Analysis
-
max time kernel
141s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
10-04-2024 12:12
Static task
static1
Behavioral task
behavioral1
Sample
7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe
Resource
win7-20231129-en
General
-
Target
7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe
-
Size
2.5MB
-
MD5
48e26159d9aa517ba2a1f1010c8e7c00
-
SHA1
dbc9c8a492ae270bb7ed845680b81b94483ab585
-
SHA256
7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8
-
SHA512
35a373eac85d486800d1ba6898a7cf0ac95058df92a455a38a094061e059647009afe5b78e81cf42fde3ead4726e16cc3d7231f97776c09d13733ddceeab4a67
-
SSDEEP
49152:P1pt5y4+ehRpj3bQxZI9SoesOCpnROKcQtngNbawIVbf8Amz2FNaZU6NV:P9M7ERF3bcZipROTMngNVKr02v2
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exedescription ioc process File opened (read-only) \??\n: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\q: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\s: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\w: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\x: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\z: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\a: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\j: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\l: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\o: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\p: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\u: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\v: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\e: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\h: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\k: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\r: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\t: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\b: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\g: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\i: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\m: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe File opened (read-only) \??\y: 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe -
AutoIT Executable 8 IoCs
AutoIT scripts compiled to PE executables.
Processes:
resource yara_rule behavioral1/memory/2368-6-0x0000000000400000-0x00000000008EE000-memory.dmp autoit_exe behavioral1/memory/2368-10-0x0000000000400000-0x00000000008EE000-memory.dmp autoit_exe behavioral1/memory/2368-13-0x0000000000400000-0x00000000008EE000-memory.dmp autoit_exe behavioral1/memory/2368-15-0x0000000000400000-0x00000000008EE000-memory.dmp autoit_exe behavioral1/memory/2368-17-0x0000000000400000-0x00000000008EE000-memory.dmp autoit_exe behavioral1/memory/2368-19-0x0000000000400000-0x00000000008EE000-memory.dmp autoit_exe behavioral1/memory/2368-21-0x0000000000400000-0x00000000008EE000-memory.dmp autoit_exe behavioral1/memory/2368-23-0x0000000000400000-0x00000000008EE000-memory.dmp autoit_exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exedescription pid process target process PID 2368 wrote to memory of 2204 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2204 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2204 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2204 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 3048 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 3048 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 3048 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 3048 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2388 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2388 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2388 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2388 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2792 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2792 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2792 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2792 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2648 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2648 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2648 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2648 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2636 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2636 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2636 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2636 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 1472 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 1472 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 1472 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 1472 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2100 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2100 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2100 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2100 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2832 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2832 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2832 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2832 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2564 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2564 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2564 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2564 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2444 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2444 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2444 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2444 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2520 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2520 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2520 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2520 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2928 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2928 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2928 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2928 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2140 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2140 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2140 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2140 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 1556 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 1556 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 1556 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 1556 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2784 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2784 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2784 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe PID 2368 wrote to memory of 2784 2368 7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe"C:\Users\Admin\AppData\Local\Temp\7e1355e51eb9c38e006368de1ae80b268ffab6918237696474f50802e3d8a9c8.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:2368 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.csv" /S /B /A2⤵PID:2204
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.rtf" /S /B /A2⤵PID:3048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.doc" /S /B /A2⤵PID:2388
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.docx" /S /B /A2⤵PID:2792
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.docm" /S /B /A2⤵PID:2648
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pdf" /S /B /A2⤵PID:2636
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.ppt" /S /B /A2⤵PID:1472
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.dot" /S /B /A2⤵PID:2100
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.xls" /S /B /A2⤵PID:2832
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.xlsx" /S /B /A2⤵PID:2564
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.xlsm" /S /B /A2⤵PID:2444
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.csv" /S /B /A2⤵PID:2520
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.rtf" /S /B /A2⤵PID:2928
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.dot" /S /B /A2⤵PID:2140
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.mdb" /S /B /A2⤵PID:1556
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.accdb" /S /B /A2⤵PID:2784
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pptx" /S /B /A2⤵PID:1920
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.ppt" /S /B /A2⤵PID:1900
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pot" /S /B /A2⤵PID:2780
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.pps" /S /B /A2⤵PID:2036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.ppa" /S /B /A2⤵PID:500
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.rar" /S /B /A2⤵PID:808
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.zip" /S /B /A2⤵PID:1452
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.tar" /S /B /A2⤵PID:1524
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.7z" /S /B /A2⤵PID:1744
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /U /C DIR "\Users\Admin\*.txt" /S /B /A2⤵PID:1540
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2368-0-0x0000000000400000-0x00000000008EE000-memory.dmpFilesize
4.9MB
-
memory/2368-2-0x00000000028A0000-0x00000000028A1000-memory.dmpFilesize
4KB
-
memory/2368-5-0x00000000028C0000-0x00000000028C1000-memory.dmpFilesize
4KB
-
memory/2368-6-0x0000000000400000-0x00000000008EE000-memory.dmpFilesize
4.9MB
-
memory/2368-9-0x0000000002890000-0x0000000002891000-memory.dmpFilesize
4KB
-
memory/2368-8-0x0000000000D50000-0x0000000000D5C000-memory.dmpFilesize
48KB
-
memory/2368-7-0x00000000028E0000-0x00000000028E1000-memory.dmpFilesize
4KB
-
memory/2368-4-0x0000000000D80000-0x0000000000D81000-memory.dmpFilesize
4KB
-
memory/2368-3-0x0000000000D60000-0x0000000000D61000-memory.dmpFilesize
4KB
-
memory/2368-1-0x0000000002830000-0x0000000002890000-memory.dmpFilesize
384KB
-
memory/2368-10-0x0000000000400000-0x00000000008EE000-memory.dmpFilesize
4.9MB
-
memory/2368-11-0x0000000002830000-0x0000000002890000-memory.dmpFilesize
384KB
-
memory/2368-13-0x0000000000400000-0x00000000008EE000-memory.dmpFilesize
4.9MB
-
memory/2368-15-0x0000000000400000-0x00000000008EE000-memory.dmpFilesize
4.9MB
-
memory/2368-17-0x0000000000400000-0x00000000008EE000-memory.dmpFilesize
4.9MB
-
memory/2368-19-0x0000000000400000-0x00000000008EE000-memory.dmpFilesize
4.9MB
-
memory/2368-21-0x0000000000400000-0x00000000008EE000-memory.dmpFilesize
4.9MB
-
memory/2368-23-0x0000000000400000-0x00000000008EE000-memory.dmpFilesize
4.9MB