Analysis
-
max time kernel
102s -
max time network
162s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
16-08-2021 16:50
Static task
static1
Behavioral task
behavioral1
Sample
Quotations.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Quotations.xlsx
Resource
win10v20210408
General
-
Target
Quotations.xlsx
-
Size
1.2MB
-
MD5
fd084269903ab4b2354aabb96cf46764
-
SHA1
4f1ebf3cf19d8eb1a53b50bd4eaafff005c628cb
-
SHA256
d764c472456716972abf910c9568dffe1301cee889b69f5fee31521bbc950255
-
SHA512
f9b0b387c7ef1d409910826d639e1cea552098ff11eaaf1c6f9485cd06a0c75b9d9247b31dbb4b44845c5077b53a089dbc5ac2a25c43fedfa91cc9ba807b1cef
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies system executable filetype association 2 TTPs 1 IoCs
Processes:
ieinstal.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" ieinstal.exe -
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request 1 IoCs
Processes:
EQNEDT32.EXEflow pid process 6 1700 EQNEDT32.EXE -
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
Processes:
vbc.exepid process 800 vbc.exe -
Loads dropped DLL 9 IoCs
Processes:
EQNEDT32.EXEieinstal.exepid process 1700 EQNEDT32.EXE 1700 EQNEDT32.EXE 1700 EQNEDT32.EXE 1700 EQNEDT32.EXE 940 ieinstal.exe 940 ieinstal.exe 940 ieinstal.exe 940 ieinstal.exe 940 ieinstal.exe -
Uses the VBS compiler for execution 1 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
vbc.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Windows\CurrentVersion\Run\Zmlkqoj = "C:\\Users\\Public\\Libraries\\joqklmZ.url" vbc.exe -
Drops file in Program Files directory 64 IoCs
Processes:
ieinstal.exedescription ioc process File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOHTMED.EXE ieinstal.exe File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe ieinstal.exe File opened for modification C:\PROGRA~2\Google\Temp\GUME011.tmp\GOFB2B~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\Google\Update\1335~1.452\GOF5E2~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\misc.exe ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORDB.EXE ieinstal.exe File opened for modification C:\PROGRA~2\WINDOW~1\wabmig.exe ieinstal.exe File opened for modification C:\PROGRA~2\WI4223~1\sidebar.exe ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DWTRIG20.EXE ieinstal.exe File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOUC.EXE ieinstal.exe File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe ieinstal.exe File opened for modification C:\PROGRA~2\Google\Update\1335~1.452\GOOGLE~3.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\CNFNOT32.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE ieinstal.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmpshare.exe ieinstal.exe File opened for modification C:\PROGRA~2\WINDOW~2\ACCESS~1\wordpad.exe ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\ODeploy.exe ieinstal.exe File opened for modification C:\PROGRA~2\Google\Update\1335~1.452\GO664E~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\BCSSync.exe ieinstal.exe File opened for modification C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\Google\Update\1335~1.452\GOOGLE~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\CLVIEW.EXE ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\GRAPH.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\GROOVEMN.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\VPREVIEW.EXE ieinstal.exe File opened for modification C:\PROGRA~3\PACKAG~1\{F4220~1\VC_RED~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\FLTLDR.EXE ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\OFFICE~1\Setup.exe ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\Google\Update\1335~1.452\GOOGLE~4.EXE ieinstal.exe File opened for modification C:\PROGRA~2\Google\Update\1335~1.452\GOBD5D~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\OIS.EXE ieinstal.exe File opened for modification C:\PROGRA~2\WINDOW~4\ImagingDevices.exe ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\Adobe\Updater6\ADOBEU~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\MSOXMLED.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSOSYNC.EXE ieinstal.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmprph.exe ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\ink\mip.exe ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\1033\ONELEV.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\IECONT~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSTORE.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\POWERPNT.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\PPTICO.EXE ieinstal.exe File opened for modification C:\PROGRA~2\WI54FB~1\wmlaunch.exe ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\LICLUA.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\SELFCERT.EXE ieinstal.exe File opened for modification C:\PROGRA~2\WI54FB~1\setup_wm.exe ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\NAMECO~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Oarpmany.exe ieinstal.exe File opened for modification C:\PROGRA~2\Google\Update\1335~1.452\GOOGLE~2.EXE ieinstal.exe File opened for modification C:\PROGRA~2\Google\Update\1335~1.452\GOFB2B~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\INFOPATH.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\MSQRY32.EXE ieinstal.exe File opened for modification C:\PROGRA~2\WINDOW~1\WinMail.exe ieinstal.exe File opened for modification C:\PROGRA~2\WI54FB~1\WMPDMC.exe ieinstal.exe File opened for modification C:\PROGRA~2\Adobe\READER~1.0\Resource\Icons\SC_REA~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE ieinstal.exe File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE ieinstal.exe File opened for modification C:\PROGRA~2\MICROS~1\Office14\ONENOTE.EXE ieinstal.exe -
Drops file in Windows directory 1 IoCs
Processes:
ieinstal.exedescription ioc process File opened for modification C:\Windows\svchost.com ieinstal.exe -
Enumerates system info in registry 2 TTPs 1 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Launches Equation Editor 1 TTPs 1 IoCs
Equation Editor is an old Office component often targeted by exploits such as CVE-2017-11882.
