Analysis
-
max time kernel
38s -
max time network
46s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 10:49
Static task
static1
General
-
Target
FurMark_1.31.0.0_Setup.exe
-
Size
12.3MB
-
MD5
e82154c5410cd6614523b4e6e7116d2f
-
SHA1
b6bc190e023d883401ae3c73d6b5acc6ecd0fdfb
-
SHA256
052100564a8a9a9e8675a554053cbbabc2d4b6c680ebf69c1184054caaf10b30
-
SHA512
8493072976f105ddba26b46ca38423499e533ce0f7ea51bac9b23bff0aa2047af6855b549847915074a03b4ae77f43a2469ba215db4734afc311d6bc98f74616
-
SSDEEP
196608:wLDa+a89OrilnUAuqNPKCV5GbbDBCMy7gJFbPjQD2sNzZQtfQexaJfTnP:KWn9kUBnb3BCSfMF1P
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 2 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll acprotect C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll acprotect -
Executes dropped EXE 2 IoCs
Processes:
FurMark_1.31.0.0_Setup.tmpFurMark.exepid process 3376 FurMark_1.31.0.0_Setup.tmp 5016 FurMark.exe -
Processes:
resource yara_rule C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll upx C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll upx behavioral1/memory/5016-146-0x0000000010000000-0x00000000102A8000-memory.dmp upx behavioral1/memory/5016-150-0x0000000010000000-0x00000000102A8000-memory.dmp upx -
Loads dropped DLL 2 IoCs
Processes:
FurMark.exepid process 5016 FurMark.exe 5016 FurMark.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 30 IoCs
Processes:
FurMark_1.31.0.0_Setup.tmpFurMark.exedescription ioc process File opened for modification C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\gpushark.exe FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-TA34H.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-INECE.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-CBV6K.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-GLK25.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-9TLHP.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-33H38.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-STGF3.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-0GGDR.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-3HLJU.tmp FurMark_1.31.0.0_Setup.tmp File opened for modification C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\core3d.dll FurMark_1.31.0.0_Setup.tmp File opened for modification C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\zlib1.dll FurMark_1.31.0.0_Setup.tmp File opened for modification C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\cpuburner.exe FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\unins000.dat FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-JJRV6.tmp FurMark_1.31.0.0_Setup.tmp File opened for modification C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark_0001.txt FurMark.exe File opened for modification C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-KMVA4.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-LEP8F.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-SJT8R.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-CONP4.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-DNQPA.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-37MF4.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-TUKD4.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-R35IA.tmp FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\screenshots\is-57GME.tmp FurMark_1.31.0.0_Setup.tmp File opened for modification C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\unins000.dat FurMark_1.31.0.0_Setup.tmp File opened for modification C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\gpuz.exe FurMark_1.31.0.0_Setup.tmp File opened for modification C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll FurMark_1.31.0.0_Setup.tmp File created C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\sound\is-VS6M2.tmp FurMark_1.31.0.0_Setup.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
FurMark.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 FurMark.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString FurMark.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
FurMark_1.31.0.0_Setup.tmpmsedge.exepid process 3376 FurMark_1.31.0.0_Setup.tmp 3376 FurMark_1.31.0.0_Setup.tmp 3648 msedge.exe 3648 msedge.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
FurMark_1.31.0.0_Setup.tmppid process 3376 FurMark_1.31.0.0_Setup.tmp -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
FurMark_1.31.0.0_Setup.exeFurMark_1.31.0.0_Setup.tmpmsedge.exedescription pid process target process PID 2220 wrote to memory of 3376 2220 FurMark_1.31.0.0_Setup.exe FurMark_1.31.0.0_Setup.tmp PID 2220 wrote to memory of 3376 2220 FurMark_1.31.0.0_Setup.exe FurMark_1.31.0.0_Setup.tmp PID 2220 wrote to memory of 3376 2220 FurMark_1.31.0.0_Setup.exe FurMark_1.31.0.0_Setup.tmp PID 3376 wrote to memory of 5016 3376 FurMark_1.31.0.0_Setup.tmp FurMark.exe PID 3376 wrote to memory of 5016 3376 FurMark_1.31.0.0_Setup.tmp FurMark.exe PID 3376 wrote to memory of 5016 3376 FurMark_1.31.0.0_Setup.tmp FurMark.exe PID 3376 wrote to memory of 4424 3376 FurMark_1.31.0.0_Setup.tmp msedge.exe PID 3376 wrote to memory of 4424 3376 FurMark_1.31.0.0_Setup.tmp msedge.exe PID 4424 wrote to memory of 1084 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1084 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 4276 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 3648 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 3648 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe PID 4424 wrote to memory of 1968 4424 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\FurMark_1.31.0.0_Setup.exe"C:\Users\Admin\AppData\Local\Temp\FurMark_1.31.0.0_Setup.