Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 02:18
Behavioral task
behavioral1
Sample
c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe
Resource
win10v2004-20240611-en
General
-
Target
c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe
-
Size
2.5MB
-
MD5
d8874a5a86769a37d3147c2a6061d1c9
-
SHA1
03a48cc2062073e998e010a8c4b458e05b99bcac
-
SHA256
c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb
-
SHA512
6f7384152d78eec8433a04c8c5adf467cee47450b32d08a4baa04557cf2aa63d5194558bb005a95e728640f79d98886f4fe76ae75f39d18716212c6882709f89
-
SSDEEP
49152:gxmvumkQ9lY9sgUXdTPSxdQ8KX75IyuWuCjcCqWOyxa:gxx9NUFkQx753uWuCyyxa
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
Processes:
explorer.exesvchost.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" svchost.exe -
Detects executables packed with Themida 18 IoCs
Processes:
resource yara_rule behavioral2/memory/3756-0-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida C:\Windows\Resources\Themes\explorer.exe INDICATOR_EXE_Packed_Themida behavioral2/memory/4296-10-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida C:\Windows\Resources\spoolsv.exe INDICATOR_EXE_Packed_Themida behavioral2/memory/2220-19-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida C:\Windows\Resources\svchost.exe INDICATOR_EXE_Packed_Themida behavioral2/memory/2060-28-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/2220-38-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/612-37-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/3756-40-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/4296-41-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/2060-42-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/2060-45-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/4296-46-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/4296-48-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/4296-54-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/4296-60-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida behavioral2/memory/4296-64-0x0000000000400000-0x0000000000A0E000-memory.dmp INDICATOR_EXE_Packed_Themida -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
Processes:
c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exeexplorer.exespoolsv.exesvchost.exespoolsv.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ explorer.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ spoolsv.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ svchost.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ spoolsv.exe -
Checks BIOS information in registry 2 TTPs 10 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
spoolsv.exeexplorer.exespoolsv.exesvchost.exec1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion spoolsv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion spoolsv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion spoolsv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion spoolsv.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion explorer.exe -
Executes dropped EXE 4 IoCs
Processes:
explorer.exespoolsv.exesvchost.exespoolsv.exepid process 4296 explorer.exe 2220 spoolsv.exe 2060 svchost.exe 612 spoolsv.exe -
Processes:
resource yara_rule behavioral2/memory/3756-0-0x0000000000400000-0x0000000000A0E000-memory.dmp themida C:\Windows\Resources\Themes\explorer.exe themida behavioral2/memory/4296-10-0x0000000000400000-0x0000000000A0E000-memory.dmp themida C:\Windows\Resources\spoolsv.exe themida behavioral2/memory/2220-19-0x0000000000400000-0x0000000000A0E000-memory.dmp themida C:\Windows\Resources\svchost.exe themida behavioral2/memory/2060-28-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/2220-38-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/612-37-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/3756-40-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/4296-41-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/2060-42-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/2060-45-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/4296-46-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/4296-48-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/4296-54-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/4296-60-0x0000000000400000-0x0000000000A0E000-memory.dmp themida behavioral2/memory/4296-64-0x0000000000400000-0x0000000000A0E000-memory.dmp themida -
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
svchost.exeexplorer.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" explorer.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" explorer.exe -
Processes:
svchost.exespoolsv.exec1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exeexplorer.exespoolsv.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA svchost.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA spoolsv.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA explorer.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA spoolsv.exe -
Drops file in System32 directory 2 IoCs
Processes:
explorer.exesvchost.exedescription ioc process File opened for modification C:\Windows\SysWOW64\explorer.exe explorer.exe File opened for modification C:\Windows\SysWOW64\explorer.exe svchost.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
