Analysis
-
max time kernel
117s -
max time network
147s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
11-04-2023 10:44
General
-
Target
0a0638b985713468d087e357ccac4c00644be05d3eecc6cdd47c815da64a967b.exe
-
Size
844KB
-
MD5
5f14441bc772858cce429218ebbfa30a
-
SHA1
2bde0e2b5adcfd8a39a6f88f869cadcdb38ff560
-
SHA256
0a0638b985713468d087e357ccac4c00644be05d3eecc6cdd47c815da64a967b
-
SHA512
2d294bd12245457802a54f0a3930122a28505fd359cdec6d7f414ccf78ee7b611f13906b97e2aab9ebaef738a6ca0eb7068745799e5f52c9302af290d2e72858
-
SSDEEP
12288:rMrBy90NXNjY9ACJRB3BXzPKt4II4IZCzqGCCo1XVWJXhL8ykN5:iywXNQAc7U4ILTzqGCCsXAdyykN5
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Signatures
-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 20 IoCs
-
Executes dropped EXE 9 IoCs
-
Loads dropped DLL 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification 2 TTPs 2 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 27 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0a0638b985713468d087e357ccac4c00644be05d3eecc6cdd47c815da64a967b.exe"C:\Users\Admin\AppData\Local\Temp\0a0638b985713468d087e357ccac4c00644be05d3eecc6cdd47c815da64a967b.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un049384.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un049384.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un916886.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un916886.exe3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr751331.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr751331.exe4⤵
- Modifies Windows Defender Real-time Protection settings
- Executes dropped EXE
- Windows security modification
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu198343.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu198343.exe4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk501332.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk501332.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si285935.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si285935.exe2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exe"C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exe" /F4⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main4⤵
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeC:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exe1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeC:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exe1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si285935.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si285935.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un049384.exeFilesize
661KB
MD58982061e6d3f9a91ec1a4df91b8de817
SHA19bb9239e8a7fb29b4961f7048e25021c31c10303
SHA25655c9b7768fdc61794f905796f719dcd8e3287606e61cfb6e55ac41f4a1b1591d
SHA512d4f5a946bf6eb064691fb1101045738ff196d5f9ae06c53005398d89a50c6229e90c8c7f4afefbd9c20f1e5c5398b1c45a5f686ac23aa6304d681bdb177814c9
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un049384.exeFilesize
661KB
MD58982061e6d3f9a91ec1a4df91b8de817
SHA19bb9239e8a7fb29b4961f7048e25021c31c10303
SHA25655c9b7768fdc61794f905796f719dcd8e3287606e61cfb6e55ac41f4a1b1591d
SHA512d4f5a946bf6eb064691fb1101045738ff196d5f9ae06c53005398d89a50c6229e90c8c7f4afefbd9c20f1e5c5398b1c45a5f686ac23aa6304d681bdb177814c9
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk501332.exeFilesize
175KB
MD5b2e599dec0856d70ebb2ab2327ae6442
SHA1300323436b47ddafa78cb7e835deb1ab09f13698
SHA256b1470330cd560723c67ad42eb7e8c8137271c5a729cd08a81d3028e8bb2e1c43
SHA512c5092c0377c8d7aa8a1097d52e2b96df41ce9b1b9a72bf0c3a1f10c7c60ea5831bb2c535e144f1908f39f2b93017d69fd9f24272b0e706bacd5970e84e909065
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk501332.exeFilesize
175KB
MD5b2e599dec0856d70ebb2ab2327ae6442
SHA1300323436b47ddafa78cb7e835deb1ab09f13698
SHA256b1470330cd560723c67ad42eb7e8c8137271c5a729cd08a81d3028e8bb2e1c43
SHA512c5092c0377c8d7aa8a1097d52e2b96df41ce9b1b9a72bf0c3a1f10c7c60ea5831bb2c535e144f1908f39f2b93017d69fd9f24272b0e706bacd5970e84e909065
