Analysis
-
max time kernel
147s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2024 20:14
Static task
static1
Behavioral task
behavioral1
Sample
451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe
Resource
win11-20240426-en
General
-
Target
451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe
-
Size
1.8MB
-
MD5
d35b7e8d7b6b81f6eaf131b148b52c13
-
SHA1
a3863491e0c24ff8901f5f97c223b800d2f27db9
-
SHA256
451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138
-
SHA512
409a63f240be852c1883c52aee153accc2239719e38fb623ee70b10d2aed40b7fc835e72591ed24f3571b3ea70282a41886932796e5a1230443a45e81dbc0590
-
SSDEEP
24576:RGN0VnevFQCXB+KopOeit89NJppXje51h8Z2bcXseZaUR/CB89LDtrIo584tpXCd:tle9Qg+K+O989NzU51aseZaSC6XxHXd
Malware Config
Extracted
amadey
4.21
0e6740
http://147.45.47.155
-
install_dir
9217037dc9
-
install_file
explortu.exe
-
strings_key
8e894a8a4a3d0da8924003a561cfb244
-
url_paths
/ku4Nor9/index.php
Extracted
amadey
4.21
49e482
http://147.45.47.70
-
install_dir
1b29d73536
-
install_file
axplont.exe
-
strings_key
4d31dd1a190d9879c21fac6d87dc0043
-
url_paths
/tr8nomy/index.php
Extracted
risepro
147.45.47.126:58709
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 11 IoCs
Processes:
explortu.exeaxplont.exe451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exeexplortu.exefa7bfe84b4.exe5870fc4af7.exeexplortu.exeaxplont.exeexplortu.exeaxplont.exeaxplont.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ fa7bfe84b4.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 5870fc4af7.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe -
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 22 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
5870fc4af7.exeexplortu.exeaxplont.exeaxplont.exe451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exeaxplont.exeexplortu.exeaxplont.exeexplortu.exefa7bfe84b4.exeexplortu.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 5870fc4af7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion fa7bfe84b4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 5870fc4af7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion fa7bfe84b4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exeexplortu.exefa7bfe84b4.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation explortu.exe Key value queried \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation fa7bfe84b4.exe -
Executes dropped EXE 10 IoCs
Processes:
explortu.exefa7bfe84b4.exeaxplont.exe5870fc4af7.exeexplortu.exeaxplont.exeaxplont.exeexplortu.exeexplortu.exeaxplont.exepid process 4140 explortu.exe 3748 fa7bfe84b4.exe 636 axplont.exe 3108 5870fc4af7.exe 4752 explortu.exe 3448 axplont.exe 1468 axplont.exe 3720 explortu.exe 4888 explortu.exe 3400 axplont.exe -
Identifies Wine through registry keys 2 TTPs 11 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
fa7bfe84b4.exeexplortu.exeaxplont.exeaxplont.exe451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exeexplortu.exeaxplont.exe5870fc4af7.exeexplortu.exeexplortu.exeaxplont.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine fa7bfe84b4.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine 5870fc4af7.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Software\Wine axplont.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
explortu.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5870fc4af7.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000005001\\5870fc4af7.exe" explortu.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 11 IoCs
Processes:
451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exeexplortu.exefa7bfe84b4.exeaxplont.exe5870fc4af7.exeexplortu.exeaxplont.exeaxplont.exeexplortu.exeexplortu.exeaxplont.exepid process 1920 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe 4140 explortu.exe 3748 fa7bfe84b4.exe 636 axplont.exe 3108 5870fc4af7.exe 4752 explortu.exe 3448 axplont.exe 1468 axplont.exe 3720 explortu.exe 4888 explortu.exe 3400 axplont.exe -
Drops file in Windows directory 2 IoCs
Processes:
451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exefa7bfe84b4.exedescription ioc process File created C:\Windows\Tasks\explortu.job 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe File created C:\Windows\Tasks\axplont.job fa7bfe84b4.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
Processes:
451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exeexplortu.exefa7bfe84b4.exeaxplont.exe5870fc4af7.exeexplortu.exeaxplont.exeaxplont.exeexplortu.exeexplortu.exeaxplont.exepid process 1920 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe 1920 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe 4140 explortu.exe 4140 explortu.exe 3748 fa7bfe84b4.exe 3748 fa7bfe84b4.exe 636 axplont.exe 636 axplont.exe 3108 5870fc4af7.exe 3108 5870fc4af7.exe 4752 explortu.exe 4752 explortu.exe 3448 axplont.exe 3448 axplont.exe 1468 axplont.exe 1468 axplont.exe 3720 explortu.exe 3720 explortu.exe 4888 explortu.exe 4888 explortu.exe 3400 axplont.exe 3400 axplont.exe -
Suspicious use of WriteProcessMemory 15 IoCs
Processes:
451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exeexplortu.exefa7bfe84b4.exedescription pid process target process PID 1920 wrote to memory of 4140 1920 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe explortu.exe PID 1920 wrote to memory of 4140 1920 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe explortu.exe PID 1920 wrote to memory of 4140 1920 451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe explortu.exe PID 4140 wrote to memory of 3628 4140 explortu.exe explortu.exe PID 4140 wrote to memory of 3628 4140 explortu.exe explortu.exe PID 4140 wrote to memory of 3628 4140 explortu.exe explortu.exe PID 4140 wrote to memory of 3748 4140 explortu.exe fa7bfe84b4.exe PID 4140 wrote to memory of 3748 4140 explortu.exe fa7bfe84b4.exe PID 4140 wrote to memory of 3748 4140 explortu.exe fa7bfe84b4.exe PID 3748 wrote to memory of 636 3748 fa7bfe84b4.exe axplont.exe PID 3748 wrote to memory of 636 3748 fa7bfe84b4.exe axplont.exe PID 3748 wrote to memory of 636 3748 fa7bfe84b4.exe axplont.exe PID 4140 wrote to memory of 3108 4140 explortu.exe 5870fc4af7.exe PID 4140 wrote to memory of 3108 4140 explortu.exe 5870fc4af7.exe PID 4140 wrote to memory of 3108 4140 explortu.exe 5870fc4af7.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe"C:\Users\Admin\AppData\Local\Temp\451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"3⤵
