Resubmissions

14-07-2021 13:01

210714-w4kvm4debj 10

13-07-2021 10:45

210713-9ptm893yfs 10

Analysis

  • max time kernel
    133s
  • max time network
    183s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    14-07-2021 13:01

General

  • Target

    Install.EXE

  • Size

    1.3MB

  • MD5

    eadac911eb5d946a0dbb7ac77887abfc

  • SHA1

    0d20d32fc2bcf8663af5a140179e95364ac48543

  • SHA256

    261923e2c95ef441a2f1f8e62572b57ed774b249db4d7a24ea06690e68fe381f

  • SHA512

    40648c500c7659f9213e8687f8b2bc1c61970dfb2b7a4444588c93d2a858c388f1975fc5045054047b6b75357d14f6c86dcfe128fc0615efd748eee61f646f81

Malware Config

Extracted

Family

redline

Botnet

Build1

C2

45.142.213.135:30058

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine Payload 3 IoCs
  • malware_crypter 3 IoCs

    malware_crypter.

  • Executes dropped EXE 12 IoCs
  • Loads dropped DLL 10 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Install.EXE
    "C:\Users\Admin\AppData\Local\Temp\Install.EXE"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:1784
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        3⤵
        • Executes dropped EXE
        PID:1648
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        3⤵
        • Executes dropped EXE
        PID:1580
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        3⤵
        • Executes dropped EXE
        PID:1456
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        3⤵
        • Executes dropped EXE
        PID:1520
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        3⤵
        • Executes dropped EXE
        PID:1452
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        3⤵
        • Executes dropped EXE
        PID:1576
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        3⤵
        • Executes dropped EXE
        PID:1288
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        3⤵
        • Executes dropped EXE
        PID:316
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        3⤵
        • Executes dropped EXE
        PID:740
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1756
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install1.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install1.exe
      2⤵
      • Executes dropped EXE
      PID:1936
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\7zSC1AA.tmp\Install.cmd" "
        3⤵
          PID:1440
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.org/1C2ka7
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            PID:980
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:980 CREDAT:275457 /prefetch:2
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1156

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Persistence

    Registry Run Keys / Startup Folder

    1
    T1060

    Defense Evasion

    Modify Registry

    2
    T1112

    Discovery

    System Information Discovery

    1
    T1082

    Command and Control

    Web Service

    1
    T1102

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      MD5

      2902de11e30dcc620b184e3bb0f0c1cb

      SHA1

      5d11d14a2558801a2688dc2d6dfad39ac294f222

      SHA256

      e6a7f1f8810e46a736e80ee5ac6187690f28f4d5d35d130d410e20084b2c1544

      SHA512

      efd415cde25b827ac2a7ca4d6486ce3a43cdcc1c31d3a94fd7944681aa3e83a4966625bf2e6770581c4b59d05e35ff9318d9adaddade9070f131076892af2fa0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      MD5

      1699eb02e2fbf0aa89bb7fde3430b312

      SHA1

      52f10d383a03a9f8e951457f756b1139cb7ea13b

      SHA256

      3c2346090c3f45593b633b6927f989a9ae21dbf4b8ba141b82114a3ed337c2f4

      SHA512

      59bf194311abb53bc16293dae7c8df6fb244fd1d230296e4ca043f8b073ee4beef45e60de7835cc29ab7254c2138642b12cd7e00ed7034ed376718a7388d669b

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bq3gxmw\imagestore.dat
      MD5

      7330a0c08a52c4027a83a0c7ee229f95

      SHA1

      1668e5c5173940c7962d7ecae2eba9a7ee1b93e2

      SHA256

      ba16dbdddac67ec881a4c6c01685b679ac013c64cf206f54728c5e9c2b75a5c9

      SHA512

      bbd2fdec91424f045d9babcbbd2b3a037e98d5244ef19740079f8c5c1976e0b66446124b359192fd70bd3705e7f6fad5d8050705bb767e1038d6b29926202fc1

