Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 15:41
Static task
static1
Behavioral task
behavioral1
Sample
a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe
-
Size
5.0MB
-
MD5
a130eb93419de9f19d0c66aeaaf184d5
-
SHA1
033f9d97a55a7ff64209cb60ba14afc50d5f707b
-
SHA256
ceff28e5f3c11405d484f4da1c7ef0a89364b0e924efa16dfc89bf126edf90cb
-
SHA512
536a8e6b0d9f5cadb0a857aaf092fe73c88dedfa61ba7ff79212a1e14c8c7ba9216c08ef3afdfbfce2159cf92e39e9ad3d079fcdf0b93cd8ebfe3e3075030f53
-
SSDEEP
98304:4Pcea/pZHvMwvRwCOg/XZtDpDJVWSp11YOrGpQ9OsZqjntStnOs2ac9Y5D9c:4PfaR6w5hOyNNqSpdO2HZqjnWOslSY5+
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 3 IoCs
Processes:
a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe1svnhost.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe" a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Windows\\System64\\1svnhost.exe, explorer.exe" a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe" 1svnhost.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe1svnhost.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation 1svnhost.exe -
Executes dropped EXE 8 IoCs
Processes:
1svnhost.exerutserv.exerfusclient.exerutserv.exerutserv.exerutserv.exerfusclient.exerfusclient.exepid process 2784 1svnhost.exe 3636 rutserv.exe 1132 rfusclient.exe 3140 rutserv.exe 5028 rutserv.exe 1492 rutserv.exe 2868 rfusclient.exe 3216 rfusclient.exe -
Processes:
resource yara_rule C:\Windows\System64\rfusclient.exe upx C:\Windows\System64\rutserv.exe upx behavioral2/memory/3636-35-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1132-36-0x0000000000400000-0x00000000009B3000-memory.dmp upx behavioral2/memory/3636-38-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/3140-40-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/3140-41-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/5028-43-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/2868-51-0x0000000000400000-0x00000000009B3000-memory.dmp upx behavioral2/memory/3216-52-0x0000000000400000-0x00000000009B3000-memory.dmp upx behavioral2/memory/5028-54-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-57-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-59-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-60-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-63-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-65-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-67-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-70-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-72-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-74-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-76-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-78-0x0000000000400000-0x0000000000ABA000-memory.dmp upx behavioral2/memory/1492-82-0x0000000000400000-0x0000000000ABA000-memory.dmp upx -
Drops file in System32 directory 3 IoCs
Processes:
rutserv.exedescription ioc process File opened for modification C:\Windows\SysWOW64\rutserv.pdb rutserv.exe File opened for modification C:\Windows\SysWOW64\exe\rutserv.pdb rutserv.exe File opened for modification C:\Windows\SysWOW64\symbols\exe\rutserv.pdb rutserv.exe -
Drops file in Windows directory 16 IoCs
Processes:
a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe1svnhost.execmd.exerutserv.exedescription ioc process File opened for modification C:\Windows\System64\1svnhost.exe a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe File created C:\Windows\System64\rfusclient.exe 1svnhost.exe File opened for modification C:\Windows\System64\rutserv.exe 1svnhost.exe File opened for modification C:\Windows\System64\vp8decoder.dll 1svnhost.exe File opened for modification C:\Windows\System64\vp8encoder.dll 1svnhost.exe File created C:\Windows\Zont911\Tupe.bat 1svnhost.exe File created C:\Windows\System64\1svnhost.exe a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe File created C:\Windows\System64\rutserv.exe 1svnhost.exe File created C:\Windows\System64\vp8encoder.dll 1svnhost.exe File created C:\Windows\System64\svnhost.exe cmd.exe File created C:\Windows\Zont911\Regedit.reg 1svnhost.exe File opened for modification C:\Windows\System64\svnhost.exe cmd.exe File created C:\Windows\System64\vp8decoder.dll 1svnhost.exe File opened for modification C:\Windows\System64\rfusclient.exe 1svnhost.exe File opened for modification C:\Windows\System64\rutserv.pdb rutserv.exe File created C:\Windows\Zont911\hostbb.zip 1svnhost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs .reg file with regedit 1 IoCs
Processes:
regedit.exepid process 5116 regedit.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exepid process 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
rutserv.exerutserv.exerutserv.exedescription pid process Token: SeDebugPrivilege 3636 rutserv.exe Token: SeDebugPrivilege 5028 rutserv.exe Token: SeTakeOwnershipPrivilege 1492 rutserv.exe Token: SeTcbPrivilege 1492 rutserv.exe Token: SeTcbPrivilege 1492 rutserv.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
rutserv.exerutserv.exerutserv.exerutserv.exepid process 3636 rutserv.exe 3140 rutserv.exe 5028 rutserv.exe 1492 rutserv.exe -
Suspicious use of WriteProcessMemory 30 IoCs
Processes:
a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe1svnhost.execmd.exerutserv.exedescription pid process target process PID 4120 wrote to memory of 2784 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 1svnhost.exe PID 4120 wrote to memory of 2784 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 1svnhost.exe PID 4120 wrote to memory of 2784 4120 a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe 1svnhost.exe PID 2784 wrote to memory of 5116 2784 1svnhost.exe regedit.exe PID 2784 wrote to memory of 5116 2784 1svnhost.exe regedit.exe PID 2784 wrote to memory of 5116 2784 1svnhost.exe regedit.exe PID 2784 wrote to memory of 4304 2784 1svnhost.exe cmd.exe PID 2784 wrote to memory of 4304 2784 1svnhost.exe cmd.exe PID 2784 wrote to memory of 4304 2784 1svnhost.exe cmd.exe PID 4304 wrote to memory of 2244 4304 cmd.exe chcp.com PID 4304 wrote to memory of 2244 4304 cmd.exe chcp.com PID 4304 wrote to memory of 2244 4304 cmd.exe chcp.com PID 4304 wrote to memory of 3636 4304 cmd.exe rutserv.exe PID 4304 wrote to memory of 3636 4304 cmd.exe rutserv.exe PID 4304 wrote to memory of 3636 4304 cmd.exe rutserv.exe PID 2784 wrote to memory of 1132 2784 1svnhost.exe rfusclient.exe PID 2784 wrote to memory of 1132 2784 1svnhost.exe rfusclient.exe PID 2784 wrote to memory of 1132 2784 1svnhost.exe rfusclient.exe PID 4304 wrote to memory of 3140 4304 cmd.exe rutserv.exe PID 4304 wrote to memory of 3140 4304 cmd.exe rutserv.exe PID 4304 wrote to memory of 3140 4304 cmd.exe rutserv.exe PID 4304 wrote to memory of 5028 4304 cmd.exe rutserv.exe PID 4304 wrote to memory of 5028 4304 cmd.exe rutserv.exe PID 4304 wrote to memory of 5028 4304 cmd.exe rutserv.exe PID 1492 wrote to memory of 2868 1492 rutserv.exe rfusclient.exe PID 1492 wrote to memory of 2868 1492 rutserv.exe rfusclient.exe PID 1492 wrote to memory of 2868 1492 rutserv.exe rfusclient.exe PID 1492 wrote to memory of 3216 1492 rutserv.exe rfusclient.exe PID 1492 wrote to memory of 3216 1492 rutserv.exe rfusclient.exe PID 1492 wrote to memory of 3216 1492 rutserv.exe rfusclient.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a130eb93419de9f19d0c66aeaaf184d5_JaffaCakes118.exe"1⤵
