Analysis
-
max time kernel
150s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 22:53
Static task
static1
Behavioral task
behavioral1
Sample
09af71a1185fe18de6771e0cd23c2e00_NeikiAnalytics.dll
Resource
win7-20240221-en
General
-
Target
09af71a1185fe18de6771e0cd23c2e00_NeikiAnalytics.dll
-
Size
157KB
-
MD5
09af71a1185fe18de6771e0cd23c2e00
-
SHA1
19a887a8f5b7362997bb2d0534e3ec9c29fcde7a
-
SHA256
d4206c080da5bf06e0532b8622b166426053eca0cca4b80db1fba5fc1e5b8531
-
SHA512
e94ea7b2169827e58ce086633ea9f77e3bea5f62261189344669455adc3fc057c57dfab44db64459c0540c6a6a8ed32736ee2070d15f4ffe7d6dc6b53a155319
-
SSDEEP
3072:IMr6N9WfdNAbxBU69VyZhDsHYZ3rDINcQR0n6ecZdGU1QLaLNmYqhPzxm1O:IMqWfdNANO6yEYZ7DVQgsQLPzo1O
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
svchost.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe" svchost.exe -
Executes dropped EXE 4 IoCs
Processes:
rundll32mgr.exerundll32mgrmgr.exeWaterMark.exeWaterMark.exepid process 2512 rundll32mgr.exe 2644 rundll32mgrmgr.exe 3052 WaterMark.exe 2300 WaterMark.exe -
Loads dropped DLL 8 IoCs
Processes:
rundll32.exerundll32mgr.exerundll32mgrmgr.exepid process 2700 rundll32.exe 2700 rundll32.exe 2512 rundll32mgr.exe 2512 rundll32mgr.exe 2512 rundll32mgr.exe 2512 rundll32mgr.exe 2644 rundll32mgrmgr.exe 2644 rundll32mgrmgr.exe -
Processes:
resource yara_rule behavioral1/memory/2512-22-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2644-39-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2512-41-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/3052-56-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/3052-55-0x0000000000400000-0x0000000000423000-memory.dmp upx behavioral1/memory/2644-34-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2644-33-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2512-25-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2512-24-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2512-23-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2300-92-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/2300-95-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral1/memory/3052-121-0x0000000000400000-0x0000000000421000-memory.dmp upx -
Drops file in System32 directory 4 IoCs
Processes:
rundll32.exerundll32mgr.exesvchost.exedescription ioc process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe File created C:\Windows\SysWOW64\rundll32mgrmgr.exe rundll32mgr.exe File created C:\Windows\SysWOW64\dmlconf.dat svchost.exe File opened for modification C:\Windows\SysWOW64\dmlconf.dat svchost.exe -
Drops file in Program Files directory 64 IoCs
Processes:
svchost.exedescription ioc process File opened for modification C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Defender\MpEvMsg.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\mshwjpn.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\Microsoft.Ink.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe svchost.exe File opened for modification C:\Program Files\Windows Media Player\wmpnetwk.exe svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe svchost.exe File opened for modification C:\Program Files\7-Zip\7z.exe svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\mozavcodec.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll svchost.exe File opened for modification C:\Program Files\Windows Media Player\wmpnssci.dll svchost.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\README.html svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\picturePuzzle.html svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\fxplugins.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\kinit.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Photo Viewer\PhotoViewer.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\settings.html svchost.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\CsiSoap.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\weather.html svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\msadc\msadcf.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\ssv.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Xml.Linq.Resources.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\settings.html svchost.exe File opened for modification C:\Program Files\Common Files\System\ado\msadomd.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll svchost.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
