Analysis
-
max time kernel
142s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
05-07-2022 11:11
Static task
static1
Behavioral task
behavioral1
Sample
bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe
Resource
win10v2004-20220414-en
General
-
Target
bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe
-
Size
40.0MB
-
MD5
a7520ab8d474b169f7d70171bf1d6933
-
SHA1
f926802027e1290fd9df9077461697a99864ba37
-
SHA256
bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf
-
SHA512
425121d7055dd45561082dd9c481011d8f92ba49922ae265d47781f9687f4622230fc5e4624e2f26dd8e8eef8f89245dc8e5238a331495b6523f7cbf7936c6c9
Malware Config
Signatures
-
Executes dropped EXE 5 IoCs
Processes:
ToDesk.exeToDesk_Service.exeToDesk.exeToDesk.exepid process 1348 ToDesk.exe 460 1612 ToDesk_Service.exe 748 ToDesk.exe 328 ToDesk.exe -
Processes:
resource yara_rule behavioral1/memory/1948-55-0x0000000000EB0000-0x0000000005ED0000-memory.dmp upx behavioral1/memory/1948-56-0x0000000000EB0000-0x0000000005ED0000-memory.dmp upx behavioral1/memory/1948-74-0x0000000000EB0000-0x0000000005ED0000-memory.dmp upx -
Loads dropped DLL 5 IoCs
Processes:
bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exeToDesk.exeToDesk_Service.exeToDesk.exeToDesk.exepid process 1948 bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe 1348 ToDesk.exe 1612 ToDesk_Service.exe 748 ToDesk.exe 328 ToDesk.exe -
AutoIT Executable 3 IoCs
AutoIT scripts compiled to PE executables.
Processes:
resource yara_rule behavioral1/memory/1948-55-0x0000000000EB0000-0x0000000005ED0000-memory.dmp autoit_exe behavioral1/memory/1948-56-0x0000000000EB0000-0x0000000005ED0000-memory.dmp autoit_exe behavioral1/memory/1948-74-0x0000000000EB0000-0x0000000005ED0000-memory.dmp autoit_exe -
Drops file in System32 directory 2 IoCs
Processes:
ToDesk_Service.exedescription ioc process File opened for modification C:\Windows\System32\mmkv.default ToDesk_Service.exe File opened for modification C:\Windows\System32\mmkv.default.crc ToDesk_Service.exe -
Drops file in Program Files directory 19 IoCs
Processes:
ToDesk.exeToDesk.exebea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exeToDesk_Service.exedescription ioc process File opened for modification C:\Program Files (x86)\ToDesk\config.ini ToDesk.exe File opened for modification C:\Program Files (x86)\ToDesk\Logs\client_2022_07_05.log ToDesk.exe File created C:\Program Files (x86)\ToDesk\config.ini bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe File opened for modification C:\Program Files (x86)\ToDesk\ToDesk_Service.exe bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe File opened for modification C:\Program Files (x86)\ToDesk\Logs\zrtcservice_2022_07_05.log ToDesk_Service.exe File opened for modification C:\Program Files (x86)\ToDesk\config.ini ToDesk.exe File opened for modification C:\Program Files (x86)\ToDesk\Logs\sdkclient_2022_07_05.log ToDesk.exe File created C:\Program Files (x86)\ToDesk\ToDesk.exe bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe File opened for modification C:\Program Files (x86)\ToDesk\ToDesk.exe bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe File created C:\Program Files (x86)\ToDesk\ToDesk_Service.exe bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe File opened for modification C:\Program Files (x86)\ToDesk\ToDesk_Session.exe bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe File created C:\Program