Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows7_x64 -
resource
win7 -
submitted
13-07-2020 05:48
General
-
Target
MT Caribe Angela_Q88.xlsx
-
Size
179KB
-
MD5
1b402debe2be6e5bf91e932a8f0c9886
-
SHA1
3d3053788758dcb747a49b20489cde5cec64a3ea
-
SHA256
5e2759a3bbbbf9e8cd16ece86e9fafe5495810e798bbb355af61eb4ec175cae5
-
SHA512
20d9137b2e0d709abbb7edb478a4c3c84817c652d3b40ca4e492aae663ba502cf03bf916fde5aea1056e3591e9cc93f29ec3d71d907ff1e2da5af78153a6e886
Score
8/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious behavior: EnumeratesProcesses 26 IoCs
-
Suspicious behavior: MapViewOfSection 21 IoCs
-
Suspicious use of FindShellTrayWindow 39 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Launches Equation Editor 1 TTPs 1 IoCs
Equation Editor is an old Office component often targeted by exploits such as CVE-2017-11882.
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Suspicious use of SendNotifyMessage 36 IoCs
-
Uses the VBS compiler for execution 1 TTPs
-
Modifies registry class 280 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Abuses OpenXML format to download file from external location 2 IoCs
-
Blacklisted process makes network request 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of WriteProcessMemory 903 IoCs
-
Suspicious use of SetThreadContext 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Office loads VBA resources, possible macro or embedded object present
-
Drops Chrome extension 3 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\MT Caribe Angela_Q88.xlsx"2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Modifies registry class
- Abuses OpenXML format to download file from external location
-
C:\Windows\SysWOW64\svchost.exe"C:\Windows\SysWOW64\svchost.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe/c del "C:\Users\Admin\AppData\Roaming\vbc.exe"3⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
- Drops Chrome extension
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=83.0.4103.106 --initial-client-data=0xa4,0xa8,0xac,0x78,0xb0,0x7fef867bd28,0x7fef867bd38,0x7fef867bd483⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1064 /prefetch:23⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1276 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:13⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --instant-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1912 /prefetch:13⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=1416 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2528 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2724 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2816 /prefetch:23⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2680 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2856 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2960 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2888 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3008 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:13⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=3164 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3416 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3464 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=2652 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=3476 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --disable-gpu-compositing --lang=en-US --extension-process --enable-auto-reload --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:13⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=3308 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=3188 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=940 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=892 /prefetch:83⤵
-
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1056,14538279949789683167,4694067337407874838,131072 --lang=en-US --service-sandbox-type=utility --enable-audio-service-sandbox --mojo-platform-channel-handle=1704 /prefetch:83⤵
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding1⤵
- Suspicious use of SetWindowsHookEx
- Abuses OpenXML format to download file from external location
-
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding1⤵
- Launches Equation Editor
- Blacklisted process makes network request
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\vbc.exe"C:\Users\Admin\AppData\Roaming\vbc.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Roaming\vbc.exe"C:\Users\Admin\AppData\Roaming\vbc.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQ107GEP\invoice_214744[1].doc
-
C:\Users\Admin\AppData\Roaming\vbc.exe
-
C:\Users\Admin\AppData\Roaming\vbc.exe
-
C:\Users\Admin\AppData\Roaming\vbc.exe
-
\??\pipe\crashpad_2024_XMEDCGDKICIKYYCH
-
\Users\Admin\AppData\Roaming\vbc.exe
-
\Users\Admin\AppData\Roaming\vbc.exe
-
\Users\Admin\AppData\Roaming\vbc.exe
-
\Users\Admin\AppData\Roaming\vbc.exe
-
memory/564-52-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/564-55-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/564-190-0x00000000018B2510-mapping.dmp
-
memory/564-189-0x00000000018B0000-0x00000000019B0000-memory.dmpFilesize
1024KB
-
memory/564-60-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/564-59-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/564-58-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/564-57-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/564-56-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/564-35-0x0000000009E00000-0x0000000009E11000-memory.dmpFilesize
68KB
-
memory/564-54-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/564-53-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/564-50-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/564-31-0x0000000000000000-mapping.dmp
-
memory/564-51-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/616-13-0x0000000002180000-0x0000000002181000-memory.dmpFilesize
4KB
-
memory/616-11-0x0000000002180000-0x0000000002181000-memory.dmpFilesize
4KB
-
memory/1096-158-0x0000000000950000-0x0000000000952000-memory.dmpFilesize
8KB
-
memory/1096-159-0x0000000000950000-mapping.dmp
-
memory/1096-18-0x0000000000000000-mapping.dmp
-
memory/1104-37-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/1104-33-0x0000034B00040000-0x0000034B00041000-memory.dmpFilesize
4KB
-
memory/1104-187-0x0000000006E5B0E0-mapping.dmp
-
memory/1104-36-0x000000000A170000-0x000000000A181000-memory.dmpFilesize
68KB
-
memory/1104-27-0x0000000000000000-mapping.dmp