    • C:\Users\Admin\AppData\Local\Temp\7zSC1AA.tmp\Install.cmd
      MD5

      010c7779e83876c22f45f754962d0685

      SHA1

      3dc920d75918c952aa23ef94db66a1bafd514665

      SHA256

      3746731d0dec1f85576eb810f06dcfc763624ef13a306ec5dcd1b5ed00e3beb9

      SHA512

      2f5e06598ce7ea29cdedfd5e8306ab2a7e916a36a1430bf4fcb5a28fd2d73fd8a6aafcc1bcde6c28a7e3d09227761e2004b0e23f7e8a67b434f3ddc4ad9d6cfd

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install1.exe
      MD5

      dc8a248e89370a0aa5f00b0724146b64

      SHA1

      49f639b4182eac5afbb245d1c30d37bb86e8251c

      SHA256

      207a10eb249d3c413f441a8b53080ecb8e0cb08acaf5df56b9bf274c0cc5f5f9

      SHA512

      a4c89ff18885ed67777e2e4e8760e2312bf4a9d722cae63bf9ffa56d0953e42c401f92cd9ba2f0443537d435b5814e6097f0cda23b88388f811fa512c88dfe6f

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Install1.exe
      MD5

      dc8a248e89370a0aa5f00b0724146b64

      SHA1

      49f639b4182eac5afbb245d1c30d37bb86e8251c

      SHA256

      207a10eb249d3c413f441a8b53080ecb8e0cb08acaf5df56b9bf274c0cc5f5f9

      SHA512

      a4c89ff18885ed67777e2e4e8760e2312bf4a9d722cae63bf9ffa56d0953e42c401f92cd9ba2f0443537d435b5814e6097f0cda23b88388f811fa512c88dfe6f

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\L6QLV5R9.txt
      MD5

      1d4e15f7c7b3fbb980f6d9d75f0998da

      SHA1

      4c9fc085c1a9b7bcd13e145e1bfeed0158d48d0d

      SHA256

      33d993dbc2cfc3eb81af335003c64f065f46652bb68ae4c49b63b820b74cb0f4

      SHA512

      0b7d88a68d924ec9d2ec9b0c7505d50cd27a4f61f9201b25ad8415bf20642dfbe72ef6e123cafc76c556f0115b8cbeabb07c2fcd3f7705ae7b3a773b5c0de6b1

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • \Users\Admin\AppData\Local\Temp\IXP000.TMP\TELEGR~1.EXE
      MD5

      54db9520f3db0b612c492cd14b689b98

      SHA1

      cacba09c6883605d3918626c4a92cc4cb846bcda

      SHA256

      8b013095eac15ef06fd67f6c2f101dfe14c04a33a10d63e278ee5d506c862910

      SHA512

      3cf6bd666d66ac95ed4b601ac0990839edac41f12786b8201778930daf42a72d53768c0eabaf84357e5741e10b9e4bbd0a219773e31791df863e7d8a3a7d584e

    • memory/320-59-0x000007FEFB531000-0x000007FEFB533000-memory.dmp
      Filesize

      8KB

    • memory/980-97-0x0000000000000000-mapping.dmp
    • memory/1156-99-0x0000000000000000-mapping.dmp
    • memory/1440-94-0x0000000000000000-mapping.dmp
    • memory/1756-98-0x0000000004EA0000-0x0000000004EA1000-memory.dmp
      Filesize

      4KB

    • memory/1756-85-0x0000000000400000-0x000000000041E000-memory.dmp
      Filesize

      120KB

    • memory/1756-86-0x0000000000417E9A-mapping.dmp
    • memory/1756-89-0x0000000000400000-0x000000000041E000-memory.dmp
      Filesize

      120KB

    • memory/1784-65-0x0000000000750000-0x0000000000751000-memory.dmp
      Filesize

      4KB

    • memory/1784-63-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

    • memory/1784-60-0x0000000000000000-mapping.dmp
    • memory/1936-92-0x0000000075051000-0x0000000075053000-memory.dmp
      Filesize

      8KB

    • memory/1936-88-0x0000000000000000-mapping.dmp