Files (x86)\ToDesk\zrtc.dll bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe File opened for modification C:\Program Files (x86)\ToDesk\zrtc.dll bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe File opened for modification C:\Program Files (x86)\ToDesk\config.ini ToDesk_Service.exe File opened for modification C:\Program Files (x86)\ToDesk\Logs\sdkservice_2022_07_05.log ToDesk_Service.exe File opened for modification C:\Program Files (x86)\ToDesk\config.ini bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe File created C:\Program Files (x86)\ToDesk\ToDesk_Session.exe bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe File opened for modification C:\Program Files (x86)\ToDesk\Logs\service_2022_07_05.log ToDesk_Service.exe File opened for modification C:\Program Files (x86)\ToDesk\Logs\zrtcclient_2022_07_05.log ToDesk.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
ToDesk.exepid process 328 ToDesk.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exeToDesk_Service.exepid process 1948 bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe 1612 ToDesk_Service.exe -
Suspicious use of AdjustPrivilegeToken 18 IoCs
Processes:
ToDesk_Service.exeToDesk.exedescription pid process Token: SeDebugPrivilege 1612 ToDesk_Service.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe Token: SeShutdownPrivilege 328 ToDesk.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
ToDesk.exepid process 328 ToDesk.exe 328 ToDesk.exe -
Suspicious use of SendNotifyMessage 2 IoCs
Processes:
ToDesk.exepid process 328 ToDesk.exe 328 ToDesk.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exeToDesk_Service.exedescription pid process target process PID 1948 wrote to memory of 1348 1948 bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe ToDesk.exe PID 1948 wrote to memory of 1348 1948 bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe ToDesk.exe PID 1948 wrote to memory of 1348 1948 bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe ToDesk.exe PID 1948 wrote to memory of 1348 1948 bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe ToDesk.exe PID 1612 wrote to memory of 748 1612 ToDesk_Service.exe ToDesk.exe PID 1612 wrote to memory of 748 1612 ToDesk_Service.exe ToDesk.exe PID 1612 wrote to memory of 748 1612 ToDesk_Service.exe ToDesk.exe PID 1612 wrote to memory of 328 1612 ToDesk_Service.exe ToDesk.exe PID 1612 wrote to memory of 328 1612 ToDesk_Service.exe ToDesk.exe PID 1612 wrote to memory of 328 1612 ToDesk_Service.exe ToDesk.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe"C:\Users\Admin\AppData\Local\Temp\bea83f2487166bc524bc5a21d6d602d5c4f0a46755d3cb0a864641f4dec7bbbf.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\ToDesk\ToDesk.exe"C:\Program Files (x86)\ToDesk\ToDesk.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files (x86)\ToDesk\ToDesk_Service.exe"C:\Program Files (x86)\ToDesk\ToDesk_Service.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\ToDesk\ToDesk.exe"C:\Program Files (x86)\ToDesk\ToDesk.exe" --hide --localPort=356002⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\ToDesk\ToDesk.exe"C:\Program Files (x86)\ToDesk\ToDesk.exe" --show --localPort=356002⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\ToDesk\ToDesk.exeFilesize
27.3MB
MD5cd9361c978359b79dcb6de8e54cdda1e
SHA1dffc0c351b9c40940f05149feade9edebfd2be39
SHA2567efa00883a7a4abe9d009eaae4070448e982891586e8a7ac8b060beb69eb9267
