Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
21-01-2022 10:58
Static task
static1
Behavioral task
behavioral1
Sample
PDF.VIVO.DIGITAL.URN5SP.msi
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
PDF.VIVO.DIGITAL.URN5SP.msi
Resource
win10-en-20211208
General
-
Target
PDF.VIVO.DIGITAL.URN5SP.msi
-
Size
3.4MB
-
MD5
a43b17ac461d2eee6153710850346200
-
SHA1
724917b805b4b609f3beaa7b713004b6d42d14f2
-
SHA256
2f45197ef087c00da456fa9dc97b038e387eb2508c6197ed3f438c87f9d07063
-
SHA512
6142cc2b3f904f49508c00e96bc69f4c21ca7547eb1f0ae01d37e3698b5436e5871c5750b5b12114b9516dc30d2f6b03b61a0e55d99c2b161063932f2f6b092d
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
-
Blocklisted process makes network request 2 IoCs
Processes:
MsiExec.exeflow pid process 18 764 MsiExec.exe 19 764 MsiExec.exe -
Executes dropped EXE 1 IoCs
Processes:
jp2launcher.exepid process 1732 jp2launcher.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
jp2launcher.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion jp2launcher.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion jp2launcher.exe -
Loads dropped DLL 8 IoCs
Processes:
MsiExec.exejp2launcher.exepid process 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 764 MsiExec.exe 1732 jp2launcher.exe 1732 jp2launcher.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SHFOLDER.dll themida \Users\Admin\AppData\Roaming\Microsoft\Windows\shfolder.dll themida \Users\Admin\AppData\Roaming\Microsoft\Windows\shfolder.dll themida behavioral2/memory/1732-147-0x00000000025F0000-0x0000000003A99000-memory.dmp themida behavioral2/memory/1732-151-0x00000000025F0000-0x0000000003A99000-memory.dmp themida behavioral2/memory/1732-161-0x00000000025F0000-0x0000000003A99000-memory.dmp themida behavioral2/memory/1732-168-0x00000000025F0000-0x0000000003A99000-memory.dmp themida -
Adds Run key to start application 2 TTPs 3 IoCs
Processes:
msiexec.exejp2launcher.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-369956170-74428499-1628131376-1000\Software\Microsoft\Windows\CurrentVersion\Run msiexec.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run jp2launcher.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Service = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\jp2launcher.exe" jp2launcher.exe -
Processes:
jp2launcher.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA jp2launcher.exe -
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
msiexec.exemsiexec.exedescription ioc process File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\F: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\F: msiexec.exe -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 26 ip-api.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
jp2launcher.exepid process 1732 jp2launcher.exe -
Drops file in Windows directory 12 IoCs
Processes:
msiexec.exedescription ioc process File opened for modification C:\Windows\Installer\MSIAA70.tmp msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSIA441.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIA4AF.tmp msiexec.exe File created C:\Windows\Installer\SourceHash{BDFCB183-FA69-4CC1-AFF7-D479FB84BF3F} msiexec.exe File opened for modification C:\Windows\Installer\MSIA993.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\Installer\f759ec1.msi msiexec.exe File opened for modification C:\Windows\Installer\f759ec1.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI9FCB.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSIA57B.tmp msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 408 764 WerFault.exe MsiExec.exe -