-
C:\Users\Admin\1000004002\fa7bfe84b4.exe"C:\Users\Admin\1000004002\fa7bfe84b4.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"4⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1000005001\5870fc4af7.exe"C:\Users\Admin\AppData\Local\Temp\1000005001\5870fc4af7.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exeC:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeC:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeC:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exeC:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeC:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exeC:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\1000004002\fa7bfe84b4.exeFilesize
1.8MB
MD5b868254534dd8f6d00af889afd536d2e
SHA1ba9e400580c8ee869f057b71a5a39a2d2d52fe94
SHA25689f74508e812f6f5890128bacb1b90063a0384618b29285519632c8f87bf51be
SHA5120a2405905487a118bed25af153fff7a7806abca5f9574d202e8827287ec331e68515d1cea782c83175c56a333bda5924230e429dd7cbe15d083dab39c93d4e42
-
C:\Users\Admin\AppData\Local\Temp\1000005001\5870fc4af7.exeFilesize
2.4MB
MD5dad715e1489cf8a475ff58c7687fe0b9
SHA1888f4294e971cc3d8464ad00a4ead42d13f1a6c3
SHA2568e6ade8a2a316fdc0daf5d8157f18ff371d20cdc0a6aca34208bb76a30233499
SHA512e528a3496bc647ca813dcffcce97164081c73466f0069b62c1442cc1f44543f9064ab8d4ed60d12ac96b2d8aec73d759e68d6767c02b56393c0ba0a7922e6e0c
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeFilesize
1.8MB
MD5d35b7e8d7b6b81f6eaf131b148b52c13
SHA1a3863491e0c24ff8901f5f97c223b800d2f27db9
SHA256451be1c8e503a768b9ea4056432997a15beab289ce5efea503ae7f3a25092138
SHA512409a63f240be852c1883c52aee153accc2239719e38fb623ee70b10d2aed40b7fc835e72591ed24f3571b3ea70282a41886932796e5a1230443a45e81dbc0590
-
memory/636-74-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-52-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-88-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-90-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-127-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-124-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-121-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-118-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-93-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-115-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-112-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-96-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-99-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-102-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/636-86-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/1468-107-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/1468-109-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/1920-1-0x0000000077184000-0x0000000077186000-memory.dmpFilesize
8KB
-
memory/1920-5-0x0000000000560000-0x0000000000A22000-memory.dmpFilesize
4.8MB
-
memory/1920-0-0x0000000000560000-0x0000000000A22000-memory.dmpFilesize
4.8MB
-
memory/1920-2-0x0000000000561000-0x000000000058F000-memory.dmpFilesize
184KB
-
memory/1920-17-0x0000000000560000-0x0000000000A22000-memory.dmpFilesize
4.8MB
-
memory/1920-3-0x0000000000560000-0x0000000000A22000-memory.dmpFilesize
4.8MB
-
memory/3108-94-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-122-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-87-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-128-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-125-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-119-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-91-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-116-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-113-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-72-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-103-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-75-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-97-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3108-100-0x0000000000AA0000-0x00000000010BF000-memory.dmpFilesize
6.1MB
-
memory/3400-135-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/3400-133-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/3448-85-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/3448-82-0x0000000000F00000-0x00000000013AE000-memory.dmpFilesize
4.7MB
-
memory/3720-111-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/3720-108-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/3748-39-0x0000000000490000-0x000000000093E000-memory.dmpFilesize
4.7MB
-
memory/3748-53-0x0000000000490000-0x000000000093E000-memory.dmpFilesize
4.7MB
-
memory/4140-21-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-20-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-73-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-98-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-114-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-104-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-92-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-117-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-76-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-95-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-120-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-78-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-77-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-123-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-19-0x0000000000D91000-0x0000000000DBF000-memory.dmpFilesize
184KB
-
memory/4140-89-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-126-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-18-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-101-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4140-129-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4752-83-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4752-81-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4888-132-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB
-
memory/4888-134-0x0000000000D90000-0x0000000001252000-memory.dmpFilesize
4.8MB