Analysis
-
max time kernel
132s -
max time network
141s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
11-04-2023 10:53
General
-
Target
cda6fda267f6e57117fc79d415f18001fb848a5620deb92ff9df5f6cebe483e8.exe
-
Size
844KB
-
MD5
eebdd3df20e65e3bdd46e228c017916a
-
SHA1
21d90fc5fdb15c2a46a975cbe9ba634d65c92d1e
-
SHA256
cda6fda267f6e57117fc79d415f18001fb848a5620deb92ff9df5f6cebe483e8
-
SHA512
3680d04fb23f30f9aee11223528ed3720e28ff0453f11843391133d6299d2925d65322df428c3b872f67d1f986537244ec1bf9220fe49f77483b65f28faecbed
-
SSDEEP
24576:qy9PKFwaE04O+rMK5AYs19sQl71jiKwSU3:xJpaE0BgGnR+L
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Extracted
redline
nahui
176.113.115.145:4125
-
auth_value
b9ed10946d21e28d58d0c72c535cde6f
Extracted
amadey
3.70
77.91.124.207/plays/chapter/index.php
Signatures
-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 20 IoCs
-
Executes dropped EXE 9 IoCs
-
Loads dropped DLL 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification 2 TTPs 2 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 6 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 27 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cda6fda267f6e57117fc79d415f18001fb848a5620deb92ff9df5f6cebe483e8.exe"C:\Users\Admin\AppData\Local\Temp\cda6fda267f6e57117fc79d415f18001fb848a5620deb92ff9df5f6cebe483e8.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un934821.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un934821.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un456329.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un456329.exe3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr438919.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr438919.exe4⤵
- Modifies Windows Defender Real-time Protection settings
- Executes dropped EXE
- Windows security modification
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu817758.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu817758.exe4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk841547.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk841547.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si743454.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si743454.exe2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exe"C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exe" /F4⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main4⤵
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeC:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exe1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeC:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exe1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\595f021478\oneetx.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si743454.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\si743454.exeFilesize
229KB
MD56c07711a17452b855149a95cda6fc830
SHA15b3252c2567de78f9ae68764d4e30511a509fdcc
SHA256eb7e8334a5323f858f1ea97079e958beeb846651b573edc073b29a481b891e9f
SHA512ade99076fc768feb8e6620fe2fd3d5bbf67254844be60ebebaeeb01a2a239e14ff74dfa74ff6f6cd1389351a6b529c5f5f8491b3382f8b57f8a524b7dd0f35e2
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un934821.exeFilesize
661KB
MD5fd70d0706ef191e84f1163601cd524da
SHA1eafce50b1d14d1e469adff18baea63ca46a3ef3c
SHA256715a6b3a3c77863b35406925a62e503a8056359b3995a244f812db9d196944ce
SHA5123ddc5be24dbee287e693af908fe70e1e78f41bdbc54eb492961b700502b2c16ff0f6bb7b512f764cc4763063bac71171c994c195dd5bdc4acceff7c74aeb91ac
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un934821.exeFilesize
661KB
MD5fd70d0706ef191e84f1163601cd524da
SHA1eafce50b1d14d1e469adff18baea63ca46a3ef3c
SHA256715a6b3a3c77863b35406925a62e503a8056359b3995a244f812db9d196944ce
SHA5123ddc5be24dbee287e693af908fe70e1e78f41bdbc54eb492961b700502b2c16ff0f6bb7b512f764cc4763063bac71171c994c195dd5bdc4acceff7c74aeb91ac
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk841547.exeFilesize
175KB
MD5b2e599dec0856d70ebb2ab2327ae6442
SHA1300323436b47ddafa78cb7e835deb1ab09f13698
SHA256b1470330cd560723c67ad42eb7e8c8137271c5a729cd08a81d3028e8bb2e1c43
SHA512c5092c0377c8d7aa8a1097d52e2b96df41ce9b1b9a72bf0c3a1f10c7c60ea5831bb2c535e144f1908f39f2b93017d69fd9f24272b0e706bacd5970e84e909065
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk841547.exeFilesize
175KB
MD5b2e599dec0856d70ebb2ab2327ae6442
SHA1300323436b47ddafa78cb7e835deb1ab09f13698
