Analysis
-
max time kernel
189s -
max time network
195s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
24-11-2022 00:10
General
-
Target
a360c27a49a39d2207bbc2e1b2b0452c2003730d009c676eaf524527df59644c.exe
-
Size
520KB
-
MD5
28e70b6d6910dfec97f7f0d26f58dbf0
-
SHA1
9fe8c76e3c5c5f80e1cc9db02fd130c6a81ec8c0
-
SHA256
a360c27a49a39d2207bbc2e1b2b0452c2003730d009c676eaf524527df59644c
-
SHA512
acbb9a2583843e2ed060e850029b7b50e14b12d3a7bd1c22380a5812a15fe7ade4b6ec2c40ba63b5b6d91ecc2b7501f15393882a37ca38993603bf9a7a7072ff
-
SSDEEP
12288:je5GA6wigctwxaJOri8KuMhEAF/Lc0CTbkwnj3Zz:C5KwTIzJSPK/hHjXoBj3Zz
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
-
Executes dropped EXE 11 IoCs
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself 1 IoCs
-
Loads dropped DLL 10 IoCs
-
Unexpected DNS network traffic destination 5 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application 2 TTPs 50 IoCs
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 2 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of UnmapMainImage 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Modifies WinLogon for persistence
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\Temp\a360c27a49a39d2207bbc2e1b2b0452c2003730d009c676eaf524527df59644c.exe"C:\Users\Admin\AppData\Local\Temp\a360c27a49a39d2207bbc2e1b2b0452c2003730d009c676eaf524527df59644c.exe"2⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\jdFfFL.exeC:\Users\Admin\jdFfFL.exe3⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\xookaex.exe"C:\Users\Admin\xookaex.exe"4⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del jdFfFL.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\2sag.exeC:\Users\Admin\2sag.exe3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\2sag.exe"C:\Users\Admin\2sag.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\2sag.exe"C:\Users\Admin\2sag.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\2sag.exe"C:\Users\Admin\2sag.exe"4⤵
- Executes dropped EXE
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\2sag.exe"C:\Users\Admin\2sag.exe"4⤵
- Executes dropped EXE
-
C:\Users\Admin\2sag.exe"C:\Users\Admin\2sag.exe"4⤵
- Executes dropped EXE
-
C:\Users\Admin\3sag.exeC:\Users\Admin\3sag.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\07f9f531\X*0*bc*cbe65a0d*31.193.3.240:534⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del a360c27a49a39d2207bbc2e1b2b0452c2003730d009c676eaf524527df59644c.exe3⤵
- Deletes itself
-
C:\Windows\SysWOW64\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\2sag.exeFilesize
128KB
MD5924fe045ea0c544f82d322b9e370da60
SHA168ef8b8426fc7f53318cfbf648803aec7429e352
SHA256480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d
SHA5120d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2
-
C:\Users\Admin\2sag.exeFilesize
128KB
MD5924fe045ea0c544f82d322b9e370da60
SHA168ef8b8426fc7f53318cfbf648803aec7429e352
SHA256480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d
SHA5120d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2
-
C:\Users\Admin\2sag.exeFilesize
128KB
MD5924fe045ea0c544f82d322b9e370da60
SHA168ef8b8426fc7f53318cfbf648803aec7429e352
SHA256480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d
SHA5120d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2
-
C:\Users\Admin\2sag.exeFilesize
128KB
MD5924fe045ea0c544f82d322b9e370da60
SHA168ef8b8426fc7f53318cfbf648803aec7429e352
SHA256480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d
SHA5120d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2
-
C:\Users\Admin\2sag.exeFilesize
128KB
MD5924fe045ea0c544f82d322b9e370da60
SHA168ef8b8426fc7f53318cfbf648803aec7429e352
