Analysis
-
max time kernel
161s -
max time network
190s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
10-04-2023 00:21
General
-
Target
five-nights-at-freddys-3_2d-TKT1.exe
-
Size
1.7MB
-
MD5
99a9fbd5fee72ce51585309390a46717
-
SHA1
ff39c56312090a909c2c0c82629c552a3b252a98
-
SHA256
833064195b0c96bce9a8c00dc95df6bd9fce1092c1260ba0e877810bfc44b0aa
-
SHA512
97f9a98fb48c8281818163d3dbe66fa246e1fe6a5a67f15175419992b0ca389cbe086e457177c21ce9c99ff05a1e0b508812cdf30220090a438dd8c94f73c6b7
-
SSDEEP
24576:R4nXubIQGyxbPV0db26Wmd0l4sv1Et9uGpckT52zedlq89Ws5uIzk5aM/phdO7:Rqe3f61mZSffPMWrQ0ZkA
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 10 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 33 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\five-nights-at-freddys-3_2d-TKT1.exe"C:\Users\Admin\AppData\Local\Temp\five-nights-at-freddys-3_2d-TKT1.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-0K61B.tmp\five-nights-at-freddys-3_2d-TKT1.tmp"C:\Users\Admin\AppData\Local\Temp\is-0K61B.tmp\five-nights-at-freddys-3_2d-TKT1.tmp" /SL5="$8004C,831488,831488,C:\Users\Admin\AppData\Local\Temp\five-nights-at-freddys-3_2d-TKT1.exe"2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-5UK83.tmp\file_2d-TKT1.exe"C:\Users\Admin\AppData\Local\Temp\is-5UK83.tmp\file_2d-TKT1.exe" /LANG=en /NA=Rh85hR643⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-P0G17.tmp\file_2d-TKT1.tmp"C:\Users\Admin\AppData\Local\Temp\is-P0G17.tmp\file_2d-TKT1.tmp" /SL5="$402A6,1559708,780800,C:\Users\Admin\AppData\Local\Temp\is-5UK83.tmp\file_2d-TKT1.exe" /LANG=en /NA=Rh85hR644⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\Temp1_five-nights-at-freddys-3.zip\Five_Nights_at_Freddys_3\Five_Nights_at_Freddys_3.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_five-nights-at-freddys-3.zip\Five_Nights_at_Freddys_3\Five_Nights_at_Freddys_3.exe"1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157Filesize
4KB
MD5f7dcb24540769805e5bb30d193944dce
SHA1e26c583c562293356794937d9e2e6155d15449ee
SHA2566b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
SHA512cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RIZDY293\edgecompatviewlist[1].xmlFilesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6P88PM1J\amp4ads-v0[1].jsFilesize
262KB
MD5ab0fd0ddf363cc7672fa360876531ccc
SHA1f704ab3a110ecbfc8ec9436b41a2ef6af9ff86cf
SHA256e294814ed655c8aa59e711bc19698d210882abcf0446d80865ec39d0d4136f06
SHA512979cef20af4d14da01b6176fee5fea6bfd677ec5456200f6e0df11459cbc02af0a819c600dd4a61c8c16cd2775bff628b5964488ff9abd5f8bde1a843a690182
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D6NML90X\amp-fit-text-0.1[1].jsFilesize
6KB
MD5fa5936280906bb54206531f09ff8d46a
SHA1017faf4c44ac08555dfa40bbfa42f8be6b04c05f
SHA256b1d9e2ab9b2726fd668d11f4aabc03b5c9d1d9e2bf4c1a57b71172ce5632af96
SHA5129b13f94b899b9ead80368168c25b4d3a4241a425e3cba450b0fbdcb2613fb41be7d491a1c4be12d674fc0f58fcc2981d685391aeafde02359c739129ade2746c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D6NML90X\amp-form-0.1[1].jsFilesize
49KB
MD52ce80cff6ef414546e0e37b1f9c65329
