Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
01-07-2024 04:16
General
-
Target
5d87bd723f8267c3c0bef75f2b502321c518ac6a09696f3971ace53d0ba505cd.exe
-
Size
259KB
-
MD5
f9f5342074462fa1048fea806eef535f
-
SHA1
61c4e925d54b4e85564abb2a233b976306ee4e74
-
SHA256
5d87bd723f8267c3c0bef75f2b502321c518ac6a09696f3971ace53d0ba505cd
-
SHA512
5b1823ae6153f30e9c24b2240aea2610f5f05182ae66b933122721d312d8fae8ef8ca3cdfe03b4f316e12c7e45acfe0f1fcdd35f5b81748477f27477ce00b9b9
-
SSDEEP
6144:r+k9IKKJPa1DyKHC055swEUkezQ12rqyFWaiwV:ik9IKKJip9C0kmzQ12rqyQaX
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 19 IoCs
-
Gh0st RAT payload 12 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Boot or Logon Autostart Execution: Port Monitors 1 TTPs 2 IoCs
Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 12 IoCs
-
Server Software Component: Terminal Services DLL 1 TTPs 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 21 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination 2 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory 18 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 64 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Modifies data under HKEY_USERS 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5d87bd723f8267c3c0bef75f2b502321c518ac6a09696f3971ace53d0ba505cd.exe"C:\Users\Admin\AppData\Local\Temp\5d87bd723f8267c3c0bef75f2b502321c518ac6a09696f3971ace53d0ba505cd.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\MSSQLH.exeC:\Users\Admin\AppData\Local\Temp\MSSQLH.exe2⤵
- Boot or Logon Autostart Execution: Port Monitors
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\svchost.exe"C:\Windows\SysWOW64\svchost.exe"1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\Temp\MpMgSvc.exe"C:\WINDOWS\Temp\MpMgSvc.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\Temp\Wmicc.exe"C:\Windows\Temp\Wmicc.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Windows\Temp\GetPassword.exe >C:\Windows\Temp\PWD.txt4⤵
-
C:\Windows\Temp\GetPassword.exeC:\Windows\Temp\GetPassword.exe5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\WINDOWS\Temp\Hooks.exe"C:\WINDOWS\Temp\Hooks.exe"2⤵
- Server Software Component: Terminal Services DLL
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static add policy name=Block3⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static add filterlist name=Filter13⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static add filter filterlist=Filter1 srcaddr=any dstaddr=Me dstport=135 protocol=TCP3⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static add filter filterlist=Filter1 srcaddr=any dstaddr=Me dstport=135 protocol=UDP3⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static add filter filterlist=Filter1 srcaddr=any dstaddr=Me dstport=139 protocol=TCP3⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static add filter filterlist=Filter1 srcaddr=any dstaddr=Me dstport=139 protocol=UDP3⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static add filter filterlist=Filter1 srcaddr=any dstaddr=Me dstport=445 protocol=TCP3⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static add filter filterlist=Filter1 srcaddr=any dstaddr=Me dstport=445 protocol=UDP3⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static add filteraction name=FilteraAtion1 action=block3⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static add rule name=Rule1 policy=Block filterlist=Filter1 filteraction=FilteraAtion13⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh ipsec static set policy name=Block assign=y3⤵
