Analysis
-
max time kernel
218s -
max time network
141s -
platform
windows11_x64 -
resource
win11 -
submitted
15-10-2021 12:17
General
-
Target
1.msi
-
Size
279KB
-
MD5
996ed694f0957931dd986e12ad361aea
-
SHA1
7a7577b960d8025a97e49ebe03ae8cc0b936b697
-
SHA256
d314cbad13af12a9bcc3178b54b78d477a1f3e7dc49f562d3a0b2e87e1387539
-
SHA512
4c9310ce8cfb1a92a575fd95256726ee9602a5596e93b89bf8d87743b1a048bb9e3425d8decd803b3e0cb41068fe2a24d433c3b56760c9fc31fa1a6974a91ff8
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 10 IoCs
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Windows directory 13 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Modifies data under HKEY_USERS 43 IoCs
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious use of AdjustPrivilegeToken 47 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\1.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\Upfc.exeC:\Windows\System32\Upfc.exe /launchtype periodic /cv 5cJdBqz8IEWF3cnbfLhqjQ.01⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -s W32Time1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵
- Modifies data under HKEY_USERS
-
C:\Windows\System32\sihclient.exeC:\Windows\System32\sihclient.exe /cv bIwyp2o330q1fggh9KFnew.0.21⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding CE081B2A54CD2C4D7BC01FB237566C0C2⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\IGBDSGYO.microsoft\SGvwcAWceb.exe"C:\Users\Admin\IGBDSGYO.microsoft\SGvwcAWceb.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\SysWOW64\cmd.exe" /C schtasks /CREATE /TN "update-kl " /TR C:\\Users\Admin\IGBDSGYO.microsoft\SGvwcAWceb.exe /SC minute /MO 2 /IT /RU %USERNAME%4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "update-kl " /TR C:\\Users\Admin\IGBDSGYO.microsoft\SGvwcAWceb.exe /SC minute /MO 2 /IT /RU Admin5⤵
- Creates scheduled task(s)
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\IGBDSGYO.microsoft\Core.dllMD5
8198bb1b12b41a286c7bbfa51fc45e46
SHA16c954fea8676904c0999f179bab8067896e9a14a
SHA256d37968ee7da25c83b9417218249d13a3cd177d8f30e012246a0ac4e32a307c77
SHA512a385332fdfa5d032283624cbf2e56f9b3618bac3a6b2cd96a0ce3923ebde8db5e27694d25f6d0ff22c1baa2ad458c12584ca3e067762e021f99479f9e732d703
-
C:\Users\Admin\IGBDSGYO.microsoft\Core.dllMD5
8198bb1b12b41a286c7bbfa51fc45e46
SHA16c954fea8676904c0999f179bab8067896e9a14a
SHA256d37968ee7da25c83b9417218249d13a3cd177d8f30e012246a0ac4e32a307c77
SHA512a385332fdfa5d032283624cbf2e56f9b3618bac3a6b2cd96a0ce3923ebde8db5e27694d25f6d0ff22c1baa2ad458c12584ca3e067762e021f99479f9e732d703
-
C:\Users\Admin\IGBDSGYO.microsoft\Host.hstMD5
636751d2275aa408143eee52e57ceabd
SHA140ed9674b1f954c97da18d21892288e0f52683b3
SHA256bb6c1fe37ab3f9e348aca3c969e1b3ba7c7134d5cea912c9c0c3f3795122de0c
SHA5121768518400f40bfbdf75146bf3f9e55538956dac3f0320b1152d2ef1fc7ec050f4248241601682922e5ce9d474a69fdc0445c2d3d9af0387b07bdc4dc828b0da
-
C:\Users\Admin\IGBDSGYO.microsoft\SGvwcAWceb.exeMD5
113badfe1404cd59640cad6b409acb98
SHA12621f79b2143ae3704e814756e01d326d5145a5a
SHA25635a42f9ea63f72cda8a6c7af60a3fac081154128cba2bf7a7392d85383b6d18a
SHA512f861e831b8311094e32071191585eaceaa512d2bc42096e243a1f94309546614cd788231ce08484039bc70c41824f6c6055b9add233b4793a79f3f399b3cbafb
-
C:\Users\Admin\IGBDSGYO.microsoft\SGvwcAWceb.exeMD5
113badfe1404cd59640cad6b409acb98
SHA12621f79b2143ae3704e814756e01d326d5145a5a
SHA25635a42f9ea63f72cda8a6c7af60a3fac081154128cba2bf7a7392d85383b6d18a
SHA512f861e831b8311094e32071191585eaceaa512d2bc42096e243a1f94309546614cd788231ce08484039bc70c41824f6c6055b9add233b4793a79f3f399b3cbafb
-
C:\Users\Admin\IGBDSGYO.microsoft\VoiceRemover.dllMD5
f82d4f0dae5b9fec3a2c9eda117a3e7d