SHA1d99880cf5e20de3e1b92c0c497fdc16fc4ddab0d
SHA256797ea6cc18b9f28652a81771a9a07cecae346ccc71102298981def57fb0d242b
SHA512c0dab1c482264be60cbf79ae4acbc3a09677d01b2b7a6fa1d2395f03016b92ed6cfe0f98b66f3b0be6bb8f1bc0a6df0b5801d58e3127f40a06d53978c41168ae
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HGGYYZDQ\amp-intersection-observer-polyfill-0.1[1].jsFilesize
15KB
MD5c719e0db71ed38d3fcb82ac863d961e4
SHA169d2008de78cb8dd0e3961a5bc03a5d8814f23aa
SHA2561dbe9d73b620f01d3a944bde45e97fc287d5d87fd27d4a90790edace2632e944
SHA5120ee94f32709bc68ff23e9ff2fa998b262724a2dc81e54cdea71a7793085edaa85a603bfc6fb126be1aac1c8ad7f3a80b4b024cbdbd35b286fbf1df092108f7c5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HGGYYZDQ\amp-resize-observer-polyfill-0.1[1].jsFilesize
12KB
MD5d3f5d5bc2133d51b7a4ab2479b405161
SHA11e794c3eac3f9c236bebc46d525e4b5f81f6c15f
SHA25608f434d981c38f4efc12cf1d8aad84885e226a20077520abd1519ef09935daca
SHA512e624eaaa025a367163b5ef89ad1b3e3772ebb0eca9d2fe9dac6b56a9df4d4a23fdddb6a4230779e027cb89a30a72d0218f0322ff74c53f65b0ed92191b661766
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P4PMA2Q7\amp-ad-exit-0.1[1].jsFilesize
19KB
MD5d85e4f9b2a6a5196edf9299066bbe419
SHA1fd1f7bd3c875a955cc46d3f29cf81435b99904fb
SHA2568aebd65fb3e1411d5f869228ebe362bfc7b25c6fa4231d5532252f31d2dbf4b2
SHA5124fab726db05539028459d691610ba404fd44eba8c00fc53a591a288eae88d5deaec7b6bb379fff24099b58f9ac3e39ce0f2fa92a393c11089af3494e766b2510
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P4PMA2Q7\amp-analytics-0.1[1].jsFilesize
109KB
MD571c65c57146e6e4e0b0f42dee2e03221
SHA1e1f1845101615356c1fe4e779857b576e17b0721
SHA256d2a91ed3d40b27dbe9760b500a7c4a833e0c9cee966cb66205aaeeac53646456
SHA5128e486dfdf84b0c450cf15ed26cc20e893a9e37daa7757901b43ce769bdc74a2de60e85fad15bb8119cd09bb90acca7b0cd6e02c55f04f59d9d48fd83e3d5041e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3MU4ODHB\en.download[1].xmlFilesize
453B
MD5112c3346000d4fec7946a9eca2723500
SHA12ffec3fc1de6efc3d36ffce54c242dffe081fea6
SHA256fcaf92008f8da2c2fb84753b125ba7d8d252bf8def55762eb021f1b106d936a0
SHA5122c01924caa569087fd030d19d243d234a732ecc0af2f8b20e6edf783a5bb28b97badef4985ad7befa102619e7e2ad748056b759c007673a08803d6314a3c5a0f
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3MU4ODHB\en.download[1].xmlFilesize
1KB
MD5bf3ca09878f34103fda92a6c24eb309d
SHA15769d47ea3cb7265f945db6a43194a555d425aa6
SHA25641fbc245f99f1fdf55aa720cc382e0a1ca7f6a5a77239359e300e41dce8a7eac
SHA512a15d2385c4892e3151b9e4b491eef34b1ccaa1d842efb742de036b10cf0badf6089facbf7357668deb074749d30322b8d5ec2625b778f27e9989de47f3e5d1e9
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3MU4ODHB\en.download[1].xmlFilesize
116B
MD55c7b89cdf66a514ac8e7221098d2d396
SHA1fe3b421be2b70cf27f068a29245fa6da1b9e7322
SHA2564392265c3493895ed8cfbb4f4ec3a6ea0d2c5728a1e7a11f35fe36e67b40cc5e
SHA512bf883fd65bf9022a2fc520e75dca59aabd95b6f9cf8b44a97329be8ad31a13a7ad8bfddee544d143fa7bd83de9745eb3632ee95371f6479d0812cdfe5c0d4848
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3MU4ODHB\en.download[1].xmlFilesize
116B
MD55c7b89cdf66a514ac8e7221098d2d396
