Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
30-05-2024 11:19
Static task
static1
Behavioral task
behavioral1
Sample
16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe
Resource
win10v2004-20240426-en
General
-
Target
16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe
-
Size
1.8MB
-
MD5
e2131b7b8c23c36dccfb420589134ab3
-
SHA1
7e1c039ae922dc541dc0e2a8a6538bfb6c2d0b31
-
SHA256
16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00
-
SHA512
264441f6eb29e347b9f7e3b49436cd08dff0b79f7270df24eab5668b69e7d0ad323b0c88b14a47bc683e440283d5195f8f62be2385783239075d734f895461ea
-
SSDEEP
49152:o7k+flGudsP5Vhe78/ouKACPrdW/lRIVgVgs1q1/:0kPudsBVhMko+CP8w0gsc
Malware Config
Extracted
amadey
4.21
0e6740
http://147.45.47.155
-
install_dir
9217037dc9
-
install_file
explortu.exe
-
strings_key
8e894a8a4a3d0da8924003a561cfb244
-
url_paths
/ku4Nor9/index.php
Extracted
amadey
4.21
49e482
http://147.45.47.70
-
install_dir
1b29d73536
-
install_file
axplont.exe
-
strings_key
4d31dd1a190d9879c21fac6d87dc0043
-
url_paths
/tr8nomy/index.php
Extracted
risepro
147.45.47.126:58709
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 9 IoCs
Processes:
8d784e2212.exeaxplont.exeaxplont.exeexplortu.exe14907509e1.exeaxplont.exeexplortu.exeexplortu.exe16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 8d784e2212.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 14907509e1.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe -
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 18 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
explortu.exe16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exeexplortu.exe14907509e1.exeaxplont.exeaxplont.exeexplortu.exe8d784e2212.exeaxplont.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 14907509e1.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 14907509e1.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 8d784e2212.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 8d784e2212.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe -
Executes dropped EXE 8 IoCs
Processes:
explortu.exe14907509e1.exeaxplont.exe8d784e2212.exeaxplont.exeexplortu.exeaxplont.exeexplortu.exepid process 5064 explortu.exe 3152 14907509e1.exe 3844 axplont.exe 1568 8d784e2212.exe 2472 axplont.exe 4512 explortu.exe 4652 axplont.exe 2120 explortu.exe -
Identifies Wine through registry keys 2 TTPs 9 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
explortu.exeaxplont.exeexplortu.exe16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe8d784e2212.exeaxplont.exeaxplont.exeexplortu.exe14907509e1.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Wine 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe Key opened \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Wine 8d784e2212.exe Key opened \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Wine 14907509e1.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
explortu.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Software\Microsoft\Windows\CurrentVersion\Run\8d784e2212.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000005001\\8d784e2212.exe" explortu.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs
Processes:
16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exeexplortu.exe14907509e1.exeaxplont.exe8d784e2212.exeaxplont.exeexplortu.exeaxplont.exeexplortu.exepid process 2820 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe 5064 explortu.exe 3152 14907509e1.exe 3844 axplont.exe 1568 8d784e2212.exe 2472 axplont.exe 4512 explortu.exe 4652 axplont.exe 2120 explortu.exe -
Drops file in Windows directory 2 IoCs
Processes:
16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe14907509e1.exedescription ioc process File created C:\Windows\Tasks\explortu.job 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe File created C:\Windows\Tasks\axplont.job 14907509e1.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
Processes:
16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exeexplortu.exe14907509e1.exeaxplont.exe8d784e2212.exeaxplont.exeexplortu.exeaxplont.exeexplortu.exepid process 2820 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe 2820 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe 5064 explortu.exe 5064 explortu.exe 3152 14907509e1.exe 3152 14907509e1.exe 3844 axplont.exe 3844 axplont.exe 1568 8d784e2212.exe 1568 8d784e2212.exe 2472 axplont.exe 2472 axplont.exe 4512 explortu.exe 4512 explortu.exe 4652 axplont.exe 4652 axplont.exe 2120 explortu.exe 2120 explortu.exe -
Suspicious use of WriteProcessMemory 15 IoCs
Processes:
16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exeexplortu.exe14907509e1.exedescription pid process target process PID 2820 wrote to memory of 5064 2820 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe explortu.exe PID 2820 wrote to memory of 5064 2820 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe explortu.exe PID 2820 wrote to memory of 5064 2820 16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe explortu.exe PID 5064 wrote to memory of 1104 5064 explortu.exe explortu.exe PID 5064 wrote to memory of 1104 5064 explortu.exe explortu.exe PID 5064 wrote to memory of 1104 5064 explortu.exe explortu.exe PID 5064 wrote to memory of 3152 5064 explortu.exe 14907509e1.exe PID 5064 wrote to memory of 3152 5064 explortu.exe 14907509e1.exe PID 5064 wrote to memory of 3152 5064 explortu.exe 14907509e1.exe PID 3152 wrote to memory of 3844 3152 14907509e1.exe axplont.exe PID 3152 wrote to memory of 3844 3152 14907509e1.exe axplont.exe PID 3152 wrote to memory of 3844 3152 14907509e1.exe axplont.exe PID 5064 wrote to memory of 1568 5064 explortu.exe 8d784e2212.exe PID 5064 wrote to memory of 1568 5064 explortu.exe 8d784e2212.exe PID 5064 wrote to memory of 1568 5064 explortu.exe 8d784e2212.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe"C:\Users\Admin\AppData\Local\Temp\16799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"3⤵