SHA1a85ecba1354fa9fe9c1df86ecd0f6c4f97fb55c5
SHA25681f82b73951aadbf02acc849bf0f262e74c0b274db73a188e2016154f0bff0e5
SHA512d2eb4b2d54666dada213fbd67ef92d980b180fc10f29e044fb1c0ff6adb74d7be412ef20a902a8c8deab5ba6dcf55c846de13cf40cd27f5baefac3663944c0cb
-
C:\Users\Admin\IGBDSGYO.microsoft\VoiceRemover.dllMD5
f82d4f0dae5b9fec3a2c9eda117a3e7d
SHA1a85ecba1354fa9fe9c1df86ecd0f6c4f97fb55c5
SHA25681f82b73951aadbf02acc849bf0f262e74c0b274db73a188e2016154f0bff0e5
SHA512d2eb4b2d54666dada213fbd67ef92d980b180fc10f29e044fb1c0ff6adb74d7be412ef20a902a8c8deab5ba6dcf55c846de13cf40cd27f5baefac3663944c0cb
-
C:\Users\Admin\IGBDSGYO.microsoft\bass.dllMD5
c0b11a7e60f69241ddcb278722ab962f
SHA1ff855961eb5ed8779498915bab3d642044fc9bb1
SHA256a8d979460e970e84eacce36b8a68ae5f6b9cc0fe16e05a6209b4ead52b81b021
SHA512cb040aca6592310bffb72c898b8eb3ca8a46ff2df50212634c637593c58683c8ab62e0188da7aea362e1b063ae5db55cf4bf474295922af0ab94a526465cc472
-
C:\Users\Admin\IGBDSGYO.microsoft\bass.dllMD5
c0b11a7e60f69241ddcb278722ab962f
SHA1ff855961eb5ed8779498915bab3d642044fc9bb1
SHA256a8d979460e970e84eacce36b8a68ae5f6b9cc0fe16e05a6209b4ead52b81b021
SHA512cb040aca6592310bffb72c898b8eb3ca8a46ff2df50212634c637593c58683c8ab62e0188da7aea362e1b063ae5db55cf4bf474295922af0ab94a526465cc472
-
C:\Users\Admin\IGBDSGYO.microsoft\bass_fx.dllMD5
ea245b00b9d27ef2bd96548a50a9cc2c
SHA18463fdcdd5ced10c519ee0b406408ae55368e094
SHA2564824a06b819cbe49c485d68a9802d9dae3e3c54d4c2d8b706c8a87b56ceefbf3
SHA512ef1e107571402925ab5b1d9b096d7ceff39c1245a23692a3976164d0de0314f726cca0cb10246fe58a13618fd5629a92025628373b3264153fc1d79b0415d9a7
-
C:\Users\Admin\IGBDSGYO.microsoft\bass_fx.dllMD5
ea245b00b9d27ef2bd96548a50a9cc2c
SHA18463fdcdd5ced10c519ee0b406408ae55368e094
SHA2564824a06b819cbe49c485d68a9802d9dae3e3c54d4c2d8b706c8a87b56ceefbf3
SHA512ef1e107571402925ab5b1d9b096d7ceff39c1245a23692a3976164d0de0314f726cca0cb10246fe58a13618fd5629a92025628373b3264153fc1d79b0415d9a7
-
C:\Users\Admin\IGBDSGYO.microsoft\bassenc.dllMD5
55bb778fba7c0e7680d9536c26faff11
SHA1228b4cc2e25ab11d6d17511d2dcf54481589777c
SHA25671b779210d17cb75342fd229c6355a833927a76a9de3face5b88b3b18c345133
SHA512be4089ceb47469d1d89707eb5ae79fb474a505886bcd83c662ebd6ac9cae92cc03b9689cb937c5df5862e6c3f1e0495e5011d59521a910dd3277527ac424c155
-
C:\Users\Admin\IGBDSGYO.microsoft\bassenc.dllMD5
55bb778fba7c0e7680d9536c26faff11
SHA1228b4cc2e25ab11d6d17511d2dcf54481589777c
SHA25671b779210d17cb75342fd229c6355a833927a76a9de3face5b88b3b18c345133
SHA512be4089ceb47469d1d89707eb5ae79fb474a505886bcd83c662ebd6ac9cae92cc03b9689cb937c5df5862e6c3f1e0495e5011d59521a910dd3277527ac424c155
-
C:\Users\Admin\IGBDSGYO.microsoft\bassmidi.dllMD5
d0a54eb738b9820b51ed73d72feb07ef
SHA18946aa2c6f58cd13746ce42ede3b57fda262c6e0
SHA256a008e8fd7dec540c7d1d90e89dedaa3760902cb9a2d87bfc32af29efc7228e95
SHA512f74eb0522a1a5aeb2208485007fb1ee8ef537bc4fd739a10c597c37a2bf72ba0c1c8ad332aa3387f7eaef8bca20b9861f771af049ec18d6aafc7c2399523f91c
-
C:\Users\Admin\IGBDSGYO.microsoft\bassmidi.dllMD5
d0a54eb738b9820b51ed73d72feb07ef
SHA18946aa2c6f58cd13746ce42ede3b57fda262c6e0
SHA256a008e8fd7dec540c7d1d90e89dedaa3760902cb9a2d87bfc32af29efc7228e95
SHA512f74eb0522a1a5aeb2208485007fb1ee8ef537bc4fd739a10c597c37a2bf72ba0c1c8ad332aa3387f7eaef8bca20b9861f771af049ec18d6aafc7c2399523f91c
-
C:\Users\Admin\IGBDSGYO.microsoft\bassmidi.dllMD5
d0a54eb738b9820b51ed73d72feb07ef
SHA18946aa2c6f58cd13746ce42ede3b57fda262c6e0
SHA256a008e8fd7dec540c7d1d90e89dedaa3760902cb9a2d87bfc32af29efc7228e95
SHA512f74eb0522a1a5aeb2208485007fb1ee8ef537bc4fd739a10c597c37a2bf72ba0c1c8ad332aa3387f7eaef8bca20b9861f771af049ec18d6aafc7c2399523f91c
-
C:\Users\Admin\IGBDSGYO.microsoft\bassmix.dllMD5
