Analysis
-
max time kernel
187s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
03-05-2022 00:17
General
-
Target
f7d19b967d8d5c4430f1f07b8e8012b7e4350a36e98d0f76b672c0227d5e37cc.exe
-
Size
978KB
-
MD5
0a57cf93855798d5c2e7d73e3e246273
-
SHA1
be46616f832c6af9f3d148ca9627e50cf99d18a4
-
SHA256
f7d19b967d8d5c4430f1f07b8e8012b7e4350a36e98d0f76b672c0227d5e37cc
-
SHA512
482aa50e50a901c48485d34e97a8b8fc05e0ff996c13a53182e692a6b710da8d060b69c8eede09a9471797417c30a55f600d76a063082623d159c3e6ad663ec4
Score
10/10
Malware Config
Signatures
-
Modifies system executable filetype association 2 TTPs 4 IoCs
-
Registers COM server for autorun 1 TTPs
-
Disables use of System Restore points 1 TTPs
-
Executes dropped EXE 1 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Disables Windows logging functionality 2 TTPs
Changes registry settings to disable Windows Event logging.
-
Modifies Internet Explorer settings 1 TTPs 31 IoCs
-
Modifies Internet Explorer start page 1 TTPs 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Runs .reg file with regedit 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f7d19b967d8d5c4430f1f07b8e8012b7e4350a36e98d0f76b672c0227d5e37cc.exe"C:\Users\Admin\AppData\Local\Temp\f7d19b967d8d5c4430f1f07b8e8012b7e4350a36e98d0f76b672c0227d5e37cc.exe"1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- NTFS ADS
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd.exe /c regedit /s "C:\Users\Admin\AppData\Local\Temp\WIN7优化.reg"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\regedit.exeregedit /s "C:\Users\Admin\AppData\Local\Temp\WIN7优化.reg"3⤵
- Modifies system executable filetype association
- Adds Run key to start application
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Runs .reg file with regedit
-
C:\Windows\system32\cmd.execmd.exe /c regedit /s "C:\Users\Admin\AppData\Local\Temp\WIN7优化2.reg"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\regedit.exeregedit /s "C:\Users\Admin\AppData\Local\Temp\WIN7优化2.reg"3⤵
- Runs .reg file with regedit
-
C:\Users\Admin\AppData\Local\Temp\WIN7服务.exeC:\Users\Admin\AppData\Local\Temp\WIN7服务.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\8815.tmp\Win7·þÎñ.bat" "3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exesc config AeLookupSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config ALG start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config AppIDSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Appinfo start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config AppMgmt start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config AudioEndpointBuilder start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config Audiosrv start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config AxInstSV start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config BDESVC start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config BFE start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config BITS start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config Browser start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config bthserv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config CertPropSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config clr_optimization_v2.0.50727_32 start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config COMSysApp start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config CryptSvc start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config CscService start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config DcomLaunch start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config defragsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Dhcp start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config Dnscache start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config dot3svc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config DPS start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config EapHost start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config EFS start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config ehRecvr start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config ehSched start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config eventlog start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config EventSystem start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config Fax start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config fdPHost start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config FDResPub start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config FontCache start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config FontCache3.0.0.0 start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config gpsvc start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config hidserv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config hkmsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config HomeGroupListener start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config HomeGroupProvider start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config idsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config IKEEXT start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config IPBusEnum start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config iphlpsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config KeyIso start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config KtmRm start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config LanmanServer start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config LanmanWorkstation start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config lltdsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config lmhosts