Analysis
-
max time kernel
1767s -
max time network
1778s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28-06-2024 12:25
General
-
Target
PROPER EDUCATION.docx
-
Size
11KB
-
MD5
6409cdd4687dc59b5e0fa3a8d94f625f
-
SHA1
77a3a65326dfe834cd026743fe3119131db6eabe
-
SHA256
0c720da75f3cdc5cbd84450075783822fb9e40e0558ade24398bfb92de372fda
-
SHA512
bcb3324bb654ff40c527baa07246a1f8b3df70b59a6ba3af0f3fd16c1d57801fbfb58256136d04903a8062f61f7224fbf4dd7c5ca6b5b8f32d03cc7c6b85e608
-
SSDEEP
192:CtiVC0zCCNxtpgoZ22NNxD/oKvFfghsKwVONL0WMGTlflHmACM0j7:aiA0zdNxt/ZtNNl3y7WGTldHmJM0j7
Score
5/10
Malware Config
Signatures
-
Detected potential entity reuse from brand microsoft.
-
Drops file in System32 directory 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 52 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 21 IoCs
-
Suspicious use of SetWindowsHookEx 18 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\PROPER EDUCATION.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" EnterProductKey1⤵
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\Clipup.exeC:\Windows\system32\Clipup.exe -d -k 7M3KV-J9JYY-XQX2C-RTCC4-KXBG2 %PROGRAMDATA%\Microsoft\Windows\ClipSvc\Install2⤵
-
C:\Windows\system32\Clipup.exeC:\Windows\system32\Clipup.exe -d -k 7M3KV-J9JYY-XQX2C-RTCC4-KXBG2 %PROGRAMDATA%\Microsoft\Windows\ClipSvc\Install -ppl C:\Users\Admin\AppData\Local\Temp\tem22F1.tmp3⤵
- Checks SCSI registry key(s)
-
C:\Windows\system32\OptionalFeatures.exe"C:\Windows\system32\OptionalFeatures.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5040 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\system32\OptionalFeatures.exe"C:\Windows\system32\OptionalFeatures.exe"1⤵
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\OptionalFeatures.exe"C:\Windows\system32\OptionalFeatures.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5100 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3920 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5352 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5756 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5620 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5656 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5612 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\a72c2b9f8d5e4f33a0fba7a4e77fa866 /t 4504 /p 30081⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=3920 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5864 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x50c 0x51c1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6268 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=5508 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5984 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5696 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=5584 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=6248 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6520 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6460 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=6536 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6396 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=6436 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=6864 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3e6e590ah7e09h44behb404ha9b08c6c4db21⤵
-
C:\Windows\system32\wwahost.exe"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa1⤵
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x50c 0x51c1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault6755a2d3h29b9h41d3hacach41083dc0dbea1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9b42cc54hdc8ah44bfh8321hd716886309301⤵
-
C:\Windows\system32\CredentialEnrollmentManager.exeC:\Windows\system32\CredentialEnrollmentManager.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k WbioSvcGroup -s WbioSrvc1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault75544a26haa14h4f9ah9ecfh3dee5bdfe95d1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultcba71276h290bh4173h8594h0822f0969c801⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault2a818337h5f2fh4fb3hb7c4h807d6bf1a9e01⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultdf0ea0c3h9c82h4f87h8c09h16ee8d51b6cd1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\KR0ZRCWW\2_vD0yppaJX3jBnfbHF1hqXQ2[1].svgFilesize
1KB
MD5bc3d32a696895f78c19df6c717586a5d
SHA19191cb156a30a3ed79c44c0a16c95159e8ff689d
SHA2560e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
SHA5128d4f38907f3423a86d90575772b292680f7970527d2090fc005f9b096cc81d3f279d59ad76eafca30c3d4bbaf2276bbaa753e2a46a149424cf6f1c319ded5a64
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\INetCache\KR0ZRCWW\microsoft_logo_7lyNn7YkjJOP0NwZNw6QvQ2[1].svgFilesize
3KB
MD5ee5c8d9fb6248c938fd0dc19370e90bd
SHA1d01a22720918b781338b5bbf9202b241a5f99ee4
SHA25604d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
SHA512c77215b729d0e60c97f075998e88775cd0f813b4d094dc2fdd13e5711d16f4e5993d4521d0fbd5bf7150b0dbe253d88b1b1ff60901f053113c5d7c1919852d58
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\ZV81QZAG\login.live[1].xmlFilesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\_sessionState.jsonFilesize