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 18 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious behavior: EnumeratesProcesses 41 IoCs
Processes:
msiexec.exeWerFault.exejp2launcher.exepid process 1352 msiexec.exe 1352 msiexec.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 408 WerFault.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe 1732 jp2launcher.exe -
Suspicious use of AdjustPrivilegeToken 51 IoCs
Processes:
msiexec.exemsiexec.exeWerFault.exedescription pid process Token: SeShutdownPrivilege 368 msiexec.exe Token: SeIncreaseQuotaPrivilege 368 msiexec.exe Token: SeSecurityPrivilege 1352 msiexec.exe Token: SeCreateTokenPrivilege 368 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 368 msiexec.exe Token: SeLockMemoryPrivilege 368 msiexec.exe Token: SeIncreaseQuotaPrivilege 368 msiexec.exe Token: SeMachineAccountPrivilege 368 msiexec.exe Token: SeTcbPrivilege 368 msiexec.exe Token: SeSecurityPrivilege 368 msiexec.exe Token: SeTakeOwnershipPrivilege 368 msiexec.exe Token: SeLoadDriverPrivilege 368 msiexec.exe Token: SeSystemProfilePrivilege 368 msiexec.exe Token: SeSystemtimePrivilege 368 msiexec.exe Token: SeProfSingleProcessPrivilege 368 msiexec.exe Token: SeIncBasePriorityPrivilege 368 msiexec.exe Token: SeCreatePagefilePrivilege 368 msiexec.exe Token: SeCreatePermanentPrivilege 368 msiexec.exe Token: SeBackupPrivilege 368 msiexec.exe Token: SeRestorePrivilege 368 msiexec.exe Token: SeShutdownPrivilege 368 msiexec.exe Token: SeDebugPrivilege 368 msiexec.exe Token: SeAuditPrivilege 368 msiexec.exe Token: SeSystemEnvironmentPrivilege 368 msiexec.exe Token: SeChangeNotifyPrivilege 368 msiexec.exe Token: SeRemoteShutdownPrivilege 368 msiexec.exe Token: SeUndockPrivilege 368 msiexec.exe Token: SeSyncAgentPrivilege 368 msiexec.exe Token: SeEnableDelegationPrivilege 368 msiexec.exe Token: SeManageVolumePrivilege 368 msiexec.exe Token: SeImpersonatePrivilege 368 msiexec.exe Token: SeCreateGlobalPrivilege 368 msiexec.exe Token: SeRestorePrivilege 1352 msiexec.exe Token: SeTakeOwnershipPrivilege 1352 msiexec.exe Token: SeRestorePrivilege 1352 msiexec.exe Token: SeTakeOwnershipPrivilege 1352 msiexec.exe Token: SeRestorePrivilege 1352 msiexec.exe Token: SeTakeOwnershipPrivilege 1352 msiexec.exe Token: SeRestorePrivilege 1352 msiexec.exe Token: SeTakeOwnershipPrivilege 1352 msiexec.exe Token: SeRestorePrivilege 1352 msiexec.exe Token: SeTakeOwnershipPrivilege 1352 msiexec.exe Token: SeRestorePrivilege 1352 msiexec.exe Token: SeTakeOwnershipPrivilege 1352 msiexec.exe Token: SeRestorePrivilege 1352 msiexec.exe Token: SeTakeOwnershipPrivilege 1352 msiexec.exe Token: SeRestorePrivilege 1352 msiexec.exe Token: SeTakeOwnershipPrivilege 1352 msiexec.exe Token: SeRestorePrivilege 408 WerFault.exe Token: SeBackupPrivilege 408 WerFault.exe Token: SeDebugPrivilege 408 WerFault.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
msiexec.exepid process 368 msiexec.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
