Analysis
-
max time kernel
117s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
15-03-2023 08:25
General
-
Target
AnyDesk.exe
-
Size
5.5MB
-
MD5
33614c059849aaeacaa68422b11a9795
-
SHA1
baf66bc7a279fcde9fa90708c153e06b89bb60d9
-
SHA256
25884495d9c27c8b120bfab40bd28b7f5255b4916c54c7fb74a90dd8000bf44e
-
SHA512
c211cfee30e6f3336a0d4aa8e44d91be4fb0399c2dc7d8a01b37d4264b44865c51037f5b6470f3aecd53cb551951132d80fbdba3b18fe0787cacd6166a66e5f6
-
SSDEEP
98304:cKYGKdACTgvV6qPvZpgvXM/N3qZBO0cY2YPGvhP0JGom5:cp86qPvZ6v6NH0l7PXm5
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Blocklisted process makes network request 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 8 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Drops file in Windows directory 13 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 18 IoCs
-
Modifies data under HKEY_USERS 46 IoCs
-
Modifies registry class 23 IoCs
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 26 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\AnyDesk.msi"2⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding CEDBD9E1545E4971DC464E27DDB2DE4D2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssA651.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiA63F.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrA640.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrA641.txt" -propSep " :<->: " -testPrefix "_testValue."3⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\abominável\elegível\Hw2maturidade.exe"C:\Users\Admin\abominável\elegível\Hw2maturidade.exe"4⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
C:\Users\Public\Documents\AnyDesk\setup.exe"C:\Users\Public\Documents\AnyDesk\setup.exe"4⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004A4" "0000000000000588"1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:22⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\ABOMIN~1\ELEGVE~1\Update.zipFilesize
34.0MB
MD52d3ba64c6b91723bcda584b7b086a7e7
SHA1b00f3b74f16c29546427d27a70c85d63dc87601c
SHA256bb5e945b4d14207d543169e43b1e39e6565a7a8ecdba3b663b73d7b653f9c911
SHA51284c5af14cff7c2a20a7505032bee707248af6b79dd184752e308551b5a2aa3703f6d19e5151ec87eba04242d917da7a34584d9f69c69e095db352a09fdd20f9d
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.msiFilesize
5.2MB
MD51b71048c460473fd82ec2de1c98798b0
SHA1a139134145c4eb2fb460a319d1727540ee264927
SHA256cb6901ccc6c51ab46b327eb44c5dc7cc597e38c89a7584177e58d5d0f26fe45f
SHA512d3e09b1533f4b479090b97aea372e8eb720fb7fbcb9bd5290383a432da855ec4a780b50f61dc558595d3b9098ede0cde513b548570dc9293b3cf1f53eb4a0d29
-
C:\Users\Admin\AppData\Local\Temp\pssA651.ps1Filesize
5KB
MD5fc1bb6c87fd1f08b534e52546561c53c
SHA1db402c5c1025cf8d3e79df7b868fd186243aa9d1
SHA256a04750ed5f05b82b90f6b8ea3748ba246af969757a5a4b74a0e25b186add520b
SHA5125495f4ac3c8f42394a82540449526bb8ddd91adf0a1a852a9e1f2d32a63858b966648b4099d9947d8ac68ee43824dacda24c337c5b97733905e36c4921280e86
-
C:\Users\Admin\AppData\Local\Temp\scrA640.ps1Filesize
17KB
MD5573c661545a080753d80b02e5116212c
SHA14905b0e15d7c6daa47ec99f8536306b8dcdca702
SHA2569f636f81baf940aa6c51f47bbeb3de89c3a70fcc524bebd4333fcf2e7a690c25
SHA5120d8c3979a02e0a11207cd5d9dddad6d704fe4aa2c979106e56019c3d2eddfbb93f650e59f1c8ed0336d022cbcb89ce82bdcf5c7ab1635ba096944aa5f743b10e
-
C:\Users\Admin\abominável\elegível\Hw2maturidade.exeFilesize
213KB
MD57fb1c5dfc2605843cec69a6fc4e96576
SHA1b5e591d23a3798b89648033760d3710a403b32be