136B
MD59c1e824ef8695a1abc67f5d0a95778c0
SHA1ec43ba5ce45d92453320bd6d14d96a866ed4c0e9
SHA2560e9674b55a602a97e8ed235ec72e98e5d816ac014684d179a1fc0b9959345d97
SHA51255e92e224e5d357e4c1dfcd34ee8b7e1d160f8edfce2f3bd156a240f4cc8c73b3329497d8199fabf2a81d8d04be5f49687224b498c57cb115231b47c81d65d15
-
C:\Users\Admin\AppData\Local\Temp\tem22F1.tmpFilesize
206B
MD5b13af738aa8be55154b2752979d76827
SHA164a5f927720af02a367c105c65c1f5da639b7a93
SHA256663ef05eb1c17b68e752a2d1e2dcd0eaa024e4c2ec88a7bc99a59e0aeabdf79b
SHA512cb774f2729ce6b5cda325417fbad93e952b447fa2e9285375c26eb0fbdb7f4f8b644b1007038caafd6d8ba4efb3cc8c5da307c14e12be3454103d52848a029a4
-
memory/3432-72-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-48-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-69-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-39-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-40-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-68-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-41-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-42-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-43-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-67-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-44-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-66-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-45-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-46-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-89-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-88-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-87-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-86-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-85-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-84-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-83-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-82-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-81-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-80-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-79-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-78-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-77-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-76-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-75-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-74-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-73-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-38-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-71-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-70-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-47-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-49-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-50-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-63-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-65-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-64-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-60-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-62-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-61-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-57-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-59-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-58-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-54-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-56-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-55-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-51-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-53-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3432-52-0x00000199D1650000-0x00000199D1660000-memory.dmpFilesize
64KB
-
memory/3628-9-0x00007FFC7F3B0000-0x00007FFC7F3C0000-memory.dmpFilesize
64KB
-
memory/3628-21-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmpFilesize
2.0MB
-
memory/3628-3-0x00007FFCC142D000-0x00007FFCC142E000-memory.dmpFilesize
4KB
-
memory/3628-34-0x00007FFC81410000-0x00007FFC81420000-memory.dmpFilesize
64KB
-
memory/3628-7-0x00007FFC81410000-0x00007FFC81420000-memory.dmpFilesize
64KB
-
memory/3628-13-0x00007FFC7F3B0000-0x00007FFC7F3C0000-memory.dmpFilesize
64KB
-
memory/3628-1-0x00007FFC81410000-0x00007FFC81420000-memory.dmpFilesize
64KB
-
memory/3628-8-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmpFilesize
2.0MB
-
memory/3628-5-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmpFilesize
2.0MB
-
memory/3628-4-0x00007FFC81410000-0x00007FFC81420000-memory.dmpFilesize
64KB
-
memory/3628-37-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmpFilesize
2.0MB
-
memory/3628-6-0x00007FFCC1390000-0x00007FFCC1585000-memory.dmpFilesize
2.0MB
-
memory/3628-33-0x00007FFC81410000-0x00007FFC81420000-memory.dmpFilesize
64KB
-
memory/3628-2-0x00007FFC81410000-0x00007FFC81420000-memory.dmpFilesize
64KB
-
memory/3628-35-0x00007FFC81410000-0x00007FFC81420000-memory.dmpFilesize
64KB
-
memory/3628-36-0x00007FFC81410000-0x00007FFC81420000-memory.dmpFilesize
64KB
-
memory/3628-0-0x00007FFC81410000-0x00007FFC81420000-memory.dmpFilesize
64KB