SHA256480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d
SHA5120d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2
-
C:\Users\Admin\2sag.exeFilesize
128KB
MD5924fe045ea0c544f82d322b9e370da60
SHA168ef8b8426fc7f53318cfbf648803aec7429e352
SHA256480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d
SHA5120d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2
-
C:\Users\Admin\2sag.exeFilesize
128KB
MD5924fe045ea0c544f82d322b9e370da60
SHA168ef8b8426fc7f53318cfbf648803aec7429e352
SHA256480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d
SHA5120d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2
-
C:\Users\Admin\3sag.exeFilesize
279KB
MD5bc605c3a569330b1b08106d694366d7c
SHA171ee2d38c8da32dea44ad2c254a1499b98333a92
SHA25684205e9b8a9ed3bc40be0cb2fb17d8ab16de65c01c282bdb664846940749661d
SHA512b70fc535e7638d326e852ab79e5d328d4c5f111b8a8af4b58da01754ecb77465f5c62c3f68c72573a1e4b6345393862f5e6e3b269754fe1feaf5ba8b86c17d4c
-
C:\Users\Admin\3sag.exeFilesize
279KB
MD5bc605c3a569330b1b08106d694366d7c
SHA171ee2d38c8da32dea44ad2c254a1499b98333a92
SHA25684205e9b8a9ed3bc40be0cb2fb17d8ab16de65c01c282bdb664846940749661d
SHA512b70fc535e7638d326e852ab79e5d328d4c5f111b8a8af4b58da01754ecb77465f5c62c3f68c72573a1e4b6345393862f5e6e3b269754fe1feaf5ba8b86c17d4c
-
C:\Users\Admin\AppData\Local\07f9f531\XFilesize
38KB
MD572de2dadaf875e2fd7614e100419033c
SHA15f17c5330e91a42daa9ff24c4aa602bd1a72bf6e
SHA256c44993768a4dc5a58ddbfc9cb05ce2a7d3a0a56be45643d70a72bcf811b6c381
SHA512e2520a53326a7d3b056e65d0cf60e9d823ffb34ca026cdddc7ea3a714f8396c53c37e13a887fc86a7dd7076c97fdfad53c3f5a68342ebc1bdec948c76bda8df3
-
C:\Users\Admin\jdFfFL.exeFilesize
216KB
MD55a9281e62a888f4ea82402cec883292d
SHA1b997d0f7f8aecd9730b03f5e5b6b63466890ae94
SHA256cd3b178a6469ddb3bf95a7425a2dbf77a71cb83d813509dcbc2357263693cd23
SHA51299f6248391a17417fe6ca166a72203e44e3ebd31d1fd25e5dc45513ebd7d974a73184854c79baaeba59becf702d3f248c33b69361d36f03647dce177c324678b
-
C:\Users\Admin\jdFfFL.exeFilesize
216KB
MD55a9281e62a888f4ea82402cec883292d
SHA1b997d0f7f8aecd9730b03f5e5b6b63466890ae94
SHA256cd3b178a6469ddb3bf95a7425a2dbf77a71cb83d813509dcbc2357263693cd23
SHA51299f6248391a17417fe6ca166a72203e44e3ebd31d1fd25e5dc45513ebd7d974a73184854c79baaeba59becf702d3f248c33b69361d36f03647dce177c324678b
-
C:\Users\Admin\xookaex.exeFilesize
216KB
MD513af9868577beb66ab591eb5fde4265c
SHA14ac4bf197f9ac4d12ac6b4563b326230a757bfc5
SHA25609a90412d52a3aa5e4bd9b94edf7a11f793edb695361fed8a3001b9f510067e9
SHA51276dffe9e3832d53f53c8cd67da20c7839396547ff391d7a49037e973f94af76a1a303d95b0be9756842e5d82443ad9081b52c768a3a4113c7ce8b623c0f8c186
-
C:\Users\Admin\xookaex.exeFilesize
216KB
MD513af9868577beb66ab591eb5fde4265c
SHA14ac4bf197f9ac4d12ac6b4563b326230a757bfc5
SHA25609a90412d52a3aa5e4bd9b94edf7a11f793edb695361fed8a3001b9f510067e9
SHA51276dffe9e3832d53f53c8cd67da20c7839396547ff391d7a49037e973f94af76a1a303d95b0be9756842e5d82443ad9081b52c768a3a4113c7ce8b623c0f8c186
-
C:\Windows\system32\consrv.dllFilesize
29KB
MD51149c1bd71248a9d170e4568fb08df30
SHA16f77f183d65709901f476c5d6eebaed060a495f9
SHA256c2dcf387cb4d218f50463338291e7db38afbdab9aab88fc54e7f9283df1792d1
SHA5129e6eac8facb23b38552d37c9f3cb24098f871d2885ecb3630fcd0199c5600b12a42f095f9fbeb90e5632496491d46fd987660cdda695e92dc386bd482d3ff459
-
\Users\Admin\2sag.exeFilesize
128KB
MD5924fe045ea0c544f82d322b9e370da60
SHA168ef8b8426fc7f53318cfbf648803aec7429e352
SHA256480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d
SHA5120d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2
-
\Users\Admin\2sag.exeFilesize
128KB
MD5924fe045ea0c544f82d322b9e370da60
SHA168ef8b8426fc7f53318cfbf648803aec7429e352