SHA256330c1d3dd702af11b01ae38ced101e4c4217816e4887e9ebffe2e529cdc857d5
SHA5120c62d01a97d01044a7f4083f2cf6a0e18397bc50cc9f0847bf6da2f604d1d89cd3010d005785077aca2d8249f870f2817a6b4d845235cda55ac5519aee5dc1b7
-
C:\Users\Admin\abominável\elegível\Hw2maturidade.exeFilesize
213KB
MD57fb1c5dfc2605843cec69a6fc4e96576
SHA1b5e591d23a3798b89648033760d3710a403b32be
SHA256330c1d3dd702af11b01ae38ced101e4c4217816e4887e9ebffe2e529cdc857d5
SHA5120c62d01a97d01044a7f4083f2cf6a0e18397bc50cc9f0847bf6da2f604d1d89cd3010d005785077aca2d8249f870f2817a6b4d845235cda55ac5519aee5dc1b7
-
C:\Users\Admin\abominável\elegível\Hw2maturidade.exeFilesize
213KB
MD57fb1c5dfc2605843cec69a6fc4e96576
SHA1b5e591d23a3798b89648033760d3710a403b32be
SHA256330c1d3dd702af11b01ae38ced101e4c4217816e4887e9ebffe2e529cdc857d5
SHA5120c62d01a97d01044a7f4083f2cf6a0e18397bc50cc9f0847bf6da2f604d1d89cd3010d005785077aca2d8249f870f2817a6b4d845235cda55ac5519aee5dc1b7
-
C:\Users\Admin\abominável\elegível\MSVCR80.dllFilesize
3.6MB
MD5650316f36cab9b31d6d743109c55b87a
SHA12016b0aa7d44bff91f292acacd81998cc5ca79e1
SHA2568e48344a0637941d305d3d368a96adeeb791b1ee1d4c4b7316fa492962f5e7fe
SHA5128b69198d0f20e34f87b458ce90c19e5a7e3ecd53a6d896a356b58a9e2232e8d450c7b31d33e1a9439f5e705faabfdd7ed2be36b312c231fd60f116328207cbd8
-
C:\Users\Admin\abominável\elegível\custsat.dllFilesize
33KB
MD51ff80ebe5082a13d02253b415aa26f60
SHA17da7551ec7f3f1e606edf9313595e4ebe45ac8d1
SHA256e0088b6361c7ea8e611ba32542beff7ac12955991c82a5fe9ef5d9a97d6ca14f
SHA5128c33e9427227835229d27f59206e55cd98c372e6a20981c6b0518a5f9b81c127b0f40276c21adac06a433c1947ab56f7f2166135d184dec1162b5071e3037e90
-
C:\Users\Admin\abominável\elegível\netonxxFilesize
89.4MB
MD590358f8902d4597a7d92c1430e98a713
SHA1d71dff92a8d47e48eaf7e067dc3dc5349a2edd11
SHA256e7a1403108c1c6270b6d31cc723f1ace8c4039f6010cb80a6ee5ed0a31f6f96d
SHA512b1ce59c494a9e019c18f607980154f6e046e435746c0da36af50e15e5539c8af214fa62c5c6efecec204ffd29e16a905443c1153fb5581cbae7ebee1b59ee042
-
C:\Users\Public\Documents\AnyDesk\setup.exeFilesize
3.8MB
MD59a1d9fe9b1223273c314632d04008384
SHA1665cad3ed21f6443d1adacf18ca45dfaa8f52c99
SHA2560f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359
SHA5123ec400acd075a4078d7d9f06c853be4ee0fdd7a9d1628428326534df6c0f3ea8f745af9d29031e9259a1bee2f78dd48dfaebcb7e897c22736909a9d6b4f24ba5
-
C:\Users\Public\Documents\AnyDesk\setup.exeFilesize
3.8MB
MD59a1d9fe9b1223273c314632d04008384
SHA1665cad3ed21f6443d1adacf18ca45dfaa8f52c99
SHA2560f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359
SHA5123ec400acd075a4078d7d9f06c853be4ee0fdd7a9d1628428326534df6c0f3ea8f745af9d29031e9259a1bee2f78dd48dfaebcb7e897c22736909a9d6b4f24ba5
-
C:\Windows\Installer\6c93c8.msiFilesize
5.2MB
MD51b71048c460473fd82ec2de1c98798b0
SHA1a139134145c4eb2fb460a319d1727540ee264927
SHA256cb6901ccc6c51ab46b327eb44c5dc7cc597e38c89a7584177e58d5d0f26fe45f
SHA512d3e09b1533f4b479090b97aea372e8eb720fb7fbcb9bd5290383a432da855ec4a780b50f61dc558595d3b9098ede0cde513b548570dc9293b3cf1f53eb4a0d29
-
C:\Windows\Installer\MSI94D1.tmpFilesize
436KB
MD5475d20c0ea477a35660e3f67ecf0a1df
SHA167340739f51e1134ae8f0ffc5ae9dd710e8e3a08
SHA256426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd
SHA51299525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e
-
C:\Windows\Installer\MSI95CC.tmpFilesize
436KB
MD5475d20c0ea477a35660e3f67ecf0a1df
SHA167340739f51e1134ae8f0ffc5ae9dd710e8e3a08