SHA51203f072c9ae5c0014591fbf4e21732b4251fc7872ec53a71d10e635f6cd4a9b6b01d713b81e9b8efe68dd9a42d78993257a0db814a090e2967c4c84aa3fb905a8
-
C:\Program Files (x86)\ToDesk\ToDesk.exeFilesize
27.3MB
MD5cd9361c978359b79dcb6de8e54cdda1e
SHA1dffc0c351b9c40940f05149feade9edebfd2be39
SHA2567efa00883a7a4abe9d009eaae4070448e982891586e8a7ac8b060beb69eb9267
SHA51203f072c9ae5c0014591fbf4e21732b4251fc7872ec53a71d10e635f6cd4a9b6b01d713b81e9b8efe68dd9a42d78993257a0db814a090e2967c4c84aa3fb905a8
-
C:\Program Files (x86)\ToDesk\ToDesk.exeFilesize
27.3MB
MD5cd9361c978359b79dcb6de8e54cdda1e
SHA1dffc0c351b9c40940f05149feade9edebfd2be39
SHA2567efa00883a7a4abe9d009eaae4070448e982891586e8a7ac8b060beb69eb9267
SHA51203f072c9ae5c0014591fbf4e21732b4251fc7872ec53a71d10e635f6cd4a9b6b01d713b81e9b8efe68dd9a42d78993257a0db814a090e2967c4c84aa3fb905a8
-
C:\Program Files (x86)\ToDesk\ToDesk.exeFilesize
27.3MB
MD5cd9361c978359b79dcb6de8e54cdda1e
SHA1dffc0c351b9c40940f05149feade9edebfd2be39
SHA2567efa00883a7a4abe9d009eaae4070448e982891586e8a7ac8b060beb69eb9267
SHA51203f072c9ae5c0014591fbf4e21732b4251fc7872ec53a71d10e635f6cd4a9b6b01d713b81e9b8efe68dd9a42d78993257a0db814a090e2967c4c84aa3fb905a8
-
C:\Program Files (x86)\ToDesk\ToDesk_Service.exeFilesize
9.8MB
MD52f2478bf8d864c0620fa343272ebf449
SHA15f20802b568131548b07afbe37001e05057ba699
SHA256dae138d5e1bb18a5c9256d232812cd9ceb67cd086e0fb66c38e86d5e86001551
SHA512ab12a72fe9a07fd8e1ed3dde468e47c558006b6ee2bbbe55c29fa44f616eaa4fb967b77b1c84acd33e73ea4d31feba6a8260bdce9622f2054d992d935d22dcbf
-
C:\Program Files (x86)\ToDesk\ToDesk_Service.exeFilesize
9.8MB
MD52f2478bf8d864c0620fa343272ebf449
SHA15f20802b568131548b07afbe37001e05057ba699
SHA256dae138d5e1bb18a5c9256d232812cd9ceb67cd086e0fb66c38e86d5e86001551
SHA512ab12a72fe9a07fd8e1ed3dde468e47c558006b6ee2bbbe55c29fa44f616eaa4fb967b77b1c84acd33e73ea4d31feba6a8260bdce9622f2054d992d935d22dcbf
-
C:\Program Files (x86)\ToDesk\config.iniFilesize
59B
MD593a7935d4de489426306b5b9a1e4e259
SHA1a81d9383bdf89ef654eec9aafc91f96f8dc255cb
SHA2565bf8d90e5e7a773c49cd777f0bf653547ca968fe6166c719cf152492671c81fa
SHA512f8f883c123a53e448288f009d6090e9833b20fd9963515e457b577a9c96654e66c1cb7e2d9cf5ed6609246ce5b7dc7f56e1d2d643416ed02b3e841e1cf47306b
-
C:\Program Files (x86)\ToDesk\config.iniFilesize
72B
MD52cacb408015086e69fd9ea7879316058
SHA1875a4483fc2e60c95841020a50ec62c8b29a0bc1
SHA256ccc41d74bbb2460fe2727e5aef541185ce92fdaebc501841e96c8396ac5693a9
SHA5126463157f6906f656c95f9533403ea0f614748d08faae3aaa9514a259115e0ed121d6ceb7a4e52b4359346b7e0b5229b7e0195e9cf8a587226143a763de1bbd11
-
C:\Program Files (x86)\ToDesk\config.iniFilesize
72B
MD52cacb408015086e69fd9ea7879316058
SHA1875a4483fc2e60c95841020a50ec62c8b29a0bc1
SHA256ccc41d74bbb2460fe2727e5aef541185ce92fdaebc501841e96c8396ac5693a9
SHA5126463157f6906f656c95f9533403ea0f614748d08faae3aaa9514a259115e0ed121d6ceb7a4e52b4359346b7e0b5229b7e0195e9cf8a587226143a763de1bbd11
-
C:\Program Files (x86)\ToDesk\config.iniFilesize
228B
MD5dc5d4869410bf3cddbe3183f91b667ab
SHA194fa7edb636356ea6ab517235d0d25788484bac3
SHA256a678541707b93a691289aa5bac9525ede5c4413d44ad9611ba7b87b5ae90d6c7
SHA5125a0e7b98fd2c5cc48581b1d0bf716070c81c2c31fc0572366b0fd2ce0cdd3a3562a8594ee262d9c87da1ea3c76e09f4c0887256adcb226a40620a57249bf1c2d
-
C:\Program Files (x86)\ToDesk\config.iniFilesize
228B
MD5dc5d4869410bf3cddbe3183f91b667ab
SHA194fa7edb636356ea6ab517235d0d25788484bac3