SHA256480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d
SHA5120d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2
-
\Users\Admin\3sag.exeFilesize
279KB
MD5bc605c3a569330b1b08106d694366d7c
SHA171ee2d38c8da32dea44ad2c254a1499b98333a92
SHA25684205e9b8a9ed3bc40be0cb2fb17d8ab16de65c01c282bdb664846940749661d
SHA512b70fc535e7638d326e852ab79e5d328d4c5f111b8a8af4b58da01754ecb77465f5c62c3f68c72573a1e4b6345393862f5e6e3b269754fe1feaf5ba8b86c17d4c
-
\Users\Admin\3sag.exeFilesize
279KB
MD5bc605c3a569330b1b08106d694366d7c
SHA171ee2d38c8da32dea44ad2c254a1499b98333a92
SHA25684205e9b8a9ed3bc40be0cb2fb17d8ab16de65c01c282bdb664846940749661d
SHA512b70fc535e7638d326e852ab79e5d328d4c5f111b8a8af4b58da01754ecb77465f5c62c3f68c72573a1e4b6345393862f5e6e3b269754fe1feaf5ba8b86c17d4c
-
\Users\Admin\AppData\Local\07f9f531\XFilesize
38KB
MD572de2dadaf875e2fd7614e100419033c
SHA15f17c5330e91a42daa9ff24c4aa602bd1a72bf6e
SHA256c44993768a4dc5a58ddbfc9cb05ce2a7d3a0a56be45643d70a72bcf811b6c381
SHA512e2520a53326a7d3b056e65d0cf60e9d823ffb34ca026cdddc7ea3a714f8396c53c37e13a887fc86a7dd7076c97fdfad53c3f5a68342ebc1bdec948c76bda8df3
-
\Users\Admin\AppData\Local\07f9f531\XFilesize
38KB
MD572de2dadaf875e2fd7614e100419033c
SHA15f17c5330e91a42daa9ff24c4aa602bd1a72bf6e
SHA256c44993768a4dc5a58ddbfc9cb05ce2a7d3a0a56be45643d70a72bcf811b6c381
SHA512e2520a53326a7d3b056e65d0cf60e9d823ffb34ca026cdddc7ea3a714f8396c53c37e13a887fc86a7dd7076c97fdfad53c3f5a68342ebc1bdec948c76bda8df3
-
\Users\Admin\jdFfFL.exeFilesize
216KB
MD55a9281e62a888f4ea82402cec883292d
SHA1b997d0f7f8aecd9730b03f5e5b6b63466890ae94
SHA256cd3b178a6469ddb3bf95a7425a2dbf77a71cb83d813509dcbc2357263693cd23
SHA51299f6248391a17417fe6ca166a72203e44e3ebd31d1fd25e5dc45513ebd7d974a73184854c79baaeba59becf702d3f248c33b69361d36f03647dce177c324678b
-
\Users\Admin\jdFfFL.exeFilesize
216KB
MD55a9281e62a888f4ea82402cec883292d
SHA1b997d0f7f8aecd9730b03f5e5b6b63466890ae94
SHA256cd3b178a6469ddb3bf95a7425a2dbf77a71cb83d813509dcbc2357263693cd23
SHA51299f6248391a17417fe6ca166a72203e44e3ebd31d1fd25e5dc45513ebd7d974a73184854c79baaeba59becf702d3f248c33b69361d36f03647dce177c324678b
-
\Users\Admin\xookaex.exeFilesize
216KB
MD513af9868577beb66ab591eb5fde4265c
SHA14ac4bf197f9ac4d12ac6b4563b326230a757bfc5
SHA25609a90412d52a3aa5e4bd9b94edf7a11f793edb695361fed8a3001b9f510067e9
SHA51276dffe9e3832d53f53c8cd67da20c7839396547ff391d7a49037e973f94af76a1a303d95b0be9756842e5d82443ad9081b52c768a3a4113c7ce8b623c0f8c186
-
\Users\Admin\xookaex.exeFilesize
216KB
MD513af9868577beb66ab591eb5fde4265c
SHA14ac4bf197f9ac4d12ac6b4563b326230a757bfc5
SHA25609a90412d52a3aa5e4bd9b94edf7a11f793edb695361fed8a3001b9f510067e9
SHA51276dffe9e3832d53f53c8cd67da20c7839396547ff391d7a49037e973f94af76a1a303d95b0be9756842e5d82443ad9081b52c768a3a4113c7ce8b623c0f8c186
-
\Windows\System32\consrv.dllFilesize
29KB
MD51149c1bd71248a9d170e4568fb08df30
SHA16f77f183d65709901f476c5d6eebaed060a495f9
SHA256c2dcf387cb4d218f50463338291e7db38afbdab9aab88fc54e7f9283df1792d1
SHA5129e6eac8facb23b38552d37c9f3cb24098f871d2885ecb3630fcd0199c5600b12a42f095f9fbeb90e5632496491d46fd987660cdda695e92dc386bd482d3ff459
-
\systemroot\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}Filesize
2KB
MD5744bea559cde36e7dcfec62f1b4d1949
SHA1ec14ff43bd1e63bb43e7df9ccaba3b76a0796c23
SHA256719e5e253059c12a4784bdcbacceae6daf74a59d200e5679e9a92fe509d15a70
SHA512f82d9cf9275139714db53c623a30695ad89aa19f479c4518e8a901d57aa91f421eda73389f7330dfeb99b2828d10c797b7d9b63db561254d2c46b42898ca0f04
-
memory/332-164-0x0000000001F90000-0x0000000001F9B000-memory.dmpFilesize
44KB
-
memory/520-67-0x0000000000000000-mapping.dmp
-
memory/632-153-0x0000000000000000-mapping.dmp
