Analysis
-
max time kernel
32s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
29-03-2024 08:38
Static task
static1
Behavioral task
behavioral1
Sample
c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe
Resource
win7-20240220-en
General
-
Target
c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe
-
Size
1.8MB
-
MD5
45d4b952be3e0144f2309c2b24f8d0f2
-
SHA1
6d4110ed7e909fac3f4bdb3f0548f9cc0526c0f0
-
SHA256
c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410
-
SHA512
da8d18c5aeb230e6ce243515d2fc96b385bd8e0f9bb4f8faa0234b29d3ca46d5217c92bc640fc69d3ef24797c95d716de010f8dc7bcbde7ba8b37941bbfbbc6b
-
SSDEEP
49152:x3mb2Sl15Z5kq7dU1JChNKQVy/xmbEvumjvsfi:k6SJ8CN3hEWLf
Malware Config
Extracted
amadey
4.17
http://185.215.113.32
-
install_dir
00c07260dc
-
install_file
explorgu.exe
-
strings_key
461809bd97c251ba0c0c8450c7055f1d
-
url_paths
/yandex/index.php
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe -
Identifies Wine through registry keys 2 TTPs 1 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Wine c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exepid process 2356 c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe -
Drops file in Windows directory 1 IoCs
Processes:
c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exedescription ioc process File created C:\Windows\Tasks\explorgu.job c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exechrome.exepid process 2356 c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe 2856 chrome.exe 2856 chrome.exe -
Suspicious use of AdjustPrivilegeToken 20 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe Token: SeShutdownPrivilege 2856 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
Processes:
c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exechrome.exepid process 2356 c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe 2856 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2856 wrote to memory of 2608 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2608 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2608 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2000 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2548 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2548 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2548 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe PID 2856 wrote to memory of 2656 2856 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe"C:\Users\Admin\AppData\Local\Temp\c784540c28d57bcb35639df985ab1b5f07c41888d511b42d2595f6e81f020410.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7089758,0x7fef7089768,0x7fef70897782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1228,i,283742457452148340,11960929611364793038,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1228,i,283742457452148340,11960929611364793038,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1228,i,283742457452148340,11960929611364793038,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2100 --field-trial-handle=1228,i,283742457452148340,11960929611364793038,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2108 --field-trial-handle=1228,i,283742457452148340,11960929611364793038,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1012 --field-trial-handle=1228,i,283742457452148340,11960929611364793038,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1308 --field-trial-handle=1228,i,283742457452148340,11960929611364793038,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 --field-trial-handle=1228,i,283742457452148340,11960929611364793038,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3936 --field-trial-handle=1228,i,283742457452148340,11960929611364793038,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001Filesize
198KB
MD5cda68ffa26095220a82ae0a7eaea5f57
SHA1e892d887688790ddd8f0594607b539fc6baa9e40
SHA256f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb
SHA51284c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmpFilesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmpFilesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
\??\pipe\crashpad_2856_GRMPDUOSDDAISXEBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2356-13-0x0000000000A90000-0x0000000000A91000-memory.dmpFilesize
4KB
-
memory/2356-15-0x0000000000AE0000-0x0000000000AE1000-memory.dmpFilesize
4KB
-
memory/2356-7-0x0000000000330000-0x0000000000331000-memory.dmpFilesize
4KB
-
memory/2356-8-0x0000000000A80000-0x0000000000A81000-memory.dmpFilesize
4KB
-
memory/2356-9-0x0000000000AF0000-0x0000000000AF1000-memory.dmpFilesize
4KB
-
memory/2356-10-0x0000000000B10000-0x0000000000B11000-memory.dmpFilesize
4KB
-
memory/2356-11-0x0000000000BF0000-0x0000000000BF1000-memory.dmpFilesize
4KB
-
memory/2356-0-0x0000000001030000-0x00000000014F5000-memory.dmpFilesize
4.8MB
-
memory/2356-12-0x0000000000A70000-0x0000000000A71000-memory.dmpFilesize
4KB
-
memory/2356-6-0x0000000000C00000-0x0000000000C01000-memory.dmpFilesize
4KB
-
memory/2356-16-0x0000000000C10000-0x0000000000C11000-memory.dmpFilesize
4KB
-
memory/2356-17-0x0000000000920000-0x0000000000921000-memory.dmpFilesize
4KB
-
memory/2356-18-0x0000000000F70000-0x0000000000F71000-memory.dmpFilesize
4KB
-
memory/2356-22-0x0000000001030000-0x00000000014F5000-memory.dmpFilesize
4.8MB
-
memory/2356-5-0x0000000000B00000-0x0000000000B01000-memory.dmpFilesize
4KB
-
memory/2356-3-0x0000000000B20000-0x0000000000B22000-memory.dmpFilesize
8KB
-
memory/2356-4-0x0000000000B80000-0x0000000000B81000-memory.dmpFilesize
4KB
-
memory/2356-2-0x0000000001030000-0x00000000014F5000-memory.dmpFilesize
4.8MB
-
memory/2356-1-0x0000000077A90000-0x0000000077A92000-memory.dmpFilesize
8KB