Analysis
-
max time kernel
132s -
max time network
150s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
-
submitted
07-12-2022 23:41
General
-
Target
125b768b14804cb647ffc01d26d9bb8ab6aa10d1a17da123eacbff84792fbd24.exe
-
Size
322KB
-
MD5
5c13cb136efd600422c5c750f2f43eed
-
SHA1
05ba47142d8a43555ec375e6450bf4bcaa409409
-
SHA256
125b768b14804cb647ffc01d26d9bb8ab6aa10d1a17da123eacbff84792fbd24
-
SHA512
ba8d45c354bf2e2e5764e7c0505a0b87c8b709411bfa6e33fd0b53d18d29afc5e39e2e21563394d6d15286e1eee894ca650e7e819f52de014867a66dc8154bdc
-
SSDEEP
6144:8bpoBpOKwbk9bEuSU5VBdafAeJczU8ilf:8bpoBpPwQ9bEuSUbXU1l
Malware Config
Extracted
amadey
3.50
62.204.41.6/p9cWxH/index.php
Extracted
socelars
https://hdbywe.s3.us-west-2.amazonaws.com/sauydga27/
Signatures
-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Amadey credential stealer module 3 IoCs
-
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
-
Socelars payload 2 IoCs
-
Blocklisted process makes network request 1 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 4 IoCs
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Kills process with taskkill 1 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 34 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\125b768b14804cb647ffc01d26d9bb8ab6aa10d1a17da123eacbff84792fbd24.exe"C:\Users\Admin\AppData\Local\Temp\125b768b14804cb647ffc01d26d9bb8ab6aa10d1a17da123eacbff84792fbd24.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exe"C:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN gntuud.exe /TR "C:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exe" /F3⤵
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Local\Temp\1000058001\mp3studios_97.exe"C:\Users\Admin\AppData\Local\Temp\1000058001\mp3studios_97.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"4⤵
-
C:\Users\Admin\AppData\Local\Temp\1000061001\linda5.exe"C:\Users\Admin\AppData\Local\Temp\1000061001\linda5.exe"3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\xmBC4FM.Cpl",4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\xmBC4FM.Cpl",5⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\RunDll32.exeC:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\xmBC4FM.Cpl",6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\xmBC4FM.Cpl",7⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main3⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
- Suspicious behavior: EnumeratesProcesses
- outlook_win_path
-
C:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exeC:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exe1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exeC:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exe1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\1000058001\mp3studios_97.exeFilesize
1.4MB
MD54b5f6278f37184c8de5d9a26d738ec99
SHA184e149f65af913a544042f8fcdc0ef2d71ddefaa
SHA2567c8203dabbe621d997618cc74e82877f6a04d539e8c69205a373e6c928d55892
SHA512a828a74d9aaa79f24f8098f4e6dbe2e68e0a9855005ca87a74b1b014c575758eaac33415c910eaad13b7a19e43be445de0953efe2ddf969aa08e50e70915054b
-
C:\Users\Admin\AppData\Local\Temp\1000058001\mp3studios_97.exeFilesize
1.4MB
MD54b5f6278f37184c8de5d9a26d738ec99
SHA184e149f65af913a544042f8fcdc0ef2d71ddefaa
SHA2567c8203dabbe621d997618cc74e82877f6a04d539e8c69205a373e6c928d55892
SHA512a828a74d9aaa79f24f8098f4e6dbe2e68e0a9855005ca87a74b1b014c575758eaac33415c910eaad13b7a19e43be445de0953efe2ddf969aa08e50e70915054b
-
C:\Users\Admin\AppData\Local\Temp\1000061001\linda5.exeFilesize
1.5MB
MD57bfd25715806b9c295da36304cd32ad8
SHA1707aef25d84ff5c6b132b9221154c2a36523992f
SHA256da7b84b800f5ae51fa0e7eae399aae8f9f3de1844d3eeafd749282ba4bdb145e
SHA51203d6207b5143eb1e7b9c6f83cc4246013bc3a1873ab8b4de71bd9106c1d714b8a689dee874cca58eb55622ad6850fa428db501b387007d1deaca12a9ece200c4
-
C:\Users\Admin\AppData\Local\Temp\1000061001\linda5.exeFilesize
1.5MB
MD57bfd25715806b9c295da36304cd32ad8
SHA1707aef25d84ff5c6b132b9221154c2a36523992f
SHA256da7b84b800f5ae51fa0e7eae399aae8f9f3de1844d3eeafd749282ba4bdb145e
SHA51203d6207b5143eb1e7b9c6f83cc4246013bc3a1873ab8b4de71bd9106c1d714b8a689dee874cca58eb55622ad6850fa428db501b387007d1deaca12a9ece200c4
-
C:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exeFilesize
322KB
MD55c13cb136efd600422c5c750f2f43eed
SHA105ba47142d8a43555ec375e6450bf4bcaa409409
SHA256125b768b14804cb647ffc01d26d9bb8ab6aa10d1a17da123eacbff84792fbd24
SHA512ba8d45c354bf2e2e5764e7c0505a0b87c8b709411bfa6e33fd0b53d18d29afc5e39e2e21563394d6d15286e1eee894ca650e7e819f52de014867a66dc8154bdc
-
C:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exeFilesize