SHA256b1470330cd560723c67ad42eb7e8c8137271c5a729cd08a81d3028e8bb2e1c43
SHA512c5092c0377c8d7aa8a1097d52e2b96df41ce9b1b9a72bf0c3a1f10c7c60ea5831bb2c535e144f1908f39f2b93017d69fd9f24272b0e706bacd5970e84e909065
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un456329.exeFilesize
519KB
MD5c5821f46e4642f5aca192f49a027d7a0
SHA18616a424b2e9f25cca86c08884780d029fe91bd8
SHA256160616e9c56f285d6dc22cb780894e4d86ca352e6de106b57e81634de10bf627
SHA5120bc47e2bc621a92c385e51719bc3eef8506726daae3acab2c4c803daf9d8a8431c2680eefa64a0e783bee7294c6df7575d71e653bf54e96c1f56610af66f9933
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\un456329.exeFilesize
519KB
MD5c5821f46e4642f5aca192f49a027d7a0
SHA18616a424b2e9f25cca86c08884780d029fe91bd8
SHA256160616e9c56f285d6dc22cb780894e4d86ca352e6de106b57e81634de10bf627
SHA5120bc47e2bc621a92c385e51719bc3eef8506726daae3acab2c4c803daf9d8a8431c2680eefa64a0e783bee7294c6df7575d71e653bf54e96c1f56610af66f9933
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr438919.exeFilesize
239KB
MD59c8c44163bdba2f756407775f1a7d135
SHA11bd416c044e167d07814ec9eab9db8cf611c4f00
SHA256133f438ee47a367b15fda9d533883917ef881c8412f7c54b95f2f5b8e6cca166
SHA5127fe8a3fb5fe68f90ddaf13e6bb0a7c421907cf09ee11fae0dcb9887e540e86e185933c2dae737361209fb1eb51c87b59f743a25b25bdb1f5fbfdd0512f0eff1a
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pr438919.exeFilesize
239KB
MD59c8c44163bdba2f756407775f1a7d135
SHA11bd416c044e167d07814ec9eab9db8cf611c4f00
SHA256133f438ee47a367b15fda9d533883917ef881c8412f7c54b95f2f5b8e6cca166
SHA5127fe8a3fb5fe68f90ddaf13e6bb0a7c421907cf09ee11fae0dcb9887e540e86e185933c2dae737361209fb1eb51c87b59f743a25b25bdb1f5fbfdd0512f0eff1a
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu817758.exeFilesize
299KB
MD58c5be36be4d3d9807b26f01c9fd5b2f4
SHA189db9272b0c3ea1c35d70e34c05a5ceaf47821f5
SHA256da505ee37b3e80293a51d12df814170964454f2893757c239af53bdb40749b2a
SHA51211842232e095c428bc268f593116e0586f5cf8f871cfa83338e24e9bb64a37aafc221211a52db100cdbe5bdcbc5129b38663128bfe2353a5cb624f24462ac743
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\qu817758.exeFilesize
299KB
MD58c5be36be4d3d9807b26f01c9fd5b2f4
SHA189db9272b0c3ea1c35d70e34c05a5ceaf47821f5
SHA256da505ee37b3e80293a51d12df814170964454f2893757c239af53bdb40749b2a
SHA51211842232e095c428bc268f593116e0586f5cf8f871cfa83338e24e9bb64a37aafc221211a52db100cdbe5bdcbc5129b38663128bfe2353a5cb624f24462ac743
-
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dllFilesize
89KB
MD54061d8dd5006b99d06fa208c0063dfcf
SHA138e7df8d8e631f3e9b227df3b9326d187e18cce5
SHA256b380dd44db67571959bc5f04a5d9c1ec51e48c0617c59e7c4bcbf794a90320f0
SHA51271de12e3bcf0ff4996b71587d971f0b4e378397ffac22be28d4e41c7c865a85bbcff62cfa7bdfa6e18d19971205bf0021939ac49dec42daa749d4ac9f7e70314
-
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dllFilesize
89KB
MD54061d8dd5006b99d06fa208c0063dfcf
SHA138e7df8d8e631f3e9b227df3b9326d187e18cce5
SHA256b380dd44db67571959bc5f04a5d9c1ec51e48c0617c59e7c4bcbf794a90320f0
SHA51271de12e3bcf0ff4996b71587d971f0b4e378397ffac22be28d4e41c7c865a85bbcff62cfa7bdfa6e18d19971205bf0021939ac49dec42daa749d4ac9f7e70314
-
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dllFilesize
162B
MD51b7c22a214949975556626d7217e9a39
SHA1d01c97e2944166ed23e47e4a62ff471ab8fa031f
SHA256340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87
SHA512ba64847cf1d4157d50abe4f4a1e5c1996fe387c5808e2f758c7fb3213bfefe1f3712d343f0c30a16819749840954654a70611d2250fd0f7b032429db7afd2cc5
-
\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dllFilesize
89KB
MD54061d8dd5006b99d06fa208c0063dfcf
SHA138e7df8d8e631f3e9b227df3b9326d187e18cce5
SHA256b380dd44db67571959bc5f04a5d9c1ec51e48c0617c59e7c4bcbf794a90320f0
SHA51271de12e3bcf0ff4996b71587d971f0b4e378397ffac22be28d4e41c7c865a85bbcff62cfa7bdfa6e18d19971205bf0021939ac49dec42daa749d4ac9f7e70314
-
memory/4532-1106-0x0000000004B30000-0x0000000004B40000-memory.dmpFilesize
64KB
-
memory/4532-370-0x0000000004B30000-0x0000000004B40000-memory.dmpFilesize
64KB
-
memory/4532-1113-0x0000000006C50000-0x0000000006CA0000-memory.dmpFilesize
320KB
-
memory/4532-1112-0x0000000006BD0000-0x0000000006C46000-memory.dmpFilesize
472KB
-
memory/4532-1111-0x0000000006570000-0x0000000006A9C000-memory.dmpFilesize
5.2MB
-
memory/4532-1110-0x0000000006390000-0x0000000006552000-memory.dmpFilesize
1.8MB
-
