Analysis
-
max time kernel
137s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
-
submitted
10-08-2022 19:06
General
-
Target
challenge-files/challenge-files/docs 06.02.2021.docm
-
Size
43KB
-
MD5
f08771b9fdfe82caaa089641e2348c8e
-
SHA1
b02c121597c9d56d7fab76b54834d5f3bd961e8c
-
SHA256
cc721111b5924cfeb91440ecaccc60ecc30d10fffbdab262f7c0a17027f527d1
-
SHA512
3bb2b582e7119c346473f78056f95e0890a3e74976de733739af9aaef810c4e62b35d7f81ec52acfbf675d3d501a048a36fa323ef76ee8843502424211b46ebd
Malware Config
Signatures
-
Process spawned unexpected child process 3 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\challenge-files\challenge-files\docs 06.02.2021.docm" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exeexplorer collectionBoxConst.hta2⤵
- Process spawned unexpected child process
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=6149812⤵
- Process spawned unexpected child process
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0x40,0x104,0x7fff665f46f8,0x7fff665f4708,0x7fff665f47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10320315924394639336,7007195393034082157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,10320315924394639336,7007195393034082157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,10320315924394639336,7007195393034082157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10320315924394639336,7007195393034082157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10320315924394639336,7007195393034082157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10320315924394639336,7007195393034082157,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,10320315924394639336,7007195393034082157,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5392 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10320315924394639336,7007195393034082157,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10320315924394639336,7007195393034082157,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=6149812⤵
- Process spawned unexpected child process
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff665f46f8,0x7fff665f4708,0x7fff665f47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11910678287943401164,11019011614159229353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11910678287943401164,11019011614159229353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\challenge-files\challenge-files\collectionBoxConst.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}2⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" c:\users\public\collectionBoxConst.jpg,PluginInit3⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53Filesize
471B
MD56fc938421a637089d141c9a9fa5c0f7b
SHA1c17618bd4f96ab2478c1d97c8a1756ab4b5a7644
SHA256be3d1c803da697c1f2ef5547ef0c7653048d8d3e7a609056ef7848e0f39fed64
SHA512175edcabbb84ca9c09e032bac60911cd73b9a4223ba308398e7a470cfe1a2694643da99a51ebf1dee46246ddd749526e25eb2de643eb3bc22bb3c89da91300d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53Filesize
442B
MD5f16fdd86c343a5b0c8ef2ed052d5d711
SHA1be0173770341ac77d29850662e26bbf0b8c756bc
SHA256654d6fbcc0d64f3533fb7c0a51ceb6bb7dac5d5a10fd6d4e5b2f64022ff73094
SHA512b4d74103766ee0f1db14cd9283d8452229380acf16d9b207c321ec860734314997ec19157bf69bfcc17fc9326801fb148f69ae0dbffd801fd15337bcbd493806
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5350bf115f2e2fd3b19d74575eaa1b540
SHA16e630a7ca93e5668abf28f63f8cafcd28614abbe
SHA256a6e4e8a6cc8eefa26fcb51644db6c7a9d800eb4a230bd8b7dfa0896026e4c29d
SHA512679dd585c134bd93085b2ccc436421f1f91316d7d54120cdc92033ff2b0a9c99ef7cc67fec3f0ba368fb19151de623d016863be7b315dc3bb846a9995b77cb85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5350bf115f2e2fd3b19d74575eaa1b540
SHA16e630a7ca93e5668abf28f63f8cafcd28614abbe
SHA256a6e4e8a6cc8eefa26fcb51644db6c7a9d800eb4a230bd8b7dfa0896026e4c29d
SHA512679dd585c134bd93085b2ccc436421f1f91316d7d54120cdc92033ff2b0a9c99ef7cc67fec3f0ba368fb19151de623d016863be7b315dc3bb846a9995b77cb85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5350bf115f2e2fd3b19d74575eaa1b540
SHA16e630a7ca93e5668abf28f63f8cafcd28614abbe
SHA256a6e4e8a6cc8eefa26fcb51644db6c7a9d800eb4a230bd8b7dfa0896026e4c29d
SHA512679dd585c134bd93085b2ccc436421f1f91316d7d54120cdc92033ff2b0a9c99ef7cc67fec3f0ba368fb19151de623d016863be7b315dc3bb846a9995b77cb85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5007709614bb3de70288cedc2bb85bc6e
SHA12b0049ace9237c72d5b068a07246870fbae9a41b
SHA2562159616661c7e0266d814763042fc6a1eb9f9b32783474fefc2171f1140e7ab1
