Analysis
-
max time kernel
144s -
max time network
142s -
platform
windows7_x64 -
resource
win7 -
submitted
11-09-2020 18:27
General
-
Target
MyLanViewer.exe
-
Size
4.7MB
-
MD5
19f2de951583721b6fca9f2fe0f03805
-
SHA1
adcd8b173ecee8b4f47bf8e60047e8491dab243e
-
SHA256
16c596f3db3945e0ce9aaef4b2a1e12a4ac0d6be1e1f6a1aa61cffe15d022512
-
SHA512
941dc498b977176e64af94061e2cd2aa958d583505600f318c3746430190794ea39b0f06708b8ad94dd049cdafe7f6ff317b831df38d1ae93da51db624812294
Score
10/10
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 55 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 2 IoCs
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
JavaScript code in executable 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
Modifies service 2 TTPs 149 IoCs
-
Drops file in Program Files directory 413 IoCs
-
Drops file in Windows directory 48 IoCs
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 109 IoCs
-
Modifies registry class 704 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 779 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 89 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\MyLanViewer.exe"C:\Users\Admin\AppData\Local\Temp\MyLanViewer.exe"1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\DenyResize\" -ad -an -ai#7zMap10425:82:7zEvent104301⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL PowerCfg.cpl @0,/editplan:8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x56c1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe"C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe" -arp:uninstall2⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
-
C:\program files (x86)\common files\adobe air\versions\1.0\adobe air updater.exe"C:\program files (x86)\common files\adobe air\versions\1.0\adobe air updater.exe" -stdio \\.\pipe\AIR_1608_0 -uninstall3⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Enumerates connected drives
- Modifies service
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 33DC32A8030FD4272947B6B231F1638E2⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A5E9DF81D949A77DCF24C26EDEA186AD M Global\MSI00002⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe"C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe" -AU_LAUNCH_MODE=53⤵
- Executes dropped EXE
-
C:\Windows\syswow64\MsiExec.exe"C:\Windows\syswow64\MsiExec.exe" /Z "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll"2⤵
- Loads dropped DLL
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Modifies service
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot12" "" "" "6d110b0a3" "0000000000000000" "00000000000005A4" "00000000000005A0"1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
-
C:\Program Files\Mozilla Firefox\uninstall\helper.exe"C:\Program Files\Mozilla Firefox\uninstall\helper.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe"C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Program Files\Mozilla Firefox\uninstall\3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies service
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exe"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files\Mozilla Firefox\AccessibleHandler.dll"4⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files\Mozilla Firefox\default-browser-agent.exe"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" unregister-task 308046B0AF4A39CB4⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" /S4⤵
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe" /S _?=C:\Program Files (x86)\Mozilla Maintenance Service\5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" uninstall6⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\Setup.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\\Setup.exe" /repair /x86 /x641⤵
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exeSetupUtility.exe /screboot2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
-
C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-uninstall.log
-
C:\Program Files\Mozilla Firefox\AccessibleHandler.dll
-
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
-
C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe
-
C:\Program Files\Mozilla Firefox\uninstall\uninstaller.exe
-
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
-
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
-
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe
-
C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe
-
C:\Windows\Installer\MSIAD62.tmp
-
C:\Windows\Installer\MSIAEF9.tmp
-
C:\Windows\Installer\MSIAF38.tmp
-
C:\Windows\Installer\MSIB013.tmp
-
C:\Windows\Installer\MSIB3DC.tmp
-
C:\Windows\Installer\MSIB3FC.tmp