msiexec.exeMsiExec.exedescription pid process target process PID 1352 wrote to memory of 764 1352 msiexec.exe MsiExec.exe PID 1352 wrote to memory of 764 1352 msiexec.exe MsiExec.exe PID 1352 wrote to memory of 764 1352 msiexec.exe MsiExec.exe PID 764 wrote to memory of 1732 764 MsiExec.exe jp2launcher.exe PID 764 wrote to memory of 1732 764 MsiExec.exe jp2launcher.exe PID 764 wrote to memory of 1732 764 MsiExec.exe jp2launcher.exe
Processes
-
C:\Windows\system32\msiexec.exemsiexec.exe /I C:\Users\Admin\AppData\Local\Temp\PDF.VIVO.DIGITAL.URN5SP.msi1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1859427021E429DB85FD00AD58A53A6F2⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\jp2launcher.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\jp2launcher.exe"3⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 16243⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\MSI59c12.LOGMD5
e8dc53a8382366f6e89fc103c6249c9e
SHA133540e7f2a26e032e10ac7d007812efc436bc0c8
SHA2566bf2160fee18862d16bbe14541cf0db83e8a10c9d07d3de1475f1e66e022a6c6
SHA512bc297c8315d05484d8a0822164082ead1ad25296ce84010fa0be0e22dfcb0f62ca38c064d32f2eaeb9aef5de66a0506e80b74970697ca3b6f19e56d9d62017bd
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SHFOLDER.dllMD5
c297d9dd9304f70a8eacffe09b4697b9
SHA1f85f93cf0f4b0292c496e4c05b1e8f068ec32337
SHA2561bb47c29af21042650e01c6c0a9d9f851687216f110293671664166e65bef81b
SHA5123c2c47889c53ecdce9173a24554abf51b67c7121f4f5c42d0df01cebfda47bc30fd4a7b4ac9b342e725fd67c716ea17cbd2c4a670816e01c3dea983d6838a07e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\jp2launcher.exeMD5
b2218df5c3373a9a1b619e53281e9806
SHA18b683c897ecc6fa6881d29f6c41c7c159d65fa62
SHA256681ccc9e5bab3a23b3ce31fdc1eb8db268e79e1521e748d8f8c951d10a3a096c
SHA5121ea2d938086d3494f477c2e5459e2d5e1b57b7cf37aef792b745b7a261fcff183703696da2a52724331ec15ae82bc0a5dcdfd53d4a5374c38cafe23e15e10023
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\jp2launcher.exeMD5
b2218df5c3373a9a1b619e53281e9806
SHA18b683c897ecc6fa6881d29f6c41c7c159d65fa62
SHA256681ccc9e5bab3a23b3ce31fdc1eb8db268e79e1521e748d8f8c951d10a3a096c
SHA5121ea2d938086d3494f477c2e5459e2d5e1b57b7cf37aef792b745b7a261fcff183703696da2a52724331ec15ae82bc0a5dcdfd53d4a5374c38cafe23e15e10023
-
C:\Windows\Installer\MSI9FCB.tmpMD5
305a50c391a94b42a68958f3f89906fb
SHA14110d68d71f3594f5d3bdfca91a1c759ab0105d4
SHA256f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f
SHA512fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7
-
C:\Windows\Installer\MSIA441.tmpMD5
305a50c391a94b42a68958f3f89906fb
SHA14110d68d71f3594f5d3bdfca91a1c759ab0105d4
SHA256f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f
SHA512fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7
-
C:\Windows\Installer\MSIA4AF.tmpMD5
305a50c391a94b42a68958f3f89906fb
SHA14110d68d71f3594f5d3bdfca91a1c759ab0105d4
SHA256f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f
SHA512fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7
-
C:\Windows\Installer\MSIA57B.tmpMD5
305a50c391a94b42a68958f3f89906fb
SHA14110d68d71f3594f5d3bdfca91a1c759ab0105d4
SHA256f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f
SHA512fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7