2358e10faa66a1c38caf7c3bcecf3386
SHA117a05b02fbb619a874996c32267fb49a19335eb4
SHA256b0197e1bae8448c4e334e1e8706be354d79b3a700860e9c2589905fb74b8672a
SHA5126801931659430be3996686a7466bb9dc2692499521b6d165cd1002616609833d119d17c30b1ba7fae50e8ca95bda5961115eee4ed47db25e0e69f423562f2eeb
-
C:\Users\Admin\IGBDSGYO.microsoft\bassmix.dllMD5
2358e10faa66a1c38caf7c3bcecf3386
SHA117a05b02fbb619a874996c32267fb49a19335eb4
SHA256b0197e1bae8448c4e334e1e8706be354d79b3a700860e9c2589905fb74b8672a
SHA5126801931659430be3996686a7466bb9dc2692499521b6d165cd1002616609833d119d17c30b1ba7fae50e8ca95bda5961115eee4ed47db25e0e69f423562f2eeb
-
C:\Users\Admin\IGBDSGYO.microsoft\win_sparkle_check_update_with_ui_and_installMD5
aca8cda74e0853bb17c9378060be5493
SHA114f76ba9e4c8547b8fb28ea27d907ae000dd5220
SHA2562903a54f02576e3ceae76617ce4c169502cb53de2f62d9bd05bcd56a292343c9
SHA5123b03fd5ddb0b2320b773208bd1e6ab8c0cdf6628ea8793ef1fa440b025af5168ef2ebf3178765fe1de0d49d479fae9a00ccff681351f32e5a8371cf1db7d3540
-
C:\Windows\Installer\MSIBC46.tmpMD5
9f1e5d66c2889018daef4aef604eebc4
SHA1b80294261c8a1635e16e14f55a3d76889ff2c857
SHA25602a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222
SHA5128f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b
-
C:\Windows\Installer\MSIBC46.tmpMD5
9f1e5d66c2889018daef4aef604eebc4
SHA1b80294261c8a1635e16e14f55a3d76889ff2c857
SHA25602a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222
SHA5128f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b
-
C:\Windows\Installer\MSIBE5A.tmpMD5
9f1e5d66c2889018daef4aef604eebc4
SHA1b80294261c8a1635e16e14f55a3d76889ff2c857
SHA25602a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222
SHA5128f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b
-
C:\Windows\Installer\MSIBE5A.tmpMD5
9f1e5d66c2889018daef4aef604eebc4
SHA1b80294261c8a1635e16e14f55a3d76889ff2c857
SHA25602a81aea451cdfa2cd6668e3b814c4e50c6025e36b70ab972a8cc68aba5b3222
SHA5128f8cbba79d2b6541e8b603a4a395cb938d77c358563bd745449bfee107ee64b88254a79ca5dd72fa05798a75c1464e7cca52556829f258009a3d33c9c3c5d39b
-
memory/2496-154-0x00000000033C0000-0x00000000033C1000-memory.dmpFilesize
4KB
-
memory/2496-155-0x00000000033C0000-0x00000000033C1000-memory.dmpFilesize
4KB
-
memory/2496-153-0x0000000000000000-mapping.dmp
-
memory/2540-149-0x0000022EBA950000-0x0000022EBA952000-memory.dmpFilesize
8KB
-
memory/2540-148-0x0000022EBA950000-0x0000022EBA952000-memory.dmpFilesize
8KB
-
memory/3988-251-0x0000000000000000-mapping.dmp
-
memory/4252-252-0x0000000000000000-mapping.dmp
-
memory/4736-151-0x00000242941B0000-0x00000242941C0000-memory.dmpFilesize
64KB
-
memory/4736-152-0x00000242943E0000-0x00000242943E4000-memory.dmpFilesize
16KB
-
memory/4736-150-0x0000024293F60000-0x0000024293F70000-memory.dmpFilesize
64KB
-
memory/4952-146-0x0000024E38B10000-0x0000024E38B12000-memory.dmpFilesize
8KB
-
memory/4952-147-0x0000024E38B10000-0x0000024E38B12000-memory.dmpFilesize
8KB
-
memory/5096-194-0x0000000003430000-0x0000000003431000-memory.dmpFilesize
4KB
-
memory/5096-211-0x0000000003480000-0x0000000003481000-memory.dmpFilesize
4KB
-
memory/5096-183-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-184-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-185-0x0000000003400000-0x0000000003401000-memory.dmpFilesize
4KB
-
memory/5096-186-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-187-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-188-0x0000000003410000-0x0000000003411000-memory.dmpFilesize
4KB
-
memory/5096-189-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-190-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-192-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-191-0x0000000003420000-0x0000000003421000-memory.dmpFilesize