-
C:\Windows\Installer\MSIB43B.tmp
-
C:\Windows\Installer\MSIB45B.tmp
-
C:\Windows\Installer\MSIB70B.tmp
-
C:\Windows\Installer\MSIBA57.tmp
-
C:\Windows\Installer\MSIBBB0.tmp
-
C:\Windows\Installer\MSIBC8C.tmp
-
C:\Windows\Installer\MSIBE03.tmp
-
C:\Windows\Installer\MSIBEEE.tmp
-
C:\Windows\Installer\MSIBF3D.tmp
-
C:\Windows\Installer\MSIC98B.tmp
-
C:\Windows\Installer\MSID464.tmp
-
C:\Windows\Installer\MSID4A4.tmp
-
C:\Windows\Installer\MSID59E.tmp
-
C:\Windows\Installer\MSID5DE.tmp
-
C:\Windows\Installer\MSID6B9.tmp
-
C:\Windows\Installer\MSID6E9.tmp
-
C:\Windows\Installer\MSID93C.tmp
-
C:\Windows\Installer\MSID97B.tmp
-
\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll
-
\Program Files (x86)\Adobe\Reader 9.0\Reader\authplay.dll
-
\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.api
-
\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
-
\Program Files\Mozilla Firefox\AccessibleHandler.dll
-
\Program Files\Mozilla Firefox\uninstall\uninstaller.exe
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ApplicationID.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\Banner.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\BitsUtils.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\CityHash.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\InstallOptions.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\InstallOptions.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ServicesHelper.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ShellLink.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ShellLink.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ShellLink.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ShellLink.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ShellLink.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ShellLink.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ShellLink.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ShellLink.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ShellLink.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\ShellLink.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\System.dll
-
\Users\Admin\AppData\Local\Temp\nsoECFF.tmp\nsExec.dll
-
\Users\Admin\AppData\Local\Temp\nsoFF95.tmp\System.dll
-
\Users\Admin\AppData\Local\Temp\nsyEB1B.tmp\CityHash.dll
-
\Users\Admin\AppData\Local\Temp\nsyEB1B.tmp\System.dll
-
\Users\Admin\AppData\Local\Temp\nsyEB1B.tmp\UAC.dll
-
\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
-
\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_B.exe
-
\Windows\Installer\MSIAD62.tmp
-
\Windows\Installer\MSIAEF9.tmp
-
\Windows\Installer\MSIAF38.tmp
-
\Windows\Installer\MSIB013.tmp
-
\Windows\Installer\MSIB3DC.tmp
-
\Windows\Installer\MSIB3FC.tmp
-
\Windows\Installer\MSIB43B.tmp
-
\Windows\Installer\MSIB45B.tmp
-
\Windows\Installer\MSIB70B.tmp
-
\Windows\Installer\MSIBA57.tmp
-
\Windows\Installer\MSIBBB0.tmp
-
\Windows\Installer\MSIBC8C.tmp
-
\Windows\Installer\MSIBE03.tmp
-
\Windows\Installer\MSIBEEE.tmp
-
\Windows\Installer\MSIBF3D.tmp
-
\Windows\Installer\MSIC98B.tmp
-
\Windows\Installer\MSID464.tmp
-
\Windows\Installer\MSID4A4.tmp
-
\Windows\Installer\MSID59E.tmp
-
\Windows\Installer\MSID5DE.tmp
-
\Windows\Installer\MSID6B9.tmp
-
\Windows\Installer\MSID6E9.tmp
-
\Windows\Installer\MSID93C.tmp
-
\Windows\Installer\MSID97B.tmp
-
memory/540-184-0x0000000000000000-mapping.dmp
-
memory/584-93-0x0000000000000000-mapping.dmp
-
memory/828-226-0x0000000000000000-mapping.dmp
-
memory/860-234-0x0000000000000000-mapping.dmp
-
memory/884-210-0x0000000000000000-mapping.dmp
-
memory/956-85-0x0000000000000000-mapping.dmp
-
memory/1080-213-0x0000000000000000-mapping.dmp
-
memory/1336-230-0x0000000000300000-0x0000000000302000-memory.dmpFilesize
8KB
-
memory/1336-231-0x0000000000300000-0x0000000000302000-memory.dmpFilesize
8KB
-
memory/1336-232-0x0000000000340000-0x0000000000342000-memory.dmpFilesize
8KB
-
memory/1444-77-0x00000000026D0000-0x00000000026D4000-memory.dmpFilesize
16KB
-
memory/1444-116-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-152-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-154-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-155-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-156-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-157-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-150-0x00000000025D0000-0x00000000025D1000-memory.dmpFilesize
4KB
-
