Analysis
-
max time kernel
39s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04-10-2022 17:36
Static task
static1
Behavioral task
behavioral1
Sample
79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe
Resource
win7-20220812-en
General
-
Target
79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe
-
Size
4.6MB
-
MD5
fe1de0acb3aa75f88f61a784288a32d1
-
SHA1
d973f591f56c3d53aac4e2da4a3eede185c910d9
-
SHA256
79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10
-
SHA512
084770ea021d7d52b50228d1ca6277a9fb5880ae22378c297d24b4bccaca7919a207954350f3257485c010ec0c0cdc6e6548a2508bba1e090647465aa160cf7e
-
SSDEEP
98304:8SiST7jl7LSogkhoBJ96U0K2nNY0UaVnPcMf:HlSorkKd5NYJ0cq
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
Processes:
79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmpjskit.exepid process 2044 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 1632 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 740 jskit.exe -
Loads dropped DLL 12 IoCs
Processes:
79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmpjskit.exeWerFault.exepid process 1488 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 1476 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 1632 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 1632 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 740 jskit.exe 1128 WerFault.exe 1128 WerFault.exe 1128 WerFault.exe 1128 WerFault.exe 1128 WerFault.exe 1128 WerFault.exe 1128 WerFault.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1128 740 WerFault.exe jskit.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmppid process 1632 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 1632 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmppid process 1632 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp -
Suspicious use of WriteProcessMemory 29 IoCs
Processes:
79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmpjskit.exedescription pid process target process PID 1488 wrote to memory of 2044 1488 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1488 wrote to memory of 2044 1488 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1488 wrote to memory of 2044 1488 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1488 wrote to memory of 2044 1488 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1488 wrote to memory of 2044 1488 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1488 wrote to memory of 2044 1488 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1488 wrote to memory of 2044 1488 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 2044 wrote to memory of 1476 2044 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe PID 2044 wrote to memory of 1476 2044 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe PID 2044 wrote to memory of 1476 2044 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe PID 2044 wrote to memory of 1476 2044 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe PID 2044 wrote to memory of 1476 2044 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe PID 2044 wrote to memory of 1476 2044 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe PID 2044 wrote to memory of 1476 2044 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe PID 1476 wrote to memory of 1632 1476 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1476 wrote to memory of 1632 1476 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1476 wrote to memory of 1632 1476 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1476 wrote to memory of 1632 1476 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1476 wrote to memory of 1632 1476 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1476 wrote to memory of 1632 1476 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1476 wrote to memory of 1632 1476 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp PID 1632 wrote to memory of 740 1632 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp jskit.exe PID 1632 wrote to memory of 740 1632 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp jskit.exe PID 1632 wrote to memory of 740 1632 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp jskit.exe PID 1632 wrote to memory of 740 1632 79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp jskit.exe PID 740 wrote to memory of 1128 740 jskit.exe WerFault.exe PID 740 wrote to memory of 1128 740 jskit.exe WerFault.exe PID 740 wrote to memory of 1128 740 jskit.exe WerFault.exe PID 740 wrote to memory of 1128 740 jskit.