Overview

overview

10

Static

static

8

1f2ed0a44b...7.docm

windows7-x64

4

1f2ed0a44b...7.docm

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2022 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f2ed0a44bfe66ef53582a3cc55e4417.docm

  • Size

    207KB

  • MD5

    1f2ed0a44bfe66ef53582a3cc55e4417

  • SHA1

    8ce71a8bd2933924fd840777711a34154e4c040d

  • SHA256

    107303e82acc31cdd39920feb402e51744237c92a4a6620dbb5c3f36cb1c274f

  • SHA512

    cbc8e5971306f890a193bac344f8a7adb504b1b2d5e5ea2aad5aad3b9ade29e253b60ffd7b207b6b785869744b7b894bd2c0c94c758912bece09a6d455c70749

  • SSDEEP

    6144:uTxHzHVzJky3eEGVdajJ66tAhUJOO3NZ7xsego:uRbrkyuEGfMuhU7rN5

Score
10/10
persistence

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\1f2ed0a44bfe66ef53582a3cc55e4417.docm" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2804
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://na01.safelinks.protection.outlook.com.url.protected-forms.com/XUTI5dlpFZE1hbTEwY0dVeE5IWklhSE5oWjBGelFrSjZjRzh4ZUU5eE5tSnVjWEpqU3paRmRVbzFNM2cxVnprME16QjBUR2xGZGs5T1JYcEhNek42Ym5kdVdsSldURmhxUzFoR1lWTkRPREY2U1hwcWNIVTFibGt4Y1hKb1dERkdaSE5ZZFVORlIzVTBhbFJHYTNGNmVqbEJaRE5NTDFsV1VtNVlWa3RvU1N0Q04xaHpMMlpGYUdSaWRrMW5Sa0Z4WTFNNFkwSlZTMWs0YWpaTGVEWk9SRUl4YlU5WVYwRTJhVkZGUFMwdGMwUkpOVkpMYkVOcFoxcG1iR1ZWYlhSWmVrRTBRVDA5LS02MzI4NzhmZWE4Njk4ZTgwYTU3MWJhYTQ1N2EyMmI1Y2Y1YjIyZDRj?cid=1373005365
      2⤵
      • Process spawned unexpected child process
      • Adds Run key to start application
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4864
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe78b146f8,0x7ffe78b14708,0x7ffe78b14718
        3⤵
          PID:2024
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2432 /prefetch:2
          3⤵
            PID:520
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3052 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2112
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3168 /prefetch:8
            3⤵
              PID:4072
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
              3⤵
                PID:812
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
                3⤵
                  PID:1676
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 /prefetch:8
                  3⤵
                    PID:2940
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
                    3⤵
                      PID:3468
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 /prefetch:8
                      3⤵
                        PID:3956
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
                        3⤵
                          PID:3104
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
                          3⤵
                            PID:4632
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
                            3⤵
                              PID:3984
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                              3⤵
                              • Drops file in Program Files directory
                              PID:1600
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7fcba5460,0x7ff7fcba5470,0x7ff7fcba5480
                                4⤵
                                  PID:1940
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:916
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2364 /prefetch:8
                                3⤵
                                  PID:1824
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2132,11293311826969493,13156241499925274599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2360 /prefetch:8
                                  3⤵
                                    PID:4884
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:216

                                Network

                                MITRE ATT&CK Matrix ATT&CK v6

                                Initial Access

                                Execution

                                Persistence

                                Registry Run Keys / Startup Folder

                                1
                                T1060

                                Privilege Escalation

                                Defense Evasion

                                Modify Registry

                                1
                                T1112

                                Credential Access

                                Discovery

                                Query Registry

                                2
                                T1012

                                System Information Discovery

                                2
                                T1082

                                Lateral Movement

                                Collection

                                Exfiltration

                                Command and Control

                                Impact

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
                                  Filesize

                                  1KB

                                  MD5

                                  f2a7177b141a80c4270da40d213df634

                                  SHA1

                                  7ebd6a9b793a8694ed74eb6e1a104f007832c40b

                                  SHA256

                                  875f1f2c5d040a7b3b94365dab9285f7a5f980ffa57653e30626a4d63f652f0a

                                  SHA512

                                  828325036a58ef6a7b26a10fd8e24c3dd44db12eed18c918858b91e9b2134e0f20030720fe4df898dc8c934da9859223559859871472402319fd9204206db71e

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D6243C18F0F8F9AEC6638DD210F1984_8434FA76B854658C2E8270E57478BB65
                                  Filesize

                                  471B

                                  MD5

                                  975a6a74d387ab781e45a7d79d18cfca

                                  SHA1

                                  4f725c2e4a0fd902b74a96153abc72acba5067d7

                                  SHA256

                                  42deaf8eb982e692ce35f07eb57771c74d8bbbf463f6a286e15cb234d4e101ba

                                  SHA512

                                  1a8ca10c993ba55dbcb6c57d5892f9e9717e2dccc1f646031e3c57d45bf4987dc36236694526574742ce4b91b019bdcdf18991ec6182344865874bc5bba90652

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
                                  Filesize

                                  471B

                                  MD5

                                  ce2cbbd56a884116b4f8d80552b3a598

                                  SHA1

                                  c455120209c2559b9906a5f88f9fdb9d4b6bf964

                                  SHA256

                                  c53f35460b36dc6c56e33c59ed99ed3567a1c4424add4e34db3cea337b946e32

                                  SHA512

                                  637b8303d0f83722e678a340a8f51fa40391cc1367871b4cbc968325ca1dd44ce6234a52e59c7c37a93b1d714a20a70b2a12a17131752a56739a19a8c981d0bb

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
                                  Filesize

