908823780cf03744e36548ef778a
SHA10988bf98f3ec92139ba1695893ca2ac712ca6b77
SHA2561a6e5542fc446811c85925bf03ec7f495867d284232da339a23fc8c4b741df29
SHA512dfb4454bf825b4150e36d837e110d19510e11bcf6a1819b5e73dcb9920e6478368a57733c60f055c9ab83e0103cad1706a356b57233ce475c6361c49c4a3b2d8
-
C:\Media\TKlkLwYGTbrYwK.vbeFilesize
186B
MD5883d110d2a404e5aaaa8c4f25e8d0099
SHA10793c14c1237c6da5f4456e17b1e617f4660b041
SHA2560e4be77d728c9046e72857f46db53646cdbe1244490d5c0aa786efd2b5de5e71
SHA512ad244c4ffad1be4fa28290409ee735b5c50c41f9ba9b0876e068b3e16c016716d444d7984bab19df384d34bc5e5b178743765db2bc17e0a2e78b9b91fe37c934
-
C:\Media\fontreview.exeFilesize
1.0MB
MD5d59145e6ddad7699d0c9c5e1416229f9
SHA1bda54641a52bb99147cf57bcbd6b8048bc3e2d2d
SHA2563d9b74a6bd97a5fa455737b72d8970898527a4478e912b68e9bf9459cccb7c87
SHA5127e1122c02ddab5bf333d7b1b89a596419e3d7fe31d30877b17f36ab1e5207127c6d757eee243dd1c38c51b993f1d2ab2ccc0f266d899ff0a9b7d3a61bf24994c
-
C:\ProgramData\Bootstrapper.exeFilesize
125KB
MD538abadb644a721c6526c13781f034f3c
SHA173d1c05be000e6dca09c3b0c68ccbd26ea8ba284
SHA256ba5dab0bab062cef4292800e49d1910e455a11628481782ef18b7a0a76d492c3
SHA512ff7ec8ba0692b0e7849f1342c6b9547e2677a7f96d7c7f53c10d4ef1b828f64437ab826ca0932bb1b86770815eabc72ad7d8c38edfcc4c3040e350bbaea4ddd3
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Registry.exe.logFilesize
654B
MD52ff39f6c7249774be85fd60a8f9a245e
SHA1684ff36b31aedc1e587c8496c02722c6698c1c4e
SHA256e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced
SHA5121d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SolaraBootstrapper.exe.logFilesize
954B
MD512fc1bd5db0d992e86e079dbd132bfcd
SHA1cf0cb06b4b9491d195aaf17da29b6c892734a9d3
SHA256235aaf9594b2bbaf995e047f23fe97917a4a04cd33626804db6478aa6550303d
SHA5129266c0470d05faaf64aa048e504811d5f21f5f1085665651361e63fb45da37c78ef00ed91c993d4e6b146cdd65f63e721e508c8c4a21d480723565b2aefa99f7
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
944B
MD52e907f77659a6601fcc408274894da2e
SHA19f5b72abef1cd7145bf37547cdb1b9254b4efe9d
SHA256385da35673330e21ac02545220552fe301fe54dedefbdafc097ac4342a295233
SHA51234fa0fff24f6550f55f828541aaefe5d75c86f8f0842d54b50065e9746f9662bb7209c74c9a9571540b9855bb3851f01db613190024e89b198d485bb5dc07721
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
944B
MD522310ad6749d8cc38284aa616efcd100
SHA1440ef4a0a53bfa7c83fe84326a1dff4326dcb515
SHA25655b1d8021c4eb4c3c0d75e3ed7a4eb30cd0123e3d69f32eeb596fe4ffec05abf
SHA5122ef08e2ee15bb86695fe0c10533014ffed76ececc6e579d299d3365fafb7627f53e32e600bb6d872b9f58aca94f8cb7e1e94cdfd14777527f7f0aa019d9c6def
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
944B
MD515dde0683cd1ca19785d7262f554ba93
SHA1d039c577e438546d10ac64837b05da480d06bf69
SHA256d6fa39eab7ee36f44dc3f9f2839d098433db95c1eba924e4bcf4e5c0d268d961
SHA51257c0e1b87bc1c136f0d39f3ce64bb8f8274a0491e4ca6e45e5c7f9070aa9d9370c6f590ce37cd600b252df2638d870205249a514c43245ca7ed49017024a4672
-
C:\Users\Admin\AppData\Local\Temp\Boostraper.batFilesize
1.3MB
MD5820ca8ab4b7500ce29e8a1a79b7b8d95
SHA1cb5ad50cac3184af88bed5e22c5f83a981474c5f
SHA25613704b32bee03719d86744a997b75ae735d93e581b0a9b54e730808ad418d534
SHA512212bdce126d2172a6210d34542e7609986c585752575c46d88f9aabb35b61a820509908bab7d41fd0508716c66a79f5526209f0ccc92309d85d6c93d14ec98a7
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Core.dllFilesize
488KB
MD5851fee9a41856b588847cf8272645f58
SHA1ee185a1ff257c86eb19d30a191bf0695d5ac72a1
SHA2565e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca
SHA512cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.WinForms.dllFilesize
37KB
MD54cf94ffa50fd9bdc0bb93cceaede0629
SHA13e30eca720f4c2a708ec53fd7f1ba9e778b4f95f
SHA25650b2e46c99076f6fa9c33e0a98f0fe3a2809a7c647bb509066e58f4c7685d7e6
SHA512dc400518ef2f68920d90f1ce66fbb8f4dde2294e0efeecd3d9329aa7a66e1ab53487b120e13e15f227ea51784f90208c72d7fbfa9330d9b71dd9a1a727d11f98
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Microsoft.Web.WebView2.Wpf.dllFilesize
