Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28-04-2024 05:25
Behavioral task
behavioral1
Sample
main.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
main.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20240419-en
General
-
Target
main.exe
-
Size
5.9MB
-
MD5
3354496085a148bf84e4b9249d8ab9b2
-
SHA1
7f5a53faa73edac8a2999bc8624b8c8ce943f06a
-
SHA256
43cf51ea2ac2ea60017c077d196d9719c6217548510619aa8ac18c6657163c55
-
SHA512
66c9f316002593745d1b7e141c5c0cc70695f50f140ac2b9b32753a89ac3c482a3ca57afa825a2bd6c6e72855ac4367eb0ea1b933974fc3592739b63a93c71df
-
SSDEEP
98304:TXzhW148Pd+Tf1mpcOldJQ3/V5s18HdDo45ow3ONp2MTJs9wplordZNum6vukIP0:zFK4s0TfLOdo/bs1moU2N8AMmofNum6z
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
Processes:
explorer.exesvchost.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" svchost.exe -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 6 IoCs
Processes:
spoolsv.exesvchost.exespoolsv.exemain.exeicsys.icn.exeexplorer.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ spoolsv.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ svchost.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ spoolsv.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ main.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ icsys.icn.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explorer.exe -
Checks BIOS information in registry 2 TTPs 12 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
main.exeicsys.icn.exeexplorer.exespoolsv.exesvchost.exespoolsv.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion main.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion icsys.icn.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion spoolsv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion main.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion icsys.icn.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion spoolsv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion spoolsv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion spoolsv.exe -
Executes dropped EXE 6 IoCs
Processes:
main.exe icsys.icn.exeexplorer.exespoolsv.exesvchost.exespoolsv.exepid process 2152 main.exe 2556 icsys.icn.exe 2632 explorer.exe 2728 spoolsv.exe 2520 svchost.exe 2528 spoolsv.exe -
Loads dropped DLL 7 IoCs
Processes:
main.exeicsys.icn.exeexplorer.exespoolsv.exesvchost.exepid process 1540 main.exe 2940 1540 main.exe 2556 icsys.icn.exe 2632 explorer.exe 2728 spoolsv.exe 2520 svchost.exe -
Processes:
resource yara_rule behavioral1/memory/1540-0-0x0000000000400000-0x0000000000A16000-memory.dmp themida C:\Windows\Resources\Themes\icsys.icn.exe themida behavioral1/memory/2556-16-0x0000000000400000-0x0000000000A16000-memory.dmp themida C:\Windows\Resources\Themes\explorer.exe themida behavioral1/memory/2632-28-0x0000000000400000-0x0000000000A16000-memory.dmp themida \Windows\Resources\spoolsv.exe themida behavioral1/memory/2728-40-0x0000000000400000-0x0000000000A16000-memory.dmp themida \Windows\Resources\svchost.exe themida behavioral1/memory/1540-51-0x0000000000400000-0x0000000000A16000-memory.dmp themida behavioral1/memory/2520-58-0x0000000000400000-0x0000000000A16000-memory.dmp themida behavioral1/memory/2528-59-0x0000000000400000-0x0000000000A16000-memory.dmp themida behavioral1/memory/2728-67-0x0000000000400000-0x0000000000A16000-memory.dmp themida behavioral1/memory/2528-65-0x0000000000400000-0x0000000000A16000-memory.dmp themida behavioral1/memory/1540-69-0x0000000000400000-0x0000000000A16000-memory.dmp themida behavioral1/memory/2556-68-0x0000000000400000-0x0000000000A16000-memory.dmp themida behavioral1/memory/2632-70-0x0000000000400000-0x0000000000A16000-memory.dmp themida behavioral1/memory/2520-71-0x0000000000400000-0x0000000000A16000-memory.dmp themida behavioral1/memory/2520-75-0x0000000000400000-0x0000000000A16000-memory.dmp themida behavioral1/memory/2632-84-0x0000000000400000-0x0000000000A16000-memory.dmp themida -
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
explorer.exesvchost.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" svchost.exe -
Processes:
main.exeicsys.icn.exeexplorer.exespoolsv.exesvchost.exespoolsv.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA main.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA icsys.icn.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA explorer.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA spoolsv.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA svchost.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA spoolsv.exe -