-
Processes:
EXCEL.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Toolbar EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel EXCEL.EXE -
Modifies registry class 1 IoCs
Processes:
ieinstal.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" ieinstal.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 1068 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
EXCEL.EXEpid process 1068 EXCEL.EXE 1068 EXCEL.EXE 1068 EXCEL.EXE -
Suspicious use of WriteProcessMemory 23 IoCs
Processes:
EQNEDT32.EXEvbc.exedescription pid process target process PID 1700 wrote to memory of 800 1700 EQNEDT32.EXE vbc.exe PID 1700 wrote to memory of 800 1700 EQNEDT32.EXE vbc.exe PID 1700 wrote to memory of 800 1700 EQNEDT32.EXE vbc.exe PID 1700 wrote to memory of 800 1700 EQNEDT32.EXE vbc.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe PID 800 wrote to memory of 940 800 vbc.exe ieinstal.exe
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\Quotations.xlsx1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE"C:\Program Files (x86)\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding1⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Launches Equation Editor
- Suspicious use of WriteProcessMemory
-
C:\Users\Public\vbc.exe"C:\Users\Public\vbc.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Program Files (x86)\internet explorer\ieinstal.exe"3⤵
- Modifies system executable filetype association
- Loads dropped DLL
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\G2KS51P3\VBC_1_~1.EXEMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
C:\Users\Public\LIBRAR~1\Zmlkqoj\Zmlkqoj.exeMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
C:\Users\Public\vbc.exeMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
C:\Users\Public\vbc.exeMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
\PROGRA~2\Google\Temp\GUME011.tmp\GOFB2B~1.EXEMD5
583ff3367e050c4d62bc03516473b40a
SHA16aa1d26352b78310e711884829c35a69ed1bf0f9
SHA2566b63f8dd47d8b3baa71b6cd205d428861b96bf09cf479071e75ddd23f97c0146
SHA512e9bdd5cc2e29db48cc524488fbadb08e808f17f6e18fa595cfebae229c94f2547079e52a2ada214169577b89b2ffbef424729cd90acdea3774f5c76aec192be0
-
\PROGRA~2\Google\Update\1335~1.452\GOFB2B~1.EXEMD5
583ff3367e050c4d62bc03516473b40a
SHA16aa1d26352b78310e711884829c35a69ed1bf0f9
SHA2566b63f8dd47d8b3baa71b6cd205d428861b96bf09cf479071e75ddd23f97c0146
SHA512e9bdd5cc2e29db48cc524488fbadb08e808f17f6e18fa595cfebae229c94f2547079e52a2ada214169577b89b2ffbef424729cd90acdea3774f5c76aec192be0
-
\Users\Admin\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\G2KS51P3\VBC_1_~1.EXEMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
\Users\Public\LIBRAR~1\Zmlkqoj\Zmlkqoj.exeMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
\Users\Public\vbc.exeMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
\Users\Public\vbc.exeMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
\Users\Public\vbc.exeMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
\Users\Public\vbc.exeMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
\Users\Public\vbc.exeMD5
2e11cb22fcff3e1fbf803fea30380e75
SHA1f38c38f3e9d80b3b3855266c30a993e56ab61bca
SHA256fe1291793c9992efdb89799f37f0cf50cb9ef51f3a10d97d20431a2e4fadae70
SHA512ec1e00dafb2bd5bdc65787b32d3f2611c540dd7500edbf8714af54678325a5c7df41366415cff240b10640de8f39f208392053e1b8b27b961d2f0a3336a3ae32
-
memory/800-68-0x0000000000000000-mapping.dmp
-
memory/800-71-0x00000000003B0000-0x00000000003B1000-memory.dmpFilesize
4KB
-
memory/940-79-0x00000000000D0000-0x00000000000D1000-memory.dmpFilesize
4KB
-
memory/940-77-0x0000000000000000-mapping.dmp
-
memory/940-82-0x0000000010530000-0x00000000105B1000-memory.dmpFilesize
516KB
-
memory/940-81-0x0000000000180000-0x0000000000181000-memory.dmpFilesize
4KB
-
memory/940-80-0x0000000000150000-0x0000000000151000-memory.dmpFilesize
4KB
-
memory/940-83-0x0000000000400000-0x000000000041C000-memory.dmpFilesize
112KB
-
memory/1068-75-0x0000000005637000-0x000000000563A000-memory.dmpFilesize
12KB
-
memory/1068-60-0x000000002FEB1000-0x000000002FEB4000-memory.dmpFilesize
12KB
-
memory/1068-72-0x0000000005630000-0x0000000005633000-memory.dmpFilesize
12KB
-
memory/1068-73-0x0000000005635000-0x0000000005637000-memory.dmpFilesize
8KB
-
memory/1068-74-0x0000000005633000-0x0000000005635000-memory.dmpFilesize
8KB
-
memory/1068-62-0x000000005FFF0000-0x0000000060000000-memory.dmpFilesize
64KB
-
memory/1068-61-0x0000000071671000-0x0000000071673000-memory.dmpFilesize
8KB
-
memory/1068-91-0x000000005FFF0000-0x0000000060000000-memory.dmpFilesize
64KB
-
memory/1700-63-0x0000000076661000-0x0000000076663000-memory.dmpFilesize
8KB