43KB
MD534ec990ed346ec6a4f14841b12280c20
SHA16587164274a1ae7f47bdb9d71d066b83241576f0
SHA2561e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409
SHA512b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrcFilesize
139B
MD5d0104f79f0b4f03bbcd3b287fa04cf8c
SHA154f9d7adf8943cb07f821435bb269eb4ba40ccc2
SHA256997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a
SHA512daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\has-proto\.eslintrcFilesize
43B
MD5c28b0fe9be6e306cc2ad30fe00e3db10
SHA1af79c81bd61c9a937fca18425dd84cdf8317c8b9
SHA2560694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641
SHA512e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrcFilesize
216B
MD5c2ab942102236f987048d0d84d73d960
SHA195462172699187ac02eaec6074024b26e6d71cff
SHA256948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a
SHA512e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSEFilesize
1KB
MD513babc4f212ce635d68da544339c962b
SHA14881ad2ec8eb2470a7049421047c6d076f48f1de
SHA256bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400
SHA51240e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Newtonsoft.Json.dllFilesize
695KB
MD5195ffb7167db3219b217c4fd439eedd6
SHA11e76e6099570ede620b76ed47cf8d03a936d49f8
SHA256e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d
SHA51256eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\WebView2Loader.dllFilesize
133KB
MD5a0bd0d1a66e7c7f1d97aedecdafb933f
SHA1dd109ac34beb8289030e4ec0a026297b793f64a3
SHA25679d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36
SHA5122a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\Wpf.Ui.dllFilesize
2.9MB
MD5bf2b560968c50efb6c7f8bd129db77f1
SHA1b0f147e5b15c31fba19c065539228be208ca5101
SHA256790f32eafefa94fd4bc21bb93e3870cbaa81cf30e84f47ab77025d763fddfa41
SHA512274383fcf372805c7d92fe884c700a6d2061de1f814a2aad7d30bccc972ea7f164b193f463561c772128a306b7220d5479a00a8a8c845bc6e6417763dcd1a806
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\bin\path.txtFilesize
34B
MD50e2184f1c7464b6617329fb18f107b4f
SHA16f22f98471e33c9db10d6f6f1728e98852e25b8f
SHA256dbf5f44e1b84a298dbbcad3c31a617d2f6cfa08eb5d16e05a5c28726c574d4eb
SHA5128e745c0215d52e15702551f29efb882a5eba97b5f279ccc29293b1a9b1b8661bf71b548569f9a99fa35c35a15d1b6b288d3c381c1292418c36dc89e2fa0b3a37
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dllFilesize
2.2MB
MD51ab86aa214e01be6b297cf3e19d641d8
SHA134ddb345fba17f63a49b21a3622de89a9633bec7
SHA256532fbde9ac2d28a61cc83373ff2e5ac28b51549f984cc28a72918c2422e26d95
SHA512a0bd786673363a42e0ca60a8d77d6fda6b4686e69d859f76d928712d7acaf5c1268392bfc52f7d1b0f51ef013531eddab678bd8393577ea37edbd127d90f76b1
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.dllFilesize
2.9MB
MD5c9106ae1ef2d03d7fb745bb66438dcad
SHA1ab91d8ff89d1c4a9c5137d91212f27dcfbfaae74
SHA256948a1ed6c6ba316d64c47533a0c7ed71c023b23cc7ec4fab0ac9f2323dd4c676
SHA51215bd2b755ec42e04fbce4c227f86aa2cefd1e1b1d4c356fa4e7d2e65ff1617c37ea6d1b93c9c6c5ad9e5e603957b0b89f056bfcb57017419942ed03bfeca1e21
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\cd57e4c171d6e8f5ea8b8f824a6a7316.exeFilesize
90KB
MD5d84e7f79f4f0d7074802d2d6e6f3579e
SHA1494937256229ef022ff05855c3d410ac3e7df721
SHA256dcfc2b4fa3185df415855ec54395d9c36612f68100d046d8c69659da01f7d227
SHA512ed7b0ac098c8184b611b83158eaa86619001e74dba079d398b34ac694ce404ba133c2baf43051840132d6a3a089a375550072543b9fab2549d57320d13502260
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\libcurl.dllFilesize
522KB
MD5e31f5136d91bad0fcbce053aac798a30
SHA1ee785d2546aec4803bcae08cdebfd5d168c42337
SHA256ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671
SHA512a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\vcruntime140.dllFilesize
99KB
MD57a2b8cfcd543f6e4ebca43162b67d610
SHA1c1c45a326249bf0ccd2be2fbd412f1a62fb67024
SHA2567d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f
SHA512e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8