322KB
MD55c13cb136efd600422c5c750f2f43eed
SHA105ba47142d8a43555ec375e6450bf4bcaa409409
SHA256125b768b14804cb647ffc01d26d9bb8ab6aa10d1a17da123eacbff84792fbd24
SHA512ba8d45c354bf2e2e5764e7c0505a0b87c8b709411bfa6e33fd0b53d18d29afc5e39e2e21563394d6d15286e1eee894ca650e7e819f52de014867a66dc8154bdc
-
C:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exeFilesize
322KB
MD55c13cb136efd600422c5c750f2f43eed
SHA105ba47142d8a43555ec375e6450bf4bcaa409409
SHA256125b768b14804cb647ffc01d26d9bb8ab6aa10d1a17da123eacbff84792fbd24
SHA512ba8d45c354bf2e2e5764e7c0505a0b87c8b709411bfa6e33fd0b53d18d29afc5e39e2e21563394d6d15286e1eee894ca650e7e819f52de014867a66dc8154bdc
-
C:\Users\Admin\AppData\Local\Temp\99e342142d\gntuud.exeFilesize
322KB
MD55c13cb136efd600422c5c750f2f43eed
SHA105ba47142d8a43555ec375e6450bf4bcaa409409
SHA256125b768b14804cb647ffc01d26d9bb8ab6aa10d1a17da123eacbff84792fbd24
SHA512ba8d45c354bf2e2e5764e7c0505a0b87c8b709411bfa6e33fd0b53d18d29afc5e39e2e21563394d6d15286e1eee894ca650e7e819f52de014867a66dc8154bdc
-
C:\Users\Admin\AppData\Local\Temp\xmBC4FM.CplFilesize
2.0MB
MD5fda24944c152eb96cb237b57a94afc74
SHA128bc8491a22cfa054ee196e850b1ef38ef3b2a1e
SHA256375f3fd980a885da2dadcd7da3a2afeb213229a97e55fb5e33d7a7c9cc429d9d
SHA5122de346c51f97246f725777b5eff094525878a5d141d4f45eae3f8e62b1d06b2f90d73e30abeb1e2f461aee32fa442dcc92198aa19bb2eb4ff3d2cb92ec481f07
-
C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dllFilesize
126KB
MD598cc0f811ad5ff43fedc262961002498
SHA137e48635fcef35c0b3db3c1f0c35833899eb53d8
SHA25662d5b300b911a022c5c146ea010769cd0c2fdcc86aba7e5be25aff1f799220be
SHA512d2ae90628acf92c6f7d176a4c866a0b6a6cfcfd722f0aec89cb48afead4318311c3ca95fe6865ac254b601b70ef5f289a35f4b26fba67a4c9b3cc5e68c7bf9c1
-
\Users\Admin\AppData\Local\Temp\xmBc4FM.cplFilesize
2.0MB
MD5fda24944c152eb96cb237b57a94afc74
SHA128bc8491a22cfa054ee196e850b1ef38ef3b2a1e
SHA256375f3fd980a885da2dadcd7da3a2afeb213229a97e55fb5e33d7a7c9cc429d9d
SHA5122de346c51f97246f725777b5eff094525878a5d141d4f45eae3f8e62b1d06b2f90d73e30abeb1e2f461aee32fa442dcc92198aa19bb2eb4ff3d2cb92ec481f07
-
\Users\Admin\AppData\Local\Temp\xmBc4FM.cplFilesize
2.0MB
MD5fda24944c152eb96cb237b57a94afc74
SHA128bc8491a22cfa054ee196e850b1ef38ef3b2a1e
SHA256375f3fd980a885da2dadcd7da3a2afeb213229a97e55fb5e33d7a7c9cc429d9d
SHA5122de346c51f97246f725777b5eff094525878a5d141d4f45eae3f8e62b1d06b2f90d73e30abeb1e2f461aee32fa442dcc92198aa19bb2eb4ff3d2cb92ec481f07
-
\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dllFilesize
126KB
MD598cc0f811ad5ff43fedc262961002498
SHA137e48635fcef35c0b3db3c1f0c35833899eb53d8
SHA25662d5b300b911a022c5c146ea010769cd0c2fdcc86aba7e5be25aff1f799220be
SHA512d2ae90628acf92c6f7d176a4c866a0b6a6cfcfd722f0aec89cb48afead4318311c3ca95fe6865ac254b601b70ef5f289a35f4b26fba67a4c9b3cc5e68c7bf9c1
-
\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dllFilesize
126KB
MD598cc0f811ad5ff43fedc262961002498
SHA137e48635fcef35c0b3db3c1f0c35833899eb53d8
SHA25662d5b300b911a022c5c146ea010769cd0c2fdcc86aba7e5be25aff1f799220be
SHA512d2ae90628acf92c6f7d176a4c866a0b6a6cfcfd722f0aec89cb48afead4318311c3ca95fe6865ac254b601b70ef5f289a35f4b26fba67a4c9b3cc5e68c7bf9c1
-
memory/1416-443-0x0000000000000000-mapping.dmp
-
memory/1932-257-0x0000000000000000-mapping.dmp
-
memory/2008-224-0x0000000000000000-mapping.dmp
-
memory/2216-715-0x0000000000470000-0x000000000051E000-memory.dmpFilesize
696KB
-
memory/2216-721-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB
-
memory/2352-544-0x0000000005500000-0x000000000560B000-memory.dmpFilesize
1.0MB
-
memory/2352-543-0x0000000005220000-0x00000000053E8000-memory.dmpFilesize
1.8MB
-
memory/2352-488-0x0000000000000000-mapping.dmp
-
memory/2352-734-0x0000000005500000-0x000000000560B000-memory.dmpFilesize
1.0MB
-
memory/3404-325-0x0000000000000000-mapping.dmp
-
memory/4268-636-0x0000000000000000-mapping.dmp
-
memory/4276-684-0x0000000004F50000-0x000000000505B000-memory.dmpFilesize
1.0MB
-
memory/4276-637-0x0000000000000000-mapping.dmp
-
memory/4276-683-0x0000000004C70000-0x0000000004E38000-memory.dmpFilesize
1.8MB
-
memory/4276-733-0x0000000004F50000-0x000000000505B000-memory.dmpFilesize
1.0MB
-
memory/4388-390-0x0000000000000000-mapping.dmp
-
memory/4660-173-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-190-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-321-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB
-
memory/4660-316-0x0000000002080000-0x00000000020BE000-memory.dmpFilesize
248KB
-
memory/4660-315-0x00000000006F1000-0x0000000000710000-memory.dmpFilesize
124KB
-