-
memory/1380-21-0x0000000000000000-mapping.dmp
-
memory/1380-23-0x0000000077990000-0x0000000077991000-memory.dmpFilesize
4KB
-
memory/1380-20-0x0000000000060000-0x0000000000061000-memory.dmpFilesize
4KB
-
memory/1556-188-0x0000000003120000-0x0000000003240000-memory.dmpFilesize
1.1MB
-
memory/1556-14-0x0000000000000000-mapping.dmp
-
memory/1556-185-0x0000000003120000-0x0000000003240000-memory.dmpFilesize
1.1MB
-
memory/1556-19-0x00000000006F0000-0x0000000000829000-memory.dmpFilesize
1.2MB
-
memory/1556-15-0x0000000000550000-0x0000000000558000-memory.dmpFilesize
32KB
-
memory/1640-9-0x000000000041E310-mapping.dmp
-
memory/1640-8-0x0000000000400000-0x000000000042D000-memory.dmpFilesize
180KB
-
memory/1808-5-0x0000000000000000-mapping.dmp
-
memory/1856-184-0x00000000050EAF60-mapping.dmp
-
memory/1856-183-0x0000000005040000-0x0000000005140000-memory.dmpFilesize
1024KB
-
memory/1856-22-0x0000000000000000-mapping.dmp
-
memory/1972-16-0x0000000000000000-mapping.dmp
-
memory/2024-66-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-67-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-69-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-70-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-72-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-73-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-74-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-75-0x000000001B7A0000-0x000000001B7C3000-memory.dmpFilesize
140KB
-
memory/2024-78-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-80-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-82-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-84-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-85-0x00000000209E0000-0x0000000020A03000-memory.dmpFilesize
140KB
-
memory/2024-87-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-88-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-89-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-17-0x0000000000000000-mapping.dmp
-
memory/2024-64-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-65-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-191-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-68-0x000000001F0B0000-0x000000001F0C1000-memory.dmpFilesize
68KB
-
memory/2024-105-0x0000000004E80000-0x0000000005080000-memory.dmpFilesize
2.0MB
-
memory/2024-107-0x0000000004FDD5D0-mapping.dmp
-
memory/2080-39-0x0000000000000000-mapping.dmp
-
memory/2088-197-0x0000000000C741B8-mapping.dmp
-
memory/2088-156-0x0000000000000000-mapping.dmp
-
memory/2104-41-0x0000000000000000-mapping.dmp
-
memory/2128-45-0x0000000000000000-mapping.dmp
-
memory/2176-162-0x0000000000000000-mapping.dmp
-
memory/2212-198-0x0000000000000000-mapping.dmp
-
memory/2216-166-0x0000000000000000-mapping.dmp
-
memory/2240-200-0x0000000000000000-mapping.dmp
-
memory/2260-48-0x0000000000000000-mapping.dmp
-
memory/2260-194-0x0000000002A54180-mapping.dmp
-
memory/2260-193-0x0000000002A54000-0x0000000002A55000-memory.dmpFilesize
4KB
-
memory/2268-169-0x0000000000000000-mapping.dmp
-
memory/2272-203-0x0000000000000000-mapping.dmp
-
memory/2340-172-0x0000000000000000-mapping.dmp
-
memory/2344-206-0x0000000000000000-mapping.dmp
-
memory/2364-62-0x0000000000000000-mapping.dmp
-
memory/2368-180-0x0000000009CF0000-0x0000000009D01000-memory.dmpFilesize
68KB
-
memory/2368-176-0x0000000000000000-mapping.dmp
-
memory/2368-181-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2520-91-0x0000000000000000-mapping.dmp
-
memory/2564-94-0x0000000000000000-mapping.dmp
-
memory/2608-97-0x0000000000000000-mapping.dmp
-
memory/2652-100-0x0000000000000000-mapping.dmp
-
memory/2696-110-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-132-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-136-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-137-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-138-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-139-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-140-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-141-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-142-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-143-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-144-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-145-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-146-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-147-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-148-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-149-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-150-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-151-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-152-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-153-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-154-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-134-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-133-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-135-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-131-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-164-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-130-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-129-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-128-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-127-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-126-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-125-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-124-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-123-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-122-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-121-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-120-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-119-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-118-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-117-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-116-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-115-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-106-0x0000000000000000-mapping.dmp
-
memory/2696-114-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-113-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-112-0x0000000000080000-0x00000000000800B0-memory.dmpFilesize
176B
-
memory/2696-111-0x0000000009D70000-0x0000000009D81000-memory.dmpFilesize
68KB
-
memory/3036-195-0x0000000000000000-mapping.dmp