Analysis
-
max time kernel
97s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
16-06-2024 20:14
General
-
Target
b4fe51a46727b61c1f6e4fa7b5012837_JaffaCakes118.exe
-
Size
236KB
-
MD5
b4fe51a46727b61c1f6e4fa7b5012837
-
SHA1
9a513e9efc6ea9281b3df900e551d4108077832c
-
SHA256
0eb64bdbcabb0ca927dd7fae97e2cabce438a63bcf72d19b4e8dd75ebadc8a88
-
SHA512
9c8e4ff8b3941e8e4c5dd0af89b8a757b94abf48c32069653be59518bfdbd3db1c3ac1f53ef128634ad2461b2ae57f819231a4da15d7f657ee8375f7c2b2a9cb
-
SSDEEP
3072:Qv5SYl6fCyKvEMcDHSHwirYFYNDwsdoBjSqkCo7u7ZmSrC1qJE/:QBF6KyCvlrYy8sdGmUo7u7wt0e
Score
10/10
Malware Config
Extracted
Family
gozi
Extracted
Family
gozi
Botnet
1000
C2
musicvideotips.ru
musicvideoporntips.ru
Attributes
-
exe_type
worker
rsa_pubkey.plain
serpent.plain
Signatures
-
Gozi
Gozi is a well-known and widely distributed banking trojan.
-
Modifies Installed Components in the registry 2 TTPs 13 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 26 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 14 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b4fe51a46727b61c1f6e4fa7b5012837_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b4fe51a46727b61c1f6e4fa7b5012837_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\b4fe51a46727b61c1f6e4fa7b5012837_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\b4fe51a46727b61c1f6e4fa7b5012837_JaffaCakes118.exe"2⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\240605656.bat" "C:\Users\Admin\AppData\Local\Temp\b4fe51a46727b61c1f6e4fa7b5012837_JaffaCakes118.exe""3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib -r -s -h "C:\Users\Admin\AppData\Local\Temp\b4fe51a46727b61c1f6e4fa7b5012837_JaffaCakes118.exe"4⤵
- Views/modifies file attributes
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
3Hide Artifacts
1Hidden Files and Directories
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbresFilesize
2KB
MD519f4c979c00e32fc3dd1a093db97efa3
SHA1a3022fc6a23dc3914e48439b8b068b53bcd6bc02
SHA25607d6a63a6d1f819eb4f248cc14ffb08ad0dd9a35ed5d56126ab82ef84d2747c7
SHA5123d4da6e0e30e255658a9184f5c92eec3d38eb6a66a51cc18f1e5b45326da69bd807b714e567438ed69dc8dde8b26448378840782022abb85b18516be655dfa18
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133630424699120593.txtFilesize
75KB
MD5ce88a108043a3d69e5325754ba9c7181
SHA1c64f06b8081f5ec0ae7c0e1fe7b0f248aa6550c4
SHA256b2552766ebb3469549cea5b6b609077fa6e38c000eba6befadfd275e11a8095e
SHA512cb5e53fb1520b68178ad465cde801ed779521b843de44f894fc8fdbd071f33f663a60f570b134ff0996bf407ef9ecee72810b16dd9276469e6b0efb5d5c85829
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\WUYU8Y5R\microsoft.windows[1].xmlFilesize
97B
MD51b4430f8816838751064e481b2671dca
SHA1bf5bb7eb34faac1bac77262c8a7f3662981deea7
SHA2561b12191f1bd84731c07f1493d0553255d66f7095a8cd896aec920cc2213db6c4
SHA512bdd215c6eee00376623f2e0fafef0b7e58682352f0f0a63b854ddf25a5ad02703d306fb4acd352a7d2dee5d1f311e930f19d7a67bd36f451e101ce9d6f660bba
-
C:\Users\Admin\AppData\Local\Temp\240605656.batFilesize
76B
MD5cf8d675b70041eb7b08e20e68cd2ff45
SHA12189f145b8db3c3eaf2e661c123a5c9ee519ece0
SHA2563e1d29451ca8924d758ad13f4e0b4cad24b219655c9488eae4e42398e7282418
SHA512c11435d8559704abc47ad374ff5b1f7437f2b18a32e83d523cbf0edb70b2dc675d53824c85ff83914052a7c16fb2ef775f148af2f531e35aad056bdf887ac10b
-
memory/444-0-0x00000000750C2000-0x00000000750C3000-memory.dmpFilesize
4KB
-
memory/444-2-0x00000000750C0000-0x0000000075671000-memory.dmpFilesize
5.7MB
-
memory/444-6-0x00000000750C0000-0x0000000075671000-memory.dmpFilesize
5.7MB
-
memory/444-1-0x00000000750C0000-0x0000000075671000-memory.dmpFilesize
5.7MB
-
memory/1108-1229-0x0000000004090000-0x0000000004091000-memory.dmpFilesize
4KB
-
memory/1124-43-0x000001BBCFDC0000-0x000001BBCFDE0000-memory.dmpFilesize
128KB
-
memory/1124-67-0x000001BBD03D0000-0x000001BBD03F0000-memory.dmpFilesize
128KB
-
memory/1124-31-0x000001BBCF300000-0x000001BBCF400000-memory.dmpFilesize
1024KB
-
memory/1124-36-0x000001BBD0000000-0x000001BBD0020000-memory.dmpFilesize
128KB
-
memory/1172-195-0x000002195F420000-0x000002195F520000-memory.dmpFilesize
1024KB
-
memory/1172-230-0x0000021960530000-0x0000021960550000-memory.dmpFilesize
128KB
-
