Analysis
-
max time kernel
144s -
max time network
164s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-05-2022 00:17
General
-
Target
f7d19b967d8d5c4430f1f07b8e8012b7e4350a36e98d0f76b672c0227d5e37cc.exe
-
Size
978KB
-
MD5
0a57cf93855798d5c2e7d73e3e246273
-
SHA1
be46616f832c6af9f3d148ca9627e50cf99d18a4
-
SHA256
f7d19b967d8d5c4430f1f07b8e8012b7e4350a36e98d0f76b672c0227d5e37cc
-
SHA512
482aa50e50a901c48485d34e97a8b8fc05e0ff996c13a53182e692a6b710da8d060b69c8eede09a9471797417c30a55f600d76a063082623d159c3e6ad663ec4
Score
10/10
Malware Config
Signatures
-
Modifies system executable filetype association 2 TTPs 4 IoCs
-
Registers COM server for autorun 1 TTPs
-
Disables use of System Restore points 1 TTPs
-
Executes dropped EXE 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Disables Windows logging functionality 2 TTPs
Changes registry settings to disable Windows Event logging.
-
Modifies Internet Explorer settings 1 TTPs 31 IoCs
-
Modifies Internet Explorer start page 1 TTPs 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Runs .reg file with regedit 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f7d19b967d8d5c4430f1f07b8e8012b7e4350a36e98d0f76b672c0227d5e37cc.exe"C:\Users\Admin\AppData\Local\Temp\f7d19b967d8d5c4430f1f07b8e8012b7e4350a36e98d0f76b672c0227d5e37cc.exe"1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- NTFS ADS
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c regedit /s "C:\Users\Admin\AppData\Local\Temp\WIN7优化.reg"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\regedit.exeregedit /s "C:\Users\Admin\AppData\Local\Temp\WIN7优化.reg"3⤵
- Modifies system executable filetype association
- Adds Run key to start application
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Runs .reg file with regedit
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c regedit /s "C:\Users\Admin\AppData\Local\Temp\WIN7优化2.reg"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\regedit.exeregedit /s "C:\Users\Admin\AppData\Local\Temp\WIN7优化2.reg"3⤵
- Runs .reg file with regedit
-
C:\Users\Admin\AppData\Local\Temp\WIN7服务.exeC:\Users\Admin\AppData\Local\Temp\WIN7服务.exe2⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\E00F.tmp\Win7·þÎñ.bat" "3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exesc config AeLookupSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config ALG start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config AppIDSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Appinfo start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config AppMgmt start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config AudioEndpointBuilder start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config Audiosrv start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config AxInstSV start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config BDESVC start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config BFE start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config BITS start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config Browser start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config bthserv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config CertPropSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config clr_optimization_v2.0.50727_32 start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config COMSysApp start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config CryptSvc start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config CscService start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config DcomLaunch start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config defragsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Dhcp start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config Dnscache start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config dot3svc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config DPS start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config EapHost start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config EFS start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config ehRecvr start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config ehSched start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config eventlog start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config EventSystem start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config Fax start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config fdPHost start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config FDResPub start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config FontCache start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config FontCache3.0.0.0 start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config gpsvc start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config hidserv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config hkmsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config HomeGroupListener start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config HomeGroupProvider start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config idsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config IKEEXT start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config IPBusEnum start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config iphlpsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config KeyIso start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config KtmRm start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config LanmanServer start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config LanmanWorkstation start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config lltdsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config lmhosts start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config Mcx2Svc start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config