SHA1fe3b421be2b70cf27f068a29245fa6da1b9e7322
SHA2564392265c3493895ed8cfbb4f4ec3a6ea0d2c5728a1e7a11f35fe36e67b40cc5e
SHA512bf883fd65bf9022a2fc520e75dca59aabd95b6f9cf8b44a97329be8ad31a13a7ad8bfddee544d143fa7bd83de9745eb3632ee95371f6479d0812cdfe5c0d4848
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\T1NGRTJD\favicon-32x32[1].pngFilesize
1KB
MD5e9bfce47d6b4ca438c06813d4b687bd4
SHA1114f55cbf7d2f4f000b5922e65da87767e12d6c3
SHA25679cb3e1d6b6da8a8412a35ec1723eece210b5363bd804cf3731ed645029bfd40
SHA5124a432fbade9133833287c68ab56bfc0a9341fbf5c5a87aa04d799edb204f66d324cbac84e5db8107e2ecf694cd8cf6c251cfd823f65d125163d39343288798f5
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.priFilesize
207KB
MD5e2b88765ee31470114e866d939a8f2c6
SHA1e0a53b8511186ff308a0507b6304fb16cabd4e1f
SHA256523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e
SHA512462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d
-
C:\Users\Admin\AppData\Local\Temp\is-0K61B.tmp\five-nights-at-freddys-3_2d-TKT1.tmpFilesize
3.0MB
MD50c229cd26910820581b5809c62fe5619
SHA128c0630385b21f29e3e2bcc34865e5d15726eaa0
SHA256abfa49a915d2e0a82561ca440365e6a2d59f228533b56a8f78addf000a1081b3
SHA512b8ff3dc65f7c0e03721572af738ec4886ba895dc70c1a41a3ce8c8abe0946d167cec71913017fd11d5892452db761ea88901a5a09a681ae779dd531edbb83a2a
-
C:\Users\Admin\AppData\Local\Temp\is-5UK83.tmp\file_2d-TKT1.exeFilesize
2.3MB
MD5f42b1f2f43faee96f9c931d34fe4f293
SHA151398e5a31a551f32b4457e88730413f37b0a19d
SHA2562c80f1eab0aad8e9d9373a88891a4bd4dcafbabea62391ad0eaa7260d6839e5f
SHA5124400a6512fe428388c2bbc9a9c00e4fcddede691b9b095c2e27202911a7e6da42fa4dc3adf7aad30da529083232068555ecdf3b913007af6f09dc33cff380434
-
C:\Users\Admin\AppData\Local\Temp\is-5UK83.tmp\file_2d-TKT1.exeFilesize
2.3MB
MD5f42b1f2f43faee96f9c931d34fe4f293
SHA151398e5a31a551f32b4457e88730413f37b0a19d
SHA2562c80f1eab0aad8e9d9373a88891a4bd4dcafbabea62391ad0eaa7260d6839e5f
SHA5124400a6512fe428388c2bbc9a9c00e4fcddede691b9b095c2e27202911a7e6da42fa4dc3adf7aad30da529083232068555ecdf3b913007af6f09dc33cff380434
-
C:\Users\Admin\AppData\Local\Temp\is-ESKT0.tmp\finish.pngFilesize
2KB
MD57afaf9e0e99fd80fa1023a77524f5587
SHA1e20c9c27691810b388c73d2ca3e67e109c2b69b6
SHA256760b70612bb9bd967c2d15a5133a50ccce8c0bd46a6464d76875298dcc45dea0
SHA512a090626e7b7f67fb5aa207aae0cf65c3a27e1b85e22c9728eee7475bd9bb7375ca93baaecc662473f9a427b4f505d55f2c61ba36bda460e4e6947fe22eedb044
-
C:\Users\Admin\AppData\Local\Temp\is-ESKT0.tmp\mainlogo.pngFilesize
18KB
MD521e49da55ada0e80e58b4882aeafd87d
SHA1f09f4da219daf1e9e783ac4f80628b77c39d4b4c
SHA256f633c529a6323156fcd591b01a44a246235decb9c67bc571173520ce013d705c
SHA512b2cd8e2feea4ecaaba9fbaa636ebbdbf3c87bec9e87afebb2f92c88984074480bbc9127127b681dda9d7a328434156c5f20a5a3c0c84b4917ff428800e5b2e32
-
C:\Users\Admin\AppData\Local\Temp\is-P0G17.tmp\file_2d-TKT1.tmpFilesize
2.9MB
MD5623a3abd7b318e1f410b1e12a42c7b71
SHA188e34041850ec4019dae469adc608e867b936d21
SHA256fe1a4555d18617532248d2eaa8d3fcc2c74182f994a964a62cf418295e8554d3
SHA5129afea88e4617e0f11416c2a2c416a6aa2d5d1f702d98d2cc223b399736191a6d002d1b717020ca6aae09e835c6356b7ddafad71e101dacab15967d89a105e391