4KB
-
memory/5096-193-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-181-0x0000000072A10000-0x0000000072A1C000-memory.dmpFilesize
48KB
-
memory/5096-195-0x0000000002BC0000-0x0000000002BC4000-memory.dmpFilesize
16KB
-
memory/5096-197-0x0000000002C00000-0x0000000002C01000-memory.dmpFilesize
4KB
-
memory/5096-198-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-199-0x0000000003440000-0x0000000003441000-memory.dmpFilesize
4KB
-
memory/5096-200-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-196-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-202-0x0000000003450000-0x0000000003451000-memory.dmpFilesize
4KB
-
memory/5096-203-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-201-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-204-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-206-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-205-0x0000000003460000-0x0000000003461000-memory.dmpFilesize
4KB
-
memory/5096-207-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-208-0x0000000003470000-0x0000000003471000-memory.dmpFilesize
4KB
-
memory/5096-209-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-210-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-212-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-182-0x00000000032F0000-0x00000000032F1000-memory.dmpFilesize
4KB
-
memory/5096-213-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-214-0x0000000003490000-0x0000000003491000-memory.dmpFilesize
4KB
-
memory/5096-216-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-215-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-217-0x00000000034A0000-0x00000000034A1000-memory.dmpFilesize
4KB
-
memory/5096-218-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-219-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-220-0x00000000034B0000-0x00000000034B1000-memory.dmpFilesize
4KB
-
memory/5096-221-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-223-0x00000000034C0000-0x00000000034C1000-memory.dmpFilesize
4KB
-
memory/5096-224-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-222-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-225-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-226-0x00000000034D0000-0x00000000034D1000-memory.dmpFilesize
4KB
-
memory/5096-227-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-228-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-229-0x00000000034E0000-0x00000000034E1000-memory.dmpFilesize
4KB
-
memory/5096-230-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-231-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-233-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-232-0x00000000034F0000-0x00000000034F1000-memory.dmpFilesize
4KB
-
memory/5096-234-0x00000000030C0000-0x0000000003200000-memory.dmpFilesize
1.2MB
-
memory/5096-235-0x0000000003500000-0x0000000003501000-memory.dmpFilesize
4KB
-
memory/5096-244-0x0000000003510000-0x0000000003511000-memory.dmpFilesize
4KB
-
memory/5096-245-0x0000000003520000-0x0000000003521000-memory.dmpFilesize
4KB
-
memory/5096-180-0x0000000002B00000-0x0000000002B18000-memory.dmpFilesize
96KB
-
memory/5096-248-0x0000000004EA1000-0x00000000052DF000-memory.dmpFilesize
4.2MB
-
memory/5096-249-0x0000000004E30000-0x0000000004E75000-memory.dmpFilesize
276KB
-
memory/5096-250-0x0000000002B10000-0x0000000002B11000-memory.dmpFilesize
4KB
-
memory/5096-179-0x0000000072A20000-0x0000000072A70000-memory.dmpFilesize
320KB
-
memory/5096-178-0x0000000000F71000-0x0000000001243000-memory.dmpFilesize
2.8MB
-
memory/5096-160-0x0000000000000000-mapping.dmp