memory/4532-1109-0x0000000004B30000-0x0000000004B40000-memory.dmpFilesize
64KB
-
memory/4532-1108-0x0000000004B30000-0x0000000004B40000-memory.dmpFilesize
64KB
-
memory/4532-1107-0x0000000004B30000-0x0000000004B40000-memory.dmpFilesize
64KB
-
memory/4532-1104-0x0000000006170000-0x0000000006202000-memory.dmpFilesize
584KB
-
memory/4532-1103-0x0000000005AA0000-0x0000000005B06000-memory.dmpFilesize
408KB
-
memory/4532-1102-0x0000000005910000-0x000000000595B000-memory.dmpFilesize
300KB
-
memory/4532-1101-0x0000000004B30000-0x0000000004B40000-memory.dmpFilesize
64KB
-
memory/4532-185-0x0000000002300000-0x0000000002346000-memory.dmpFilesize
280KB
-
memory/4532-186-0x00000000025D0000-0x0000000002614000-memory.dmpFilesize
272KB
-
memory/4532-188-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-187-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-192-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-190-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-194-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-196-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-198-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-200-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-202-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-204-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-206-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-208-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-210-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-212-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-214-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-216-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-218-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-220-0x00000000025D0000-0x000000000260F000-memory.dmpFilesize
252KB
-
memory/4532-368-0x0000000004B30000-0x0000000004B40000-memory.dmpFilesize
64KB
-
memory/4532-366-0x0000000000590000-0x00000000005DB000-memory.dmpFilesize
300KB
-
memory/4532-1100-0x00000000057C0000-0x00000000057FE000-memory.dmpFilesize
248KB
-
memory/4532-372-0x0000000004B30000-0x0000000004B40000-memory.dmpFilesize
64KB
-
memory/4532-1097-0x0000000005040000-0x0000000005646000-memory.dmpFilesize
6.0MB
-
memory/4532-1098-0x0000000005660000-0x000000000576A000-memory.dmpFilesize
1.0MB
-
memory/4532-1099-0x00000000057A0000-0x00000000057B2000-memory.dmpFilesize
72KB
-
memory/4712-155-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-178-0x0000000004BB0000-0x0000000004BC0000-memory.dmpFilesize
64KB
-
memory/4712-165-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-180-0x0000000000400000-0x00000000004AA000-memory.dmpFilesize
680KB
-
memory/4712-141-0x00000000021E0000-0x00000000021FA000-memory.dmpFilesize
104KB
-
memory/4712-159-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-177-0x0000000004BB0000-0x0000000004BC0000-memory.dmpFilesize
64KB
-
memory/4712-176-0x0000000000400000-0x00000000004AA000-memory.dmpFilesize
680KB
-
memory/4712-175-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-173-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-171-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-142-0x00000000001D0000-0x00000000001FD000-memory.dmpFilesize
180KB
-
memory/4712-167-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-157-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-163-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-161-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-169-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-143-0x0000000004BB0000-0x0000000004BC0000-memory.dmpFilesize
64KB
-
memory/4712-153-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-151-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-149-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-148-0x00000000049D0000-0x00000000049E2000-memory.dmpFilesize
72KB
-
memory/4712-147-0x00000000049D0000-0x00000000049E8000-memory.dmpFilesize
96KB
-
memory/4712-146-0x0000000004BC0000-0x00000000050BE000-memory.dmpFilesize
5.0MB
-
memory/4712-145-0x0000000004BB0000-0x0000000004BC0000-memory.dmpFilesize
64KB
-
memory/4712-144-0x0000000004BB0000-0x0000000004BC0000-memory.dmpFilesize
64KB
-
memory/4804-1121-0x0000000004F90000-0x0000000004FA0000-memory.dmpFilesize
64KB
-
memory/4804-1120-0x0000000005170000-0x00000000051BB000-memory.dmpFilesize
300KB
-
memory/4804-1119-0x0000000000730000-0x0000000000762000-memory.dmpFilesize
200KB