MMCSS start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config MpsSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config MSDTC start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config MSiSCSI start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config msiserver start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config napagent start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Netlogon start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Netman start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config netprofm start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config NetTcpPortSharing start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config NlaSvc start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config nsi start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config p2pimsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config p2psvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config PcaSvc start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config PeerDistSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config pla start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config PlugPlay start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config PNRPAutoReg start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config PNRPsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config PolicyAgent start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Power start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config ProfSvc start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config ProtectedStorage start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config QWAVE start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config RasAuto start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config RasMan start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config RemoteAccess start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config RemoteRegistry start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config RpcEptMapper start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config RpcLocator start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config RpcSs start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config SamSs start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config SCardSvr start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Schedule start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config SCPolicySvc start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config SDRSVC start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config seclogon start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config SENS start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config SensrSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SessionEnv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SharedAccess start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config ShellHWDetection start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SNMPTRAP start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config Spooler start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config sppsvc start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config sppuinotify start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SSDPSRV start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SstpSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config StiSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config swprv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config SysMain start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config TabletInputService start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config TapiSrv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config TBS start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config TermService start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Themes start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config THREADORDER start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config TrkWks start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config TrustedInstaller start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config UI0Detect start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config UmRdpService start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config upnphost start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config UxSms start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config VaultSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config vds start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config VSS start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config W32Time start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config wbengine start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WbioSrvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config wcncsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WcsPlugInService start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WdiServiceHost start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config WdiSystemHost start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config WebClient start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Wecsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config wercplsupport start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config WerSvc start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config WinDefend start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WinHttpAutoProxySvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config Winmgmt start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config WinRM start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config Wlansvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config wmiApSrv start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WMPNetworkSvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WPCSvc start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config WPDBusEnum start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config wscsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WSearch start= DISABLED4⤵