SHA256a678541707b93a691289aa5bac9525ede5c4413d44ad9611ba7b87b5ae90d6c7
SHA5125a0e7b98fd2c5cc48581b1d0bf716070c81c2c31fc0572366b0fd2ce0cdd3a3562a8594ee262d9c87da1ea3c76e09f4c0887256adcb226a40620a57249bf1c2d
-
C:\Program Files (x86)\ToDesk\config.iniFilesize
390B
MD512ea4c4d6245edf3b6ee47e79d275af5
SHA13e73ec144e35b4cbfe65d2ad6f8e7ae1a937166c
SHA256891aa96f05a690ad155675ac59080f59d55668e176a101ce31fbe40bdecdde5e
SHA512c8df88fc2b7f2dcc2e6a05a4e92b363c302019a3d6522a5653ab0a9fe12b27207ba9ba7ad2aaf6fee5522ad70add67225ca38f5321517827cbb57c7cb0e12a8b
-
C:\Program Files (x86)\ToDesk\zrtc.dllFilesize
33.0MB
MD55d327b173a94edb50df15a283e22bed3
SHA1f38d09fe9c0794a6050a4c1e8cf4cb3d17e6f41d
SHA256ccb87d59a5f83b9253307c5ba18be999a1b3d975920d09986d740ce044c6f519
SHA512cb56e4fbf1d2d30089151b3675b2d44685cbfc768afaa5754a7187525be595e0bfac98ac3c51faad7111071c8a8a0e8ab228ca6a5f62f026a35080ef205a4fff
-
\Program Files (x86)\ToDesk\ToDesk.exeFilesize
27.3MB
MD5cd9361c978359b79dcb6de8e54cdda1e
SHA1dffc0c351b9c40940f05149feade9edebfd2be39
SHA2567efa00883a7a4abe9d009eaae4070448e982891586e8a7ac8b060beb69eb9267
SHA51203f072c9ae5c0014591fbf4e21732b4251fc7872ec53a71d10e635f6cd4a9b6b01d713b81e9b8efe68dd9a42d78993257a0db814a090e2967c4c84aa3fb905a8
-
\Program Files (x86)\ToDesk\ToDesk_Service.exeFilesize
9.8MB
MD52f2478bf8d864c0620fa343272ebf449
SHA15f20802b568131548b07afbe37001e05057ba699
SHA256dae138d5e1bb18a5c9256d232812cd9ceb67cd086e0fb66c38e86d5e86001551
SHA512ab12a72fe9a07fd8e1ed3dde468e47c558006b6ee2bbbe55c29fa44f616eaa4fb967b77b1c84acd33e73ea4d31feba6a8260bdce9622f2054d992d935d22dcbf
-
\Program Files (x86)\ToDesk\zrtc.dllFilesize
33.0MB
MD55d327b173a94edb50df15a283e22bed3
SHA1f38d09fe9c0794a6050a4c1e8cf4cb3d17e6f41d
SHA256ccb87d59a5f83b9253307c5ba18be999a1b3d975920d09986d740ce044c6f519
SHA512cb56e4fbf1d2d30089151b3675b2d44685cbfc768afaa5754a7187525be595e0bfac98ac3c51faad7111071c8a8a0e8ab228ca6a5f62f026a35080ef205a4fff
-
\Program Files (x86)\ToDesk\zrtc.dllFilesize
33.0MB
MD55d327b173a94edb50df15a283e22bed3
SHA1f38d09fe9c0794a6050a4c1e8cf4cb3d17e6f41d
SHA256ccb87d59a5f83b9253307c5ba18be999a1b3d975920d09986d740ce044c6f519
SHA512cb56e4fbf1d2d30089151b3675b2d44685cbfc768afaa5754a7187525be595e0bfac98ac3c51faad7111071c8a8a0e8ab228ca6a5f62f026a35080ef205a4fff
-
\Program Files (x86)\ToDesk\zrtc.dllFilesize
33.0MB
MD55d327b173a94edb50df15a283e22bed3
SHA1f38d09fe9c0794a6050a4c1e8cf4cb3d17e6f41d
SHA256ccb87d59a5f83b9253307c5ba18be999a1b3d975920d09986d740ce044c6f519
SHA512cb56e4fbf1d2d30089151b3675b2d44685cbfc768afaa5754a7187525be595e0bfac98ac3c51faad7111071c8a8a0e8ab228ca6a5f62f026a35080ef205a4fff
-
\Program Files (x86)\ToDesk\zrtc.dllFilesize
33.0MB
MD55d327b173a94edb50df15a283e22bed3
SHA1f38d09fe9c0794a6050a4c1e8cf4cb3d17e6f41d
SHA256ccb87d59a5f83b9253307c5ba18be999a1b3d975920d09986d740ce044c6f519
SHA512cb56e4fbf1d2d30089151b3675b2d44685cbfc768afaa5754a7187525be595e0bfac98ac3c51faad7111071c8a8a0e8ab228ca6a5f62f026a35080ef205a4fff
-
memory/328-75-0x0000000000000000-mapping.dmp
-
memory/748-70-0x0000000000000000-mapping.dmp
-
memory/1348-58-0x0000000000000000-mapping.dmp
-
memory/1948-74-0x0000000000EB0000-0x0000000005ED0000-memory.dmpFilesize
80.1MB
-
memory/1948-56-0x0000000000EB0000-0x0000000005ED0000-memory.dmpFilesize
80.1MB
-
memory/1948-54-0x00000000754A1000-0x00000000754A3000-memory.dmpFilesize
8KB
-
memory/1948-55-0x0000000000EB0000-0x0000000005ED0000-memory.dmpFilesize
80.1MB