-
C:\Users\Admin\AppData\Local\Temp\Solara.Dir\zlib1.dllFilesize
113KB
MD575365924730b0b2c1a6ee9028ef07685
SHA1a10687c37deb2ce5422140b541a64ac15534250f
SHA256945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b
SHA512c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1
-
C:\Users\Admin\AppData\Local\Temp\SolaraBootstrapper.exeFilesize
13KB
MD56557bd5240397f026e675afb78544a26
SHA1839e683bf68703d373b6eac246f19386bb181713
SHA256a7fecfc225dfdd4e14dcd4d1b4ba1b9f8e4d1984f1cdd8cda3a9987e5d53c239
SHA512f2399d34898a4c0c201372d2dd084ee66a66a1c3eae949e568421fe7edada697468ef81f4fcab2afd61eaf97bcb98d6ade2d97295e2f674e93116d142e892e97
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d3viemxq.tyv.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Roaming\Bootstrapper.exeFilesize
64KB
MD50c88f913b456d4fc6b5836275f2a48ad
SHA11d58a200748571696f5fb8ec5c2abe40d36f021b
SHA25602b7e575969e1f23f76fdad703bf74241b6276f7551eb5f8996c098f87093417
SHA5128b42ee4d734179cd9a04c71d03b8cb41511d17f6e9a0d2c7022e1bac1c4801de758d5178d81ccd7acb5ac289268ea49c91f050f4129ba572389acd287537e802
-
memory/400-1667-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1666-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1633-0x000001394FBB0000-0x000001394FC62000-memory.dmpFilesize
712KB
-
memory/400-1679-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1677-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1635-0x000001394F920000-0x000001394F92E000-memory.dmpFilesize
56KB
-
memory/400-1657-0x000001394FDE0000-0x000001394FDE8000-memory.dmpFilesize
32KB
-
memory/400-1676-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1675-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1674-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1659-0x000001394FE60000-0x000001394FE6E000-memory.dmpFilesize
56KB
-
memory/400-1648-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1672-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1630-0x000001394FE80000-0x00000139503BC000-memory.dmpFilesize
5.2MB
-
memory/400-1669-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1650-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1668-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1658-0x0000013954BA0000-0x0000013954BD8000-memory.dmpFilesize
224KB
-
memory/400-1637-0x00000139506C0000-0x000001395073E000-memory.dmpFilesize
504KB
-
memory/400-1673-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1628-0x00000139352D0000-0x00000139352EA000-memory.dmpFilesize
104KB
-
memory/400-1651-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1649-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1661-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1631-0x000001394FAF0000-0x000001394FBAA000-memory.dmpFilesize
744KB
-
memory/400-1665-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/400-1664-0x0000000180000000-0x0000000180B0D000-memory.dmpFilesize
11.1MB
-
memory/1952-68-0x00007FF849CA3000-0x00007FF849CA5000-memory.dmpFilesize
8KB
-
memory/1952-1662-0x00007FF849CA3000-0x00007FF849CA5000-memory.dmpFilesize
8KB
-
memory/1952-121-0x00007FF849CA0000-0x00007FF84A761000-memory.dmpFilesize
10.8MB
-
memory/1952-74-0x0000000000F30000-0x0000000000F46000-memory.dmpFilesize
88KB
-
memory/1952-1663-0x00007FF849CA0000-0x00007FF84A761000-memory.dmpFilesize
10.8MB
-
memory/3348-0-0x0000000000400000-0x0000000000656000-memory.dmpFilesize
2.3MB
-
memory/3352-102-0x0000000000CD0000-0x0000000000CDA000-memory.dmpFilesize
40KB
-
memory/3352-112-0x00000000056A0000-0x00000000056AA000-memory.dmpFilesize
40KB
-
memory/3352-168-0x00000000061A0000-0x00000000061B2000-memory.dmpFilesize
72KB
-
memory/3816-127-0x000001B06C1F0000-0x000001B06C212000-memory.dmpFilesize
136KB
-
memory/3940-86-0x0000000000400000-0x0000000000422000-memory.dmpFilesize
136KB
-
memory/4616-119-0x0000000001520000-0x000000000152E000-memory.dmpFilesize
56KB
-
memory/4616-117-0x0000000000C40000-0x0000000000D52000-memory.dmpFilesize
1.1MB