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Start-Sleep -s 2;del "C:\WINDOWS\Temp\Hooks.exe"3⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\svchost.exe"C:\Windows\SysWOW64\svchost.exe"1⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k GraphicsPerfSvcsGroup -s GraphicsPerfSvcs1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exe"C:\Windows\system32\svchost.exe"2⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name=Microsoft_ctfmoon dir=in program=C:\Windows\Microsoft.NET\ctfmoon.exe action=allow2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name=Microsoft_ctfmoon dir=out program=C:\Windows\Microsoft.NET\ctfmoon.exe action=allow2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall set rule name=Microsoft_ctfmoon new enable=yes2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name=Microsoft_Edge dir=in program=C:\Windows\Microsoft.NET\Meson.exe action=allow2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name=Microsoft_Edge dir=out program=C:\Windows\Microsoft.NET\Meson.exe action=allow2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall set rule name=Microsoft_Edge new enable=yes2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name=Microsoft_Dcom dir=in program=C:\Windows\Microsoft.NET\traffmonetizer\traffmonetizer.exe action=allow2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name=Microsoft_Dcom dir=out program=C:\Windows\Microsoft.NET\traffmonetizer\traffmonetizer.exe action=allow2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall set rule name=Microsoft_Dcom new enable=yes2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name=Microsoft_Store dir=in program=C:\WINDOWS\Microsoft.Net\Framework\v3.0\WmiPrvSER.exe action=allow2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall add rule name=Microsoft_Store dir=out program=C:\WINDOWS\Microsoft.Net\Framework\v3.0\WmiPrvSER.exe action=allow2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\SysWOW64\netsh.exenetsh advfirewall firewall set rule name=Microsoft_Store new enable=yes2⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
-
C:\Windows\Microsoft.NET\ctfmoon.exeC:\Windows\Microsoft.NET\ctfmoon.exe [email protected] -password=123456Aa. -device-name=Win32 -accept-tos2⤵
- Executes dropped EXE
-
C:\Windows\Microsoft.NET\Meson.exeC:\Windows\Microsoft.NET\Meson.exe2⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
-
C:\Windows\Microsoft.NET\traffmonetizer\traffmonetizer.exeC:\Windows\Microsoft.NET\traffmonetizer\traffmonetizer.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\config\systemprofile\AppData\Roaming\traffmonetizer\Installer.exe"C:\Windows\system32\config\systemprofile\AppData\Roaming\traffmonetizer\Installer.exe" /u /s /d "C:\Windows\Microsoft.NET\traffmonetizer"3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\traffmonetizer\Traffmonetizer.exe"C:\Windows\Microsoft.NET\traffmonetizer\Traffmonetizer.exe"4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Port Monitors
1Create or Modify System Process
1Windows Service
1Server Software Component
1Terminal Services DLL
1Event Triggered Execution
1Netsh Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\MSSQLH.exeFilesize
436KB
MD5214f53c5c0181d9e0531c48d46ed0881
SHA14d5629a5fbb29439b66caf98c5cec56730118ecd
SHA256224bf0bd119ef5c8aed25875cb66f62f9e2054dea8de5a3083cc43468a5da0da
SHA512a941ec678f6eb05c3c7692dc5b297ccea552e30b0cdab123111e39527fd51a2b9b16b9956ecfccf05193518bee5478d7562c5a4b4e0338016032e5384cb19c5a
-
C:\Windows\Logs\RunDllExe.dllFilesize
156KB
MD511f22764eccd658bdbc1e5dc4320eed3
SHA16f54159663c095dc4aa354bcc285b3cb22ecaeaf
SHA2560a216851a1741073c30476a99cfec572d6a79496b907dd013878f61ec0e4aa8a
SHA512d702a02e78f7677ecf520da81bccc6c9f6003d4ba06fb9e3d0eda2a6adc23f1d951c01a18da26e17765d1d12fc596d44e467810b4b4cb9ed61b0b89ed2aec72d
-
C:\Windows\Microsoft.NET\Meson.exeFilesize
8.9MB
MD587c8b215c031443d630da6c18088f89a
SHA17a17a9026ec093c4571c13c2fc128b27fbd66a11
SHA2560caedcf61c3bfe2da33b30adf2f5f2c1530b6907f133f4289519a56cc5c1bae6
SHA51248d5565f5da60371b79d2c380a63c7b416a220ae7f52656ba4ed9447cf55ab73a05c4165c61c2a95c4e586b2baf483b0b97dcff77c76cadfe039690ded35c43e
-
C:\Windows\Microsoft.NET\ctfmoon.exeFilesize
9.1MB
MD51de26ef85f7218e1df4ed675fa2b05d4
SHA1e5217fa3b50f625d84d5e5c4b66c031f7a2446ae