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un916886.exeFilesize
519KB
MD57b009f9122456614fbfabb46445db5a7
SHA11cb657136716ccb1fa78dec3769042999218ddb6
SHA2566131a8f68b2c9942985890ba6dcf0e386b7080bc5e0932597061a45f96f1a7a9
SHA51242d806382a1fcf2f6809773b0388446edfde3e70c959145b9a143a82001d79d2f08b593383c0fb408d5d5ac1ec057aad66694edc5a8cc696e2e136d3399335ee
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un916886.exeFilesize
519KB
MD57b009f9122456614fbfabb46445db5a7
SHA11cb657136716ccb1fa78dec3769042999218ddb6
SHA2566131a8f68b2c9942985890ba6dcf0e386b7080bc5e0932597061a45f96f1a7a9
SHA51242d806382a1fcf2f6809773b0388446edfde3e70c959145b9a143a82001d79d2f08b593383c0fb408d5d5ac1ec057aad66694edc5a8cc696e2e136d3399335ee
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr751331.exeFilesize
239KB
MD54f9f55a6ce5602ffe91531d8102f6081
SHA173d43446398870e1056de9dda710680dc4bdd987
SHA25673058d6e147859cd88352e0981a7f76a956e15e1c1bcc8240e0c5ef7d97c240a
SHA5127427364d04d15ef4f245f1032e2e5b92f318f165fcc291a73acc206aa1da8777dc95f76029e27455409857091a2c4ec584dbdd6c06fcb6f093772e8760ff3e05
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr751331.exeFilesize
239KB
MD54f9f55a6ce5602ffe91531d8102f6081
SHA173d43446398870e1056de9dda710680dc4bdd987
SHA25673058d6e147859cd88352e0981a7f76a956e15e1c1bcc8240e0c5ef7d97c240a
SHA5127427364d04d15ef4f245f1032e2e5b92f318f165fcc291a73acc206aa1da8777dc95f76029e27455409857091a2c4ec584dbdd6c06fcb6f093772e8760ff3e05
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu198343.exeFilesize
299KB
MD566da50e8f71b6f64f1c7b188124dce40
SHA19c5ad37db4af646ef449b11add6fd73301a3e5de
SHA25667c42b0b11425dcb2387408fef5460c57817faec67c9e05478756f5d85795cc6
SHA512117634c4975e09c6598ad05ab0cbf5946c2e1ee742fa65130a8a81be8f1c335ded93aca9a5e711fa801b3b02cc487cbc27f8e312f70ad1f2c97f325c74a9c317
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu198343.exeFilesize
299KB
MD566da50e8f71b6f64f1c7b188124dce40
SHA19c5ad37db4af646ef449b11add6fd73301a3e5de
SHA25667c42b0b11425dcb2387408fef5460c57817faec67c9e05478756f5d85795cc6
SHA512117634c4975e09c6598ad05ab0cbf5946c2e1ee742fa65130a8a81be8f1c335ded93aca9a5e711fa801b3b02cc487cbc27f8e312f70ad1f2c97f325c74a9c317
-
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dllFilesize
89KB
MD54061d8dd5006b99d06fa208c0063dfcf
SHA138e7df8d8e631f3e9b227df3b9326d187e18cce5
SHA256b380dd44db67571959bc5f04a5d9c1ec51e48c0617c59e7c4bcbf794a90320f0
SHA51271de12e3bcf0ff4996b71587d971f0b4e378397ffac22be28d4e41c7c865a85bbcff62cfa7bdfa6e18d19971205bf0021939ac49dec42daa749d4ac9f7e70314
-
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dllFilesize
89KB
MD54061d8dd5006b99d06fa208c0063dfcf
SHA138e7df8d8e631f3e9b227df3b9326d187e18cce5
SHA256b380dd44db67571959bc5f04a5d9c1ec51e48c0617c59e7c4bcbf794a90320f0
SHA51271de12e3bcf0ff4996b71587d971f0b4e378397ffac22be28d4e41c7c865a85bbcff62cfa7bdfa6e18d19971205bf0021939ac49dec42daa749d4ac9f7e70314
-
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dllFilesize
162B
MD51b7c22a214949975556626d7217e9a39
SHA1d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
SHA512ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5
-
\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dllFilesize
89KB
MD54061d8dd5006b99d06fa208c0063dfcf
SHA138e7df8d8e631f3e9b227df3b9326d187e18cce5
SHA256b380dd44db67571959bc5f04a5d9c1ec51e48c0617c59e7c4bcbf794a90320f0
SHA51271de12e3bcf0ff4996b71587d971f0b4e378397ffac22be28d4e41c7c865a85bbcff62cfa7bdfa6e18d19971205bf0021939ac49dec42daa749d4ac9f7e70314
-
memory/1636-157-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-179-0x0000000004BA0000-0x0000000004BB0000-memory.dmpFilesize
64KB
-