memory/1172-194-0x000002195F420000-0x000002195F520000-memory.dmpFilesize
1024KB
-
memory/1172-196-0x000002195F420000-0x000002195F520000-memory.dmpFilesize
1024KB
-
memory/1172-199-0x0000021960570000-0x0000021960590000-memory.dmpFilesize
128KB
-
memory/1172-231-0x0000021960940000-0x0000021960960000-memory.dmpFilesize
128KB
-
memory/1456-1259-0x000002D035250000-0x000002D035270000-memory.dmpFilesize
128KB
-
memory/1456-1233-0x000002D033E00000-0x000002D033F00000-memory.dmpFilesize
1024KB
-
memory/1456-1236-0x000002D034E80000-0x000002D034EA0000-memory.dmpFilesize
128KB
-
memory/1456-1248-0x000002D034E40000-0x000002D034E60000-memory.dmpFilesize
128KB
-
memory/1544-1376-0x0000000002FB0000-0x0000000002FB1000-memory.dmpFilesize
4KB
-
memory/1604-948-0x000001CA09860000-0x000001CA09880000-memory.dmpFilesize
128KB
-
memory/1604-960-0x000001CA09820000-0x000001CA09840000-memory.dmpFilesize
128KB
-
memory/1604-980-0x000001CA09C20000-0x000001CA09C40000-memory.dmpFilesize
128KB
-
memory/1900-1089-0x0000000004BB0000-0x0000000004BB1000-memory.dmpFilesize
4KB
-
memory/3196-5-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/3196-12-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/3196-3-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/3196-7-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/3480-193-0x0000000004490000-0x0000000004491000-memory.dmpFilesize
4KB
-
memory/3500-526-0x0000028B9A240000-0x0000028B9A260000-memory.dmpFilesize
128KB
-
memory/3500-514-0x0000028B99BA0000-0x0000028B99BC0000-memory.dmpFilesize
128KB
-
memory/3500-497-0x0000028B98B00000-0x0000028B98C00000-memory.dmpFilesize
1024KB
-
memory/3500-496-0x0000028B98B00000-0x0000028B98C00000-memory.dmpFilesize
1024KB
-
memory/3500-495-0x0000028B98B00000-0x0000028B98C00000-memory.dmpFilesize
1024KB
-
memory/3500-500-0x0000028B99BE0000-0x0000028B99C00000-memory.dmpFilesize
128KB
-
memory/3616-790-0x0000000004B80000-0x0000000004B81000-memory.dmpFilesize
4KB
-
memory/3664-29-0x0000000004D80000-0x0000000004D81000-memory.dmpFilesize
4KB
-
memory/3724-829-0x000001BD8CAE0000-0x000001BD8CB00000-memory.dmpFilesize
128KB
-
memory/3724-794-0x000001BD8B600000-0x000001BD8B700000-memory.dmpFilesize
1024KB
-
memory/3724-793-0x000001BD8B600000-0x000001BD8B700000-memory.dmpFilesize
1024KB
-
memory/3724-797-0x000001BD8C500000-0x000001BD8C520000-memory.dmpFilesize
128KB
-
memory/3724-809-0x000001BD8C4C0000-0x000001BD8C4E0000-memory.dmpFilesize
128KB
-
memory/4100-1394-0x0000026EEB180000-0x0000026EEB1A0000-memory.dmpFilesize
128KB
-
memory/4100-1383-0x0000026EEADB0000-0x0000026EEADD0000-memory.dmpFilesize
128KB
-
memory/4100-1379-0x0000026EE9E50000-0x0000026EE9F50000-memory.dmpFilesize
1024KB
-
memory/4100-1378-0x0000026EE9E50000-0x0000026EE9F50000-memory.dmpFilesize
1024KB
-
memory/4100-345-0x0000000004640000-0x0000000004641000-memory.dmpFilesize
4KB
-
memory/4100-1385-0x0000026EEAD70000-0x0000026EEAD90000-memory.dmpFilesize
128KB
-
memory/4392-941-0x00000000049C0000-0x00000000049C1000-memory.dmpFilesize
4KB
-
memory/4500-1091-0x0000027779240000-0x0000027779340000-memory.dmpFilesize
1024KB
-
memory/4500-1090-0x0000027779240000-0x0000027779340000-memory.dmpFilesize
1024KB
-
memory/4500-1115-0x000002777A760000-0x000002777A780000-memory.dmpFilesize
128KB
-
memory/4500-1103-0x000002777A350000-0x000002777A370000-memory.dmpFilesize
128KB
-
memory/4500-1095-0x000002777A390000-0x000002777A3B0000-memory.dmpFilesize
128KB
-
memory/4564-347-0x0000023D45100000-0x0000023D45200000-memory.dmpFilesize
1024KB
-
memory/4564-346-0x0000023D45100000-0x0000023D45200000-memory.dmpFilesize
1024KB
-
memory/4564-351-0x0000023D461E0000-0x0000023D46200000-memory.dmpFilesize
128KB
-
memory/4564-384-0x0000023D465F0000-0x0000023D46610000-memory.dmpFilesize
128KB
-
memory/4564-383-0x0000023D461A0000-0x0000023D461C0000-memory.dmpFilesize
128KB
-
memory/4932-682-0x000001DB614E0000-0x000001DB61500000-memory.dmpFilesize
128KB
-
memory/4932-662-0x000001DB60ED0000-0x000001DB60EF0000-memory.dmpFilesize
128KB
-
memory/4932-651-0x000001DB60F10000-0x000001DB60F30000-memory.dmpFilesize
128KB
-
memory/4984-494-0x00000000041E0000-0x00000000041E1000-memory.dmpFilesize
4KB
-
memory/5116-643-0x0000000004650000-0x0000000004651000-memory.dmpFilesize
4KB