SHA256fdd762192d351cea051c0170840f1d8d171f334f06313a17eba97cacb5f1e6e1
SHA512ada80a9f97bec76899eccc40c646387a067a201663d4d0f4537af450ea7c92df877f017862634e32e9e2ba08ca6d41806dc03f0dfd7f811ca303b56b1ac17d92
-
C:\Windows\Microsoft.NET\root_conf\default.tomlFilesize
390B
MD59e3d810a244768218af8fc0499bd5dd7
SHA1660cb236baf95c83e0acd64e3f607fbeb199a1e0
SHA256e864d44ec86eaa38112c3bfcfc21b078cc59e11f984c0441989e8606197357e2
SHA5128f9ac0dede89a68202eb858cda086727ebbba3fdfb4fa43ce2d52cdd5e69c89f66a171fae371ca29b4d65dc04862cbcb71e58be48e8dcc520e1db3b27a093f2b
-
C:\Windows\Microsoft.NET\traffmonetizer\Base.dllFilesize
106KB
MD5c3935313bbf380cd8d3cb336a5e3c8e8
SHA1c09f0b894ee5a6a59dea194e94b42fff29b53f38
SHA2564d0409c6db0b0af97f5fc57ebe2248c1632aeb836a5ea1eeaad64f57a4eb662b
SHA5126525f98811cb277fbae75e278fca7997c6a6993b3f3f163a3c98da85055305d7a61917981625f113c448b8a397d3c5a143db2c8b131e5e4395205e34dc7c48a2
-
C:\Windows\Microsoft.NET\traffmonetizer\Microsoft.Bcl.AsyncInterfaces.dllFilesize
20KB
MD51ee251645b8a54a116d6d06c83a2bd85
SHA15dbf1534ffbff016cc45559eb5eff3dc4252a522
SHA256075ce79e84041137c78885b3738c1b5a03547d0ae2a79916e844196a9d0ec1db
SHA5129f67fd0566eac2da4253d08697daab427e4e85780615d940f086a88424dcbb0563abae7e4824088e64ef7024c1bb3bbf324f2d07bc7ba55f79e4af3c9ea88e97
-
C:\Windows\Microsoft.NET\traffmonetizer\Microsoft.Diagnostics.NETCore.Client.dllFilesize
61KB
MD5d8575dfaae8ed7d421cdf01c8cf5d867
SHA1ff1c551150fed59f4c972acf88746c08eab7698f
SHA256c8b9c8e7032a7a4ec4bc2ee68824f20e114cb5fd9002c3dcb58ae98b77c47dd8
SHA512abe335bb72182daaef65ef4eb428e879aca9f4c8a19a4bfe5619e2d51069767e5d03bc3492b30dda8a37606effa993057d3b3c2120dfb72aa92b468741dd9d71
-
C:\Windows\Microsoft.NET\traffmonetizer\Microsoft.Diagnostics.Runtime.dllFilesize
490KB
MD55dfb71a97b10d00dea71f443fdfd732f
SHA1c7d9b0f37bf40a4677e243a4d16454f3475853a2
SHA256d9ecb8cd1ac822a14e65f7c7f5f3fcb262fa23fb7c721a59321bdb467bcbad14
SHA5128e84b1d442e11a5b6c16efe0cd44bc0f27bfd141a7b812ce2e32b3cc0697d8f9b2155bb60ee48934b4a907c2abd181bdcafa5d7bf4ac4dec91120733428d6eba
-
C:\Windows\Microsoft.NET\traffmonetizer\Microsoft.Win32.Primitives.dllFilesize
20KB
MD576b8d417c2f6416fa81eacc45977cea2
SHA17b249c6390dfc90ef33f9a697174e363080091ef
SHA2565eaa2e82a26b0b302280d08f54dc9da25165dd0e286be52440a271285d63f695
SHA5123b510cdc45c94be383c91687c2cb01a501ba34e3fbb66346214fc576d6f0e63c77d1d09c6419fc907f5b083387a7046c0670377ad2e00c3ec2e731275739f9c7
-
C:\Windows\Microsoft.NET\traffmonetizer\System.AppContext.dllFilesize
20KB
MD58cc4c7dfeb41b6c227488ce52d1a8e74
SHA193702135db0646b893babe030bd8dc15549ff0c2
SHA2569dc115ac4aadd6a94d87c7a8a3f61803cc25a3d73501d7534867df6b0d8a0d39
SHA512e4da7e3ae5ca31e566ea0475e83d69d998253fb6d689970703a5ad354a2aad1bb78d49a2c038f0a3c84a188d091696191b04e4a39253deb3b6cb310b72f02f97
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Buffers.dllFilesize
20KB
MD5ecdfe8ede869d2ccc6bf99981ea96400
SHA12f410a0396bc148ed533ad49b6415fb58dd4d641
SHA256accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb
SHA5125fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Collections.Concurrent.dllFilesize
20KB
MD5559c98eb9633c7ba1bc813f8e6e0e9a5
SHA1311f52b31611e6dc5fd4c0159bfa452c22980ca7
SHA256cc62f3b867d50083c2932061f20662c698d2e1a741c4d2f9df1fd2d435e3ef3c
SHA512e241c16869d1cdbb2c6482a7c5b2af93de4ba0cef8185b8826eee35ecb174f35f7585c8ae0320f7f4f6b80f3bb5b3edae2383760f2f35637f03c3a0e38e0875c
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Collections.Immutable.dllFilesize
184KB
MD5c598080fa777d6e63dfd0370e97ec8f3
SHA19d1236dcfb3caa07278a6d4ec751798d67d73cc2
SHA256646d3b52a4898078f46534727bdb06ff23b72523441458b9f49ecc315bf3ef5c
SHA5128a5b4afb4363732008c97d53f13ee430401e4a17677af37123da035f15f9e9409a2aeb74ae238379291fd5de07c3cd4e3de2778da5edf83a42649fa5b281cb32
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Collections.NonGeneric.dllFilesize
20KB
MD545ff71114047dbf934c90e17677fa994
SHA1526c688e71a7d7410007ad5aa6ea8b83cace76c5