SHA256426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd
SHA51299525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e
-
C:\Windows\Installer\MSI98BA.tmpFilesize
436KB
MD5475d20c0ea477a35660e3f67ecf0a1df
SHA167340739f51e1134ae8f0ffc5ae9dd710e8e3a08
SHA256426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd
SHA51299525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e
-
C:\Windows\Installer\MSI98BA.tmpFilesize
436KB
MD5475d20c0ea477a35660e3f67ecf0a1df
SHA167340739f51e1134ae8f0ffc5ae9dd710e8e3a08
SHA256426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd
SHA51299525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e
-
C:\Windows\Installer\MSIA5C7.tmpFilesize
574KB
MD57b7d9e2c9b8236e7155f2f97254cb40e
SHA199621fc9d14511428d62d91c31865fb2c4625663
SHA256df58faba241328b9645dcb5dec387ec5edd56e2d878384a4783f2c0a66f85897
SHA512fbaa1560f03255f73be3e846959e4b7cbb1c24165d014ed01245639add6cc463975e5558567ab5704e18c9078a8a071c9e38dc1e499ba6e3dc507d4275b4a228
-
\Users\Admin\abominável\elegível\Hw2maturidade.exeFilesize
213KB
MD57fb1c5dfc2605843cec69a6fc4e96576
SHA1b5e591d23a3798b89648033760d3710a403b32be
SHA256330c1d3dd702af11b01ae38ced101e4c4217816e4887e9ebffe2e529cdc857d5
SHA5120c62d01a97d01044a7f4083f2cf6a0e18397bc50cc9f0847bf6da2f604d1d89cd3010d005785077aca2d8249f870f2817a6b4d845235cda55ac5519aee5dc1b7
-
\Users\Admin\abominável\elegível\Hw2maturidade.exeFilesize
213KB
MD57fb1c5dfc2605843cec69a6fc4e96576
SHA1b5e591d23a3798b89648033760d3710a403b32be
SHA256330c1d3dd702af11b01ae38ced101e4c4217816e4887e9ebffe2e529cdc857d5
SHA5120c62d01a97d01044a7f4083f2cf6a0e18397bc50cc9f0847bf6da2f604d1d89cd3010d005785077aca2d8249f870f2817a6b4d845235cda55ac5519aee5dc1b7
-
\Users\Admin\abominável\elegível\custsat.dllFilesize
33KB
MD51ff80ebe5082a13d02253b415aa26f60
SHA17da7551ec7f3f1e606edf9313595e4ebe45ac8d1
SHA256e0088b6361c7ea8e611ba32542beff7ac12955991c82a5fe9ef5d9a97d6ca14f
SHA5128c33e9427227835229d27f59206e55cd98c372e6a20981c6b0518a5f9b81c127b0f40276c21adac06a433c1947ab56f7f2166135d184dec1162b5071e3037e90
-
\Users\Admin\abominável\elegível\msvcr80.dllFilesize
3.6MB
MD5650316f36cab9b31d6d743109c55b87a
SHA12016b0aa7d44bff91f292acacd81998cc5ca79e1
SHA2568e48344a0637941d305d3d368a96adeeb791b1ee1d4c4b7316fa492962f5e7fe
SHA5128b69198d0f20e34f87b458ce90c19e5a7e3ecd53a6d896a356b58a9e2232e8d450c7b31d33e1a9439f5e705faabfdd7ed2be36b312c231fd60f116328207cbd8
-
\Users\Public\Documents\AnyDesk\setup.exeFilesize
3.8MB
MD59a1d9fe9b1223273c314632d04008384
SHA1665cad3ed21f6443d1adacf18ca45dfaa8f52c99
SHA2560f4bf8506a2560c568b9815124dfc43a11c561ed611829df841ec7aba8302359
SHA5123ec400acd075a4078d7d9f06c853be4ee0fdd7a9d1628428326534df6c0f3ea8f745af9d29031e9259a1bee2f78dd48dfaebcb7e897c22736909a9d6b4f24ba5
-
\Windows\Installer\MSI94D1.tmpFilesize
436KB
MD5475d20c0ea477a35660e3f67ecf0a1df
SHA167340739f51e1134ae8f0ffc5ae9dd710e8e3a08
SHA256426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd
SHA51299525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e
-
\Windows\Installer\MSI95CC.tmpFilesize
436KB
MD5475d20c0ea477a35660e3f67ecf0a1df
SHA167340739f51e1134ae8f0ffc5ae9dd710e8e3a08
SHA256426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd
SHA51299525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e
-
\Windows\Installer\MSI98BA.tmpFilesize
436KB
MD5475d20c0ea477a35660e3f67ecf0a1df
SHA167340739f51e1134ae8f0ffc5ae9dd710e8e3a08
SHA256426e6cf199a8268e8a7763ec3a4dd7add982b28c51d89ebea90ca792cbae14dd