memory/1444-149-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-148-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-147-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-145-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-144-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-143-0x00000000025D0000-0x00000000025D1000-memory.dmpFilesize
4KB
-
memory/1444-141-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-139-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-137-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-136-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-135-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-170-0x0000000004AE0000-0x0000000004AE4000-memory.dmpFilesize
16KB
-
memory/1444-171-0x00000000025D0000-0x00000000025D1000-memory.dmpFilesize
4KB
-
memory/1444-134-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-133-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-132-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-130-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-177-0x0000000004AE0000-0x0000000004AE4000-memory.dmpFilesize
16KB
-
memory/1444-178-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-129-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-128-0x00000000025D0000-0x00000000025D1000-memory.dmpFilesize
4KB
-
memory/1444-127-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-126-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-125-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-124-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-122-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-121-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-120-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-119-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-118-0x00000000025D0000-0x00000000025D1000-memory.dmpFilesize
4KB
-
memory/1444-117-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-151-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-114-0x0000000000B70000-0x0000000000B72000-memory.dmpFilesize
8KB
-
memory/1444-101-0x0000000004AE0000-0x0000000004AE4000-memory.dmpFilesize
16KB
-
memory/1444-79-0x0000000000590000-0x0000000000592000-memory.dmpFilesize
8KB
-
memory/1444-78-0x0000000002060000-0x0000000002064000-memory.dmpFilesize
16KB
-
memory/1444-47-0x0000000000590000-0x0000000000592000-memory.dmpFilesize
8KB
-
memory/1444-25-0x00000000013E0000-0x00000000013E4000-memory.dmpFilesize
16KB
-
memory/1444-26-0x0000000000EF0000-0x0000000000EF4000-memory.dmpFilesize
16KB
-
memory/1444-27-0x0000000001D10000-0x0000000001D14000-memory.dmpFilesize
16KB
-
memory/1444-41-0x0000000000590000-0x0000000000592000-memory.dmpFilesize
8KB
-
memory/1444-40-0x0000000000590000-0x0000000000592000-memory.dmpFilesize
8KB
-
memory/1444-37-0x0000000000590000-0x0000000000592000-memory.dmpFilesize
8KB
-
memory/1444-35-0x0000000000590000-0x0000000000592000-memory.dmpFilesize
8KB
-
memory/1444-32-0x0000000000590000-0x0000000000592000-memory.dmpFilesize
8KB
-
memory/1444-31-0x0000000001D10000-0x0000000001D14000-memory.dmpFilesize
16KB
-
memory/1444-30-0x0000000001D10000-0x0000000001D14000-memory.dmpFilesize
16KB
-
memory/1444-29-0x0000000000EF0000-0x0000000000EF4000-memory.dmpFilesize
16KB
-
memory/1608-9-0x00000000074F1000-0x00000000074F5000-memory.dmpFilesize
16KB
-
memory/1608-0-0x0000000000000000-mapping.dmp
-
memory/1608-10-0x00000000074FB000-0x00000000074FF000-memory.dmpFilesize
16KB
-
memory/1608-7-0x000000000723C000-0x0000000007240000-memory.dmpFilesize
16KB
-
memory/1608-8-0x00000000074BF000-0x00000000074C3000-memory.dmpFilesize
16KB
-
memory/1652-220-0x0000000000000000-mapping.dmp
-
memory/1772-107-0x0000000000000000-mapping.dmp
-
memory/1840-23-0x0000000005A02000-0x0000000005A06000-memory.dmpFilesize
16KB
-
memory/1840-24-0x0000000007968000-0x000000000796C000-memory.dmpFilesize
16KB
-
memory/1840-22-0x000000000793E000-0x0000000007942000-memory.dmpFilesize
16KB
-
memory/1840-21-0x000000000722F000-0x0000000007233000-memory.dmpFilesize
16KB
-
memory/1840-20-0x0000000005E05000-0x0000000005E09000-memory.dmpFilesize
16KB
-
memory/1840-19-0x0000000007904000-0x0000000007908000-memory.dmpFilesize
16KB
-
memory/1840-16-0x0000000007540000-0x0000000007544000-memory.dmpFilesize
16KB
-
memory/1840-11-0x0000000000000000-mapping.dmp
-
memory/1844-42-0x0000000000000000-mapping.dmp
-
memory/1964-222-0x0000000000000000-mapping.dmp
-
memory/1988-229-0x0000000002A10000-0x0000000002A14000-memory.dmpFilesize
16KB
-
memory/1988-228-0x0000000002E10000-0x0000000002E14000-memory.dmpFilesize
16KB
-
memory/1988-217-0x0000000003B90000-0x0000000003C91000-memory.dmpFilesize
1.0MB
-
memory/1988-193-0x0000000002550000-0x0000000002551000-memory.dmpFilesize
4KB
-
memory/1988-188-0x0000000000000000-mapping.dmp