Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
09-03-2023 00:23
Behavioral task
behavioral1
Sample
BlitzedGrabberV12.exe
Resource
win10v2004-20230220-en
General
-
Target
BlitzedGrabberV12.exe
-
Size
1.7MB
-
MD5
d9b83c99818f7f4c02a42008eeecd9d8
-
SHA1
d574c658c7f22a0684610d65866beb563a42151a
-
SHA256
542918b6def9c9ecd21dfc946545f44ee928f02be33efc0fec2d028d4341d41e
-
SHA512
2e641b7e5978f53a2609dfdb129801098966de8f868511fa77e29cd87816590ef75652beb992b8063958ce27a890f0dedd96340e1b7e8443edebe071f6c1b8a2
-
SSDEEP
24576:+xAskWeOT4n5lLHxnpL2Q/NLmKgDJ68p4C8BsePDigEoXh7O83igweBAWgtd:2AznU4n9t2ELj18p4BDifoM83ig9Apv
Malware Config
Signatures
-
Detect Neshta payload 1 IoCs
Processes:
resource yara_rule C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe family_neshta -
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
BlitzedGrabberV12.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation BlitzedGrabberV12.exe -
Executes dropped EXE 1 IoCs
Processes:
BlitzedGrabberV12.exepid process 3336 BlitzedGrabberV12.exe -
Loads dropped DLL 1 IoCs
Processes:
BlitzedGrabberV12.exepid process 3336 BlitzedGrabberV12.exe -
Modifies system executable filetype association 2 TTPs 1 IoCs
Processes:
BlitzedGrabberV12.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" BlitzedGrabberV12.exe -
Obfuscated with Agile.Net obfuscator 32 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/3336-159-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-160-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-162-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-164-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-166-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-168-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-171-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-173-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-175-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-177-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-179-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-187-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-197-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-220-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-222-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-228-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-231-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-236-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-240-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-249-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-253-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-255-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-257-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-259-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-263-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-265-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-267-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-269-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-274-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-277-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-281-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net behavioral1/memory/3336-283-0x0000000005A80000-0x0000000005C6E000-memory.dmp agile_net -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 64 IoCs
Processes:
BlitzedGrabberV12.exedescription ioc process File opened for modification C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\INTERN~1\ExtExport.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\WI8A19~1\ImagingDevices.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmplayer.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13173~1.45\MIA062~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MOZILL~1\UNINST~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13173~1.45\MI9C33~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13173~1.45\MICROS~2.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13173~1.45\MI391D~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmprph.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13173~1.45\MICROS~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmlaunch.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\INTERN~1\iexplore.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Google\Update\DISABL~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmpconfig.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\WINDOW~2\wabmig.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\INTERN~1\ieinstal.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\13173~1.45\MICROS~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\INTERN~1\ielowutil.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\WINDOW~2\wab.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\WINDOW~4\wmpshare.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe BlitzedGrabberV12.exe File opened for modification C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe BlitzedGrabberV12.exe -
Drops file in Windows directory 1 IoCs
Processes:
BlitzedGrabberV12.exedescription ioc process File opened for modification C:\Windows\svchost.com BlitzedGrabberV12.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 1 IoCs
Processes:
BlitzedGrabberV12.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" BlitzedGrabberV12.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
BlitzedGrabberV12.exedescription pid process target process PID 400 wrote to memory of 3336 400 BlitzedGrabberV12.exe BlitzedGrabberV12.exe PID 400 wrote to memory of 3336 400 BlitzedGrabberV12.exe BlitzedGrabberV12.exe PID 400 wrote to memory of 3336 400 BlitzedGrabberV12.exe BlitzedGrabberV12.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe"1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\BlitzedGrabberV12.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\BlitzedGrabberV12.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exeFilesize
2.4MB
MD58ffc3bdf4a1903d9e28b99d1643fc9c7
SHA1919ba8594db0ae245a8abd80f9f3698826fc6fe5
SHA2568268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6
SHA5120b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427
-
C:\Users\Admin\AppData\Local\Temp\3582-490\BlitzedGrabberV12.exeFilesize
1.6MB
MD5228a69dc15032fd0fb7100ff8561185e
SHA1f8dbc89fed8078da7f306cb78b92ce04a0bdeb00
SHA256920bec9d500f6446b84399ab4c84858d0f0d7d1abb2e0377399ebbc4bafad709
SHA512373621c4743fa72571b3c8375aa6f7852303a821558b016b002d2af07154787d978f66696db89eeed8fe41f4aed5d66b690d4f87469939f9b1dea2ac2b9101f1
-
C:\Users\Admin\AppData\Local\Temp\3582-490\BlitzedGrabberV12.exeFilesize
1.6MB
MD5228a69dc15032fd0fb7100ff8561185e
SHA1f8dbc89fed8078da7f306cb78b92ce04a0bdeb00
SHA256920bec9d500f6446b84399ab4c84858d0f0d7d1abb2e0377399ebbc4bafad709
SHA512373621c4743fa72571b3c8375aa6f7852303a821558b016b002d2af07154787d978f66696db89eeed8fe41f4aed5d66b690d4f87469939f9b1dea2ac2b9101f1
-
C:\Users\Admin\AppData\Local\Temp\3582-490\BlitzedGrabberV12.exeFilesize
1.6MB
MD5228a69dc15032fd0fb7100ff8561185e
SHA1f8dbc89fed8078da7f306cb78b92ce04a0bdeb00
SHA256920bec9d500f6446b84399ab4c84858d0f0d7d1abb2e0377399ebbc4bafad709
SHA512373621c4743fa72571b3c8375aa6f7852303a821558b016b002d2af07154787d978f66696db89eeed8fe41f4aed5d66b690d4f87469939f9b1dea2ac2b9101f1
-
C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dllFilesize
136KB
MD59af5eb006bb0bab7f226272d82c896c7
SHA1c2a5bb42a5f08f4dc821be374b700652262308f0
SHA25677dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA5127badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a
-
C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dllFilesize
136KB
MD59af5eb006bb0bab7f226272d82c896c7
SHA1c2a5bb42a5f08f4dc821be374b700652262308f0
SHA25677dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db
SHA5127badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a
-
memory/3336-179-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-222-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-149-0x00000000057C0000-0x00000000057CA000-memory.dmpFilesize
40KB
-
memory/3336-148-0x00000000056C0000-0x0000000005752000-memory.dmpFilesize
584KB
-
memory/3336-158-0x00000000727B0000-0x0000000072839000-memory.dmpFilesize
548KB
-
memory/3336-159-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-160-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-162-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-164-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-166-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-168-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-171-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-170-0x0000000070B00000-0x0000000070B37000-memory.dmpFilesize
220KB
-
memory/3336-173-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-175-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-177-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-147-0x0000000005E30000-0x00000000063D4000-memory.dmpFilesize
5.6MB
-
memory/3336-146-0x0000000000AE0000-0x0000000000C8C000-memory.dmpFilesize
1.7MB
-
memory/3336-187-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-197-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-220-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-150-0x0000000005870000-0x0000000005880000-memory.dmpFilesize
64KB
-
memory/3336-228-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-231-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-236-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-240-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-249-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-253-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-255-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-257-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-259-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-263-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-265-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-267-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-269-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-274-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-277-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-281-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-283-0x0000000005A80000-0x0000000005C6E000-memory.dmpFilesize
1.9MB
-
memory/3336-434-0x0000000005870000-0x0000000005880000-memory.dmpFilesize
64KB
-
memory/3336-463-0x0000000070B00000-0x0000000070B37000-memory.dmpFilesize
220KB