Analysis
-
max time kernel
154s -
max time network
153s -
platform
windows11_x64 -
resource
win11 -
submitted
10-10-2021 09:03
General
-
Target
https://discordsgift.com/gift/eX5PFweHPrNWCj8t
-
Sample
211010-kz5slafgdj
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 29 IoCs
-
Modifies data under HKEY_USERS 43 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://discordsgift.com/gift/eX5PFweHPrNWCj8t1⤵
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" -- "https://discordsgift.com/gift/eX5PFweHPrNWCj8t"2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcbc8a46f8,0x7ffcbc8a4708,0x7ffcbc8a47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3896 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3964 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5852 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3496 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1548 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,9976793089794160668,8682879309703654382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5476 /prefetch:83⤵
-
C:\Windows\System32\Upfc.exeC:\Windows\System32\Upfc.exe /launchtype periodic /cv Batbr0OzC06wDXaT6Bj2lw.01⤵
-
C:\Windows\System32\sihclient.exeC:\Windows\System32\sihclient.exe /cv lX+JvkxKV0GZd+6TsanO5Q.0.21⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -s W32Time1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\edge_BITS_3668_1108571951\eb6a4dbd-98fc-4ba6-b4eb-40926ec21066MD5
4432feb0fd3ea5ceed672376802240dd
SHA1dfe16c564211e6f4513c65dd3201b3b26a73d8ad
SHA256960fae5df394ff065f95f2d0a5ab95a9bf88a270103c8ed2080959eedf3836fc
SHA5126d4c718e027c81ec540b3f1d3f1d8d7ba74284ba6ad9dee13f68e9c6dd42e1c124ea471aa2d5583e35629f64766b60cfa6548209c78417b912c23d942f2c71d9
-
C:\Users\Admin\AppData\Local\Temp\edge_BITS_3668_1249652923\b22f5f18-f7ea-4290-929d-b13c03908334MD5
a36d70bcd9333175811c53122f7d2c1d
SHA19a9a0c0ac2fc1db6e7b78868c8d4c96d747b8f1c
SHA25626123bef7d73536450862d2c4d44963d720aa80b6fc2d8496f559cb9c1fdeb00
SHA512e69aee2d91c50dd63030bd64cd12b5120c1db9871caf3c26b2cbf29ff96891b5f2e7d1388e4b731f77d7fb24904f379a6a8d5c1b2aacf8a8501fd0111ab0caf5
-
C:\Users\Admin\AppData\Local\Temp\edge_BITS_3668_1388550278\1d147c3b-6a51-425f-a960-c0159921df27MD5
22351f8e29208582a8c4a3be256433d7
SHA1f05a56b94cfaf46b1c74f815cc9b9d80784ffb7e
SHA2569ab1dc1c2c03aa5b274e583dc42891bc07dcceea577ac348940e112b48fa6006
SHA512e13bf84d66b5f067508f5a8fb92cbea9bde8ffa3cca9a72ef1baf30d4675807de90fb2b461ea8f5ede9e13003c9fa5f3f56213aa09e4d8a2294f1f08c110a731
-
C:\Users\Admin\AppData\Local\Temp\edge_BITS_3668_797276048\94572367-7d87-41e1-bb79-e8c97147231aMD5
407544969500d8939f1d1657db5be5e1
SHA1823f80a02da568672f57fcaf7f1cd563b731192e
SHA25602be1bf447628cdc96ae2b6811bc38ac47cbb5059abd6f31e9b2933f969a46af
SHA51299d44a29cc47f7f0eecba729484f58c03cf1adc8308e0be6605f67d4aac7fc490d4f91e943c214d50fd61d677666b05e51c645432c96482fc2d55a51e66b3c73
-
C:\Users\Admin\AppData\Local\Temp\edge_BITS_3668_998265630\066a0908-c95c-4a25-85a2-8ad34b009ca3MD5
7a007f77bad40a7b235345d573f75971
SHA11a331305a9b9b212ac3771993df6c2f831d02712
SHA25638059acf4056b2f024fdb30fb4db82a6f99d13c7cc8e08beadffae52ee7c9650
SHA5128f96313dfa307696961726a2830dfc71c4a0937437c2899a32a8de888c7e3c06c76fd1ff73f199d160ab19f8976ce56750eecaf02f2d105c67d6920574c8722d
-
\??\pipe\LOCAL\crashpad_3668_FIJCTCOHTFSLBFDHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1100-209-0x00000249ADDE0000-0x00000249ADDE2000-memory.dmpFilesize
8KB
-
memory/1100-202-0x00000249ADD2F000-0x00000249ADD30000-memory.dmpFilesize
4KB
-
memory/1100-211-0x00000249ADDE0000-0x00000249ADDE2000-memory.dmpFilesize
8KB
-
memory/1100-206-0x00000249ADDE0000-0x00000249ADDE2000-memory.dmpFilesize
8KB
-
memory/1100-212-0x00000249ADDE0000-0x00000249ADDE2000-memory.dmpFilesize
8KB
-
memory/1100-213-0x00000249ADDE0000-0x00000249ADDE2000-memory.dmpFilesize
8KB
-
memory/1100-205-0x00007FFCDF600000-0x00007FFCDF601000-memory.dmpFilesize