start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config Mcx2Svc start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config MMCSS start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config MpsSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config MSDTC start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config MSiSCSI start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config msiserver start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config napagent start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Netlogon start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Netman start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config netprofm start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config NetTcpPortSharing start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config NlaSvc start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config nsi start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config p2pimsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config p2psvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config PcaSvc start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config PeerDistSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config pla start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config PlugPlay start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config PNRPAutoReg start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config PNRPsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config PolicyAgent start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Power start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config ProfSvc start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config ProtectedStorage start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config QWAVE start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config RasAuto start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config RasMan start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config RemoteAccess start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config RemoteRegistry start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config RpcEptMapper start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config RpcLocator start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config RpcSs start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config SamSs start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config SCardSvr start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Schedule start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config SCPolicySvc start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config SDRSVC start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config seclogon start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config SENS start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config SensrSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SessionEnv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SharedAccess start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config ShellHWDetection start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SNMPTRAP start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config Spooler start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config sppsvc start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config sppuinotify start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SSDPSRV start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SstpSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config StiSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config swprv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SysMain start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config TabletInputService start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config TapiSrv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config TBS start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config TermService start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Themes start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config THREADORDER start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config TrkWks start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config TrustedInstaller start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config UI0Detect start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config UmRdpService start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config upnphost start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config UxSms start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config VaultSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config vds start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config VSS start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config W32Time start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config wbengine start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WbioSrvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config wcncsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WcsPlugInService start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WdiServiceHost start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config WdiSystemHost start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config WebClient start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Wecsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config wercplsupport start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config WerSvc start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config WinDefend start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WinHttpAutoProxySvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Winmgmt