Analysis
-
max time kernel
153s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 18:49
Static task
static1
Behavioral task
behavioral1
Sample
4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
Resource
win10v2004-20220901-en
General
-
Target
4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
-
Size
327KB
-
MD5
5e722546e2e087938ee13117c36d5bad
-
SHA1
6ba7b440b54dbab2715009fd3a83ef04dbcaac3f
-
SHA256
4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6
-
SHA512
cf6eb1b1af503375ef0b5f6ce49c56c936d84c98ff44727bd4c7e2a0f26f98a417703d1960422da997345196b33e645a6c59d8ac66fbddb9771f43a955aa64f9
-
SSDEEP
6144:vdvMKYs9URxBI3+fypFQwx//gS4wvn24ZcDA4hHwdPbLP5JnT8DPgGp:mfjA+AQiXgBG2rDA4hQdPPbODp
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
Processes:
mscorsvw.exemscorsvw.exeOSE.EXEpid process 1688 mscorsvw.exe 560 mscorsvw.exe 1940 OSE.EXE -
Drops file in System32 directory 27 IoCs
Processes:
4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exeOSE.EXEdescription ioc process File opened for modification \??\c:\windows\SysWOW64\alg.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\syswow64\perfhost.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\locator.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\ieetwcollector.exe OSE.EXE File opened for modification \??\c:\windows\SysWOW64\msdtc.exe OSE.EXE File opened for modification \??\c:\windows\SysWOW64\snmptrap.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\vssvc.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\lsass.exe OSE.EXE File opened for modification \??\c:\windows\SysWOW64\wbengine.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\ui0detect.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\wbem\wmiApsrv.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\alg.exe OSE.EXE File opened for modification \??\c:\windows\SysWOW64\svchost.exe OSE.EXE File created \??\c:\windows\SysWOW64\msiexec.vir 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File created \??\c:\windows\SysWOW64\searchindexer.vir 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\fxssvc.exe OSE.EXE File created \??\c:\windows\SysWOW64\svchost.vir 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\dllhost.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\fxssvc.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\msiexec.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\svchost.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File created \??\c:\windows\SysWOW64\dllhost.vir 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\lsass.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\searchindexer.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\ieetwcollector.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\msdtc.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\SysWOW64\vds.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe -
Drops file in Program Files directory 14 IoCs
Processes:
4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exeOSE.EXEdescription ioc process File opened for modification \??\c:\program files\google\chrome\Application\89.0.4389.114\elevation_service.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\program files (x86)\microsoft office\office14\groove.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File created \??\c:\program files (x86)\microsoft office\office14\groove.vir 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\program files (x86)\common files\microsoft shared\source engine\ose.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\program files\windows media player\wmpnetwk.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\program files (x86)\google\update\googleupdate.exe OSE.EXE File opened for modification C:\Program Files\Internet Explorer\iexplore.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\program files (x86)\google\update\googleupdate.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File created \??\c:\program files (x86)\common files\microsoft shared\source engine\ose.vir 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe OSE.EXE File opened for modification \??\c:\program files\google\chrome\Application\89.0.4389.114\elevation_service.exe OSE.EXE File opened for modification \??\c:\program files (x86)\microsoft office\office14\groove.exe OSE.EXE -