memory/4660-230-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB
-
memory/4660-195-0x00000000006F1000-0x0000000000710000-memory.dmpFilesize
124KB
-
memory/4660-197-0x0000000002080000-0x00000000020BE000-memory.dmpFilesize
248KB
-
memory/4660-191-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-189-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-188-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-187-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-186-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-185-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-184-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-183-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-182-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-171-0x0000000000000000-mapping.dmp
-
memory/4660-177-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-180-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-174-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-176-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-175-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4660-178-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4688-771-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB
-
memory/4688-770-0x00000000006B4000-0x00000000006D3000-memory.dmpFilesize
124KB
-
memory/4688-757-0x00000000006B4000-0x00000000006D3000-memory.dmpFilesize
124KB
-
memory/4832-379-0x0000000000000000-mapping.dmp
-
memory/4876-146-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-166-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB
-
memory/4876-168-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-150-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-142-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-165-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-164-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-163-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-162-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-161-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-160-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-152-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-159-0x00000000005C0000-0x000000000070A000-memory.dmpFilesize
1.3MB
-
memory/4876-158-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-157-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-149-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-155-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-148-0x00000000005C0000-0x000000000070A000-memory.dmpFilesize
1.3MB
-
memory/4876-147-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-144-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-156-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-154-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-153-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-145-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-170-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-169-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-167-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-143-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-140-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-141-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-139-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-138-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-137-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-136-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-179-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB
-
memory/4876-135-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-134-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-133-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-132-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-131-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-130-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-129-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-128-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-126-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-125-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-124-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-123-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-122-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-121-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-151-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4876-120-0x00000000771E0000-0x000000007736E000-memory.dmpFilesize
1.6MB
-
memory/4928-545-0x0000000000000000-mapping.dmp