SHA256529943c0cdf24f57e94bf03fac5f40b94a638625027a02df79e1e8cb5d9bc696
SHA51229684ac5391268eaa276196a6249364f6d23abfe59bdc304a561cf326cea6cd662fa04c05e15924fd6d3f9e9d1607992b8dcad3f817cfe891580f9d9462fe9b7
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Collections.Specialized.dllFilesize
20KB
MD5b52c339601cb264f83df72d802e98687
SHA18bbb7badaaa912c1f17775e9acdcab389704c772
SHA256938da38561da54793944e95e94b6e11cf83aacd667487297d428fbce1c06dc9c
SHA512287f08ab07827570f9f3ef48a6d7e5c186899a2704fb3dbaf36975f6be7b29fb6695a69fab85a6f09bddefb60c79052c3a33cf862651f892eb9d773d880b3af8
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Collections.dllFilesize
21KB
MD51d8aafeca1ea565b257384d3f64864b0
SHA14d923b100142afa2e0a8b7acdb3a6de6feb91148
SHA256c2250e9e51b44d8ab8c5b892592766925f6580ee00b95026621d0afb037c2707
SHA51299e4a226e1fabb348e7ef7c6fa56ad0ce4e4cf5d8569ce21881703dca8d83a1c113fd5f440a4fc9e9b99a04ae8cf4490e17d62ffc09cfac5a45678a4419efdbb
-
C:\Windows\Microsoft.NET\traffmonetizer\System.ComponentModel.EventBasedAsync.dllFilesize
21KB
MD56067ecbab3c6dddb6bf7c49c7948caa8
SHA15f3da777af01dbc159bd8d9d97d5dc105918afc5
SHA25622108e32e0b6e42f5f52a4cb17b9b6fa3dfd547ecd9eef9c67226dbec54d23e5
SHA5129f3e834b8342e0c7aa5ccc993b520d664b03f1f0091066c66067923e1d4991efa03f63908552538c05f423aa2b696de7c76993f71a7564f3e87662cb0fc00726
-
C:\Windows\Microsoft.NET\traffmonetizer\System.ComponentModel.Primitives.dllFilesize
21KB
MD52f39655ccfc010e32a7240d9bf5d0852
SHA120aeaed12dfb8d71e39687350eb12bc0de372af0
SHA256bfcd867f71c887429dfe008d7ec5d1853d15b3932d4ce8991694293477b5be37
SHA5129769e59279a32f29c2f2c6970c81d3ed76fe3421b819ddffc8fa98329f1b45300c737fdf71956672f80f69b3a75727d184f8c421e00b84e94163a86cb744a991
-
C:\Windows\Microsoft.NET\traffmonetizer\System.ComponentModel.TypeConverter.dllFilesize
22KB
MD5d1699287934da769fc31e07f80762511
SHA1bfe2384a92b385665689ad5a72f23abc8c022d82
SHA2560dbb92ecd5dfa7fc258bc6deed4cecf1b37f895457fd06976496926abdb317bb
SHA5124fef3e1535f546ffdde0683f32a069beeffe89096524c7068f1f5ce8377824f82ae530d3990c9dd51bccaa9e53fded5613fa1174013325808059276dee771187
-
C:\Windows\Microsoft.NET\traffmonetizer\System.ComponentModel.dllFilesize
20KB
MD5632cc8ad69b76fd9bb5847de1e1439f7
SHA12e32d50ec33ec6635681485b754f4e58d434a5ee
SHA2565e61d755616cb10524f5f31e9b70c65a7fff8e30e25ce711ac8b354d657ab479
SHA5129ba5cc82573308e5d995ba05bc660fc1c087eb91d8bd7efca6ff838a3c47bd6118d9c92919b2e0dac11a5a27977318c5c819499dc19cd5d6e57122a0749858c6
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Console.dllFilesize
20KB
MD5ea9376c17ee0148f0503028ad4501a92
SHA19d5686cbf45e90df5e11d87e7b90173a1a64b1a0
SHA256b537313413f80105f143cc144feeae2ac93f44747727de309a71d57d2650034a
SHA51218d1bb2d5c469644078d75766dbf04addf7d0c543f7ed15ff522ceeaef960900dd8ec68172f5d684b76b0aa6946bb38d641f021ec04c70ad66a6062c10412e0a
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Data.Common.dllFilesize
150KB
MD5d712a5a82a446086443ce00b610d8a5d
SHA17add96baa123db819f2f3d5aa62d6f872ce8fe14
SHA2561c7bff6f16bb618648e699b723aeafe511515cd6aad699c25faae2a507e22811
SHA512225128e58e2f01b5caada6fe54b1d32ff6a700542ce22b425649ab22da2944f796f04d1a2428c542bcab5348a161cf73f5f9a1e7bbf1f6417c4d507217fe3fd0
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Diagnostics.Contracts.dllFilesize
21KB
MD599373ab10858746aad424f28b48277f5
SHA15042ee630a6c7c2986e8323a14d052c1d83b6f61
SHA2569c4ae61e0e8365762efe3d34c5595029f2c12e0079e6070720e2cef0882c84e5
SHA512e96f8fdd6ffb702d344746ce82de576bba8636ede3e39a7da18ccf8a0178b8346fd31140760b864f1487d7804d931ff1a18de07a4cafa0cf79bdb340421fc03f
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Diagnostics.Debug.dllFilesize
20KB
MD58b8c402311d7ab87e588675e736414fd
SHA1eb8c010a35b461402c1c33133f1b61c78be8425a
SHA25655a30d92d163cf1807bea6dc13b4c13e70aebbb034dc77eaef4f4394730dcd8e
SHA512d03f450a3a19320de71145e48cd7c088d9b50d0a683cc9a79d8967dce085a6f63cbe537fca1c6208865eb52eafb10189613c7233047318caeb2fb2c23c34a269