-
C:\Windows\SysWOW64\sc.exesc config wuauserv start= AUTO4⤵
-
C:\Windows\SysWOW64\sc.exesc config wudfsvc start= DEMAND4⤵
-
C:\Windows\SysWOW64\sc.exesc config WwanSvc start= DEMAND4⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c powercfg -change -monitor-timeout-ac 152⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\powercfg.exepowercfg -change -monitor-timeout-ac 153⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c powercfg -change -standby-timeout-ac 02⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\powercfg.exepowercfg -change -standby-timeout-ac 03⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c del /f /s /q %windir%\*.bak2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\E00F.tmp\Win7·þÎñ.batFilesize
5KB
MD549efc4c8ac66c2abce02c89024c2d706
SHA1bac073d6839819f7e492a651e28ddeaef13d3c52
SHA2562669563af2fd6f7519db936a899ed3fd431214f7742b855db702d5e74b32c34e
SHA512828e9ccaca818174ffd6f9ae9fe933eb84fbbbef1556fc73bca8d0a71b01d57cc443ba8e54b048d4859b37bdafd5e0bd6d8a807972b349dfefff94f0734734b6
-
C:\Users\Admin\AppData\Local\Temp\WIN7优化.regFilesize
32KB
MD5fd27cb1190fbd22a8ab0aeb5571ae411
SHA1c856be5e2d203b6057fde26690c5c25b4c7fc39d
SHA256792e23f946a93b8d444e55b7ba59246000daa39293f557388883d40491edfeb6
SHA5122bf3d39f80ed1dc79869dd3e0bdaa7aed92c204e4c9ca963584be9c6c3acf7127a2c7aaf39e4cddf1d4798e5f29f5b993c57d0f32e32e143f93ae98ab4848265
-
C:\Users\Admin\AppData\Local\Temp\WIN7优化2.regFilesize
974B
MD58fc60d0f06d32a7949710c6a1a1de036
SHA119f8e1f33fef6681cf56d783dc02c92421978b66
SHA256411161d4a4cf5dc07f9eb2398c31fbb83bf5b7f76d2bd9dced759719f12c36fa
SHA512e96596701c612fe54d711c0408b8461f1b665b2f6a1a7a5ee9d1d3dbc24c1bcb8434b0def86c3701f9540b7597cb8905d4aee1b0b55d4fabad0d8bfff8d5a8df
-
C:\Users\Admin\AppData\Local\Temp\WIN7服务.exeFilesize
31KB
MD525e6a394a01e13ed75c5cae03eb63a23
SHA19d88f80e6db01fc8fcaf0518976706e1f6a94e0d
SHA25649f7526676569f75456d41ad027bc2cd687b6f03aac1f74565d05b6a7f771e4a
SHA512f053fe79dcc7383c43260c1a3820a9ed47ff51872ed053943d1b8c7be3fa9f1ce983fba4da2c8a2abcd8f6eecb390c6c6020993b5ecea7dbf035e59f6548fc18
-
C:\Users\Admin\AppData\Local\Temp\WIN7服务.exeFilesize
31KB
MD525e6a394a01e13ed75c5cae03eb63a23
SHA19d88f80e6db01fc8fcaf0518976706e1f6a94e0d
SHA25649f7526676569f75456d41ad027bc2cd687b6f03aac1f74565d05b6a7f771e4a
SHA512f053fe79dcc7383c43260c1a3820a9ed47ff51872ed053943d1b8c7be3fa9f1ce983fba4da2c8a2abcd8f6eecb390c6c6020993b5ecea7dbf035e59f6548fc18
-
memory/208-164-0x0000000000000000-mapping.dmp
-
memory/212-165-0x0000000000000000-mapping.dmp
-
memory/220-131-0x0000000000000000-mapping.dmp
-
memory/444-190-0x0000000000000000-mapping.dmp
-
memory/536-166-0x0000000000000000-mapping.dmp
-
memory/604-146-0x0000000000000000-mapping.dmp
-
memory/924-179-0x0000000000000000-mapping.dmp
-
memory/1068-151-0x0000000000000000-mapping.dmp
-
memory/1240-172-0x0000000000000000-mapping.dmp
-
memory/1356-194-0x0000000000000000-mapping.dmp
-
memory/1372-192-0x0000000000000000-mapping.dmp
-
memory/1404-186-0x0000000000000000-mapping.dmp
-
memory/1440-140-0x0000000000000000-mapping.dmp
-
memory/1588-167-0x0000000000000000-mapping.dmp
-
memory/1720-155-0x0000000000000000-mapping.dmp
-
memory/1784-191-0x0000000000000000-mapping.dmp
-
memory/1800-188-0x0000000000000000-mapping.dmp
-
memory/1852-148-0x0000000000000000-mapping.dmp
-
memory/1900-147-0x0000000000000000-mapping.dmp
-
memory/1912-173-0x0000000000000000-mapping.dmp
-
memory/1932-149-0x0000000000000000-mapping.dmp
-
memory/2220-184-0x0000000000000000-mapping.dmp
-
memory/2364-187-0x0000000000000000-mapping.dmp
-
memory/2456-182-0x0000000000000000-mapping.dmp
-
memory/2472-181-0x0000000000000000-mapping.dmp
-
memory/2500-152-0x0000000000000000-mapping.dmp
-
memory/2588-143-0x0000000000000000-mapping.dmp
-
memory/2632-141-0x0000000000000000-mapping.dmp
-
memory/2752-159-0x0000000000000000-mapping.dmp
-
memory/2824-139-0x0000000000000000-mapping.dmp
-
memory/2880-130-0x0000000000000000-mapping.dmp
-
memory/2924-176-0x0000000000000000-mapping.dmp
-
memory/3044-196-0x0000000000000000-mapping.dmp
-
memory/3100-169-0x0000000000000000-mapping.dmp
-
memory/3116-180-0x0000000000000000-mapping.dmp
-
memory/3132-183-0x0000000000000000-mapping.dmp
-
memory/3140-154-0x0000000000000000-mapping.dmp
-
memory/3156-161-0x0000000000000000-mapping.dmp
-
memory/3264-175-0x0000000000000000-mapping.dmp
-
memory/3348-171-0x0000000000000000-mapping.dmp
-
memory/3356-157-0x0000000000000000-mapping.dmp
-
memory/3468-144-0x0000000000000000-mapping.dmp
-
memory/3508-195-0x0000000000000000-mapping.dmp
-
memory/3528-170-0x0000000000000000-mapping.dmp
-
memory/3692-160-0x0000000000000000-mapping.dmp
-
memory/3704-163-0x0000000000000000-mapping.dmp
-
memory/3780-162-0x0000000000000000-mapping.dmp
-
memory/3876-174-0x0000000000000000-mapping.dmp
-
memory/4064-177-0x0000000000000000-mapping.dmp
-
memory/4080-136-0x0000000000000000-mapping.dmp
-
memory/4088-138-0x0000000000000000-mapping.dmp
-
memory/4128-158-0x0000000000000000-mapping.dmp
-
memory/4288-185-0x0000000000000000-mapping.dmp
-
memory/4340-134-0x0000000000000000-mapping.dmp
-
memory/4372-168-0x0000000000000000-mapping.dmp
-
memory/4420-193-0x0000000000000000-mapping.dmp
-
memory/4488-198-0x0000000000000000-mapping.dmp
-
memory/4664-133-0x0000000000000000-mapping.dmp
-
memory/4740-153-0x0000000000000000-mapping.dmp
-
memory/4800-150-0x0000000000000000-mapping.dmp
-
memory/4968-189-0x0000000000000000-mapping.dmp
-
memory/5044-197-0x0000000000000000-mapping.dmp
-
memory/5052-178-0x0000000000000000-mapping.dmp
-
memory/5104-156-0x0000000000000000-mapping.dmp