Drops file in Windows directory 26 IoCs
Processes:
4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exeOSE.EXEmscorsvw.exedllhost.exedescription ioc process File opened for modification \??\c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\servicing\trustedinstaller.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe OSE.EXE File opened for modification \??\c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe OSE.EXE File opened for modification \??\c:\windows\ehome\ehrecvr.exe OSE.EXE File opened for modification \??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe OSE.EXE File opened for modification \??\c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe OSE.EXE File opened for modification \??\c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File created \??\c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.vir 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenservicelock.dat mscorsvw.exe File created \??\c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.vir 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\ehome\ehsched.exe OSE.EXE File opened for modification \??\c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File created C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{AF74D9DA-96D6-4727-96B3-BAD81DB7ADD9}.crmlog dllhost.exe File opened for modification \??\c:\windows\ehome\ehsched.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe OSE.EXE File created C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.lock mscorsvw.exe File opened for modification \??\c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{AF74D9DA-96D6-4727-96B3-BAD81DB7ADD9}.crmlog dllhost.exe File opened for modification \??\c:\windows\ehome\ehrecvr.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe File opened for modification \??\c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe OSE.EXE File opened for modification \??\c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe OSE.EXE File opened for modification \??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe -
Modifies data under HKEY_USERS 3 IoCs
Processes:
SearchIndexer.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones SearchIndexer.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap SearchIndexer.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes:
4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exemsiexec.exeOSE.EXESearchIndexer.exedescription pid process Token: SeTakeOwnershipPrivilege 788 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe Token: SeRestorePrivilege 892 msiexec.exe Token: SeTakeOwnershipPrivilege 892 msiexec.exe Token: SeSecurityPrivilege 892 msiexec.exe Token: SeTakeOwnershipPrivilege 1940 OSE.EXE Token: SeManageVolumePrivilege 2024 SearchIndexer.exe Token: 33 2024 SearchIndexer.exe Token: SeIncBasePriorityPrivilege 2024 SearchIndexer.exe -
Suspicious use of SetWindowsHookAW 1 IoCs
Processes:
4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exepid process 788 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
SearchProtocolHost.exepid process 1032 SearchProtocolHost.exe 1032 SearchProtocolHost.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
SearchIndexer.exedescription pid process target process PID 2024 wrote to memory of 1032 2024 SearchIndexer.exe SearchProtocolHost.exe PID 2024 wrote to memory of 1032 2024 SearchIndexer.exe SearchProtocolHost.exe PID 2024 wrote to memory of 1032 2024 SearchIndexer.exe SearchProtocolHost.exe PID 2024 wrote to memory of 1604 2024 SearchIndexer.exe SearchFilterHost.exe PID 2024 wrote to memory of 1604 2024 SearchIndexer.exe SearchFilterHost.exe PID 2024 wrote to memory of 1604 2024 SearchIndexer.exe SearchFilterHost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe"C:\Users\Admin\AppData\Local\Temp\4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe"1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookAW
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe1⤵
- Executes dropped EXE
-
