Analysis
-
max time kernel
116s -
max time network
147s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
01-10-2021 13:47
Static task
static1
Behavioral task
behavioral1
Sample
759e5f4dbc7432a87a19bcff1ae50ab7.exe
Resource
win7v20210408
General
-
Target
759e5f4dbc7432a87a19bcff1ae50ab7.exe
-
Size
328KB
-
MD5
759e5f4dbc7432a87a19bcff1ae50ab7
-
SHA1
2502825181f4b8c13461ba2002cea0e2b3511136
-
SHA256
680e418e349d611812a6afd357c39fa4fe3baf32cd95012f9b0632a364f2f349
-
SHA512
a9f304bc605f8806dbfbc33081e96883c11af9e5dd53068393ba00440c916c3f8f11c583fd10993a47ac282b14674c028484bf71497174601ff812f2e94d8abf
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
759e5f4dbc7432a87a19bcff1ae50ab7Srv.exeDesktopLayer.exepid process 2312 759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe 2680 DesktopLayer.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe upx C:\Users\Admin\AppData\Local\Temp\759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe upx behavioral2/memory/2312-122-0x0000000000400000-0x000000000042E000-memory.dmp upx C:\Program Files (x86)\Microsoft\DesktopLayer.exe upx C:\Program Files (x86)\Microsoft\DesktopLayer.exe upx -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
759e5f4dbc7432a87a19bcff1ae50ab7.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Windows\CurrentVersion\Run\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\759e5f4dbc7432a87a19bcff1ae50ab7.exe" 759e5f4dbc7432a87a19bcff1ae50ab7.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
759e5f4dbc7432a87a19bcff1ae50ab7.exedescription ioc process File opened (read-only) \??\B: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\F: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\P: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\Q: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\R: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\U: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\E: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\H: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\J: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\K: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\N: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\S: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\G: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\I: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\O: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\Z: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\Y: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\L: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\M: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\T: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\V: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\W: 759e5f4dbc7432a87a19bcff1ae50ab7.exe File opened (read-only) \??\X: 759e5f4dbc7432a87a19bcff1ae50ab7.exe -
Drops file in Program Files directory 3 IoCs
Processes:
759e5f4dbc7432a87a19bcff1ae50ab7Srv.exedescription ioc process File opened for modification C:\Program Files (x86)\Microsoft\DesktopLayer.exe 759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe File opened for modification C:\Program Files (x86)\Microsoft\px9716.tmp 759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe File created C:\Program Files (x86)\Microsoft\DesktopLayer.exe 759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
759e5f4dbc7432a87a19bcff1ae50ab7.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 759e5f4dbc7432a87a19bcff1ae50ab7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz 759e5f4dbc7432a87a19bcff1ae50ab7.exe -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc process Set value (data) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/ iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "339877601" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30914250" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz! iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "339909593" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30914250" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "339861007" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30914250" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3921684327" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3914498022" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14BBA344-22BE-11EC-AF2E-DEC7D0DD9661} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3914498022" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2481030822-2828258191-1606198294-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511" iexplore.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
