Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
30-05-2024 13:50
Static task
static1
Behavioral task
behavioral1
Sample
485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe
Resource
win10v2004-20240426-en
General
-
Target
485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe
-
Size
1.8MB
-
MD5
fab7aed34c4160cf99dad939a2672bb0
-
SHA1
ea124ba006f79244a2eaa285ad98f226e4086d93
-
SHA256
485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537
-
SHA512
6c5cc156f6942a0a3e16c68acb76e44cc4018a68327ad34cd7b6663a89f1d04ce43cfc12b8a2cb6e85c96e1f3b7b286e8552df215ba8bc53c2b7258e3b29898b
-
SSDEEP
49152:qCzOLVKbwamwj7Mz9Wzc1RGkdx18jpoVNK/M4bAxIfxcL:PyVKsaHj7MxWzcjhxS6NK048qaL
Malware Config
Extracted
amadey
4.21
0e6740
http://147.45.47.155
-
install_dir
9217037dc9
-
install_file
explortu.exe
-
strings_key
8e894a8a4a3d0da8924003a561cfb244
-
url_paths
/ku4Nor9/index.php
Extracted
amadey
4.21
49e482
http://147.45.47.70
-
install_dir
1b29d73536
-
install_file
axplont.exe
-
strings_key
4d31dd1a190d9879c21fac6d87dc0043
-
url_paths
/tr8nomy/index.php
Extracted
risepro
147.45.47.126:58709
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 9 IoCs
Processes:
explortu.exe19af4bb7fe.exeaxplont.exeexplortu.exeaxplont.exe485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe11518061cb.exeexplortu.exeaxplont.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 19af4bb7fe.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 11518061cb.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explortu.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplont.exe -
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 18 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exeexplortu.exeaxplont.exeaxplont.exeexplortu.exe19af4bb7fe.exe11518061cb.exeexplortu.exeaxplont.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 19af4bb7fe.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 11518061cb.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 19af4bb7fe.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 11518061cb.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explortu.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplont.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplont.exe -
Executes dropped EXE 8 IoCs
Processes:
explortu.exe19af4bb7fe.exeaxplont.exe11518061cb.exeexplortu.exeaxplont.exeexplortu.exeaxplont.exepid process 4920 explortu.exe 2332 19af4bb7fe.exe 2632 axplont.exe 3812 11518061cb.exe 2756 explortu.exe 4292 axplont.exe 1168 explortu.exe 2364 axplont.exe -
Identifies Wine through registry keys 2 TTPs 9 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
Processes:
485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exeaxplont.exe11518061cb.exeexplortu.exeexplortu.exe19af4bb7fe.exeaxplont.exeexplortu.exeaxplont.exedescription ioc process Key opened \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Wine 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe Key opened \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Wine 11518061cb.exe Key opened \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Wine 19af4bb7fe.exe Key opened \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Wine axplont.exe Key opened \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Wine explortu.exe Key opened \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Wine axplont.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
explortu.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2551177587-3778486488-1329702901-1000\Software\Microsoft\Windows\CurrentVersion\Run\11518061cb.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1000005001\\11518061cb.exe" explortu.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs
Processes:
485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exeexplortu.exe19af4bb7fe.exeaxplont.exe11518061cb.exeexplortu.exeaxplont.exeexplortu.exeaxplont.exepid process 4676 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe 4920 explortu.exe 2332 19af4bb7fe.exe 2632 axplont.exe 3812 11518061cb.exe 2756 explortu.exe 4292 axplont.exe 1168 explortu.exe 2364 axplont.exe -
Drops file in Windows directory 2 IoCs
Processes:
485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe19af4bb7fe.exedescription ioc process File created C:\Windows\Tasks\explortu.job 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe File created C:\Windows\Tasks\axplont.job 19af4bb7fe.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
Processes:
485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exeexplortu.exe19af4bb7fe.exeaxplont.exe11518061cb.exeexplortu.exeaxplont.exeexplortu.exeaxplont.exepid process 4676 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe 4676 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe 4920 explortu.exe 4920 explortu.exe 2332 19af4bb7fe.exe 2332 19af4bb7fe.exe 2632 axplont.exe 2632 axplont.exe 3812 11518061cb.exe 3812 11518061cb.exe 2756 explortu.exe 2756 explortu.exe 4292 axplont.exe 4292 axplont.exe 1168 explortu.exe 1168 explortu.exe 2364 axplont.exe 2364 axplont.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exepid process 4676 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe -
Suspicious use of WriteProcessMemory 15 IoCs
Processes:
485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exeexplortu.exe19af4bb7fe.exedescription pid process target process PID 4676 wrote to memory of 4920 4676 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe explortu.exe PID 4676 wrote to memory of 4920 4676 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe explortu.exe PID 4676 wrote to memory of 4920 4676 485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe explortu.exe PID 4920 wrote to memory of 3340 4920 explortu.exe explortu.exe PID 4920 wrote to memory of 3340 4920 explortu.exe explortu.exe PID 4920 wrote to memory of 3340 4920 explortu.exe explortu.exe PID 4920 wrote to memory of 2332 4920 explortu.exe 19af4bb7fe.exe PID 4920 wrote to memory of 2332 4920 explortu.exe 19af4bb7fe.exe PID 4920 wrote to memory of 2332 4920 explortu.exe 19af4bb7fe.exe PID 2332 wrote to memory of 2632 2332 19af4bb7fe.exe axplont.exe PID 2332 wrote to memory of 2632 2332 19af4bb7fe.exe axplont.exe PID 2332 wrote to memory of 2632 2332 19af4bb7fe.exe axplont.exe PID 4920 wrote to memory of 3812 4920 explortu.exe 11518061cb.exe PID 4920 wrote to memory of 3812 4920 explortu.exe 11518061cb.exe PID 4920 wrote to memory of 3812 4920 explortu.exe 11518061cb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe"C:\Users\Admin\AppData\Local\Temp\485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe"3⤵
