Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 09:01
Static task
static1
Behavioral task
behavioral1
Sample
033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe
Resource
win10v2004-20240508-en
General
-
Target
033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe
-
Size
1.8MB
-
MD5
5a996b54fdf70f6892280510c7963ca4
-
SHA1
1961084438cfe019e96fee746bc91ea308838352
-
SHA256
033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158
-
SHA512
f158e0a5dfc4f9a2e606e0b54a4047e8686a707153ebecffc988fbe95c6a379d6869cf29908e1ced6a16e4e12d83a2f7b5897748bc363a97a6c8940ce63e543f
-
SSDEEP
49152:BVL6Eyegl9VyvooYtM242apW6FUhM43mmZ5kZSRKMz:rmbcwX6eZ3P50SRZ
Malware Config
Extracted
amadey
4.21
0e6740
http://147.45.47.155
-
install_dir
9217037dc9
-
install_file
explortu.exe
-
strings_key
8e894a8a4a3d0da8924003a561cfb244
-
url_paths
/ku4Nor9/index.php
Extracted
amadey
4.21
49e482
http://147.45.47.70
-
install_dir
1b29d73536
-
install_file
axplont.exe
-
strings_key
4d31dd1a190d9879c21fac6d87dc0043
-
url_paths
/tr8nomy/index.php
Extracted
risepro
147.45.47.126:58709
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 9 IoCs
Processes:
033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exee92df7ae7d.exeb21f16c261.exeexplortu.exeaxplont.exeexplortu.exeaxplont.exeaxplont.exeexplortu.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ e92df7ae7d.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ b21f16c261.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe -
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 18 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exee92df7ae7d.exeaxplont.exeexplortu.exeb21f16c261.exeaxplont.exeexplortu.exeaxplont.exeexplortu.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion e92df7ae7d.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion e92df7ae7d.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion b21f16c261.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion b21f16c261.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exeexplortu.exee92df7ae7d.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation explortu.exe Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation e92df7ae7d.exe -
Executes dropped EXE 8 IoCs
Processes:
explortu.exee92df7ae7d.exeaxplont.exeb21f16c261.exeaxplont.exeexplortu.exeexplortu.exeaxplont.exepid process 636 explortu.exe 1308 e92df7ae7d.exe 4312 axplont.exe 4088 b21f16c261.exe 4568 axplont.exe 4280 explortu.exe 2480 explortu.exe 4316 axplont.exe -
Identifies Wine through registry keys 2 TTPs 8 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
axplont.exe033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exeexplortu.exee92df7ae7d.exeaxplont.exeaxplont.exeexplortu.exeexplortu.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine e92df7ae7d.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine explortu.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\1000005001\b21f16c261.exe themida behavioral1/memory/4088-72-0x0000000000E10000-0x0000000001484000-memory.dmp themida behavioral1/memory/4088-74-0x0000000000E10000-0x0000000001484000-memory.dmp themida behavioral1/memory/4088-76-0x0000000000E10000-0x0000000001484000-memory.dmp themida behavioral1/memory/4088-75-0x0000000000E10000-0x0000000001484000-memory.dmp themida behavioral1/memory/4088-78-0x0000000000E10000-0x0000000001484000-memory.dmp themida behavioral1/memory/4088-77-0x0000000000E10000-0x0000000001484000-memory.dmp themida behavioral1/memory/4088-79-0x0000000000E10000-0x0000000001484000-memory.dmp themida behavioral1/memory/4088-80-0x0000000000E10000-0x0000000001484000-memory.dmp themida behavioral1/memory/4088-84-0x0000000000E10000-0x0000000001484000-memory.dmp themida -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
explortu.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b21f16c261.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000005001\\b21f16c261.exe" explortu.exe -
Processes:
b21f16c261.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA b21f16c261.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
Processes:
033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exeexplortu.exee92df7ae7d.exeaxplont.exeaxplont.exeexplortu.exeaxplont.exeexplortu.exepid process 4892 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe 636 explortu.exe 1308 e92df7ae7d.exe 4312 axplont.exe 4568 axplont.exe 4280 explortu.exe 4316 axplont.exe 2480 explortu.exe -
Drops file in Windows directory 2 IoCs
Processes:
033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exee92df7ae7d.exedescription ioc process File created C:\Windows\Tasks\explortu.job 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe File created C:\Windows\Tasks\axplont.job e92df7ae7d.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exeexplortu.exee92df7ae7d.exeaxplont.exeexplortu.exeaxplont.exeexplortu.exeaxplont.exepid process 4892 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe 4892 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe 636 explortu.exe 636 explortu.exe 1308 e92df7ae7d.exe 1308 e92df7ae7d.exe 4312 axplont.exe 4312 axplont.exe 4280 explortu.exe 4280 explortu.exe 4568 axplont.exe 4568 axplont.exe 2480 explortu.exe 2480 explortu.exe 4316 axplont.exe 4316 axplont.exe -
Suspicious use of WriteProcessMemory 15 IoCs
Processes:
033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exeexplortu.exee92df7ae7d.exedescription pid process target process PID 4892 wrote to memory of 636 4892 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe explortu.exe PID 4892 wrote to memory of 636 4892 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe explortu.exe PID 4892 wrote to memory of 636 4892 033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe explortu.exe PID 636 wrote to memory of 3276 636 explortu.exe explortu.exe PID 636 wrote to memory of 3276 636 explortu.exe explortu.exe PID 636 wrote to memory of 3276 636 explortu.exe explortu.exe PID 636 wrote to memory of 1308 636 explortu.exe e92df7ae7d.exe PID 636 wrote to memory of 1308 636 explortu.exe e92df7ae7d.exe PID 636 wrote to memory of 1308 636 explortu.exe e92df7ae7d.exe PID 1308 wrote to memory of 4312 1308 e92df7ae7d.exe axplont.exe PID 1308 wrote to memory of 4312 1308 e92df7ae7d.exe axplont.exe PID 1308 wrote to memory of 4312 1308 e92df7ae7d.exe axplont.exe PID 636 wrote to memory of 4088 636 explortu.exe b21f16c261.exe PID 636 wrote to memory of 4088 636 explortu.exe b21f16c261.exe PID 636 wrote to memory of 4088 636 explortu.exe b21f16c261.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe"C:\Users\Admin\AppData\Local\Temp\033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"3⤵