C:\Windows\system32\dllhost.exeC:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}1⤵
- Drops file in Windows directory
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-575491160-2295418218-1540667289-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-575491160-2295418218-1540667289-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"2⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 5202⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXEFilesize
332KB
MD5d1d24780c916c8de6959556c639f0f11
SHA1a5a3e9d2d010ce4a2f627ab99bc26cfcdd86badb
SHA25625757548f64c22ec443104bb54bf3c47aa9c81eb2a9caf530ca2c5997296a288
SHA512152284992eb1fa99a2c48b7b72609af91f417629a8ea472723f596ca3c9ed5a22530494ff765598e900a67664103020f33666a8920f25d2a40a4a55408b0a832
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeFilesize
251KB
MD5a580f7b37a0dd7795ac248f5943893e7
SHA150f4a6152b1676b381575026b89b0265c661ac7b
SHA25610950fc8d01ef1c33d09baa8b001c6108d532adc4816603689b777d5ef67d666
SHA512d034ca4be0efe80a8b827accdba7bc06de20707fd9fdc3c47b4c6296a865d48b2bb716b62b3a02e259b1101a6eb8835d54be4e40d9f98eca1d7e2405b1b1d070
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeFilesize
251KB
MD5a580f7b37a0dd7795ac248f5943893e7
SHA150f4a6152b1676b381575026b89b0265c661ac7b
SHA25610950fc8d01ef1c33d09baa8b001c6108d532adc4816603689b777d5ef67d666
SHA512d034ca4be0efe80a8b827accdba7bc06de20707fd9fdc3c47b4c6296a865d48b2bb716b62b3a02e259b1101a6eb8835d54be4e40d9f98eca1d7e2405b1b1d070
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeFilesize
282KB
MD51997f115cc6ceb9d9bd97e2530e8306c
SHA16d15639e9b314a20ebfca7407ccee8e81f8efd35
SHA256b6490bb39d0523cdbc674f2349b6b0c74261ccc46c0e2638cf1dca3949059666
SHA512bc33f41f7b5f4e7d68a9030590e79f53d7a307bd50a3e7957a8ef0fc0007c78728a8b99e208df8f790a83de7cea525653328ccb9a206c9b91470af2d808cfb63
-
\??\c:\program files (x86)\microsoft office\office14\groove.exeFilesize
29.7MB
MD52045b908a37f2515f43df19ffbd6dd2c
SHA1a8162cbadf8f01493a04547ccf3311f4ad1ef156
SHA256b5c7b9d0d46890439e2142d1d0b9ce8fd18eb74ac7606c18c94ddfb90a6cc832
SHA512e1c42027c615ab588adb7270240b0b2d38596f09232753f560781e5b1a7df20e1947844cea865dfd5685647e93f847937fc85c142b4e009585b1d5125b817997
-
\??\c:\windows\SysWOW64\svchost.exeFilesize
212KB
MD5d9c2c21827104fe09b76fc18776a18a8
SHA1f72283552aecc5ba61a3bf009f443118bd45c416
SHA256b0197a88d236f02f4a1456b862a0b1519111efc44796c7c927689a60fcf92485
SHA512fa3ae29ce361021213263af480dcc427a5a2872af382ce474645e93ffa81e1e77913bd6186ec408143dfd83d9856dfcbe12a850d1cdf6555f8bf80195484f666
-
\??\c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exeFilesize
282KB
MD51997f115cc6ceb9d9bd97e2530e8306c
SHA16d15639e9b314a20ebfca7407ccee8e81f8efd35
SHA256b6490bb39d0523cdbc674f2349b6b0c74261ccc46c0e2638cf1dca3949059666
SHA512bc33f41f7b5f4e7d68a9030590e79f53d7a307bd50a3e7957a8ef0fc0007c78728a8b99e208df8f790a83de7cea525653328ccb9a206c9b91470af2d808cfb63
-
memory/560-62-0x0000000000400000-0x0000000000569000-memory.dmpFilesize
1.4MB
-
memory/788-54-0x0000000074E01000-0x0000000074E03000-memory.dmpFilesize
8KB
-
memory/788-56-0x0000000001000000-0x0000000001174000-memory.dmpFilesize
1.5MB
-
memory/788-55-0x0000000001000000-0x0000000001174000-memory.dmpFilesize
1.5MB
-
memory/892-63-0x000007FEFB7D1000-0x000007FEFB7D3000-memory.dmpFilesize
8KB
-
memory/1032-108-0x0000000000000000-mapping.dmp
-
memory/1604-109-0x0000000000000000-mapping.dmp
-
memory/1688-60-0x0000000010000000-0x0000000010160000-memory.dmpFilesize
1.4MB
-
memory/1688-58-0x0000000010000000-0x0000000010160000-memory.dmpFilesize
1.4MB
-
memory/1940-65-0x000000002E000000-0x000000002E176000-memory.dmpFilesize
1.5MB
-
memory/1940-70-0x000000002E000000-0x000000002E176000-memory.dmpFilesize
1.5MB
-
memory/1940-66-0x000000002E000000-0x000000002E176000-memory.dmpFilesize
1.5MB
-
memory/2024-87-0x00000000029E0000-0x00000000029F0000-memory.dmpFilesize
64KB
-
memory/2024-103-0x0000000003E70000-0x0000000003E78000-memory.dmpFilesize
32KB
-
memory/2024-106-0x0000000003E70000-0x0000000003E78000-memory.dmpFilesize
32KB
-
memory/2024-107-0x0000000003ED0000-0x0000000003ED8000-memory.dmpFilesize
32KB
-
memory/2024-71-0x00000000028E0000-0x00000000028F0000-memory.dmpFilesize
64KB