-
C:\Windows\Installer\MSIAA70.tmpMD5
87f70ac02d0d1af6c4ff6e0be80e6049
SHA1c6209060c14ddeae1243d2a37b156d6c02c0a2fb
SHA2560a384078f1719f7b482a48d0ba78c5a3357aa5c0e1e836f236c8f6b4608efcc1
SHA5129addb90e42392620c51b122b26a822aa2d6b959c54d6031a7a6ae1ad2c6d7feaf8c99582ab6201ce473b6b887bb50bd305bbd2b0d82fc8bc35515baa1ecda481
-
\Users\Admin\AppData\Roaming\Microsoft\Windows\shfolder.dllMD5
c297d9dd9304f70a8eacffe09b4697b9
SHA1f85f93cf0f4b0292c496e4c05b1e8f068ec32337
SHA2561bb47c29af21042650e01c6c0a9d9f851687216f110293671664166e65bef81b
SHA5123c2c47889c53ecdce9173a24554abf51b67c7121f4f5c42d0df01cebfda47bc30fd4a7b4ac9b342e725fd67c716ea17cbd2c4a670816e01c3dea983d6838a07e
-
\Users\Admin\AppData\Roaming\Microsoft\Windows\shfolder.dllMD5
c297d9dd9304f70a8eacffe09b4697b9
SHA1f85f93cf0f4b0292c496e4c05b1e8f068ec32337
SHA2561bb47c29af21042650e01c6c0a9d9f851687216f110293671664166e65bef81b
SHA5123c2c47889c53ecdce9173a24554abf51b67c7121f4f5c42d0df01cebfda47bc30fd4a7b4ac9b342e725fd67c716ea17cbd2c4a670816e01c3dea983d6838a07e
-
\Windows\Installer\MSI9FCB.tmpMD5
305a50c391a94b42a68958f3f89906fb
SHA14110d68d71f3594f5d3bdfca91a1c759ab0105d4
SHA256f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f
SHA512fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7
-
\Windows\Installer\MSIA441.tmpMD5
305a50c391a94b42a68958f3f89906fb
SHA14110d68d71f3594f5d3bdfca91a1c759ab0105d4
SHA256f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f
SHA512fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7
-
\Windows\Installer\MSIA4AF.tmpMD5
305a50c391a94b42a68958f3f89906fb
SHA14110d68d71f3594f5d3bdfca91a1c759ab0105d4
SHA256f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f
SHA512fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7
-
\Windows\Installer\MSIA57B.tmpMD5
305a50c391a94b42a68958f3f89906fb
SHA14110d68d71f3594f5d3bdfca91a1c759ab0105d4
SHA256f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f
SHA512fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7
-
\Windows\Installer\MSIAA70.tmpMD5
87f70ac02d0d1af6c4ff6e0be80e6049
SHA1c6209060c14ddeae1243d2a37b156d6c02c0a2fb
SHA2560a384078f1719f7b482a48d0ba78c5a3357aa5c0e1e836f236c8f6b4608efcc1
SHA5129addb90e42392620c51b122b26a822aa2d6b959c54d6031a7a6ae1ad2c6d7feaf8c99582ab6201ce473b6b887bb50bd305bbd2b0d82fc8bc35515baa1ecda481
-
\Windows\Installer\MSIAA70.tmpMD5
87f70ac02d0d1af6c4ff6e0be80e6049
SHA1c6209060c14ddeae1243d2a37b156d6c02c0a2fb
SHA2560a384078f1719f7b482a48d0ba78c5a3357aa5c0e1e836f236c8f6b4608efcc1
SHA5129addb90e42392620c51b122b26a822aa2d6b959c54d6031a7a6ae1ad2c6d7feaf8c99582ab6201ce473b6b887bb50bd305bbd2b0d82fc8bc35515baa1ecda481
-
memory/764-134-0x0000000001270000-0x0000000001271000-memory.dmpFilesize
4KB
-
memory/764-133-0x0000000004BB0000-0x0000000004E99000-memory.dmpFilesize
2.9MB
-
memory/1732-140-0x0000000077BF0000-0x0000000077D7E000-memory.dmpFilesize
1.6MB
-
memory/1732-147-0x00000000025F0000-0x0000000003A99000-memory.dmpFilesize
20.7MB
-
memory/1732-151-0x00000000025F0000-0x0000000003A99000-memory.dmpFilesize
20.7MB
-
memory/1732-161-0x00000000025F0000-0x0000000003A99000-memory.dmpFilesize
20.7MB
-
memory/1732-168-0x00000000025F0000-0x0000000003A99000-memory.dmpFilesize
20.7MB
-
memory/1732-200-0x0000000000630000-0x000000000077A000-memory.dmpFilesize
1.3MB