-
memory/928-106-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/928-113-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/928-101-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/928-102-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/928-105-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/928-107-0x0000000000424F20-mapping.dmp
-
memory/928-115-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/928-128-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/1256-59-0x0000000000000000-mapping.dmp
-
memory/1272-165-0x0000000002930000-0x0000000002938000-memory.dmpFilesize
32KB
-
memory/1272-155-0x0000000002950000-0x000000000295B000-memory.dmpFilesize
44KB
-
memory/1272-145-0x0000000002930000-0x0000000002936000-memory.dmpFilesize
24KB
-
memory/1272-141-0x0000000002930000-0x0000000002936000-memory.dmpFilesize
24KB
-
memory/1272-137-0x0000000002930000-0x0000000002936000-memory.dmpFilesize
24KB
-
memory/1272-159-0x0000000002950000-0x000000000295B000-memory.dmpFilesize
44KB
-
memory/1272-169-0x0000000002930000-0x0000000002938000-memory.dmpFilesize
32KB
-
memory/1272-166-0x0000000002960000-0x000000000296B000-memory.dmpFilesize
44KB
-
memory/1272-163-0x0000000002950000-0x000000000295B000-memory.dmpFilesize
44KB
-
memory/1344-114-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1344-122-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1344-112-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1344-120-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1344-116-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1344-117-0x0000000000405790-mapping.dmp
-
memory/1392-56-0x00000000766F1000-0x00000000766F3000-memory.dmpFilesize
8KB
-
memory/1496-99-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/1496-90-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/1496-92-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/1496-98-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/1496-87-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/1496-95-0x000000000040C520-mapping.dmp
-
memory/1496-127-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/1496-93-0x0000000000400000-0x000000000040E000-memory.dmpFilesize
56KB
-
memory/1548-84-0x0000000000405690-mapping.dmp
-
memory/1548-89-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1548-80-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1548-146-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1548-81-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1548-82-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1548-83-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1548-88-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1548-123-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB
-
memory/1640-132-0x0000000000000000-mapping.dmp
-
memory/1640-148-0x00000000006BC000-0x00000000006F2000-memory.dmpFilesize
216KB
-
memory/1640-173-0x00000000006BC000-0x00000000006F2000-memory.dmpFilesize
216KB
-
memory/1640-172-0x0000000030670000-0x00000000306C2000-memory.dmpFilesize
328KB
-
memory/1640-147-0x0000000030670000-0x00000000306C2000-memory.dmpFilesize
328KB
-
memory/1640-135-0x0000000030670000-0x00000000306C2000-memory.dmpFilesize
328KB
-
memory/1640-136-0x00000000006BC000-0x00000000006F2000-memory.dmpFilesize
216KB
-
memory/1644-171-0x0000000000000000-mapping.dmp
-
memory/1644-121-0x0000000000000000-mapping.dmp
-
memory/1720-125-0x0000000000000000-mapping.dmp
-
memory/1804-168-0x0000000000000000-mapping.dmp
-
memory/1880-75-0x0000000000000000-mapping.dmp
-
memory/1964-129-0x0000000000000000-mapping.dmp
-
memory/2008-167-0x0000000000000000-mapping.dmp