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Diagnostics.FileVersionInfo.dllFilesize
21KB
MD5d86b0aca05321569d9383dc7c4e9e934
SHA12ef7d0a222c3a3e564b3c72d5b71a5be40a7adea
SHA25628b165cddb82a2507114394ae398995ef8a50c549214f8678aa66054f6927754
SHA5125959e1129c983825233a07869dd1b2b1db32830d2b5f6b7f8d869c39a76a241f88f76d37341fdfbf56f000fc6acba19aeb36a7efb94721494b41b65bf4978651
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Diagnostics.StackTrace.dllFilesize
23KB
MD5fa98a0f020248c2be1dd40c07092f22a
SHA1ef6b3ccff90beddab5ce6f60b4cc23f75edfd009
SHA256cae99f910874288afbf810968d13b79d755cd4b2006609ec036ea4934181cba5
SHA512554a25c761102dc41a9e421621e329868d1162ab29f47e59754c8fcfae0c12bbe8200e1b5975abf926f1de0977a5407c43202ac8a2801c69a7f01d95b6a1e959
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Diagnostics.TextWriterTraceListener.dllFilesize
20KB
MD5a964808487e671bb369dbc0e4dc5a947
SHA1c3848473e42e2f9b4d0a00180ea9ade654432587
SHA25663eab38ee9f4dcd686c8e6a4f01e1e2a9bb91e52b20ab4dde0c28061e9261860
SHA5127352368b68835ecc9c5943ae2f2bd5cab775a7fbb018af7683e74fad1731a9738ae14ebe0bccd854a223ab762fca7ec11411fdae865c5c6ddd034900fa55cfd0
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Diagnostics.Tools.dllFilesize
20KB
MD527c7d752c11c3f43f28eb31968e73e2b
SHA151e466218025126c5e524afd2086f4ab0bf3660a
SHA256260c6250ef9b57dca99b4cecc533f9a34857b5a32b5351202f776163841200aa
SHA512393d1747911a7f91f4c4f4f363a3782f24e00431478088da454823a223a4e75e51d9b010fc5d9746e2bf0185be90071b6cb70c777337d718b39151eef6b486aa
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Diagnostics.TraceSource.dllFilesize
21KB
MD537be4cce0ed037f8d9a7a3940bd2a2e1
SHA196314ec1a59e4bb53c5b609bf79ad4c998a7a988
SHA256c81a57d0634c462a6cf49844059e9b170f650ccdf0789519ffd4ae7d28e2718d
SHA512cedac24f414cce5053fdf10779dbd153fcebad69b3960f75a5ab1110da18799c79dc01b30269641022fcd874a331bc2dc7ce1a7d1a60dc90e109dd55b58665db
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Diagnostics.Tracing.dllFilesize
30KB
MD560f59659db517c2f4dd4c5c583d43097
SHA187ed79d195d8d93ae1155af08857f751a7eca245
SHA256b84b93be455cc7d14ec0c88ce08dafac7b6aac2e549c969e7126eb48c31f8b1c
SHA51290bcea3baa04146f08013a832633957c6d511d5eb52270575ef9a571153384b5a02c5026361b70940775907b5bc710b2c91627eeace432744f3b9e5e1ed509d6
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Drawing.Primitives.dllFilesize
20KB
MD529b0a1554e54611ebba7911049f26fd3
SHA1d707745e72d2f39374f2d28af52aaab7888b93ab
SHA2562805a18724a24034ad6acb315dac516e479cecc5f3753204052657e560932d5d
SHA51217558306a611bfac6982d5650335b05ea407191290b653c028896142ebee2abceb22f7d71926fbbcc3fab8227c61a5fda0e770abfca021ac7f891c9c7ee42e81
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Dynamic.Runtime.dllFilesize
21KB
MD5c5cadb1409f25b6a1c7a6dd4c2df236b
SHA1a994c87352486d433a06943c01329dd721ab343f
SHA256f600acc811720183c639cebe5618baf9c8135b85b9cbdc0758bc9b2dcc6dd7a9
SHA5126bd6e482533b9ff8fff8823f84cde7191a0fd5575f76891a95e99cd1f5c1122ef92b436745ec9583089445fd5eac795181759080b1d83ccfa1eed31d9cce3af0
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Memory.dllFilesize
137KB
MD56fb95a357a3f7e88ade5c1629e2801f8
SHA119bf79600b716523b5317b9a7b68760ae5d55741
SHA2568e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7
SHA512293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Net.Http.dllFilesize
193KB
MD5665e355cbed5fe5f7bebc3cb23e68649
SHA11c2cefafba48ba7aaab746f660debd34f2f4b14c
SHA256b5d20736f84f335ef4c918a5ba41c3a0d7189397c71b166ccc6c342427a94ece
SHA5125300d39365e84a67010ae4c282d7e05172563119afb84dc1b0610217683c7d110803aef02945034a939262f6a7ecf629b52c0e93c1cd63d52ca7a3b3e607bb7d
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Numerics.Vectors.dllFilesize
113KB
MD5aaa2cbf14e06e9d3586d8a4ed455db33
SHA13d216458740ad5cb05bc5f7c3491cde44a1e5df0
SHA2561d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
SHA5120b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Runtime.CompilerServices.Unsafe.dllFilesize
