Analysis
-
max time kernel
185s -
max time network
186s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
19-11-2022 12:11
General
-
Target
4535c55b04c4cc54aa20efabde0a8ea30cd0a7cac26bd135a91c7ea5b0e67b05.exe
-
Size
24KB
-
MD5
fbe611568802d7dec36577c9a214f059
-
SHA1
7a7a2e1eaf7a88987fb0cc3028f38a4b34b1cfed
-
SHA256
4535c55b04c4cc54aa20efabde0a8ea30cd0a7cac26bd135a91c7ea5b0e67b05
-
SHA512
67f202940139c7378fb6528ff822bc118000bdbd9ac334b488bc1fe5c5853744621054d70d1fd71cde6e53e516147dafd98874bb8df06a385d4a5b9eec3568e1
-
SSDEEP
192:8FES6pYk/gvPNJv+mv+kAUoynYlLvJpNNwD1iT9fF73At4OWQ9r:8v73NvViTuWQl
Malware Config
Signatures
-
Detect PurpleFox Rootkit 2 IoCs
Detect PurpleFox Rootkit.
-
Gh0st RAT payload 2 IoCs
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
UAC bypass 3 TTPs 3 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 5 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 10 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Kills process with taskkill 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 46 IoCs
-
System policy modification 1 TTPs 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4535c55b04c4cc54aa20efabde0a8ea30cd0a7cac26bd135a91c7ea5b0e67b05.exe"C:\Users\Admin\AppData\Local\Temp\4535c55b04c4cc54aa20efabde0a8ea30cd0a7cac26bd135a91c7ea5b0e67b05.exe"1⤵
- UAC bypass
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Public\Documents\k4.exeC:/Users/Public/Documents/k4.exe2⤵
- Executes dropped EXE
-
C:\Users\Public\Documents\k4.exeC:/Users/Public/Documents/k4.exe /D2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /t /im k4.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /t /im k4.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b C:\\Users\\Public\\Documents\\MZ.txt+C:\\Users\\Public\\Documents\\TAS.txt C:\\Users\\Public\\Documents\\TASLoginBase.dll2⤵
-
C:\Windows\SysWOW64\cmd.execmd /c C:\\Users\\Public\\Documents\\2022060125.vbe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\2022060125.vbe"3⤵
-
C:\Users\Public\Documents\k4.exe"C:\Users\Public\Documents\k4.exe" /E2⤵
- Executes dropped EXE
-
C:\Windows\system32\mmc.exeC:\Windows\system32\mmc.exe -Embedding1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Documents\dllhosts.exe"C:\Users\Public\Documents\dllhosts.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\Documents\dllhosts.exeC:\Users\Public\Documents\dllhosts.exe3⤵
- Executes dropped EXE
- Enumerates connected drives
- Checks processor information in registry
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 603⤵
- Loads dropped DLL
- Program crash
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Public\Documents\2022060125.vbeFilesize
180B
MD5d66c7e77096d4f4c406170b6ca0ad123
SHA19bb461061c7276ebe2a493f690d72263c0da8962
SHA256cd0a0ac1315f1f473f4a42bed62fad7033fe68a3e0cf72a7b354a7e3dd78e8a8
SHA512015788021b53eb278be1238b26a01499dcb809d93ee747bc89208f8d3570a7b0b813c70ea054e70584b536da4811f0a58ef38c96a984e6b3a54654774e5c7592
-
C:\Users\Public\Documents\MZ.txtFilesize
2B
MD5ac6ad5d9b99757c3a878f2d275ace198
SHA1439baa1b33514fb81632aaf44d16a9378c5664fc
SHA2569b8db510ef42b8ed54a3712636fda55a4f8cfcd5493e20b74ab00cd4f3979f2d
SHA512bfcdcb26b6f0c288838da7b0d338c2af63798a2ece9dcd6bc07b7cadf44477e3d5cfbba5b72446c61a1ecf74a0bccc62894ea87a40730cd1d4c2a3e15a7bb55b
-
C:\Users\Public\Documents\TAS.txtFilesize
92KB
MD5245390db827b6139081bf816f9fa095b
SHA11dbf1dfb99e55178a212bc5398c7322aa486db05
SHA2560762b64860a7f33b4e7d17f2038d7d0e08f36221b9696bd941e53074e897ac7f
SHA512ef0a5426db96c83b48e2cfc6bf760eeef9cf030dfc3d1be1e564332f92eb1dc2ecf9871872ed3a9876d7883a717f233bd73cdfb60c698e30272ede6f99374aa4
-
C:\Users\Public\Documents\TASLoginBase.dllFilesize
93KB
MD5b15697fa74cbc78d9197eacdcafb5686
SHA1882437010e9b06054a5ebf54156ed47f04653ea1
SHA2562ab8df88d746213787c04b872c7259df83b70e39ba4188fa15ef3ce34b9d0bf4