                                  1KB

                                  MD5

                                  d854820d3bd82f640e0034aab23577a0

                                  SHA1

                                  6af83f7a1ff65cfc5bbc972852f507ec5483497d

                                  SHA256

                                  40574a3d8cd926832f3413f93d16a031f49524c4dace709054ce8fde45b0e33a

                                  SHA512

                                  f035c406f8f64768022bee927e1aa026d4ec1124c51396f27b2c4f41179fdba9ba562f382bac46b04ee976b5bdd1e2cfcc86bdc2a41fb79def5047630a0e18d4

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
                                  Filesize

                                  1KB

                                  MD5

                                  e34e4ceea81b2b988eaa47991d858e72

                                  SHA1

                                  be9163e5e6e5f59354746911fad87279b6d0c8f2

                                  SHA256

                                  4881bd0c92b169abeaaadf878c070e54b9345bf2b154edcc3fd4a31f8b653a37

                                  SHA512

                                  2261d679305319dedfa8c6cfe799c8bc25224eaff70dd0edfe8d7e79d7260a2f5909421516e193aedd6c3822e41828d08b44cb873424fd95910c7d2ceead14e4

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
                                  Filesize

                                  442B

                                  MD5

                                  25937293648b4ea166a57093b917b0e3

                                  SHA1

                                  8545bc3220107d212e2145ea5f187c6c4b489115

                                  SHA256

                                  9e85658f7d3a8e24a822dc9878acdba417348d5e99151d744af7bd8258a35fb6

                                  SHA512

                                  419653c8c23170f464ccb4db4a9216ef8ab50e633aff2605f997659bef05597a3a4f89e2c1300f2a8d0b87551adc58246bb3ecc555b7558bfb1063717b9c7b15

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D6243C18F0F8F9AEC6638DD210F1984_8434FA76B854658C2E8270E57478BB65
                                  Filesize

                                  414B

                                  MD5

                                  c4560f1ed44e949abbf54eaff85a1b2a

                                  SHA1

                                  1460fcb8df6610ff29ef882d56750eec6172ad05

                                  SHA256

                                  34144b5bc6120a20de1dcbb43210b9101623b5360d394fe1b830431430608c3a

                                  SHA512

                                  be2b831c3c56bc4c1cab8ea8518e16064ad109238b70e04403367b378354234f63d72978a05b1ffef5f3abaa7fe098f2d4246898d35163a37590588d2cac08ed

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
                                  Filesize

                                  446B

                                  MD5

                                  f6dc6b251894e30dd1eed60bbb613bcc

                                  SHA1

                                  c41d63b1840ae770ff8d01ba24c28adf305ce20f

                                  SHA256

                                  938cca4ab7938853059f55fbe8f98ca540bdacde3db412f0aa0cc3cd0488af03

                                  SHA512

                                  cffd836e97403b6213ca1f21cd43222beed73539af67489324f94fe6f4c264d85bd744d443f0afd76ae7dce0a278d0448c5cc15f32a3b02fd965fe995a8e1835

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
                                  Filesize

                                  458B

                                  MD5

                                  2a38f39028e27abbd67ee10feac57c15

                                  SHA1

                                  1b29a362c46f19d850d6db30cd2e2244c6dc7091

                                  SHA256

                                  8e7c269a8ed27e774a966a7a045554b258191a2e00d857ea3d599a1a4e55d4b5

                                  SHA512

                                  421079e0869c33e51ed069896ca5c3290a6ed39d0f70e703f5eac94d13f5ad3f8c1a134df6d383aff4bcaf8aea43a00e105ccc0a3d08d9985fe6bcf285193720

                                  Download Submit
                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
                                  Filesize

                                  432B

                                  MD5

                                  a4934510d64259879318a834a00a3d6d

                                  SHA1

                                  bd79720e44a5364d1406f170d50092451a2bb912

                                  SHA256

                                  52adf1b55dfd90b813be85252b8204383cac4cc16acfbefae0a6f6a25ac173a3

                                  SHA512

                                  d41528f397f31beb00c863c0029744ec06d761113d7b8ec351287d410e6cb4444812123a921627714612f6d087c188d3578c5918708b4aedb95af42be53b5a0b

                                  Download Submit
                                • \??\pipe\LOCAL\crashpad_4864_OJHRXVNZXAETZXNF
                                  MD5

                                  d41d8cd98f00b204e9800998ecf8427e

                                  SHA1

                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                  SHA256

                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                  SHA512

                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                  Download Submit
                                • memory/520-142-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/812-150-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/916-173-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/1600-171-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/1676-152-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/1824-180-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/1940-172-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/2024-140-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/2112-145-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/2804-133-0x00007FFE63C70000-0x00007FFE63C80000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2804-175-0x00007FFE63C70000-0x00007FFE63C80000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2804-135-0x00007FFE63C70000-0x00007FFE63C80000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2804-134-0x00007FFE63C70000-0x00007FFE63C80000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2804-137-0x00007FFE617F0000-0x00007FFE61800000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2804-136-0x00007FFE63C70000-0x00007FFE63C80000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2804-132-0x00007FFE63C70000-0x00007FFE63C80000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2804-178-0x00007FFE63C70000-0x00007FFE63C80000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2804-177-0x00007FFE63C70000-0x00007FFE63C80000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2804-176-0x00007FFE63C70000-0x00007FFE63C80000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2804-138-0x00007FFE617F0000-0x00007FFE61800000-memory.dmp
                                  Filesize

                                  64KB

                                  Download
                                • memory/2940-162-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/3104-168-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/3468-164-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/3956-166-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/4072-148-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/4632-170-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/4864-139-0x0000000000000000-mapping.dmp
                                  Download
                                • memory/4884-182-0x0000000000000000-mapping.dmp
                                  Download