16KB
MD59a341540899dcc5630886f2d921be78f
SHA1bab44612721c3dc91ac3d9dfca7c961a3a511508
SHA2563cadcb6b8a7335141c7c357a1d77af1ff49b59b872df494f5025580191d1c0d5
SHA512066984c83de975df03eee1c2b5150c6b9b2e852d9caf90cfd956e9f0f7bd5a956b96ea961b26f7cd14c089bc8a27f868b225167020c5eb6318f66e58113efa37
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Text.Encodings.Web.dllFilesize
66KB
MD5e8cdacfd2ef2f4b3d1a8e6d59b6e3027
SHA19a85d938d8430a73255a65ea002a7709c81a4cf3
SHA256edf13ebf2d45152e26a16b947cd953aeb7a42602fa48e53fd7673934e5acea30
SHA512ee1005270305b614236d68e427263b4b4528ad3842057670fad061867286815577ec7d3ed8176e6683d723f9f592abcbf28d24935ce8a34571ab7f1720e2ffc5
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Text.Json.dllFilesize
347KB
MD538470ca21414a8827c24d8fe0438e84b
SHA11c394a150c5693c69f85403f201caa501594b7ab
SHA2562c7435257690ac95dc03b45a236005124097f08519adf3134b1d1ece4190e64c
SHA512079f7320cc2f3b97a5733725d3b13dff17b595465159daabca5a166d39777100e5a2d9af2a75989dfabdb2f29eac0710e16c3bb2660621344b7a63c5dbb87ef8
-
C:\Windows\Microsoft.NET\traffmonetizer\System.Threading.Tasks.Extensions.dllFilesize
25KB
MD5e1e9d7d46e5cd9525c5927dc98d9ecc7
SHA12242627282f9e07e37b274ea36fac2d3cd9c9110
SHA2564f81ffd0dc7204db75afc35ea4291769b07c440592f28894260eea76626a23c6
SHA512da7ab8c0100e7d074f0e680b28d241940733860dfbdc5b8c78428b76e807f27e44d1c5ec95ee80c0b5098e8c5d5da4d48bce86800164f9734a05035220c3ff11
-
C:\Windows\Microsoft.NET\traffmonetizer\System.ValueTuple.dllFilesize
77KB
MD58c9424e37a28db7d70e7d52f0df33cf8
SHA181cd1acb53d493c54c8d56f379d790a901a355ac
SHA256e4774aead2793f440e0ced6c097048423d118e0b6ed238c6fe5b456acb07817f
SHA512cb6364c136f9d07191cf89ea2d3b89e08db0cd5911bf835c32ae81e4d51e0789ddc92d47e80b7ff7e24985890ed29a00b0a391834b43cf11db303cd980d834f4
-
C:\Windows\Microsoft.NET\traffmonetizer\Traffmonetizer.exeFilesize
680KB
MD52884fdeaa62f29861ce2645dde0040f6
SHA101a775a431f6e4da49f5c5da2dab74cc4d770021
SHA2562923eacd0c99a2d385f7c989882b7cca83bff133ecf176fdb411f8d17e7ef265
SHA512470ce2cf25d7ee66f4ceb197e218872ea1b865de7029fadb0d41f3324a213b94c668968f20e228e87a879c1f0c13c9827f3b8881820d02e780d567d791ad159f
-
C:\Windows\Microsoft.NET\traffmonetizer\Traffmonetizer.exeFilesize
680KB
MD576ad5b4c7089405ca32b0e78107f5843
SHA159a1130aab90c81dff8f433c25c4e62f9d9740bd
SHA2568214dd62e85a1eb864a87a044dea384d86ae77bf686acdc26617e4d12181b476
SHA512016dad36d6d0443cd36ce56c1deff9d57ebfc1b529f67ce73cd5e18e19bcb8b44b658a4a4d6003fd05add75d7778dc38354ae8c7e05a21779911de419d66299e
-
C:\Windows\Microsoft.NET\traffmonetizer\netstandard.dllFilesize
96KB
MD50adf6f32f4d14f9b0be9aa94f7efb279
SHA168e1af02cddd57b5581708984c2b4a35074982a3
SHA2568be4a2270f8b2bea40f33f79869fdcca34e07bb764e63b81ded49d90d2b720dd
SHA512f81ac2895048333ac50e550d2b03e90003865f18058ce4a1dfba9455a5bda2485a2d31b0fdc77f6cbdfb1bb2e32d9f8ab81b3201d96d56e060e4a440719502d6
-
C:\Windows\Microsoft.NET\traffmonetizer\traffmonetizer.exe.configFilesize
18KB
MD5e3f86e44d1997122912dd19c93b4cc51
SHA155a2abf767061a27d48fc5eda94ba8156add3e81
SHA2568905f68562e02ca9c686f8bb6edde6643c94b2592240c6ed0d40ca380e69e62d
SHA512314f97d7889d22d1086682c2abfcf0bcb753c2103a29127407392fa05dabb69f1528c7b8028aeac48e5fd7daf0fb1e4a367e6d83f7ca73bcea8e7c6e1d1b54d5
-
C:\Windows\System32\config\systemprofile\AppData\Roaming\traffmonetizer\Installer.exeFilesize
2.9MB
MD55d35163029a29a28387bd696293ac3b7
SHA13775491d5ee3ef728bf3ad703239f8cf99969f95
SHA256583d04b8bbc236de13ea34e48c8f7ccd0d24e8e4c96e801f3c913277a26ff9e0
SHA512b689ddb10b5baa538941c0fb00de55f961a89fe979f75817fb18f07173ec1fc54936587f1b322261d11878477cf5b920de6dc026eaac0534f21f3b6e5f7c31c6
-
C:\Windows\Temp\GetPassword.exeFilesize
494KB
MD55b6a804db0c5733d331eb126048ca73b
SHA1f18c5acae63457ad26565d663467fa5a7fbfbee4
SHA2565bec6b3bc6f8cbda50a8c5195a488cc82d2e00f18ec75640db31b2376a6db9f9