SHA512e4c9b53991b87e99d35818465154f6595001ada7e71d2b7cab4333c81997fb4aaec472a66e2b6fa66e039a1bdc40ff2458f7123330bd93421d01004cc0c58d4b
-
C:\Users\Public\Documents\dllhosts.exeFilesize
411KB
MD566557b2bd93e70a2804e983b279ab473
SHA14e58505689fd9643b5011880ce94b22cbfadf917
SHA256a63c9e3f7256e38224f7256307d954d4a6baa9f023f6ac49d8cface7b2658e31
SHA512b08d8b2872f4ebdbab7b15bd96f5d185f05030983c2d704497d30fe5f610874b5ec362f0e3e55800031edcd29b812d9b58214e76012a85df074310f36e0f33f4
-
C:\Users\Public\Documents\dllhosts.exeFilesize
411KB
MD566557b2bd93e70a2804e983b279ab473
SHA14e58505689fd9643b5011880ce94b22cbfadf917
SHA256a63c9e3f7256e38224f7256307d954d4a6baa9f023f6ac49d8cface7b2658e31
SHA512b08d8b2872f4ebdbab7b15bd96f5d185f05030983c2d704497d30fe5f610874b5ec362f0e3e55800031edcd29b812d9b58214e76012a85df074310f36e0f33f4
-
C:\Users\Public\Documents\dllhosts.exeFilesize
411KB
MD566557b2bd93e70a2804e983b279ab473
SHA14e58505689fd9643b5011880ce94b22cbfadf917
SHA256a63c9e3f7256e38224f7256307d954d4a6baa9f023f6ac49d8cface7b2658e31
SHA512b08d8b2872f4ebdbab7b15bd96f5d185f05030983c2d704497d30fe5f610874b5ec362f0e3e55800031edcd29b812d9b58214e76012a85df074310f36e0f33f4
-
C:\Users\Public\Documents\k4.exeFilesize
892KB
MD533e29221e2825001d32f78632217d250
SHA19122127fc91790a1edb78003e9b58a9b00355ed5
SHA25665d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d
SHA51201d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93
-
C:\Users\Public\Documents\k4.exeFilesize
892KB
MD533e29221e2825001d32f78632217d250
SHA19122127fc91790a1edb78003e9b58a9b00355ed5
SHA25665d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d
SHA51201d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93
-
C:\Users\Public\Documents\k4.exeFilesize
892KB
MD533e29221e2825001d32f78632217d250
SHA19122127fc91790a1edb78003e9b58a9b00355ed5
SHA25665d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d
SHA51201d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93
-
C:\Users\Public\Documents\k4.exeFilesize
892KB
MD533e29221e2825001d32f78632217d250
SHA19122127fc91790a1edb78003e9b58a9b00355ed5
SHA25665d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d
SHA51201d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93
-
C:\Users\Public\Documents\update.lnkFilesize
1KB
MD53af508a542bdfa6927737a2d91d74f40
SHA1433f04e960f68ce05358af2d672a9b649de4e3ce
SHA256e7e3e44142369b3a312005313f8569f2bcd45bcdc8ea9e141616654bcd090b60
SHA512b35ad011ca3770c1a1e2a655a614e91ebd96ce29099969c727a69e77a390b91078512ce55883d7290e4dd46c5f04f0461b2833f568d23da1fc4d91ea4633d3bc
-
C:\Users\Public\Documents\update.logFilesize
539KB
MD5c9ea662b66ef3b09237a4f034ed0dc1b
SHA13aa6b4311a9ced86ce5742da718750545ea994e2
SHA25610180dba512d06abb196a1cfb046f44fd4fef69251f9a705a317e2408e0026c1
SHA512a90c8e5cfc8f0a52dfa570c020f429d70e398fc7957d9c83588331575bd34b33ad5b16ba8cd4daa1f3e85d6dac56629def6e7e088dd4401dd5defe6a3234044c
-
\Users\Public\Documents\Class.dllFilesize
807KB
MD5f3bf8a2c44b6c3972850fbd2d60f8232
SHA168444b679690b0e5f85f2316d9a046cdae937631
SHA256d710beb7c790e9a9e2b9dae90d9b449a37bccc082144657f96ffe71f2a38a81c
SHA5121c0cb644684a1b9d8de60af42ef9441d82925f24e627cdc73828589fc57d9d2f482685722e692531eda2a11f8d583ddad47edea903a5759b378030fbc7497538
-
\Users\Public\Documents\TASLoginBase.dllFilesize
93KB
MD5b15697fa74cbc78d9197eacdcafb5686
SHA1882437010e9b06054a5ebf54156ed47f04653ea1
SHA2562ab8df88d746213787c04b872c7259df83b70e39ba4188fa15ef3ce34b9d0bf4
SHA512e4c9b53991b87e99d35818465154f6595001ada7e71d2b7cab4333c81997fb4aaec472a66e2b6fa66e039a1bdc40ff2458f7123330bd93421d01004cc0c58d4b
-
\Users\Public\Documents\dllhosts.exeFilesize
411KB
MD566557b2bd93e70a2804e983b279ab473
SHA14e58505689fd9643b5011880ce94b22cbfadf917
SHA256a63c9e3f7256e38224f7256307d954d4a6baa9f023f6ac49d8cface7b2658e31