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe"C:\Users\Admin\AppData\Local\Temp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-QPECR.tmp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp"C:\Users\Admin\AppData\Local\Temp\is-QPECR.tmp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp" /SL5="$80116,4018938,831488,C:\Users\Admin\AppData\Local\Temp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe"C:\Users\Admin\AppData\Local\Temp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe" /VERYSILENT3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-M8818.tmp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp"C:\Users\Admin\AppData\Local\Temp\is-M8818.tmp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmp" /SL5="$90116,4018938,831488,C:\Users\Admin\AppData\Local\Temp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.exe" /VERYSILENT4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exe"C:\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 3246⤵
- Loads dropped DLL
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-M8818.tmp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmpFilesize
3.0MB
MD5eb8e24c85edf254cf3f2c1344842b55f
SHA12da756889e7e93b4019bb91ff74cd06866a4ec86
SHA256e6bb9bb3fa48e9c1e7a74c010adf9e30ca6eb4906b0c31c8834102e7adfccc2d
SHA512e3fd05d7e827400a7b66f0545d184633bf776e7a71b95876c4c8d679fa0e74cf031ae23382ade91ff723414614f4346236c3cb767389f44b50283c51653bcb61
-
C:\Users\Admin\AppData\Local\Temp\is-QPECR.tmp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmpFilesize
3.0MB
MD5eb8e24c85edf254cf3f2c1344842b55f
SHA12da756889e7e93b4019bb91ff74cd06866a4ec86
SHA256e6bb9bb3fa48e9c1e7a74c010adf9e30ca6eb4906b0c31c8834102e7adfccc2d
SHA512e3fd05d7e827400a7b66f0545d184633bf776e7a71b95876c4c8d679fa0e74cf031ae23382ade91ff723414614f4346236c3cb767389f44b50283c51653bcb61
-
C:\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exeFilesize
3.6MB
MD581acde2ff13a5f79e0d172f3af07d7c0
SHA1a07ce9830d50d2c3d94e7df41de032b04fe641d2
SHA256c4d0998328ce86ce10e965abd0936aa0d920abbb78fbe6a4d1e4d8072f68ad2d
SHA5129d81fa14b26f7d678b3cb1fc71b5724392f11ac399f98ad5f3d98f0caa909a6587c6b349ccc6b6eb325e8024e8fbbf642f92e0be50e626aa1495cb861c0c2bf0
-
C:\Users\Admin\AppData\Roaming\PhantomJS WebKit\libvorbisenc-2.dllFilesize
3.1MB
MD5958de7dd326bd45460ecb5082064df4c
SHA142e0da2a5c761641cfa2ff8d57ea21a3325f7606
SHA256f89d307fa7c880e72b2f3b5827d755943f1c7ad3a98683a22de721f1fce2e38c
SHA512dfe4d1a7c73a0ccfe505501bf7b41976616c3db61b8f44d0dda5537e1321fdc02ad9963c0e0e901020c91b6803782faf195ccdc687d9e4bd2be95c1afb78f894
-
\Users\Admin\AppData\Local\Temp\is-M8818.tmp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmpFilesize
3.0MB
MD5eb8e24c85edf254cf3f2c1344842b55f
SHA12da756889e7e93b4019bb91ff74cd06866a4ec86
SHA256e6bb9bb3fa48e9c1e7a74c010adf9e30ca6eb4906b0c31c8834102e7adfccc2d
SHA512e3fd05d7e827400a7b66f0545d184633bf776e7a71b95876c4c8d679fa0e74cf031ae23382ade91ff723414614f4346236c3cb767389f44b50283c51653bcb61
-
\Users\Admin\AppData\Local\Temp\is-QPECR.tmp\79ae89733257378139cf3bdce3a30802818ca1a12bb2343e0b9d0f51f8af1f10.tmpFilesize
3.0MB
MD5eb8e24c85edf254cf3f2c1344842b55f
SHA12da756889e7e93b4019bb91ff74cd06866a4ec86
SHA256e6bb9bb3fa48e9c1e7a74c010adf9e30ca6eb4906b0c31c8834102e7adfccc2d
SHA512e3fd05d7e827400a7b66f0545d184633bf776e7a71b95876c4c8d679fa0e74cf031ae23382ade91ff723414614f4346236c3cb767389f44b50283c51653bcb61
-
\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exeFilesize
3.6MB
MD581acde2ff13a5f79e0d172f3af07d7c0
SHA1a07ce9830d50d2c3d94e7df41de032b04fe641d2
SHA256c4d0998328ce86ce10e965abd0936aa0d920abbb78fbe6a4d1e4d8072f68ad2d
SHA5129d81fa14b26f7d678b3cb1fc71b5724392f11ac399f98ad5f3d98f0caa909a6587c6b349ccc6b6eb325e8024e8fbbf642f92e0be50e626aa1495cb861c0c2bf0
-
\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exeFilesize
3.6MB
MD581acde2ff13a5f79e0d172f3af07d7c0