4KB
-
memory/1100-203-0x0000000000000000-mapping.dmp
-
memory/1116-201-0x000001E226340000-0x000001E226342000-memory.dmpFilesize
8KB
-
memory/1116-200-0x000001E226340000-0x000001E226342000-memory.dmpFilesize
8KB
-
memory/1116-199-0x0000000000000000-mapping.dmp
-
memory/1284-220-0x0000000000000000-mapping.dmp
-
memory/1364-265-0x0000000000000000-mapping.dmp
-
memory/1512-208-0x0000026E96220000-0x0000026E96222000-memory.dmpFilesize
8KB
-
memory/1512-207-0x0000026E96220000-0x0000026E96222000-memory.dmpFilesize
8KB
-
memory/1512-204-0x0000000000000000-mapping.dmp
-
memory/1644-266-0x0000000000000000-mapping.dmp
-
memory/1932-224-0x0000000000000000-mapping.dmp
-
memory/2136-300-0x0000000000000000-mapping.dmp
-
memory/2192-282-0x0000000000000000-mapping.dmp
-
memory/2744-215-0x0000000000000000-mapping.dmp
-
memory/3272-232-0x0000000000000000-mapping.dmp
-
memory/3384-308-0x0000000000000000-mapping.dmp
-
memory/3408-258-0x0000000000000000-mapping.dmp
-
memory/3668-195-0x0000000000000000-mapping.dmp
-
memory/3668-197-0x0000011E210D0000-0x0000011E210D2000-memory.dmpFilesize
8KB
-
memory/3668-196-0x0000011E210D0000-0x0000011E210D2000-memory.dmpFilesize
8KB
-
memory/3708-276-0x0000000000000000-mapping.dmp
-
memory/3900-164-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-156-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-192-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-193-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-194-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-190-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-188-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-198-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-187-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-186-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-185-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-183-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-147-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-148-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-181-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-179-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-176-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-174-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-173-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-172-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-167-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-146-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-166-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-165-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-163-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-162-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-160-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-159-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-150-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-149-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-254-0x0000000000000000-mapping.dmp
-
memory/3900-158-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-157-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-154-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-152-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-155-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-153-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3900-151-0x00007FFCCC380000-0x00007FFCCC3E5000-memory.dmpFilesize
404KB
-
memory/3948-288-0x0000000000000000-mapping.dmp
-
memory/3992-244-0x0000000000000000-mapping.dmp
-
memory/4224-241-0x0000000000000000-mapping.dmp
-
memory/4796-189-0x0000025F031E0000-0x0000025F031E4000-memory.dmpFilesize
16KB
-
memory/4796-182-0x0000025F02E60000-0x0000025F02E70000-memory.dmpFilesize
64KB
-
memory/4796-180-0x0000025F02580000-0x0000025F02590000-memory.dmpFilesize
64KB
-
memory/4856-292-0x0000000000000000-mapping.dmp