WaterMark.exepid process 3052 WaterMark.exe 3052 WaterMark.exe 3052 WaterMark.exe 3052 WaterMark.exe 3052 WaterMark.exe 3052 WaterMark.exe 3052 WaterMark.exe 3052 WaterMark.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
rundll32.exeWaterMark.exesvchost.exedescription pid process Token: SeDebugPrivilege 2700 rundll32.exe Token: SeDebugPrivilege 3052 WaterMark.exe Token: SeDebugPrivilege 1624 svchost.exe -
Suspicious use of UnmapMainImage 4 IoCs
Processes:
rundll32mgr.exerundll32mgrmgr.exeWaterMark.exeWaterMark.exepid process 2512 rundll32mgr.exe 2644 rundll32mgrmgr.exe 3052 WaterMark.exe 2300 WaterMark.exe -
Suspicious use of WriteProcessMemory 43 IoCs
Processes:
rundll32.exerundll32.exerundll32mgr.exeWaterMark.exerundll32mgrmgr.exedescription pid process target process PID 1908 wrote to memory of 2700 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 2700 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 2700 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 2700 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 2700 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 2700 1908 rundll32.exe rundll32.exe PID 1908 wrote to memory of 2700 1908 rundll32.exe rundll32.exe PID 2700 wrote to memory of 2512 2700 rundll32.exe rundll32mgr.exe PID 2700 wrote to memory of 2512 2700 rundll32.exe rundll32mgr.exe PID 2700 wrote to memory of 2512 2700 rundll32.exe rundll32mgr.exe PID 2700 wrote to memory of 2512 2700 rundll32.exe rundll32mgr.exe PID 2512 wrote to memory of 2644 2512 rundll32mgr.exe rundll32mgrmgr.exe PID 2512 wrote to memory of 2644 2512 rundll32mgr.exe rundll32mgrmgr.exe PID 2512 wrote to memory of 2644 2512 rundll32mgr.exe rundll32mgrmgr.exe PID 2512 wrote to memory of 2644 2512 rundll32mgr.exe rundll32mgrmgr.exe PID 2512 wrote to memory of 3052 2512 rundll32mgr.exe WaterMark.exe PID 2512 wrote to memory of 3052 2512 rundll32mgr.exe WaterMark.exe PID 2512 wrote to memory of 3052 2512 rundll32mgr.exe WaterMark.exe PID 2512 wrote to memory of 3052 2512 rundll32mgr.exe WaterMark.exe PID 3052 wrote to memory of 2540 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 2540 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 2540 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 2540 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 2540 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 2540 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 2540 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 2540 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 2540 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 2540 3052 WaterMark.exe svchost.exe PID 2644 wrote to memory of 2300 2644 rundll32mgrmgr.exe WaterMark.exe PID 2644 wrote to memory of 2300 2644 rundll32mgrmgr.exe WaterMark.exe PID 2644 wrote to memory of 2300 2644 rundll32mgrmgr.exe WaterMark.exe PID 2644 wrote to memory of 2300 2644 rundll32mgrmgr.exe WaterMark.exe PID 3052 wrote to memory of 1624 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 1624 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 1624 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 1624 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 1624 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 1624 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 1624 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 1624 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 1624 3052 WaterMark.exe svchost.exe PID 3052 wrote to memory of 1624 3052 WaterMark.exe svchost.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\09af71a1185fe18de6771e0cd23c2e00_NeikiAnalytics.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1908 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\09af71a1185fe18de6771e0cd23c2e00_NeikiAnalytics.dll,#12⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Windows\SysWOW64\rundll32mgrmgr.exeC:\Windows\SysWOW64\rundll32mgrmgr.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2644 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"5⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2300 -