memory/1636-159-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-161-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-163-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-165-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-167-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-169-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-171-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-173-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-175-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-177-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-178-0x0000000000400000-0x00000000004AA000-memory.dmpFilesize
680KB
-
memory/1636-155-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-181-0x0000000000400000-0x00000000004AA000-memory.dmpFilesize
680KB
-
memory/1636-153-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-151-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-150-0x0000000002470000-0x0000000002482000-memory.dmpFilesize
72KB
-
memory/1636-149-0x0000000004BA0000-0x0000000004BB0000-memory.dmpFilesize
64KB
-
memory/1636-148-0x0000000004BA0000-0x0000000004BB0000-memory.dmpFilesize
64KB
-
memory/1636-147-0x0000000004BA0000-0x0000000004BB0000-memory.dmpFilesize
64KB
-
memory/1636-146-0x00000000001D0000-0x00000000001FD000-memory.dmpFilesize
180KB
-
memory/1636-145-0x0000000002470000-0x0000000002488000-memory.dmpFilesize
96KB
-
memory/1636-144-0x0000000004BB0000-0x00000000050AE000-memory.dmpFilesize
5.0MB
-
memory/1636-143-0x0000000002210000-0x000000000222A000-memory.dmpFilesize
104KB
-
memory/3520-193-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-1104-0x0000000005670000-0x00000000056D6000-memory.dmpFilesize
408KB
-
memory/3520-205-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-207-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-209-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-211-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-213-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-215-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-217-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-219-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-221-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-223-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-1096-0x0000000005780000-0x0000000005D86000-memory.dmpFilesize
6.0MB
-
memory/3520-1097-0x00000000051B0000-0x00000000052BA000-memory.dmpFilesize
1.0MB
-
memory/3520-1098-0x00000000052D0000-0x00000000052E2000-memory.dmpFilesize
72KB
-
memory/3520-1099-0x00000000052F0000-0x000000000532E000-memory.dmpFilesize
248KB
-
memory/3520-1100-0x0000000005440000-0x000000000548B000-memory.dmpFilesize
300KB
-
memory/3520-1101-0x0000000004B60000-0x0000000004B70000-memory.dmpFilesize
64KB
-
memory/3520-1103-0x00000000055D0000-0x0000000005662000-memory.dmpFilesize
584KB
-
memory/3520-203-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-1105-0x0000000004B60000-0x0000000004B70000-memory.dmpFilesize
64KB
-
memory/3520-1106-0x00000000065D0000-0x0000000006792000-memory.dmpFilesize
1.8MB
-
memory/3520-1107-0x00000000067B0000-0x0000000006CDC000-memory.dmpFilesize
5.2MB
-
memory/3520-1108-0x0000000007010000-0x0000000007086000-memory.dmpFilesize
472KB
-
memory/3520-1109-0x00000000070A0000-0x00000000070F0000-memory.dmpFilesize
320KB
-
memory/3520-186-0x0000000002520000-0x0000000002566000-memory.dmpFilesize
280KB
-
memory/3520-188-0x0000000004B60000-0x0000000004B70000-memory.dmpFilesize
64KB
-
memory/3520-201-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-199-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-197-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-195-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-191-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-190-0x0000000004AC0000-0x0000000004AFF000-memory.dmpFilesize
252KB
-
memory/3520-189-0x0000000004AC0000-0x0000000004B04000-memory.dmpFilesize
272KB
-
memory/3520-187-0x0000000000590000-0x00000000005DB000-memory.dmpFilesize
300KB
-
memory/4736-1116-0x0000000005950000-0x000000000599B000-memory.dmpFilesize
300KB
-
memory/4736-1115-0x0000000000F10000-0x0000000000F42000-memory.dmpFilesize
200KB
-
memory/4736-1117-0x0000000005810000-0x0000000005820000-memory.dmpFilesize
64KB