-
C:\Users\Admin\1000004002\14907509e1.exe"C:\Users\Admin\1000004002\14907509e1.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"4⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1000005001\8d784e2212.exe"C:\Users\Admin\AppData\Local\Temp\1000005001\8d784e2212.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exeC:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeC:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exeC:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeC:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\1000004002\14907509e1.exeFilesize
1.8MB
MD5b2a3971887df35a0e25ebce1d88f255e
SHA1062e3404b45f64e899492a48c61c0cf6f897f88f
SHA25624e7c8cea0b5787de8f92ae97a8f50c1de5da0e440abe84b9657d0c62d3e518a
SHA512194edff3bff3aaf72d617767277c9cc5dd5cc5fccd71c65b88b1afcdb1c1687764f960150703f3abc4f31d40ce6b64ee2317853481f5bfe8ca3f35abfa0f9179
-
C:\Users\Admin\AppData\Local\Temp\1000005001\8d784e2212.exeFilesize
2.3MB
MD5a90295cd487dfd4c508f5d216d6de5c5
SHA131d363aa5bcdd5c5b3874abe82b4c34a4e7e3f4f
SHA2566a82e5fadd9972b5dae8848b9bab8b13d2bbc08da1e514cb5239acb96a999bf1
SHA5123e3a59995ef054ea694cefac34a095911f306ac0dbd11b8dd34579fdf7197cb14234067fa77eb5117ed7e264b338c61ab64bbc49e19ed7f1235bd6a501139df0
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeFilesize
1.8MB
MD5e2131b7b8c23c36dccfb420589134ab3
SHA17e1c039ae922dc541dc0e2a8a6538bfb6c2d0b31
SHA25616799928a8b93512cb204c890e124abfac63667c79d889e0de68f9efb8a60a00
SHA512264441f6eb29e347b9f7e3b49436cd08dff0b79f7270df24eab5668b69e7d0ad323b0c88b14a47bc683e440283d5195f8f62be2385783239075d734f895461ea
-
memory/1568-99-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-72-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-84-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-80-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-127-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-124-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-121-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-118-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-93-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-96-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-77-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-103-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-105-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/1568-108-0x0000000000460000-0x0000000000A43000-memory.dmpFilesize
5.9MB
-
memory/2120-113-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/2120-116-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/2472-87-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/2472-90-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/2820-5-0x0000000000340000-0x0000000000809000-memory.dmpFilesize
4.8MB
-
memory/2820-1-0x00000000776E6000-0x00000000776E8000-memory.dmpFilesize
8KB
-
memory/2820-2-0x0000000000341000-0x000000000036F000-memory.dmpFilesize
184KB
-
memory/2820-17-0x0000000000340000-0x0000000000809000-memory.dmpFilesize
4.8MB
-
memory/2820-0-0x0000000000340000-0x0000000000809000-memory.dmpFilesize
4.8MB
-
memory/2820-3-0x0000000000340000-0x0000000000809000-memory.dmpFilesize
4.8MB
-
memory/3152-51-0x0000000000C70000-0x0000000001142000-memory.dmpFilesize
4.8MB
-
memory/3152-39-0x0000000000C70000-0x0000000001142000-memory.dmpFilesize
4.8MB
-
memory/3844-92-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-79-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-74-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-83-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-104-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-126-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-81-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-123-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-95-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-107-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-120-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-98-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-117-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-53-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/3844-101-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/4512-91-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/4512-89-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/4652-114-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/4652-111-0x0000000000390000-0x0000000000862000-memory.dmpFilesize
4.8MB
-
memory/5064-106-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-21-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-75-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-109-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-76-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-73-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-102-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-100-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-78-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-85-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-119-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-97-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-20-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-122-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-94-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-19-0x0000000000551000-0x000000000057F000-memory.dmpFilesize
184KB
-
memory/5064-125-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-82-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-18-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB
-
memory/5064-128-0x0000000000550000-0x0000000000A19000-memory.dmpFilesize
4.8MB