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe5⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2540 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:1624
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.htmlFilesize
132KB
MD59da6b0c5f187a569df017c86e33e711c
SHA1316fb02293cfca55c62aa13f6f44dbff63e40ff1
SHA256351095d22f8f26b9221b23ce5b2fbb83c8b1a19230bf446f286184ff630e372f
SHA5126eebd2039b9e9840c2da3ff9c5d114559a5a024a36757e22ae29ec90f0d7c38ff09bd346a0cee32d4b750cb4e3770d9f4fcc3de40587181ccb4593de86a60ce6
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.htmlFilesize
128KB
MD5a3af710f258dfb4f955da05805bb93ae
SHA128e774da87fa9ff3e4515c7e083106d9435df137
SHA256350585f1db400dfdf5906a52222b3cafe3e5f3a7da49ea735f77bea2cd73bf54
SHA5120d31932defbc31eca2f1353263512f1ef29290609c6cd683cf638a395b02050cd2cf277761fa07cd02a512b434ba6c8c64ebdafb6fa806257c21244cf914a453
-
\Windows\SysWOW64\rundll32mgr.exeFilesize
122KB
MD5c5255edf109342e3e1d1eb0990b2d094
SHA1ba029b47b9b3a5ccccae3038d90382ec68a1dd44
SHA256ea49164b416d1b900f80a14f30295ea7d546483a0d7ba8b3a9e48dbcb48a3dc5
SHA5126b6911ea424763af3ed4964e67aa75d1ffe74551e1e4e12e6220afcda720dbfdda00d744e23486c07701662bac3702220f760d1c86a188772e9bf8af7b64a3a3
-
\Windows\SysWOW64\rundll32mgrmgr.exeFilesize
59KB
MD5f2c8b7e238a07cce22920efb1c8645a6
SHA1cd2af4b30add747e222f938206b78d7730fdf346
SHA2566b20b420e84a30df810d52a9b205a3af0f46cafe82bf378867542f15eb64461e
SHA512c4b9c8c3dccaa39b5ac1faea7e92b0e1d391f0943989178634992be07c40be15b8543f9c6746ab6a5a7136ea00e3c0818fc43bc2eee4e5d282c3cbf7ea279699
-
memory/1624-110-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/1624-100-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2300-92-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2300-95-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2512-22-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2512-28-0x0000000000140000-0x0000000000141000-memory.dmpFilesize
4KB
-
memory/2512-12-0x0000000000400000-0x0000000000433000-memory.dmpFilesize
204KB
-
memory/2512-41-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2512-23-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2512-24-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2512-25-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2512-26-0x0000000000120000-0x0000000000143000-memory.dmpFilesize
140KB
-
memory/2512-44-0x0000000000050000-0x0000000000073000-memory.dmpFilesize
140KB
-
memory/2540-69-0x0000000020010000-0x0000000020022000-memory.dmpFilesize
72KB
-
memory/2540-62-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/2540-75-0x00000000000A0000-0x00000000000A1000-memory.dmpFilesize
4KB
-
memory/2540-77-0x0000000000090000-0x0000000000091000-memory.dmpFilesize
4KB
-
memory/2540-60-0x0000000020010000-0x0000000020022000-memory.dmpFilesize
72KB
-
memory/2540-76-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/2540-74-0x0000000020010000-0x0000000020022000-memory.dmpFilesize
72KB
-
memory/2540-81-0x0000000020010000-0x0000000020022000-memory.dmpFilesize
72KB
-
memory/2644-33-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2644-27-0x0000000000400000-0x0000000000423000-memory.dmpFilesize
140KB
-
memory/2644-34-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2644-39-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2700-10-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB
-
memory/2700-1-0x0000000010000000-0x000000001002B000-memory.dmpFilesize
172KB
-
memory/2700-3-0x00000000001E0000-0x0000000000213000-memory.dmpFilesize
204KB
-
memory/2700-11-0x0000000000110000-0x0000000000111000-memory.dmpFilesize
4KB
-
memory/2700-13-0x0000000077650000-0x0000000077651000-memory.dmpFilesize
4KB
-
memory/3052-57-0x000000007764F000-0x0000000077650000-memory.dmpFilesize
4KB
-
memory/3052-98-0x0000000000060000-0x0000000000061000-memory.dmpFilesize
4KB
-
memory/3052-56-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/3052-121-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/3052-55-0x0000000000400000-0x0000000000423000-memory.dmpFilesize
140KB
-
memory/3052-54-0x0000000000830000-0x0000000000831000-memory.dmpFilesize
4KB