-
C:\Users\Admin\Downloads\five-nights-at-freddys-3.zipFilesize
113.7MB
MD50e808c417598d86206b0ffe5fa7322ae
SHA1420be96051dd058b7e5db32072e32b4dab5efecd
SHA2563251a4f06c924b6bb138609b4f9aa3854edef268916c701d3345a77bdd9d104e
SHA5123a0c365c7d0f92153e547fe833dd5d54f8c8d7513e47cc644b5c59c7814cf49e177b8d447bcc2468eeeec450139e58ba2836fe88ab331cf6354c1aa5742378ca
-
\Users\Admin\AppData\Local\Temp\is-ESKT0.tmp\Helper.dllFilesize
2.0MB
MD54eb0347e66fa465f602e52c03e5c0b4b
SHA1fdfedb72614d10766565b7f12ab87f1fdca3ea81
SHA256c73e53cbb7b98feafe27cc7de8fdad51df438e2235e91891461c5123888f73cc
SHA5124c909a451059628119f92b2f0c8bcd67b31f63b57d5339b6ce8fd930be5c9baf261339fdd9da820321be497df8889ce7594b7bfaadbaa43c694156651bf6c1fd
-
\Users\Admin\AppData\Local\Temp\is-ESKT0.tmp\botva2.dllFilesize
37KB
MD567965a5957a61867d661f05ae1f4773e
SHA1f14c0a4f154dc685bb7c65b2d804a02a0fb2360d
SHA256450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
SHA512c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b
-
\Users\Admin\AppData\Local\Temp\is-ESKT0.tmp\botva2.dllFilesize
37KB
MD567965a5957a61867d661f05ae1f4773e
SHA1f14c0a4f154dc685bb7c65b2d804a02a0fb2360d
SHA256450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
SHA512c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b
-
memory/3204-200-0x000001F49F520000-0x000001F49F530000-memory.dmpFilesize
64KB
-
memory/3204-216-0x000001F49FD00000-0x000001F49FD10000-memory.dmpFilesize
64KB
-
memory/3204-239-0x000001F49F6E0000-0x000001F49F6E1000-memory.dmpFilesize
4KB
-
memory/3204-241-0x000001F49F920000-0x000001F49F922000-memory.dmpFilesize
8KB
-
memory/3820-171-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/3820-140-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/4320-120-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/4320-170-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/4320-127-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/4776-146-0x0000000002600000-0x0000000002601000-memory.dmpFilesize
4KB
-
memory/4776-172-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/4776-195-0x00000000095B0000-0x00000000095BF000-memory.dmpFilesize
60KB
-
memory/4776-194-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/4776-179-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/4776-174-0x0000000002600000-0x0000000002601000-memory.dmpFilesize
4KB
-
memory/4776-173-0x00000000095B0000-0x00000000095BF000-memory.dmpFilesize
60KB
-
memory/4776-221-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/4776-162-0x00000000095B0000-0x00000000095BF000-memory.dmpFilesize
60KB
-
memory/4896-168-0x0000000000400000-0x000000000071A000-memory.dmpFilesize
3.1MB
-
memory/4896-135-0x0000000000400000-0x000000000071A000-memory.dmpFilesize
3.1MB
-
memory/4896-133-0x0000000000400000-0x000000000071A000-memory.dmpFilesize
3.1MB
-
memory/4896-129-0x0000000000880000-0x0000000000881000-memory.dmpFilesize
4KB
-
memory/4896-128-0x0000000000400000-0x000000000071A000-memory.dmpFilesize
3.1MB
-
memory/4896-125-0x0000000000880000-0x0000000000881000-memory.dmpFilesize
4KB