SHA512ba6424051ab9f650967cc2ba428fd6a02ccda8f99d8b8e3f5f321a5e6bbf79a22bfc9cdd582c44980470ebbb7aea1b811fd69aab6bf51466a803c7c722fcde26
-
C:\Windows\Temp\Hooks.exeFilesize
11.7MB
MD5422f3763021f8f9bfc31a9a7e4b049f9
SHA1d9b34b3cf62c66dd776ba5bed3abb0c409c6c3f0
SHA256a1871f4f0149065abab263411d6afdd8ae962060db732e740e956898b62cee0b
SHA51246ad02ef99385a98fd18479bf409caacf5b2f4a1d3beecfe7b85a5af893cec96a57fd8715c24bfed222e1e1dd480bd1ced0c398d5893e3d6d2caef65797bb6e0
-
C:\Windows\Temp\MpMgSvc.exeFilesize
3.2MB
MD540670d0d30c6855dd2b3db30b81f9ce2
SHA11f553452c564af39945941dc850bf3e16ca72290
SHA256d34098c57d0588f6bdf79abd8af98e22904ba595e27a58966400f500688f34f3
SHA5128c2df4e2190437645e8c1f29cacd9a6b538dd6bd9a0697ad4a61455a712b8f051a773ebf47342014760c74881627c129b8b3597705cee1de5f634d0542816a2a
-
C:\Windows\Temp\PWD.txtFilesize
16B
MD5f4ee302afbce0b94cd33c6b3941d19e2
SHA175f98857186248ac2f9cbd0c3f07d1118b49ee10
SHA256dfb23411a6872447e75541e6b3067026d10ebc8f76f427a5f69d795498e117f9
SHA512ca202ca2caf8a1e9596f1187a82cd02a650aea316c9a6bf58c59a23b4922098fe3720301dbe3268514e977a5964dc746f38c862ce4cdc63573d0e69254ea0e77
-
C:\Windows\Temp\Wmicc.exeFilesize
1.4MB
MD5e66e02324b37d50d144b06ced32065c0
SHA1edc3cf91e52d1110a823cf7ba56c36f63dab925f
SHA2561458b4ac901575e8de7b2452002a39a24e90d211652673d9f34318c7240edf09
SHA5121913b12b471a8177568873cc3322d874c2d2dfdbbaf264d2e3714eb956bf1d53b832082b7baf303d7d73bd889ae5e0cf09419606d4d8742db35027e16820f9da
-
C:\Windows\Temp\__PSScriptPolicyTest_lopcb51o.2ps.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Windows\Temp\ip.txtFilesize
6KB
MD5a1c459f25bf756b4e8925dace308cd11
SHA1170fefe3f90361f8944abce2788b4e4a6497b369
SHA2564492f7833d3104912412c661f3f5d33b6b2028a8d34dfe8ff10e584272ae589e
SHA512f6dc72dc93b64aee4ea17ea7cb53ecb145a5ec79fb7622bb04a980cedd93bfb3501af313d58d036d44ab12d30ccdcb62d9801992173018ae2f99b171efc25ef5
-
C:\Windows\Temp\ip.txtFilesize
180KB
MD5a568b7b2b4b6f362813628d40834ede7
SHA147abed93dd7a1dafa3e105dde50cb915f5c3a548
SHA25621ceff34af7561ee1c81e4006421462f3a4edcc9947c6957452f9e7a91e52d4a
SHA51236ae10216ebd7ab986fb44695cef5147dfa00c67385fe81d6543cfa8e7f7e5d4a38943188fab71e675f5d4695cc38705e02edb308d08f467fcc1d3b6de57bcc8
-
C:\Windows\Temp\ip.txtMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Windows\system32\config\systemprofile\AppData\Roaming\traffmonetizer\pidFilesize
4B
MD5c7b3f097f4810cbb3c4b18c09ab893bc
SHA11928265afceafded6ef7fadbc568ed9d69648c42
SHA256ca476f632e7e3cc91ea18eb65096107824669e1472bca389cf29b4ef4d9114a2
SHA5120f294234da62dc30762e71b995d282cb1e9139bf7f6c364fc4e42e9843318f94d9ef9db793d2c4045370cec30095cc3cab009a8a11895a54933d4c0a83731045
-
C:\Windows\system32\config\systemprofile\AppData\Roaming\traffmonetizer\settings.jsonFilesize
98B
MD52e839b7ab87694f72220658502588c41
SHA1b3996f638b1e00b4bdf5cadeab99d05492313f37
SHA256376a0ca610d4de58de3887a8700d3e0f64fdc2123846a4f88876751847aef519
SHA512050fe964fbdfd1a957ef3e8a1c1ce6ada6d5473be890ea318a9720a7c8e42e9fb8afcc723a03ed9deeb3f2ccbff0fe725eb0b831a24e9e4df39b7249da5688a1
-
\??\c:\windows\SysWOW64\config\systemprofile\appdata\roaming\graphicsperfsvcs.dllFilesize
23.7MB
MD5eb72d63d5e250781fb1b84f185581e1e
SHA1262f689ab8a405404a0ed0fc876cfe8e4a0d6efb
SHA256440bbe8365019a7cec572f1f91159a6209636d4bf3fe3b85506bad0ff5097bc4
SHA512e02050a2e93d9c0f67c48c879d368b3a4d7a0a8bfcdc9a8c153dc1be87d809a5a20e95108721ce8194b80bc6dfd474a23474e503afc6ddd5c7c1dff23e62bcb1
-
memory/1604-13955-0x0000020E0B2A0000-0x0000020E0B2C4000-memory.dmpFilesize
144KB
-
memory/1604-13954-0x0000020E0A980000-0x0000020E0AA2E000-memory.dmpFilesize
696KB
-
memory/1848-77-0x0000000000400000-0x000000000042A000-memory.dmpFilesize
168KB
-
memory/1848-78-0x0000000000400000-0x000000000042A000-memory.dmpFilesize
168KB
-
memory/1848-79-0x0000000000400000-0x000000000042A000-memory.dmpFilesize
168KB
-
memory/1848-81-0x0000000000400000-0x000000000042A000-memory.dmpFilesize
168KB
-
memory/2648-70-0x0000000000400000-0x0000000000409000-memory.dmpFilesize
36KB
-