SHA512b08d8b2872f4ebdbab7b15bd96f5d185f05030983c2d704497d30fe5f610874b5ec362f0e3e55800031edcd29b812d9b58214e76012a85df074310f36e0f33f4
-
\Users\Public\Documents\dllhosts.exeFilesize
411KB
MD566557b2bd93e70a2804e983b279ab473
SHA14e58505689fd9643b5011880ce94b22cbfadf917
SHA256a63c9e3f7256e38224f7256307d954d4a6baa9f023f6ac49d8cface7b2658e31
SHA512b08d8b2872f4ebdbab7b15bd96f5d185f05030983c2d704497d30fe5f610874b5ec362f0e3e55800031edcd29b812d9b58214e76012a85df074310f36e0f33f4
-
\Users\Public\Documents\dllhosts.exeFilesize
411KB
MD566557b2bd93e70a2804e983b279ab473
SHA14e58505689fd9643b5011880ce94b22cbfadf917
SHA256a63c9e3f7256e38224f7256307d954d4a6baa9f023f6ac49d8cface7b2658e31
SHA512b08d8b2872f4ebdbab7b15bd96f5d185f05030983c2d704497d30fe5f610874b5ec362f0e3e55800031edcd29b812d9b58214e76012a85df074310f36e0f33f4
-
\Users\Public\Documents\dllhosts.exeFilesize
411KB
MD566557b2bd93e70a2804e983b279ab473
SHA14e58505689fd9643b5011880ce94b22cbfadf917
SHA256a63c9e3f7256e38224f7256307d954d4a6baa9f023f6ac49d8cface7b2658e31
SHA512b08d8b2872f4ebdbab7b15bd96f5d185f05030983c2d704497d30fe5f610874b5ec362f0e3e55800031edcd29b812d9b58214e76012a85df074310f36e0f33f4
-
\Users\Public\Documents\dllhosts.exeFilesize
411KB
MD566557b2bd93e70a2804e983b279ab473
SHA14e58505689fd9643b5011880ce94b22cbfadf917
SHA256a63c9e3f7256e38224f7256307d954d4a6baa9f023f6ac49d8cface7b2658e31
SHA512b08d8b2872f4ebdbab7b15bd96f5d185f05030983c2d704497d30fe5f610874b5ec362f0e3e55800031edcd29b812d9b58214e76012a85df074310f36e0f33f4
-
\Users\Public\Documents\dllhosts.exeFilesize
411KB
MD566557b2bd93e70a2804e983b279ab473
SHA14e58505689fd9643b5011880ce94b22cbfadf917
SHA256a63c9e3f7256e38224f7256307d954d4a6baa9f023f6ac49d8cface7b2658e31
SHA512b08d8b2872f4ebdbab7b15bd96f5d185f05030983c2d704497d30fe5f610874b5ec362f0e3e55800031edcd29b812d9b58214e76012a85df074310f36e0f33f4
-
\Users\Public\Documents\k4.exeFilesize
892KB
MD533e29221e2825001d32f78632217d250
SHA19122127fc91790a1edb78003e9b58a9b00355ed5
SHA25665d0b20a4dc4911fbb91683eb6488d3d3493fa4584bbdfb4e942f203bef0030d
SHA51201d5c6ded3a83d81371e94fefb1debabb1d003c86ab3cf7145d28fb15fcfd4f8b763f6711f99c5afd9bf90f02a7af993efa5945d4f8bb6a3649b5fd86414ae93
-
\Users\Public\Documents\libeay32.dllFilesize
6.0MB
MD5eb46e2692c1445fb0f8f19f4a992b326
SHA114d80f8842850f73aadfb8688da9290a9e48cc70
SHA256483116b209e9ab2af3b5a1be44e9409b9a076cf9ee40fa044c5ec244fb54d69d
SHA512d36fbaec43d4ff3b9331ee6bb3f5582a179a13df75585e89125c2caa4802f4a4b7d62b680f39f4260c72676de1972f811623fe27969056f20798994ff2aa4401
-
memory/520-4646-0x00000000005433D0-mapping.dmp
-
memory/520-4653-0x0000000000400000-0x0000000000547000-memory.dmpFilesize
1.3MB
-
memory/844-4621-0x0000000000000000-mapping.dmp
-
memory/916-487-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-1334-0x00000000033A0000-0x0000000003521000-memory.dmpFilesize
1.5MB
-
memory/916-488-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-489-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-490-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-491-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-492-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-493-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-494-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-496-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-495-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-497-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-498-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-499-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-500-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-501-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-502-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-503-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-504-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