759e5f4dbc7432a87a19bcff1ae50ab7.exeDesktopLayer.exepid process 2072 759e5f4dbc7432a87a19bcff1ae50ab7.exe 2072 759e5f4dbc7432a87a19bcff1ae50ab7.exe 2072 759e5f4dbc7432a87a19bcff1ae50ab7.exe 2072 759e5f4dbc7432a87a19bcff1ae50ab7.exe 2680 DesktopLayer.exe 2680 DesktopLayer.exe 2680 DesktopLayer.exe 2680 DesktopLayer.exe 2680 DesktopLayer.exe 2680 DesktopLayer.exe 2680 DesktopLayer.exe 2680 DesktopLayer.exe 2072 759e5f4dbc7432a87a19bcff1ae50ab7.exe 2072 759e5f4dbc7432a87a19bcff1ae50ab7.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
iexplore.exepid process 2836 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid process 2836 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
iexplore.exeIEXPLORE.EXEpid process 2836 iexplore.exe 2836 iexplore.exe 3148 IEXPLORE.EXE 3148 IEXPLORE.EXE 3148 IEXPLORE.EXE 3148 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
759e5f4dbc7432a87a19bcff1ae50ab7.exe759e5f4dbc7432a87a19bcff1ae50ab7Srv.exeDesktopLayer.exeiexplore.exedescription pid process target process PID 2072 wrote to memory of 2312 2072 759e5f4dbc7432a87a19bcff1ae50ab7.exe 759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe PID 2072 wrote to memory of 2312 2072 759e5f4dbc7432a87a19bcff1ae50ab7.exe 759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe PID 2072 wrote to memory of 2312 2072 759e5f4dbc7432a87a19bcff1ae50ab7.exe 759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe PID 2312 wrote to memory of 2680 2312 759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe DesktopLayer.exe PID 2312 wrote to memory of 2680 2312 759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe DesktopLayer.exe PID 2312 wrote to memory of 2680 2312 759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe DesktopLayer.exe PID 2680 wrote to memory of 2836 2680 DesktopLayer.exe iexplore.exe PID 2680 wrote to memory of 2836 2680 DesktopLayer.exe iexplore.exe PID 2836 wrote to memory of 3148 2836 iexplore.exe IEXPLORE.EXE PID 2836 wrote to memory of 3148 2836 iexplore.exe IEXPLORE.EXE PID 2836 wrote to memory of 3148 2836 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\759e5f4dbc7432a87a19bcff1ae50ab7.exe"C:\Users\Admin\AppData\Local\Temp\759e5f4dbc7432a87a19bcff1ae50ab7.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\759e5f4dbc7432a87a19bcff1ae50ab7Srv.exeC:\Users\Admin\AppData\Local\Temp\759e5f4dbc7432a87a19bcff1ae50ab7Srv.exe2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:82945 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeMD5
ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exeMD5
ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
3f3551c43887e7b5c182de5cafb20bda
SHA142ce339d805c81a81f2562bc99c302e6fbba0968
SHA256071d4d8c4eab632e8b1dc87b811bf558bb37ba5aa0ade0c380254897bfac6c08
SHA512c98832059737978197b256b2e7578145a9fe1e0a5f8731431eefdc0f7d331010b5fc947afb8eb54adf3728acd16bfff18d6b5eff1c75831e6d347e8f1b55afe1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776MD5
fab5e90a9a437b925535738797f2194b
SHA1d131e4eea6f34c81f851860a9d03912c35a29920
SHA256d884b8d95e53dc504b949681f6ece6b116690d62b8a510e766f74aa27c568fa6
SHA512eb574507e1a6f71b079d5a84c722541acd6530eaab1745539a6885cc3205e3a3f71014992d23fa308a19e1de2392f12b3c40a3dc1f8b1225a3607c5195cb282f
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\0AIDXMDR.cookieMD5
56adb692790c95fbd6c238a8e1759054
SHA1c3f861b8909594b77d4a1ae81824f1b1039873d1
SHA256cf4a03951344eef13d7f5b249061355d918c2043b21350719fa23a5121b85830
SHA5122bbd3239acb8f1b1f0aa097b0e5bc9c85d0dcacc737c24feca990184f6eef1ac085778b4d65a7d2de55be33248f3f1e7a1b19847662fdf128110e891d002b88a
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\MZM72BQ9.cookieMD5
0237827e4397dae1c97b776fbf820223
SHA127a9ddc7144d19f32ee54356cb73b61c46aaaf8c
SHA256180bd821749c9f6a6869f46923819b616cde548996e7d0e591c0df74346a3a12
SHA5125fe090f16925b3074fc1a5d0f8ff04a418ab6c3dcffee710f97ff7e6bebe9cb859658c1f53d709f9ab339cdac117fbb8f58e5c73f6f058fae5742899c9780ddb
-
C:\Users\Admin\AppData\Local\Temp\759e5f4dbc7432a87a19bcff1ae50ab7Srv.exeMD5
ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
C:\Users\Admin\AppData\Local\Temp\759e5f4dbc7432a87a19bcff1ae50ab7Srv.exeMD5
ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a
-
memory/2072-115-0x0000000010000000-0x0000000010024000-memory.dmpFilesize
144KB
-
memory/2072-120-0x0000000010015000-0x0000000010024000-memory.dmpFilesize
60KB
-
memory/2312-121-0x00000000001E0000-0x00000000001EF000-memory.dmpFilesize
60KB
-
memory/2312-122-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2312-117-0x0000000000000000-mapping.dmp
-
memory/2680-126-0x00000000001F0000-0x00000000001F1000-memory.dmpFilesize
4KB
-
memory/2680-123-0x0000000000000000-mapping.dmp
-
memory/2836-127-0x0000000000000000-mapping.dmp
-
memory/2836-128-0x00007FFE0D270000-0x00007FFE0D2DB000-memory.dmpFilesize
428KB
-
memory/3148-129-0x0000000000000000-mapping.dmp