SHA1a07ce9830d50d2c3d94e7df41de032b04fe641d2
SHA256c4d0998328ce86ce10e965abd0936aa0d920abbb78fbe6a4d1e4d8072f68ad2d
SHA5129d81fa14b26f7d678b3cb1fc71b5724392f11ac399f98ad5f3d98f0caa909a6587c6b349ccc6b6eb325e8024e8fbbf642f92e0be50e626aa1495cb861c0c2bf0
-
\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exeFilesize
3.6MB
MD581acde2ff13a5f79e0d172f3af07d7c0
SHA1a07ce9830d50d2c3d94e7df41de032b04fe641d2
SHA256c4d0998328ce86ce10e965abd0936aa0d920abbb78fbe6a4d1e4d8072f68ad2d
SHA5129d81fa14b26f7d678b3cb1fc71b5724392f11ac399f98ad5f3d98f0caa909a6587c6b349ccc6b6eb325e8024e8fbbf642f92e0be50e626aa1495cb861c0c2bf0
-
\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exeFilesize
3.6MB
MD581acde2ff13a5f79e0d172f3af07d7c0
SHA1a07ce9830d50d2c3d94e7df41de032b04fe641d2
SHA256c4d0998328ce86ce10e965abd0936aa0d920abbb78fbe6a4d1e4d8072f68ad2d
SHA5129d81fa14b26f7d678b3cb1fc71b5724392f11ac399f98ad5f3d98f0caa909a6587c6b349ccc6b6eb325e8024e8fbbf642f92e0be50e626aa1495cb861c0c2bf0
-
\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exeFilesize
3.6MB
MD581acde2ff13a5f79e0d172f3af07d7c0
SHA1a07ce9830d50d2c3d94e7df41de032b04fe641d2
SHA256c4d0998328ce86ce10e965abd0936aa0d920abbb78fbe6a4d1e4d8072f68ad2d
SHA5129d81fa14b26f7d678b3cb1fc71b5724392f11ac399f98ad5f3d98f0caa909a6587c6b349ccc6b6eb325e8024e8fbbf642f92e0be50e626aa1495cb861c0c2bf0
-
\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exeFilesize
3.6MB
MD581acde2ff13a5f79e0d172f3af07d7c0
SHA1a07ce9830d50d2c3d94e7df41de032b04fe641d2
SHA256c4d0998328ce86ce10e965abd0936aa0d920abbb78fbe6a4d1e4d8072f68ad2d
SHA5129d81fa14b26f7d678b3cb1fc71b5724392f11ac399f98ad5f3d98f0caa909a6587c6b349ccc6b6eb325e8024e8fbbf642f92e0be50e626aa1495cb861c0c2bf0
-
\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exeFilesize
3.6MB
MD581acde2ff13a5f79e0d172f3af07d7c0
SHA1a07ce9830d50d2c3d94e7df41de032b04fe641d2
SHA256c4d0998328ce86ce10e965abd0936aa0d920abbb78fbe6a4d1e4d8072f68ad2d
SHA5129d81fa14b26f7d678b3cb1fc71b5724392f11ac399f98ad5f3d98f0caa909a6587c6b349ccc6b6eb325e8024e8fbbf642f92e0be50e626aa1495cb861c0c2bf0
-
\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exeFilesize
3.6MB
MD581acde2ff13a5f79e0d172f3af07d7c0
SHA1a07ce9830d50d2c3d94e7df41de032b04fe641d2
SHA256c4d0998328ce86ce10e965abd0936aa0d920abbb78fbe6a4d1e4d8072f68ad2d
SHA5129d81fa14b26f7d678b3cb1fc71b5724392f11ac399f98ad5f3d98f0caa909a6587c6b349ccc6b6eb325e8024e8fbbf642f92e0be50e626aa1495cb861c0c2bf0
-
\Users\Admin\AppData\Roaming\PhantomJS WebKit\jskit.exeFilesize
3.6MB
MD581acde2ff13a5f79e0d172f3af07d7c0
SHA1a07ce9830d50d2c3d94e7df41de032b04fe641d2
SHA256c4d0998328ce86ce10e965abd0936aa0d920abbb78fbe6a4d1e4d8072f68ad2d
SHA5129d81fa14b26f7d678b3cb1fc71b5724392f11ac399f98ad5f3d98f0caa909a6587c6b349ccc6b6eb325e8024e8fbbf642f92e0be50e626aa1495cb861c0c2bf0
-
\Users\Admin\AppData\Roaming\PhantomJS WebKit\libvorbisenc-2.dllFilesize
3.1MB
MD5958de7dd326bd45460ecb5082064df4c
SHA142e0da2a5c761641cfa2ff8d57ea21a3325f7606
SHA256f89d307fa7c880e72b2f3b5827d755943f1c7ad3a98683a22de721f1fce2e38c
SHA512dfe4d1a7c73a0ccfe505501bf7b41976616c3db61b8f44d0dda5537e1321fdc02ad9963c0e0e901020c91b6803782faf195ccdc687d9e4bd2be95c1afb78f894
-
memory/740-81-0x0000000000400000-0x00000000007DD000-memory.dmpFilesize
3.9MB
-
memory/740-75-0x0000000000000000-mapping.dmp
-
memory/1128-83-0x0000000000000000-mapping.dmp
-
memory/1476-62-0x0000000000000000-mapping.dmp
-
memory/1476-70-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/1476-82-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/1476-64-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/1488-54-0x0000000076681000-0x0000000076683000-memory.dmpFilesize
8KB
-
memory/1488-66-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/1488-60-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/1488-55-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/1632-79-0x00000000033C0000-0x00000000033D0000-memory.dmpFilesize
64KB
-
memory/1632-80-0x0000000004120000-0x00000000044FD000-memory.dmpFilesize
3.9MB
-
memory/1632-68-0x0000000000000000-mapping.dmp
-
memory/1632-72-0x0000000074D51000-0x0000000074D53000-memory.dmpFilesize
8KB
-
memory/2044-58-0x0000000000000000-mapping.dmp