SHA512cb523fa8dc7d42a942fcfdff8bcf97812f76de3451731c01b3fc435afe73e4f1ba9393d34a85984f0348d2aa39a4d1f5b194b71e323e934b2d3a16c60ed246a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD59702d011335e8e2d6b8afa386fdc2edf
SHA19886e2ac439bcf21fd9700a2fb35034d4bc63eef
SHA2560eb55febc817bc3bb8bff88254ba9f8097b031abfb3c7d5cb3c721ccbb96e83d
SHA5121f82533e650dd922ccfc0a7b1bcd5f9fa5e70f5cf23b35c742f4ccf5e00e238db9a3c2c407df047f6f23250a067d910bbd5ecaf22f75026f779dd411726b46e8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettingsFilesize
81B
MD5f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1Filesize
126KB
MD56698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUrisFilesize
40B
MD5074d836898ac044f03d0cb510aa16353
SHA1828cc389a919c2980180d20430bfbab2a9c659b2
SHA256382cd76c2a5d9e3c67ec16b491a8a356e0f73096b20e7325aa14fcd28a8b3bdb
SHA51214dcdda3ea885d2a04a89b7d00f9a6c9cfbd0b77c59aa1f78ff062be5af0192ebff14a950d6e161b9e5a47cf9e37aa008968bb3fcf8a605d6b3e47bc8e0b37c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUrisFilesize
40B
MD5074d836898ac044f03d0cb510aa16353
SHA1828cc389a919c2980180d20430bfbab2a9c659b2
SHA256382cd76c2a5d9e3c67ec16b491a8a356e0f73096b20e7325aa14fcd28a8b3bdb
SHA51214dcdda3ea885d2a04a89b7d00f9a6c9cfbd0b77c59aa1f78ff062be5af0192ebff14a950d6e161b9e5a47cf9e37aa008968bb3fcf8a605d6b3e47bc8e0b37c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637957518244806660Filesize
2KB
MD5b251db88f3c2cf14198361d3b9fe6ede
SHA1d2b8156d300fa58a6cf29f5c847586662844dff3
SHA256e71a7c94cbc812d8ceb0ab293c619082745bf8434f0f8b3a8250a1561c700fd5
SHA51229902604f48b445d029455f4dee450ddc21e4a0976833c2401217c500d4a5874b68c547a35af7a322e0ee6b0f49bf009cb0b6e4131f850282a17038a41f710aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637957552397049312Filesize
2KB
MD5b251db88f3c2cf14198361d3b9fe6ede
SHA1d2b8156d300fa58a6cf29f5c847586662844dff3
SHA256e71a7c94cbc812d8ceb0ab293c619082745bf8434f0f8b3a8250a1561c700fd5
SHA51229902604f48b445d029455f4dee450ddc21e4a0976833c2401217c500d4a5874b68c547a35af7a322e0ee6b0f49bf009cb0b6e4131f850282a17038a41f710aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTrafficFilesize
29B
MD5ce545b52b20b2f56ffb26d2ca2ed4491
SHA1ebe904c20bb43891db4560f458e66663826aa885
SHA256e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899
SHA5121ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684Filesize
450KB
MD5a7aab197b91381bcdec092e1910a3d62
SHA135794f2d2df163223391a2b21e1610f14f46a78f
SHA2566337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b
SHA512cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774
-
C:\Users\Admin\AppData\Local\Temp\challenge-files\challenge-files\collectionBoxConst.htaFilesize
3KB
MD599a1a4391c6be3ac5f137c0a092d8edd
SHA134afc663a569d0ba183c73ab40ae8d682273d193
SHA256b25865183c5cd2c5e550aca8476e592b62ed3e37e6b628f955bbed454fdbb100
SHA51245e5b38d72add4d28234b539071a3cb4059c9c104b5389a43190fd3197843e103fdaf7552c1edcb9bbbabe15b122a8bef0389ce39d6130b438a835c4c2d4f345
-
\??\pipe\LOCAL\crashpad_1664_NODXDWFOTPTNFVUNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4108_CWZFIQACMJFGIHVVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1664-141-0x0000000000000000-mapping.dmp
-
memory/2116-151-0x0000000000000000-mapping.dmp
-
memory/2680-161-0x0000000000000000-mapping.dmp
-
memory/2912-139-0x0000000000000000-mapping.dmp
-
memory/3212-152-0x0000000000000000-mapping.dmp
-
memory/3268-137-0x0000000000000000-mapping.dmp
-
memory/3636-154-0x0000000000000000-mapping.dmp
-
memory/3712-133-0x00007FFF52E50000-0x00007FFF52E60000-memory.dmpFilesize
64KB
-
memory/3712-130-0x00007FFF52E50000-0x00007FFF52E60000-memory.dmpFilesize
64KB
-
memory/3712-136-0x00007FFF50640000-0x00007FFF50650000-memory.dmpFilesize
64KB
-
memory/3712-135-0x00007FFF50640000-0x00007FFF50650000-memory.dmpFilesize
64KB
-
memory/3712-134-0x00007FFF52E50000-0x00007FFF52E60000-memory.dmpFilesize
64KB
-
memory/3712-131-0x00007FFF52E50000-0x00007FFF52E60000-memory.dmpFilesize
64KB
-
memory/3712-132-0x00007FFF52E50000-0x00007FFF52E60000-memory.dmpFilesize
64KB
-
memory/4108-143-0x0000000000000000-mapping.dmp
-
memory/4188-144-0x0000000000000000-mapping.dmp
-
memory/4384-140-0x0000000000000000-mapping.dmp
-
memory/4416-142-0x0000000000000000-mapping.dmp
-
memory/4904-156-0x0000000000000000-mapping.dmp
-
memory/5244-169-0x0000000000000000-mapping.dmp
-
memory/5264-171-0x0000000000000000-mapping.dmp
-
memory/5468-173-0x0000000000000000-mapping.dmp
-
memory/5556-177-0x0000000000000000-mapping.dmp
-
memory/5680-179-0x0000000000000000-mapping.dmp
-
memory/5696-181-0x0000000000000000-mapping.dmp