SHA51299525aaab2ab608134b5d66b5313e7fc3c2e2877395c5c171897d7a6c66efb26b606de1a4cb01118c2738ea4b6542e4eb4983e631231b3f340bf85e509a9589e
-
\Windows\Installer\MSIA5C7.tmpFilesize
574KB
MD57b7d9e2c9b8236e7155f2f97254cb40e
SHA199621fc9d14511428d62d91c31865fb2c4625663
SHA256df58faba241328b9645dcb5dec387ec5edd56e2d878384a4783f2c0a66f85897
SHA512fbaa1560f03255f73be3e846959e4b7cbb1c24165d014ed01245639add6cc463975e5558567ab5704e18c9078a8a071c9e38dc1e499ba6e3dc507d4275b4a228
-
memory/1576-203-0x000000000E350000-0x000000000E396000-memory.dmpFilesize
280KB
-
memory/1576-201-0x000000000E2F0000-0x000000000E387000-memory.dmpFilesize
604KB
-
memory/1576-187-0x0000000000980000-0x000000000145B000-memory.dmpFilesize
10.9MB
-
memory/1576-188-0x0000000000980000-0x000000000145B000-memory.dmpFilesize
10.9MB
-
memory/1576-189-0x0000000000980000-0x000000000145B000-memory.dmpFilesize
10.9MB
-
memory/1576-190-0x0000000000980000-0x000000000145B000-memory.dmpFilesize
10.9MB
-
memory/1576-228-0x00000000106C0000-0x00000000106D7000-memory.dmpFilesize
92KB
-
memory/1576-192-0x0000000002D70000-0x0000000002DF4000-memory.dmpFilesize
528KB
-
memory/1576-193-0x00000000003E0000-0x00000000003ED000-memory.dmpFilesize
52KB
-
memory/1576-194-0x00000000005D0000-0x00000000005DD000-memory.dmpFilesize
52KB
-
memory/1576-195-0x000000000E3D0000-0x000000000E560000-memory.dmpFilesize
1.6MB
-
memory/1576-196-0x00000000003D0000-0x00000000003D1000-memory.dmpFilesize
4KB
-
memory/1576-222-0x0000000010500000-0x0000000010538000-memory.dmpFilesize
224KB
-
memory/1576-197-0x000000000E560000-0x000000000E723000-memory.dmpFilesize
1.8MB
-
memory/1576-199-0x0000000000850000-0x000000000086C000-memory.dmpFilesize
112KB
-
memory/1576-200-0x0000000002E00000-0x0000000002E3C000-memory.dmpFilesize
240KB
-
memory/1576-217-0x0000000002E40000-0x0000000002E41000-memory.dmpFilesize
4KB
-
memory/1576-185-0x0000000000020000-0x000000000002B000-memory.dmpFilesize
44KB
-
memory/1576-214-0x000000000F940000-0x000000000F97C000-memory.dmpFilesize
240KB
-
memory/1576-204-0x000000000EBF0000-0x000000000EC1B000-memory.dmpFilesize
172KB
-
memory/1576-205-0x000000000F080000-0x000000000F0F0000-memory.dmpFilesize
448KB
-
memory/1576-207-0x000000000F100000-0x000000000F10A000-memory.dmpFilesize
40KB
-
memory/1576-206-0x000000000F0F0000-0x000000000F0FB000-memory.dmpFilesize
44KB
-
memory/1576-208-0x000000000F6E0000-0x000000000F6F9000-memory.dmpFilesize
100KB
-
memory/1576-209-0x0000000008870000-0x000000000E1E7000-memory.dmpFilesize
89.5MB
-
memory/1576-211-0x000000000F8E0000-0x000000000F938000-memory.dmpFilesize
352KB
-
memory/1576-212-0x000000000F9C0000-0x000000000FA0F000-memory.dmpFilesize
316KB
-
memory/1576-213-0x0000000000980000-0x000000000145B000-memory.dmpFilesize
10.9MB
-
memory/1656-221-0x00000000000E0000-0x0000000001139000-memory.dmpFilesize
16.3MB
-
memory/2004-98-0x0000000001EE0000-0x0000000001F20000-memory.dmpFilesize
256KB
-
memory/2004-202-0x0000000005D30000-0x0000000005D31000-memory.dmpFilesize
4KB
-
memory/2004-97-0x0000000001EE0000-0x0000000001F20000-memory.dmpFilesize
256KB
-
memory/2004-94-0x0000000001EE0000-0x0000000001F20000-memory.dmpFilesize
256KB
-
memory/2004-93-0x0000000001EE0000-0x0000000001F20000-memory.dmpFilesize
256KB
-
memory/2004-99-0x0000000001EE0000-0x0000000001F20000-memory.dmpFilesize
256KB
-
memory/2004-132-0x0000000005D30000-0x0000000005D31000-memory.dmpFilesize
4KB