Processes:
c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exeexplorer.exespoolsv.exesvchost.exespoolsv.exepid process 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 4296 explorer.exe 2220 spoolsv.exe 2060 svchost.exe 612 spoolsv.exe -
Drops file in Windows directory 4 IoCs
Processes:
c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exeexplorer.exespoolsv.exedescription ioc process File opened for modification \??\c:\windows\resources\themes\explorer.exe c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe File opened for modification \??\c:\windows\resources\spoolsv.exe explorer.exe File opened for modification \??\c:\windows\resources\svchost.exe spoolsv.exe File opened for modification C:\Windows\Resources\tjud.exe explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exeexplorer.exepid process 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe 4296 explorer.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
Processes:
explorer.exesvchost.exepid process 4296 explorer.exe 2060 svchost.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
Processes:
c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exeexplorer.exespoolsv.exesvchost.exespoolsv.exepid process 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe 4296 explorer.exe 4296 explorer.exe 2220 spoolsv.exe 2220 spoolsv.exe 2060 svchost.exe 2060 svchost.exe 612 spoolsv.exe 612 spoolsv.exe -
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exeexplorer.exespoolsv.exesvchost.exedescription pid process target process PID 3756 wrote to memory of 4296 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe explorer.exe PID 3756 wrote to memory of 4296 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe explorer.exe PID 3756 wrote to memory of 4296 3756 c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe explorer.exe PID 4296 wrote to memory of 2220 4296 explorer.exe spoolsv.exe PID 4296 wrote to memory of 2220 4296 explorer.exe spoolsv.exe PID 4296 wrote to memory of 2220 4296 explorer.exe spoolsv.exe PID 2220 wrote to memory of 2060 2220 spoolsv.exe svchost.exe PID 2220 wrote to memory of 2060 2220 spoolsv.exe svchost.exe PID 2220 wrote to memory of 2060 2220 spoolsv.exe svchost.exe PID 2060 wrote to memory of 612 2060 svchost.exe spoolsv.exe PID 2060 wrote to memory of 612 2060 svchost.exe spoolsv.exe PID 2060 wrote to memory of 612 2060 svchost.exe spoolsv.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe"C:\Users\Admin\AppData\Local\Temp\c1f137e967b895a9c21f96eb4e96d307ec964ac467f39215a9d834a2c0578cdb.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\themes\explorer.exec:\windows\resources\themes\explorer.exe2⤵
- Modifies visiblity of hidden/system files in Explorer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\spoolsv.exec:\windows\resources\spoolsv.exe SE3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\svchost.exec:\windows\resources\svchost.exe4⤵
- Modifies visiblity of hidden/system files in Explorer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\resources\spoolsv.exec:\windows\resources\spoolsv.exe PR5⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Virtualization/Sandbox Evasion
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\Resources\Themes\explorer.exeFilesize
2.5MB
MD51fbfc1bdd86a60184238bce2fcb10797
SHA15b32279c5c1714c58e0fb9fdcd617359084736a5
SHA2564f5c62dc4ab03d55b4364c18af7117cb671c74bc58a4fab6864e98a7c0272261
SHA512db1bfa6291090dd5b30ea070f01e0c8ecdef220ce6153083ebd138bfe729f145e30f1cc2b8ee032cb2bcf2d9bb248d96e55944daa638e2237db84797b19a44b1
-
C:\Windows\Resources\spoolsv.exeFilesize
2.5MB
MD58f20085fc2e81c30f222dc16086deb2f
SHA15b6a1e7a9dc1096f92271e4e136d4a5571bb3f50
SHA2561fae54e51be262b98d7992671afac6c702ea12344d4c8de4c514464a333b3ef6
SHA5127c5330f8d65c8bfefc403cc7324237bec8fc9df6e59ab4919d25a59ac4c60dc882d46962da4e6490e3697857e6d32c5c7f82256ccf06b7171663fbcc0a838d6d
-
C:\Windows\Resources\svchost.exeFilesize
2.5MB
MD553a40b3c8b6bfff5380d3b00c3c98bcb
SHA12babbd8f2ab3fc239b6b7256ce1cd81fc17a5ded
SHA2568310705e5c80bb2bed80373e4fe84863bd80061f1a52e8c0d71720ddfa03a1e3
SHA512345f3dc30774918a696976b9d9fd52b00eb61654edcb48bcc266b1dcb37b01ab666ccb4bc087037d50432c7f6c3b0cb01a4e8a844d5ac68ecbc3275865eb8617
-
memory/612-37-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/2060-42-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/2060-45-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/2060-28-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/2220-38-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/2220-19-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/3756-0-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/3756-1-0x0000000077174000-0x0000000077176000-memory.dmpFilesize
8KB
-
memory/3756-40-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/4296-41-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/4296-10-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/4296-46-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/4296-48-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/4296-54-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/4296-60-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB
-
memory/4296-64-0x0000000000400000-0x0000000000A0E000-memory.dmpFilesize
6.1MB