-
C:\Users\Admin\1000004002\e92df7ae7d.exe"C:\Users\Admin\1000004002\e92df7ae7d.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"4⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1000005001\b21f16c261.exe"C:\Users\Admin\AppData\Local\Temp\1000005001\b21f16c261.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeC:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exeC:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exeC:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeC:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\1000004002\e92df7ae7d.exeFilesize
1.8MB
MD57e03538dc25285b705604b2ace4492f0
SHA12a0a13d5eb4d394c6e18443602879aa428211a50
SHA256d890e54e56f84854d4daace1ea55ad979191dd02c682dba496a405372dff1882
SHA5123ae4641fa4410664041bf7d61565a0959faf42c8e16f8639fb6b65f8e7e2ea679fd28246be905289584fb68ff19266be7f86ddb8e681b4dc929ebc1017b7763c
-
C:\Users\Admin\AppData\Local\Temp\1000005001\b21f16c261.exeFilesize
2.1MB
MD5eac40b0f2ff92f87f0805fd66d2616ff
SHA1bd5e547b35bb402294d824114a4f1462e4048fe6
SHA2563596bd6a9c09e6000268927e0e4361dc75496aaa08776e01bc93a4b820614433
SHA5120c06c198bf75fd0a7af990351e93d49df46fe67159cf2b2a0424c449de95a9031ef804a1f5f9cf82ecf98a92312933a4d54f2bf38b009b57f4a656feae196b62
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeFilesize
1.8MB
MD55a996b54fdf70f6892280510c7963ca4
SHA11961084438cfe019e96fee746bc91ea308838352
SHA256033f918f491b1e0c4a20deed3227013ddc9faad078aae3d2f043062db0dbe158
SHA512f158e0a5dfc4f9a2e606e0b54a4047e8686a707153ebecffc988fbe95c6a379d6869cf29908e1ced6a16e4e12d83a2f7b5897748bc363a97a6c8940ce63e543f
-
memory/636-18-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-114-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-133-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-81-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-120-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-19-0x0000000000051000-0x000000000007F000-memory.dmpFilesize
184KB
-
memory/636-20-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-21-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-22-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-136-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-117-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-123-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-139-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-111-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-108-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-97-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-94-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-90-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-87-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-86-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-85-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/636-82-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/1308-54-0x0000000000F60000-0x0000000001432000-memory.dmpFilesize
4.8MB
-
memory/1308-39-0x0000000000F60000-0x0000000001432000-memory.dmpFilesize
4.8MB
-
memory/2480-126-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/2480-130-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/4088-79-0x0000000000E10000-0x0000000001484000-memory.dmpFilesize
6.5MB
-
memory/4088-77-0x0000000000E10000-0x0000000001484000-memory.dmpFilesize
6.5MB
-
memory/4088-78-0x0000000000E10000-0x0000000001484000-memory.dmpFilesize
6.5MB
-
memory/4088-75-0x0000000000E10000-0x0000000001484000-memory.dmpFilesize
6.5MB
-
memory/4088-84-0x0000000000E10000-0x0000000001484000-memory.dmpFilesize
6.5MB
-
memory/4088-80-0x0000000000E10000-0x0000000001484000-memory.dmpFilesize
6.5MB
-
memory/4088-76-0x0000000000E10000-0x0000000001484000-memory.dmpFilesize
6.5MB
-
memory/4088-72-0x0000000000E10000-0x0000000001484000-memory.dmpFilesize
6.5MB
-
memory/4088-74-0x0000000000E10000-0x0000000001484000-memory.dmpFilesize
6.5MB
-
memory/4280-104-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/4280-101-0x0000000000050000-0x00000000004FE000-memory.dmpFilesize
4.7MB
-
memory/4312-92-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-121-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-140-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-106-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-95-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-109-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-137-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-112-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-52-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-115-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-91-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-118-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-134-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-131-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-83-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4312-88-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4316-129-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4568-105-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4568-100-0x0000000000560000-0x0000000000A32000-memory.dmpFilesize
4.8MB
-
memory/4892-5-0x0000000000940000-0x0000000000DEE000-memory.dmpFilesize
4.7MB
-
memory/4892-3-0x0000000000940000-0x0000000000DEE000-memory.dmpFilesize
4.7MB
-
memory/4892-15-0x0000000000940000-0x0000000000DEE000-memory.dmpFilesize
4.7MB
-
memory/4892-2-0x0000000000941000-0x000000000096F000-memory.dmpFilesize
184KB
-
memory/4892-0-0x0000000000940000-0x0000000000DEE000-memory.dmpFilesize
4.7MB
-
memory/4892-1-0x0000000077564000-0x0000000077566000-memory.dmpFilesize
8KB