start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config WinRM start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config Wlansvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config wmiApSrv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WMPNetworkSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WPCSvc start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config WPDBusEnum start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config wscsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WSearch start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config wuauserv start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config wudfsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WwanSvc start= DEMAND4⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c powercfg -change -monitor-timeout-ac 152⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-ac 153⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c powercfg -change -standby-timeout-ac 02⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-ac 03⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del /f /s /q %windir%\*.bak2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\8815.tmp\Win7·þÎñ.batFilesize
5KB
MD549efc4c8ac66c2abce02c89024c2d706
SHA1bac073d6839819f7e492a651e28ddeaef13d3c52
SHA2562669563af2fd6f7519db936a899ed3fd431214f7742b855db702d5e74b32c34e
SHA512828e9ccaca818174ffd6f9ae9fe933eb84fbbbef1556fc73bca8d0a71b01d57cc443ba8e54b048d4859b37bdafd5e0bd6d8a807972b349dfefff94f0734734b6
-
C:\Users\Admin\AppData\Local\Temp\WIN7优化.regFilesize
32KB
MD5fd27cb1190fbd22a8ab0aeb5571ae411
SHA1c856be5e2d203b6057fde26690c5c25b4c7fc39d
SHA256792e23f946a93b8d444e55b7ba59246000daa39293f557388883d40491edfeb6
SHA5122bf3d39f80ed1dc79869dd3e0bdaa7aed92c204e4c9ca963584be9c6c3acf7127a2c7aaf39e4cddf1d4798e5f29f5b993c57d0f32e32e143f93ae98ab4848265
-
C:\Users\Admin\AppData\Local\Temp\WIN7优化2.regFilesize
974B
MD58fc60d0f06d32a7949710c6a1a1de036
SHA119f8e1f33fef6681cf56d783dc02c92421978b66
SHA256411161d4a4cf5dc07f9eb2398c31fbb83bf5b7f76d2bd9dced759719f12c36fa
SHA512e96596701c612fe54d711c0408b8461f1b665b2f6a1a7a5ee9d1d3dbc24c1bcb8434b0def86c3701f9540b7597cb8905d4aee1b0b55d4fabad0d8bfff8d5a8df
-
C:\Users\Admin\AppData\Local\Temp\WIN7服务.exeFilesize
31KB
MD525e6a394a01e13ed75c5cae03eb63a23
SHA19d88f80e6db01fc8fcaf0518976706e1f6a94e0d
SHA25649f7526676569f75456d41ad027bc2cd687b6f03aac1f74565d05b6a7f771e4a
SHA512f053fe79dcc7383c43260c1a3820a9ed47ff51872ed053943d1b8c7be3fa9f1ce983fba4da2c8a2abcd8f6eecb390c6c6020993b5ecea7dbf035e59f6548fc18
-
memory/112-80-0x0000000000000000-mapping.dmp
-
memory/112-105-0x0000000000000000-mapping.dmp
-
memory/304-125-0x0000000000000000-mapping.dmp
-
memory/316-78-0x0000000000000000-mapping.dmp
-
memory/336-88-0x0000000000000000-mapping.dmp
-
memory/392-68-0x0000000000000000-mapping.dmp
-
memory/428-118-0x0000000000000000-mapping.dmp
-
memory/432-60-0x0000000000000000-mapping.dmp
-
memory/552-104-0x0000000000000000-mapping.dmp
-
memory/560-77-0x0000000000000000-mapping.dmp
-
memory/560-102-0x0000000000000000-mapping.dmp
-
memory/568-124-0x0000000000000000-mapping.dmp
-
memory/612-112-0x0000000000000000-mapping.dmp
-
memory/624-113-0x0000000000000000-mapping.dmp
-
memory/652-114-0x0000000000000000-mapping.dmp
-
memory/668-94-0x0000000000000000-mapping.dmp
-
memory/684-107-0x0000000000000000-mapping.dmp
-
memory/764-120-0x0000000000000000-mapping.dmp
-
memory/808-95-0x0000000000000000-mapping.dmp
-
memory/812-59-0x0000000000000000-mapping.dmp
-
memory/820-89-0x0000000000000000-mapping.dmp
-
memory/860-111-0x0000000000000000-mapping.dmp
-
memory/880-100-0x0000000000000000-mapping.dmp
-
memory/880-75-0x0000000000000000-mapping.dmp
-
memory/908-69-0x0000000000000000-mapping.dmp
-
memory/932-85-0x0000000000000000-mapping.dmp
-
memory/1028-82-0x0000000000000000-mapping.dmp
-
memory/1052-87-0x0000000000000000-mapping.dmp
-
memory/1160-115-0x0000000000000000-mapping.dmp
-
memory/1256-81-0x0000000000000000-mapping.dmp
-
memory/1256-106-0x0000000000000000-mapping.dmp
-
memory/1264-96-0x0000000000000000-mapping.dmp
-
memory/1280-92-0x0000000000000000-mapping.dmp
-
memory/1312-122-0x0000000000000000-mapping.dmp
-
memory/1316-90-0x0000000000000000-mapping.dmp
-
memory/1388-116-0x0000000000000000-mapping.dmp
-
memory/1396-110-0x0000000000000000-mapping.dmp
-
memory/1448-119-0x0000000000000000-mapping.dmp
-
memory/1492-98-0x0000000000000000-mapping.dmp
-
memory/1520-79-0x0000000000000000-mapping.dmp
-
memory/1580-70-0x0000000000000000-mapping.dmp
-
memory/1588-93-0x0000000000000000-mapping.dmp
-
memory/1612-121-0x0000000000000000-mapping.dmp
-
memory/1676-97-0x0000000000000000-mapping.dmp
-
memory/1684-65-0x0000000000000000-mapping.dmp
-
memory/1712-55-0x0000000000000000-mapping.dmp
-
memory/1752-99-0x0000000000000000-mapping.dmp
-
memory/1752-74-0x0000000000000000-mapping.dmp
-
memory/1768-83-0x0000000000000000-mapping.dmp
-
memory/1768-108-0x0000000000000000-mapping.dmp
-
memory/1800-103-0x0000000000000000-mapping.dmp
-
memory/1820-73-0x0000000000000000-mapping.dmp
-
memory/1856-76-0x0000000000000000-mapping.dmp
-
memory/1856-101-0x0000000000000000-mapping.dmp
-
memory/1932-54-0x000007FEFB9A1000-0x000007FEFB9A3000-memory.dmpFilesize
8KB
-
memory/1940-109-0x0000000000000000-mapping.dmp
-
memory/1960-66-0x0000000075361000-0x0000000075363000-memory.dmpFilesize
8KB
-
memory/1960-63-0x0000000000000000-mapping.dmp
-
memory/1976-72-0x0000000000000000-mapping.dmp
-
memory/1984-84-0x0000000000000000-mapping.dmp
-
memory/1988-86-0x0000000000000000-mapping.dmp
-
memory/2000-56-0x0000000000000000-mapping.dmp
-
memory/2008-123-0x0000000000000000-mapping.dmp
-
memory/2012-67-0x0000000000000000-mapping.dmp
-
memory/2012-117-0x0000000000000000-mapping.dmp
-
memory/2016-91-0x0000000000000000-mapping.dmp