Analysis
-
max time kernel
155s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 19:33
Static task
static1
Behavioral task
behavioral1
Sample
94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exe
Resource
win7-20220812-en
General
-
Target
94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exe
-
Size
484KB
-
MD5
110743b0d71e61840ac20cf4bb6582e4
-
SHA1
687ab5a6fa7714cc8f7c2ac0a922fceb29cf900b
-
SHA256
94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028
-
SHA512
5251e3a954a61bd549cdc91c612ce9c21df72e567e81b0f3a3b9d4e72af77c65d3205455604a6ce57e08cc4f7c1c6ebd1b2db7fc9f140589cdc8dfd8feda2c3c
-
SSDEEP
12288:QG74GmEb5Ea1UVAOAeObjfC+ET+FndIiywYeAlak1:QGFmEbiayVXAeOXa+ETw3pAYk
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 1316 msedge.exe 1316 msedge.exe 3812 msedge.exe 3812 msedge.exe 4772 msedge.exe 4772 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe 4772 msedge.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
msedge.exepid process 4772 msedge.exe 4772 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exemsedge.exemsedge.exedescription pid process target process PID 5016 wrote to memory of 4772 5016 94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exe msedge.exe PID 5016 wrote to memory of 4772 5016 94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exe msedge.exe PID 4772 wrote to memory of 4696 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4696 4772 msedge.exe msedge.exe PID 5016 wrote to memory of 1576 5016 94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exe msedge.exe PID 5016 wrote to memory of 1576 5016 94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exe msedge.exe PID 1576 wrote to memory of 676 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 676 1576 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 4772 wrote to memory of 4252 4772 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe PID 1576 wrote to memory of 4172 1576 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exe"C:\Users\Admin\AppData\Local\Temp\94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8162446f8,0x7ff816244708,0x7ff8162447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,15518684942888303141,17617102100332840605,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=94b51171b43c7ede0d9d50052d6a5f0c627cd0da2dfdb70494ece1df0b737028.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8162446f8,0x7ff816244708,0x7ff8162447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13000363272378932872,6522087664339629657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13000363272378932872,6522087664339629657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5727230d7b0f8df1633bc043529f5c15d
SHA15b24d959d4c5dcf8125125dbee37225d6160af18
SHA25654961bcb62812886877fcd3ad3896891099cc4bddc51ea6f07a606cf5124d998
SHA51235735f0dadf7ee69bcccd5e9120d6a55db39138eff58acbe4ea8116fb007c54a024028dccd5f25856ffcf33e1f3bdccfd8d0e2527130a16351debb04c27b8df9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD544b5a4b3297739cf3df0ce8bd2ba9f3e
SHA16917bf04d952d5f69517df2c983215304feff092
SHA256ee9b193c515f8b1eb8feae15ade3a58d63cefa8d8bd2d6ccc8315ea4dde58dcd
SHA51262ada6bd8f50654f1b1bed6af3f8b71aeef44386c39f3c6fd15da2a571cd63fd13a6fd75485fe95f798eccecb79ed2a42ab1474a70d5f6e9255f58217ddfa7f7
-
\??\pipe\LOCAL\crashpad_1576_EZJOOQVMTAHOKDQWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4772_GJBQZIZWRKDCUTVTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/536-166-0x0000000000000000-mapping.dmp
-
memory/676-135-0x0000000000000000-mapping.dmp
-
memory/1072-148-0x0000000000000000-mapping.dmp
-
memory/1316-142-0x0000000000000000-mapping.dmp
-
memory/1460-151-0x0000000000000000-mapping.dmp
-
memory/1576-134-0x0000000000000000-mapping.dmp
-
memory/2724-162-0x0000000000000000-mapping.dmp
-
memory/2928-153-0x0000000000000000-mapping.dmp
-
memory/3812-144-0x0000000000000000-mapping.dmp
-
memory/3824-164-0x0000000000000000-mapping.dmp
-
memory/4152-160-0x0000000000000000-mapping.dmp
-
memory/4172-143-0x0000000000000000-mapping.dmp
-
memory/4188-155-0x0000000000000000-mapping.dmp
-
memory/4252-140-0x0000000000000000-mapping.dmp
-
memory/4344-158-0x0000000000000000-mapping.dmp
-
memory/4696-133-0x0000000000000000-mapping.dmp
-
memory/4772-132-0x0000000000000000-mapping.dmp
-
memory/4916-168-0x0000000000000000-mapping.dmp