Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
08-03-2021 23:47
Static task
static1
Behavioral task
behavioral1
Sample
SpaceX Starbase Invite.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SpaceX Starbase Invite.xlsm
Resource
win10v20201028
General
-
Target
SpaceX Starbase Invite.xlsm
-
Size
256KB
-
MD5
b655d87f41a5229d11f05b02c5d67dad
-
SHA1
eacd27a128dbf1fde6374ad18026461bc12c607a
-
SHA256
64d0c3abb69565bb7a9cced68e5034cb6366eb77809eba347aece577a0a9e4f7
-
SHA512
250ce37857b9a4459e1987dc4cef1f0fbd7dce906b95b5ff05d7811c3860d638e00244f5534e6ace6f22f8095354193d277b72678e987dc90bc04715231ed8a2
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
Processes:
wmic.exedescription pid pid_target process target process Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 1532 1352 wmic.exe -
Blocklisted process makes network request 6 IoCs
Processes:
wmic.exeflow pid process 7 1532 wmic.exe 8 1532 wmic.exe 9 1532 wmic.exe 10 1532 wmic.exe 12 1532 wmic.exe 14 1532 wmic.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 1 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Processes:
EXCEL.EXEdescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt EXCEL.EXE -
Modifies registry class 64 IoCs
Processes:
EXCEL.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\TypeLib\{ED9E5359-3389-4EAF-BAD1-FC2C27A4260D}\2.0\FLAGS EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}\ = "FormEvents" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents10" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\ = "MdcTextEvents" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\TypeLib\{ED9E5359-3389-4EAF-BAD1-FC2C27A4260D}\2.0 EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}\ = "IReturnInteger" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}\ = "IMultiPage" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\TypeLib EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}\ = "IOptionFrame" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}\ = "SpinbuttonEvents" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{7B020EC7-AF6C-11CE-9F46-00AA00574A4F} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}\ = "WHTMLControlEvents" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents3" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents4" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}\ = "ISpinbutton" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLText" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}\ = "CommandButtonEvents" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLImage" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLOption" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{8BD21D33-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcCombo" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{8BD21D43-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcCheckBox" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcToggleButton" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}\ = "Pages" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}\ = "MdcToggleButtonEvents" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcList" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}\ = "Tab" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}\ = "ITabStrip" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLReset" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents3" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}\ = "IOptionFrame" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}\ = "ICommandButton" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\TypeLib\{ED9E5359-3389-4EAF-BAD1-FC2C27A4260D} EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\TypeLib\{ED9E5359-3389-4EAF-BAD1-FC2C27A4260D}\2.0\0 EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074} EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Wow6432Node\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcList" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000_CLASSES\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3} EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 1152 EXCEL.EXE -
Suspicious use of AdjustPrivilegeToken 40 IoCs
Processes:
wmic.exedescription pid process Token: SeIncreaseQuotaPrivilege 1532 wmic.exe Token: SeSecurityPrivilege 1532 wmic.exe Token: SeTakeOwnershipPrivilege 1532 wmic.exe Token: SeLoadDriverPrivilege 1532 wmic.exe Token: SeSystemProfilePrivilege 1532 wmic.exe Token: SeSystemtimePrivilege 1532 wmic.exe Token: SeProfSingleProcessPrivilege 1532 wmic.exe Token: SeIncBasePriorityPrivilege 1532 wmic.exe Token: SeCreatePagefilePrivilege 1532 wmic.exe Token: SeBackupPrivilege 1532 wmic.exe Token: SeRestorePrivilege 1532 wmic.exe Token: SeShutdownPrivilege 1532 wmic.exe Token: SeDebugPrivilege 1532 wmic.exe Token: SeSystemEnvironmentPrivilege 1532 wmic.exe Token: SeRemoteShutdownPrivilege 1532 wmic.exe Token: SeUndockPrivilege 1532 wmic.exe Token: SeManageVolumePrivilege 1532 wmic.exe Token: 33 1532 wmic.exe Token: 34 1532 wmic.exe Token: 35 1532 wmic.exe Token: SeIncreaseQuotaPrivilege 1532 wmic.exe Token: SeSecurityPrivilege 1532 wmic.exe Token: SeTakeOwnershipPrivilege 1532 wmic.exe Token: SeLoadDriverPrivilege 1532 wmic.exe Token: SeSystemProfilePrivilege 1532 wmic.exe Token: SeSystemtimePrivilege 1532 wmic.exe Token: SeProfSingleProcessPrivilege 1532 wmic.exe Token: SeIncBasePriorityPrivilege 1532 wmic.exe Token: SeCreatePagefilePrivilege 1532 wmic.exe Token: SeBackupPrivilege 1532 wmic.exe Token: SeRestorePrivilege 1532 wmic.exe Token: SeShutdownPrivilege 1532 wmic.exe Token: SeDebugPrivilege 1532 wmic.exe Token: SeSystemEnvironmentPrivilege 1532 wmic.exe Token: SeRemoteShutdownPrivilege 1532 wmic.exe Token: SeUndockPrivilege 1532 wmic.exe Token: SeManageVolumePrivilege 1532 wmic.exe Token: 33 1532 wmic.exe Token: 34 1532 wmic.exe Token: 35 1532 wmic.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
EXCEL.EXEpid process 1152 EXCEL.EXE 1152 EXCEL.EXE 1152 EXCEL.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
wmic.exedescription pid process target process PID 1532 wrote to memory of 744 1532 wmic.exe rundll32.exe PID 1532 wrote to memory of 744 1532 wmic.exe rundll32.exe PID 1532 wrote to memory of 744 1532 wmic.exe rundll32.exe
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\SpaceX Starbase Invite.xlsm"1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\wbem\wmic.exewmic os get /format:"C:\Users\Admin\AppData\Roaming\303AC.xsl"1⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:/Windows/Temp//doo2c.dll ValidateLog2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\303AC.xslMD5
5194e7cc8bdde21a91b0c3c95600a758
SHA11a64ab047cd4294ccd6f66381347596c9232f276
SHA25655b93438f8ad1e858af26aa16118674eacf6274dae0eca4dfa6e8e288a4cab24
SHA512bc3a5f1f69c3561b3161de3e1a3b9f1299d676695fb8475524ee373b0a643e270784649447d5d360da87114fe634a4f27bd1ed5c2624e5fd53326830bc6835ed
-
C:\Windows\Temp\doo2c.dllMD5
20a18d76cd5eb64e116f5be06fa79639
SHA1dfe3d840576cc4f857539b053dc514658cf3b9fb
SHA256a6ad4d874891ce3823cf9b6506112a0431a421b197bfc6aa7527a07983ea9007
SHA512d19296962639a64fb8074b1e069deb5c4229c9163061a3fdf3e5b3a9da039d599d9aa2b42b42e456e2b4ac6c9da6b6eb3e809b40b9cb4cf4a1f94b449080da2e
-
memory/744-8-0x0000000000000000-mapping.dmp
-
memory/1056-7-0x000007FEF6010000-0x000007FEF628A000-memory.dmpFilesize
2.5MB
-
memory/1152-2-0x000000002FFC1000-0x000000002FFC4000-memory.dmpFilesize
12KB
-
memory/1152-3-0x0000000071191000-0x0000000071193000-memory.dmpFilesize
8KB
-
memory/1152-4-0x000000005FFF0000-0x0000000060000000-memory.dmpFilesize
64KB
-
memory/1152-5-0x0000000005B60000-0x0000000005B62000-memory.dmpFilesize
8KB