Analysis
-
max time kernel
150s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10-06-2024 14:08
Behavioral task
behavioral1
Sample
81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe
Resource
win10v2004-20240508-en
General
-
Target
81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe
-
Size
2.7MB
-
MD5
ca9f5b0e85b54f7f3105277f0185de58
-
SHA1
b8cc00043eb4bf6fad0636436980adf04918a930
-
SHA256
81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4
-
SHA512
60bbd25177b8415fd82e28f65bba5145bc50a4726c578f1045676417a88a6cf9a466cf8667ad67780ceb31de438d42b0c6ffd24a4080daff4798f793ab27f734
-
SSDEEP
49152:VtzBOauT0i7ZSQcCG1+bLthSo9/ktjPf4EXzwgb+LquT05j:VtzaT00zcC8ahhSo9sRf44z1/5j
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
Processes:
explorer.exesvchost.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" svchost.exe -
Detects executables packed with Themida 16 IoCs
Processes:
resource yara_rule behavioral2/memory/2984-0-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida C:\Windows\Resources\Themes\explorer.exe INDICATOR_EXE_Packed_Themida behavioral2/memory/4984-10-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida C:\Windows\Resources\spoolsv.exe INDICATOR_EXE_Packed_Themida behavioral2/memory/3904-19-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida C:\Windows\Resources\svchost.exe INDICATOR_EXE_Packed_Themida behavioral2/memory/668-28-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/1528-33-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/1528-40-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/3904-39-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/2984-42-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/668-44-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/4984-43-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/4984-49-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/4984-55-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/668-66-0x0000000000400000-0x0000000000A60000-memory.dmp INDICATOR_EXE_Packed_Themida -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
Processes:
81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exeexplorer.exespoolsv.exesvchost.exespoolsv.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explorer.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ spoolsv.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ svchost.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ spoolsv.exe -
Checks BIOS information in registry 2 TTPs 10 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
explorer.exespoolsv.exespoolsv.exe81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exesvchost.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion spoolsv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion spoolsv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion spoolsv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion spoolsv.exe -
Executes dropped EXE 4 IoCs
Processes:
explorer.exespoolsv.exesvchost.exespoolsv.exepid process 4984 explorer.exe 3904 spoolsv.exe 668 svchost.exe 1528 spoolsv.exe -
Processes:
resource yara_rule behavioral2/memory/2984-0-0x0000000000400000-0x0000000000A60000-memory.dmp themida C:\Windows\Resources\Themes\explorer.exe themida behavioral2/memory/4984-10-0x0000000000400000-0x0000000000A60000-memory.dmp themida C:\Windows\Resources\spoolsv.exe themida behavioral2/memory/3904-19-0x0000000000400000-0x0000000000A60000-memory.dmp themida C:\Windows\Resources\svchost.exe themida behavioral2/memory/668-28-0x0000000000400000-0x0000000000A60000-memory.dmp themida behavioral2/memory/1528-33-0x0000000000400000-0x0000000000A60000-memory.dmp themida behavioral2/memory/1528-40-0x0000000000400000-0x0000000000A60000-memory.dmp themida behavioral2/memory/3904-39-0x0000000000400000-0x0000000000A60000-memory.dmp themida behavioral2/memory/2984-42-0x0000000000400000-0x0000000000A60000-memory.dmp themida behavioral2/memory/668-44-0x0000000000400000-0x0000000000A60000-memory.dmp themida behavioral2/memory/4984-43-0x0000000000400000-0x0000000000A60000-memory.dmp themida behavioral2/memory/4984-49-0x0000000000400000-0x0000000000A60000-memory.dmp themida behavioral2/memory/4984-55-0x0000000000400000-0x0000000000A60000-memory.dmp themida behavioral2/memory/668-66-0x0000000000400000-0x0000000000A60000-memory.dmp themida -
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
explorer.exesvchost.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" explorer.exe -
Processes:
explorer.exespoolsv.exesvchost.exespoolsv.exe81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA explorer.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA spoolsv.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA svchost.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA spoolsv.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe -
Drops file in System32 directory 2 IoCs
Processes:
explorer.exesvchost.exedescription ioc process File opened for modification C:\Windows\SysWOW64\explorer.exe explorer.exe File opened for modification C:\Windows\SysWOW64\explorer.exe svchost.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
Processes:
81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exeexplorer.exespoolsv.exesvchost.exespoolsv.exepid process 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 4984 explorer.exe 3904 spoolsv.exe 668 svchost.exe 1528 spoolsv.exe -
Drops file in Windows directory 4 IoCs
Processes:
81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exeexplorer.exespoolsv.exedescription ioc process File opened for modification \??\c:\windows\resources\themes\explorer.exe 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe File opened for modification \??\c:\windows\resources\spoolsv.exe explorer.exe File opened for modification \??\c:\windows\resources\svchost.exe spoolsv.exe File opened for modification C:\Windows\Resources\tjud.exe explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exeexplorer.exepid process 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe 4984 explorer.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
explorer.exesvchost.exepid process 4984 explorer.exe 668 svchost.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
Processes:
81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exeexplorer.exespoolsv.exesvchost.exespoolsv.exepid process 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe 4984 explorer.exe 4984 explorer.exe 3904 spoolsv.exe 3904 spoolsv.exe 668 svchost.exe 668 svchost.exe 1528 spoolsv.exe 1528 spoolsv.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exeexplorer.exespoolsv.exesvchost.exedescription pid process target process PID 2984 wrote to memory of 4984 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe explorer.exe PID 2984 wrote to memory of 4984 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe explorer.exe PID 2984 wrote to memory of 4984 2984 81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe explorer.exe PID 4984 wrote to memory of 3904 4984 explorer.exe spoolsv.exe PID 4984 wrote to memory of 3904 4984 explorer.exe spoolsv.exe PID 4984 wrote to memory of 3904 4984 explorer.exe spoolsv.exe PID 3904 wrote to memory of 668 3904 spoolsv.exe svchost.exe PID 3904 wrote to memory of 668 3904 spoolsv.exe svchost.exe PID 3904 wrote to memory of 668 3904 spoolsv.exe svchost.exe PID 668 wrote to memory of 1528 668 svchost.exe spoolsv.exe PID 668 wrote to memory of 1528 668 svchost.exe spoolsv.exe PID 668 wrote to memory of 1528 668 svchost.exe spoolsv.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe"C:\Users\Admin\AppData\Local\Temp\81a09f341b601660cb8d3171a03ae7b11367f536ab4174021304bd846483d1c4.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984 -
\??\c:\windows\resources\themes\explorer.exec:\windows\resources\themes\explorer.exe2⤵
- Modifies visiblity of hidden/system files in Explorer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4984 -
\??\c:\windows\resources\spoolsv.exec:\windows\resources\spoolsv.exe SE3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3904 -
\??\c:\windows\resources\svchost.exec:\windows\resources\svchost.exe4⤵
- Modifies visiblity of hidden/system files in Explorer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:668 -
\??\c:\windows\resources\spoolsv.exec:\windows\resources\spoolsv.exe PR5⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:1528
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\Resources\Themes\explorer.exeFilesize
2.7MB
MD56115989a77a0d4be919e321136e9b331
SHA1249c3087913090044301c5027492121ce7b28fb1
SHA2565a82a88f4022a16a13e3eaa9f56a40d1ce3ccfbf05829e3a8a27da0179673d2b
SHA5127c54d87f572e98f63dc838e31490510c7f7a4836fac98674ea16f030ecb42eccda5c13cca94affbebf300266a9a23cae7c0c3f3466dc6ffd0faaec376055cd04
-
C:\Windows\Resources\spoolsv.exeFilesize
2.7MB
MD50f2a408b3088903b253e1912c58618e6
SHA1700dc5ed11c8dbd0aa6c423f420955e1b590b294
SHA25636ffbaa4e4752606a0f7d8630f4808324830d05cedb869fc69dd75aa16b16761
SHA5129e2d4755bc7e5d1252926f7f69ad3a142765c7dd18a3dc9e381a9e176019c74e9ff8d60362453c38690e63a83874d7cdb2e2a988dc835f0458dd9470f3dd6bc4
-
C:\Windows\Resources\svchost.exeFilesize
2.7MB
MD5d01daea8a7b65c71f49e63eab47a3a40
SHA1f3f2ee88bca5b800fdb5b2702e2784fd69405de8
SHA256ce0b5f44b2dc30b36b3f8d9c6b4e539870e69e015dd0b3e291da54afaf659e46
SHA51279e17b79d8201735ed9386f377e88cb85414c68a0344d014865ce77005754a79db95b552696fc1ddcad9df174202c6c96f51efd1b10e568652456d241a50748c
-
memory/668-44-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/668-66-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/668-28-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/1528-33-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/1528-40-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/2984-42-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/2984-1-0x0000000077BC4000-0x0000000077BC6000-memory.dmpFilesize
8KB
-
memory/2984-0-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/3904-39-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/3904-19-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/4984-10-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/4984-43-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/4984-49-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB
-
memory/4984-55-0x0000000000400000-0x0000000000A60000-memory.dmpFilesize
6.4MB