Drops file in System32 directory 2 IoCs
Processes:
svchost.exeexplorer.exedescription ioc process File opened for modification C:\Windows\SysWOW64\explorer.exe svchost.exe File opened for modification C:\Windows\SysWOW64\explorer.exe explorer.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs
Processes:
main.exeicsys.icn.exeexplorer.exespoolsv.exesvchost.exespoolsv.exepid process 1540 main.exe 2556 icsys.icn.exe 2632 explorer.exe 2728 spoolsv.exe 2520 svchost.exe 2528 spoolsv.exe -
Drops file in Windows directory 5 IoCs
Processes:
explorer.exespoolsv.exemain.exeicsys.icn.exedescription ioc process File opened for modification \??\c:\windows\resources\spoolsv.exe explorer.exe File opened for modification \??\c:\windows\resources\svchost.exe spoolsv.exe File opened for modification C:\Windows\Resources\tjud.exe explorer.exe File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe main.exe File opened for modification \??\c:\windows\resources\themes\explorer.exe icsys.icn.exe -
Detects Pyinstaller 1 IoCs
Processes:
resource yara_rule \Users\Admin\AppData\Local\Temp\main.exe pyinstaller -
Creates scheduled task(s) 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes:
schtasks.exeschtasks.exeschtasks.exepid process 576 schtasks.exe 1216 schtasks.exe 1436 schtasks.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
main.exeicsys.icn.exeexplorer.exesvchost.exepid process 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 1540 main.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2632 explorer.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe 2520 svchost.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
explorer.exesvchost.exepid process 2632 explorer.exe 2520 svchost.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
Processes:
main.exeicsys.icn.exeexplorer.exespoolsv.exesvchost.exespoolsv.exepid process 1540 main.exe 1540 main.exe 2556 icsys.icn.exe 2556 icsys.icn.exe 2632 explorer.exe 2632 explorer.exe 2728 spoolsv.exe 2728 spoolsv.exe 2520 svchost.exe 2520 svchost.exe 2528 spoolsv.exe 2528 spoolsv.exe -
Suspicious use of WriteProcessMemory 40 IoCs
Processes:
main.exeicsys.icn.exeexplorer.exespoolsv.exesvchost.exedescription pid process target process PID 1540 wrote to memory of 2152 1540 main.exe main.exe PID 1540 wrote to memory of 2152 1540 main.exe main.exe PID 1540 wrote to memory of 2152 1540 main.exe main.exe PID 1540 wrote to memory of 2152 1540 main.exe main.exe PID 1540 wrote to memory of 2556 1540 main.exe icsys.icn.exe PID 1540 wrote to memory of 2556 1540 main.exe icsys.icn.exe PID 1540 wrote to memory of 2556 1540 main.exe icsys.icn.exe PID 1540 wrote to memory of 2556 1540 main.exe icsys.icn.exe PID 2556 wrote to memory of 2632 2556 icsys.icn.exe explorer.exe PID 2556 wrote to memory of 2632 2556 icsys.icn.exe explorer.exe PID 2556 wrote to memory of 2632 2556 icsys.icn.exe explorer.exe PID 2556 wrote to memory of 2632 2556 icsys.icn.exe explorer.exe PID 2632 wrote to memory of 2728 2632 explorer.exe spoolsv.exe PID 2632 wrote to memory of 2728 2632 explorer.exe spoolsv.exe PID 2632 wrote to memory of 2728 2632 explorer.exe spoolsv.exe PID 2632 wrote to memory of 2728 2632 explorer.exe spoolsv.exe PID 2728 wrote to memory of 2520 2728 spoolsv.exe svchost.exe PID 2728 wrote to memory of 2520 2728 spoolsv.exe svchost.exe PID 2728 wrote to memory of 2520 2728 spoolsv.exe svchost.exe PID 2728 wrote to memory of 2520 2728 spoolsv.exe svchost.exe PID 2520 wrote to memory of 2528 2520 svchost.exe spoolsv.exe PID 2520 wrote to memory of 2528 2520 svchost.exe spoolsv.exe PID 2520 wrote to memory of 2528 2520 svchost.exe spoolsv.exe PID 2520 wrote to memory of 2528 2520 svchost.exe spoolsv.exe PID 2632 wrote to memory of 1432 2632 explorer.exe Explorer.exe PID 2632 wrote to memory of 1432 2632 explorer.exe Explorer.exe PID 2632 wrote to memory of 1432 2632 explorer.exe Explorer.exe PID 2632 wrote to memory of 1432 2632 explorer.exe Explorer.exe PID 2520 wrote to memory of 576 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 576 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 576 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 576 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 1216 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 1216 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 1216 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 1216 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 1436 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 1436 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 1436 2520 svchost.exe schtasks.exe PID 2520 wrote to memory of 1436 2520 svchost.exe schtasks.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\main.exe"C:\Users\Admin\AppData\Local\Temp\main.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\users\admin\appdata\local\temp\main.exec:\users\admin\appdata\local\temp\main.exe2⤵