memory/2648-7-0x0000000000400000-0x0000000000409000-memory.dmpFilesize
36KB
-
memory/2648-8-0x0000000000400000-0x0000000000409000-memory.dmpFilesize
36KB
-
memory/2700-30-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB
-
memory/2700-0-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB
-
memory/4452-13805-0x000002711A500000-0x000002711A53C000-memory.dmpFilesize
240KB
-
memory/4452-13804-0x0000027101C80000-0x0000027101C92000-memory.dmpFilesize
72KB
-
memory/4452-13803-0x0000027101140000-0x0000027101426000-memory.dmpFilesize
2.9MB
-
memory/4452-13831-0x000002711C8A0000-0x000002711C8B2000-memory.dmpFilesize
72KB
-
memory/4488-75-0x0000000000400000-0x0000000001BF4000-memory.dmpFilesize
24.0MB
-
memory/4488-10325-0x0000000000400000-0x0000000001BF4000-memory.dmpFilesize
24.0MB
-
memory/5020-29-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13783-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13779-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13788-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13790-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13791-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13782-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-12472-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-12748-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13732-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13958-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-57-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13959-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13746-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5020-13960-0x0000000000400000-0x0000000000D37000-memory.dmpFilesize
9.2MB
-
memory/5536-13724-0x0000000007580000-0x0000000007BFA000-memory.dmpFilesize
6.5MB
-
memory/5536-13051-0x0000000005F20000-0x0000000005F3E000-memory.dmpFilesize
120KB
-
memory/5536-11089-0x0000000002600000-0x0000000002636000-memory.dmpFilesize
216KB
-
memory/5536-12182-0x0000000005050000-0x0000000005072000-memory.dmpFilesize
136KB
-
memory/5536-12184-0x0000000005910000-0x0000000005976000-memory.dmpFilesize
408KB
-
memory/5536-12183-0x00000000050F0000-0x0000000005156000-memory.dmpFilesize
408KB
-
memory/5536-12407-0x0000000005980000-0x0000000005CD4000-memory.dmpFilesize
3.3MB
-
memory/5536-11456-0x0000000005170000-0x0000000005798000-memory.dmpFilesize
6.2MB
-
memory/5536-13729-0x00000000081B0000-0x0000000008754000-memory.dmpFilesize
5.6MB
-
memory/5536-13728-0x00000000064F0000-0x0000000006512000-memory.dmpFilesize
136KB
-
memory/5536-13727-0x00000000071A0000-0x0000000007236000-memory.dmpFilesize
600KB
-
memory/5536-13725-0x0000000006430000-0x000000000644A000-memory.dmpFilesize
104KB
-
memory/5536-13071-0x0000000005FB0000-0x0000000005FFC000-memory.dmpFilesize
304KB
-
memory/5752-13787-0x00000271EDA00000-0x00000271EDA32000-memory.dmpFilesize
200KB
-
memory/5752-13761-0x00000271EA860000-0x00000271EA86A000-memory.dmpFilesize
40KB
-
memory/5752-13767-0x00000271EB180000-0x00000271EB194000-memory.dmpFilesize
80KB
-
memory/5752-13765-0x00000271EA9D0000-0x00000271EA9D8000-memory.dmpFilesize
32KB
-
memory/5752-13763-0x00000271EB160000-0x00000271EB176000-memory.dmpFilesize
88KB
-
memory/5752-13759-0x00000271EAA00000-0x00000271EAA26000-memory.dmpFilesize
152KB
-
memory/5752-13771-0x00000271EB370000-0x00000271EB3A2000-memory.dmpFilesize
200KB
-
memory/5752-13769-0x00000271EB2C0000-0x00000271EB2DE000-memory.dmpFilesize
120KB
-
memory/5752-13773-0x00000271EB5E0000-0x00000271EB5EA000-memory.dmpFilesize
40KB
-
memory/5752-13756-0x00000271EB100000-0x00000271EB15A000-memory.dmpFilesize
360KB
-
memory/5752-13753-0x00000271EA840000-0x00000271EA85E000-memory.dmpFilesize
120KB
-
memory/5752-13775-0x00000271ED5D0000-0x00000271ED5DA000-memory.dmpFilesize
40KB
-
memory/5752-13751-0x00000271E9F40000-0x00000271E9FEC000-memory.dmpFilesize
688KB
-
memory/5752-13785-0x00000271EDA80000-0x00000271EDAFE000-memory.dmpFilesize
504KB