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-NJIM0.tmp\FurMark_1.31.0.0_Setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-NJIM0.tmp\FurMark_1.31.0.0_Setup.tmp" /SL5="$B0052,12019398,832512,C:\Users\Admin\AppData\Local\Temp\FurMark_1.31.0.0_Setup.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe"C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ozone3d.net/redirect.php?id=2013⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff906f246f8,0x7ff906f24708,0x7ff906f247184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11905321864115468715,8204785048279165266,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11905321864115468715,8204785048279165266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11905321864115468715,8204785048279165266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:84⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dllFilesize
889KB
MD5cb1c50b16863e835371a2a8fcea3a653
SHA19b98f2aefe5a2d7f7b27d0cf3422746a54635cec
SHA256a2ed0dd0a52847645a05a2c61f64284cb5cbefa9cd8e168af5e8c6138ef7fe4b
SHA512df619f4f85cd9bd464e9216f7b6a9414898cf7f5e293a741f033b5a7259da94e0b65860b8b3ca244afdb8eee93a9cfbe56af88d742760aa00353332897fe06de
-
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dllFilesize
889KB
MD5cb1c50b16863e835371a2a8fcea3a653
SHA19b98f2aefe5a2d7f7b27d0cf3422746a54635cec
SHA256a2ed0dd0a52847645a05a2c61f64284cb5cbefa9cd8e168af5e8c6138ef7fe4b
SHA512df619f4f85cd9bd464e9216f7b6a9414898cf7f5e293a741f033b5a7259da94e0b65860b8b3ca244afdb8eee93a9cfbe56af88d742760aa00353332897fe06de
-
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exeFilesize
2.9MB
MD54e988590c55b3e0f34e81e92db10cc9e
SHA1af7a996073be1b7fd204720f7fee04921767f794
SHA256af541ea37e276af0c5c341ced297608764acc384c4bad0a2d790182a0bcc57c1
SHA512545b7b546a693d4dabbd4605d09c9edfd978f559db2b3334cd24c59cc8631f3c65c95e48d9a96c2cd472db4c6669cd40d2ef9180903625b5cc6bc85e90b668f2
-
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exeFilesize
2.9MB
MD54e988590c55b3e0f34e81e92db10cc9e
SHA1af7a996073be1b7fd204720f7fee04921767f794
SHA256af541ea37e276af0c5c341ced297608764acc384c4bad0a2d790182a0bcc57c1
SHA512545b7b546a693d4dabbd4605d09c9edfd978f559db2b3334cd24c59cc8631f3c65c95e48d9a96c2cd472db4c6669cd40d2ef9180903625b5cc6bc85e90b668f2
-
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\core3d.dllFilesize
1.9MB
MD5f9a508f4a8209193a334bca97d8a441a
SHA1370c4db76180eac57313c18aaa562a1556a157f6
SHA256710f0b1bf5d08923e9721bdf79b03ae49e0d04f40758fafbf5f8f4b1fee88147
SHA5127ba10ecf4d7e95494f7841f2938b65366b93afabed6c8ddc7ec3eddf37c12a0ec458c5f8e25304c68aa3e1322734f138493c3396705c6b18669ac8ec2f8d15cf
-
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\core3d.dllFilesize
1.9MB
MD5f9a508f4a8209193a334bca97d8a441a
SHA1370c4db76180eac57313c18aaa562a1556a157f6
SHA256710f0b1bf5d08923e9721bdf79b03ae49e0d04f40758fafbf5f8f4b1fee88147
SHA5127ba10ecf4d7e95494f7841f2938b65366b93afabed6c8ddc7ec3eddf37c12a0ec458c5f8e25304c68aa3e1322734f138493c3396705c6b18669ac8ec2f8d15cf
-
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\startup_options.xmlFilesize
1013B
MD5b913978e5db3eaedc60d2e93b2e6880a
SHA14030fe568631e2b58839d0ba4c4211a94c0e6eb9
SHA256f1542becf5b77d8eccb869b7f16f92f5ee9d602bc74f72adf9f132ef81dd2ef3
SHA51254cb0886d3e9386492d63b6f6383820078d3afc0e1ce292efc7fa0c2adf05077757654dfa39eba54beeea11c6324a8a5a1a72649343088cd7e22238c6de820ba
-
C:\Users\Admin\AppData\Local\Temp\is-NJIM0.tmp\FurMark_1.31.0.0_Setup.tmpFilesize
3.0MB
MD5939a0c062e0849746a9b90ae4323a411
SHA1efff0195c9510916145eacbc69c6082a699c9158
SHA256d42046246bbb78670480bb9e87b83221d6de868a38ffdf48245b33afc9c90003
SHA512a9d132d60e314ca3913f15e137bc0a2a370316677c2a75d88eabee25035f3241aa8b6360a60536698d2c79ee52b9892c1c5121debb02f8658f18d8663e245fea
-
C:\Users\Admin\AppData\Local\Temp\is-NJIM0.tmp\FurMark_1.31.0.0_Setup.tmpFilesize
3.0MB
MD5939a0c062e0849746a9b90ae4323a411
SHA1efff0195c9510916145eacbc69c6082a699c9158
SHA256d42046246bbb78670480bb9e87b83221d6de868a38ffdf48245b33afc9c90003
SHA512a9d132d60e314ca3913f15e137bc0a2a370316677c2a75d88eabee25035f3241aa8b6360a60536698d2c79ee52b9892c1c5121debb02f8658f18d8663e245fea
-
\??\pipe\LOCAL\crashpad_4424_EGEPBDSCNFOLSLTDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1084-148-0x0000000000000000-mapping.dmp
-
memory/1968-156-0x0000000000000000-mapping.dmp
-
memory/2220-137-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/2220-132-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/2220-149-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/3376-134-0x0000000000000000-mapping.dmp
-
memory/3648-153-0x0000000000000000-mapping.dmp
-
memory/4276-152-0x0000000000000000-mapping.dmp
-
memory/4424-147-0x0000000000000000-mapping.dmp
-
memory/5016-138-0x0000000000000000-mapping.dmp
-
memory/5016-146-0x0000000010000000-0x00000000102A8000-memory.dmpFilesize
2.7MB
-
memory/5016-150-0x0000000010000000-0x00000000102A8000-memory.dmpFilesize
2.7MB