- Executes dropped EXE
-
C:\Windows\Resources\Themes\icsys.icn.exeC:\Windows\Resources\Themes\icsys.icn.exe2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\themes\explorer.exec:\windows\resources\themes\explorer.exe3⤵
- Modifies visiblity of hidden/system files in Explorer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\spoolsv.exec:\windows\resources\spoolsv.exe SE4⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\svchost.exec:\windows\resources\svchost.exe5⤵
- Modifies visiblity of hidden/system files in Explorer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\spoolsv.exec:\windows\resources\spoolsv.exe PR6⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 05:27 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 05:28 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 05:29 /f6⤵
- Creates scheduled task(s)
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe4⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\Resources\Themes\explorer.exeFilesize
2.6MB
MD51534fb43e8f5bd15fa130b2b787f42be
SHA19bf63f29670c5f04d750b36a639e12631ee86344
SHA2561f005a98b6c0818b849ac63fc68a95eebfed5cac5566f4b0d9d0bd48fdb4a04c
SHA512a087b2ad088dc8c2d2ce5e9104dbd2f8936bd538a9f45d51826b40595b376ca718e5326a4d18465a0e8f12abdadda133148e9decd999a11eff9850e3fee03772
-
C:\Windows\Resources\Themes\icsys.icn.exeFilesize
2.6MB
MD58fae25504ebef94f673e3c80794aebf2
SHA141c47bbb0df508aa7df176b341de0def27753bb5
SHA256be5266e372e2a0a51e96f68b0d63399ec215b47424333846fa178dbfcf4c423f
SHA51262ef06081c7f3bf5e1d197f804976479ce983203eb1001b5d9aaeb342d86b041711ad9075ef88952d37051bd2f3a22a391534543d9dd1340db801bde4b1c7aaa
-
\Users\Admin\AppData\Local\Temp\main.exeFilesize
3.3MB
MD5e168624c9f4fad11c86c25d583cefb04
SHA1a556c2fdfad5c51aba45adc409eaf7338d23a428
SHA256d0047a3ee6b59e8818d228ed777ca9b89d24704a434d27b81684024a413f3fbe
SHA5124b4b96e7db991280e9bcf882ad5d693d7347343ebdf100f6710e034b7c0f410c6e67b19646b0904571eb0bc852e0137ee4d236af23463c89f1cbc48b419c404d
-
\Windows\Resources\spoolsv.exeFilesize
2.6MB
MD561531f91657a5a94b2a337fce4572f19
SHA1c5d82331b42c21c2690d33a7fe83dae09e95c3a7
SHA256f16024b0b1bf7969d8b8f29ff5c4b850a79623b6e869e2ae08c6e25adf3583e1
SHA512f1850984b19f53e0db939cfa5ac048c666453b7fdd3aab54113f1426568b439e57cbe20a35922d6ae31b549003b00c565d8e1a9a133a4cb87ca9012d5ed57d2c
-
\Windows\Resources\svchost.exeFilesize
2.6MB
MD504df2da091e30b70d9fc0bfec485d08f
SHA1b6bbc544f91ac657603d182a2a48bc7391e6aa51
SHA2566e0e772e103ca315e63b3030e9f389771ea4ea3125c6f6f0319fdb33edf518b5
SHA512e056aec5d0f423fa2b9d7e3e814760f6fcc24b2c9717d36f4ff70c9fb900eac517a3997628293e9ff674491b1c0f03e81937a8ef5cccd0e514f0f63b4b92dd32
-
memory/1540-69-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/1540-0-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/1540-60-0x0000000003230000-0x0000000003846000-memory.dmpFilesize
6.1MB
-
memory/1540-1-0x0000000077BF0000-0x0000000077BF2000-memory.dmpFilesize
8KB
-
memory/1540-51-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2520-58-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2520-75-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2520-71-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2528-59-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2528-65-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2556-27-0x0000000003370000-0x0000000003986000-memory.dmpFilesize
6.1MB
-
memory/2556-68-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2556-16-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2632-39-0x0000000003370000-0x0000000003986000-memory.dmpFilesize
6.1MB
-
memory/2632-70-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2632-73-0x0000000003370000-0x0000000003986000-memory.dmpFilesize
6.1MB
-
memory/2632-28-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2632-84-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2728-40-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB
-
memory/2728-67-0x0000000000400000-0x0000000000A16000-memory.dmpFilesize
6.1MB