-
C:\Users\Admin\1000004002\19af4bb7fe.exe"C:\Users\Admin\1000004002\19af4bb7fe.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe"4⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1000005001\11518061cb.exe"C:\Users\Admin\AppData\Local\Temp\1000005001\11518061cb.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeC:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exeC:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeC:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exeC:\Users\Admin\AppData\Local\Temp\1b29d73536\axplont.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\1000004002\19af4bb7fe.exeFilesize
1.8MB
MD53eaecc080bd77a152119127af73707b3
SHA171222b5b8c9984814390709d267be019a95ab4b6
SHA256fbe40f767788ac5d1b503e9b639711db6152a0b5e623d131b05381f02de957b1
SHA512a9d9dcd5f743812adf0b9b880ea334a6301d5d6b33f97e48dc9f3c397640b189bb1d34137ad7c23f45faaed398c44e9e55fd85368a6061980973efc73aae19ec
-
C:\Users\Admin\AppData\Local\Temp\1000005001\11518061cb.exeFilesize
2.3MB
MD5e25317bc8e09044cd19df691f2078316
SHA1f079b50cc9c77c51fb755d7cb497723e98626e8d
SHA2567d2bf5fd2a6cc5ea2f1f8bae572dce536da2a4029be23836b61094b2ca32779d
SHA512aa64892c3f43fdcd612abaf7ec43ef64264a23fae1fe629ca413f9ce1c312158e7ee853d6c1e678a27301b88e77a412be0b54e71e9772c21aa3fe89c536089fa
-
C:\Users\Admin\AppData\Local\Temp\9217037dc9\explortu.exeFilesize
1.8MB
MD5fab7aed34c4160cf99dad939a2672bb0
SHA1ea124ba006f79244a2eaa285ad98f226e4086d93
SHA256485003fe367772596f98b3c824ffe9a0b2a76aba5e79aea6fb25a658b63bf537
SHA5126c5cc156f6942a0a3e16c68acb76e44cc4018a68327ad34cd7b6663a89f1d04ce43cfc12b8a2cb6e85c96e1f3b7b286e8552df215ba8bc53c2b7258e3b29898b
-
memory/1168-109-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/1168-112-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/2332-53-0x00000000008D0000-0x0000000000D63000-memory.dmpFilesize
4.6MB
-
memory/2332-40-0x00000000008D0000-0x0000000000D63000-memory.dmpFilesize
4.6MB
-
memory/2364-111-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2364-113-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-115-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-103-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-118-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-121-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-106-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-124-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-54-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-81-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-127-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-100-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-97-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-94-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-91-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2632-78-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/2756-87-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/2756-84-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/3812-74-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-125-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-128-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-116-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-79-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-98-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-107-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-101-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-92-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-82-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-122-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-95-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-104-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/3812-119-0x0000000000D40000-0x0000000001340000-memory.dmpFilesize
6.0MB
-
memory/4292-89-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/4292-86-0x00000000008F0000-0x0000000000D83000-memory.dmpFilesize
4.6MB
-
memory/4676-1-0x00000000777E6000-0x00000000777E8000-memory.dmpFilesize
8KB
-
memory/4676-0-0x0000000000630000-0x0000000000AE1000-memory.dmpFilesize
4.7MB
-
memory/4676-5-0x0000000000630000-0x0000000000AE1000-memory.dmpFilesize
4.7MB
-
memory/4676-17-0x0000000000630000-0x0000000000AE1000-memory.dmpFilesize
4.7MB
-
memory/4676-3-0x0000000000630000-0x0000000000AE1000-memory.dmpFilesize
4.7MB
-
memory/4676-2-0x0000000000631000-0x000000000065F000-memory.dmpFilesize
184KB
-
memory/4920-105-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-39-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-21-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-20-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-19-0x0000000000DF1000-0x0000000000E1F000-memory.dmpFilesize
184KB
-
memory/4920-18-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-55-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-114-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-102-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-117-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-99-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-75-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-120-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-96-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-76-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-123-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-93-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-77-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-126-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-90-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB
-
memory/4920-80-0x0000000000DF0000-0x00000000012A1000-memory.dmpFilesize
4.7MB