-505-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-506-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-507-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-508-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-509-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-510-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-511-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-512-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-513-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-514-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-515-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-516-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-517-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-518-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-519-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-520-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-521-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-523-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-524-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-522-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-525-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-1333-0x0000000002F30000-0x00000000030F4000-memory.dmpFilesize
1.8MB
-
memory/916-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmpFilesize
8KB
-
memory/916-1670-0x0000000002F30000-0x00000000030F4000-memory.dmpFilesize
1.8MB
-
memory/916-4614-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-4615-0x0000000010000000-0x00000000100CE000-memory.dmpFilesize
824KB
-
memory/916-486-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-4673-0x00000000726D0000-0x00000000732F2000-memory.dmpFilesize
12.1MB
-
memory/916-485-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-484-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-483-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-482-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-56-0x0000000010000000-0x00000000100CE000-memory.dmpFilesize
824KB
-
memory/916-58-0x0000000074F70000-0x0000000074FB7000-memory.dmpFilesize
284KB
-
memory/916-4626-0x0000000003650000-0x00000000036F1000-memory.dmpFilesize
644KB
-
memory/916-465-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-481-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-480-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-464-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-479-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-467-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-478-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-477-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-466-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-476-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-475-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-474-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-473-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-468-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-472-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-471-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-469-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/916-470-0x0000000003530000-0x0000000003641000-memory.dmpFilesize
1.1MB
-
memory/960-4630-0x0000000000000000-mapping.dmp
-
memory/964-4627-0x0000000000000000-mapping.dmp
-
memory/1040-4642-0x0000000000400000-0x0000000000490000-memory.dmpFilesize
576KB
-
memory/1040-4637-0x0000000000000000-mapping.dmp
-
memory/1292-4625-0x0000000000000000-mapping.dmp
-
memory/1660-4617-0x0000000000000000-mapping.dmp
-
memory/1680-4666-0x0000000000000000-mapping.dmp
-
memory/1728-4633-0x0000000000000000-mapping.dmp
-
memory/1900-4652-0x0000000000000000-mapping.dmp
-
memory/1972-4624-0x0000000000000000-mapping.dmp