- Modifies WinLogon for persistence
- Checks computer location settings
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\System64\1svnhost.exe"C:\Windows\System64\1svnhost.exe"2⤵
- Modifies WinLogon for persistence
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe" /s "C:\Windows\Zont911\Regedit.reg"3⤵
- Runs .reg file with regedit
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Windows\Zont911\Tupe.bat" "3⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\chcp.comChcp 12514⤵
-
C:\Windows\System64\rutserv.exe"C:\Windows\System64\rutserv.exe" /silentinstall4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System64\rutserv.exe"C:\Windows\System64\rutserv.exe" /firewall4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System64\rutserv.exe"C:\Windows\System64\rutserv.exe" /start4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System64\rfusclient.exe"C:\Windows\System64\rfusclient.exe"3⤵
- Executes dropped EXE
-
C:\Windows\System64\rutserv.exeC:\Windows\System64\rutserv.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System64\rfusclient.exeC:\Windows\System64\rfusclient.exe2⤵
- Executes dropped EXE
-
C:\Windows\System64\rfusclient.exeC:\Windows\System64\rfusclient.exe /tray2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\System64\1svnhost.exeFilesize
5.0MB
MD5a130eb93419de9f19d0c66aeaaf184d5
SHA1033f9d97a55a7ff64209cb60ba14afc50d5f707b
SHA256ceff28e5f3c11405d484f4da1c7ef0a89364b0e924efa16dfc89bf126edf90cb
SHA512536a8e6b0d9f5cadb0a857aaf092fe73c88dedfa61ba7ff79212a1e14c8c7ba9216c08ef3afdfbfce2159cf92e39e9ad3d079fcdf0b93cd8ebfe3e3075030f53
-
C:\Windows\System64\rfusclient.exeFilesize
1.5MB
MD5eac85a4a79a168cb47c0810e23e6d2fe
SHA10e053ed568dc2f07d76b0e006a9e19655797b89e
SHA25686b9593479937ca7dfe9ef6744cc321808c0585b63312cb50952f709c498096f
SHA512b424136d58d266ba045a2ad95efeb8cdc69d77a9442521bf196390b934a7752bf728daeaf2fb3df887abf9c719a2526a8179e368cb228603b9243e3c7148c8e0
-
C:\Windows\System64\rutserv.exeFilesize
1.8MB
MD5fa4b26c53cfb2661ba072cf8da181b1a
SHA1295f19aad28e80c5e371078989815c612110229c
SHA2563a92288781a1f411f43e59ae32ea78b89997e7a5d1b6f12771f39fb6fa345db7
SHA512f6399c683c41f518a1096c87303758d50d6419e62317bfe2d362f66e5048f81583be12b32348dc095a34c0de0a79867376fdb8fc4677080d665e001b38cbfa64
-
C:\Windows\System64\vp8decoder.dllFilesize
378KB
MD5d43fa82fab5337ce20ad14650085c5d9
SHA1678aa092075ff65b6815ffc2d8fdc23af8425981
SHA256c022958429edd94bfe31f2eacfe24ff6b45d6f12747725c449a36116373de03b
SHA512103e61a9f58df03316676a074487e50ec518479c11068df3736df139b85c7671048c65bce0ef2c55b3c50c61fde54e9e6c7d1b795aea71263ae94c91d4874e0d
-
C:\Windows\System64\vp8encoder.dllFilesize
1.6MB
MD5dab4646806dfca6d0e0b4d80fa9209d6
SHA18244dfe22ec2090eee89dad103e6b2002059d16a
SHA256cb6ef96d3a66ef08ec2c8640b751a52d6d4f4530cf01162a69966f0fd5153587
SHA512aa5eb93bf23a10de797d6fb52a55a95d36bc48927c76fedd81e0c48872745cb7f7d1b3f230eaae42fd4e79b6a59ca707e56bd6963b03644cbd5984f11e98d6e7
-
C:\Windows\Zont911\Regedit.regFilesize
11KB
MD52594fc01ac2488b8f0edbd94575bb0e7
SHA16532ca1b36bbe19ba0986124b7fff81c41152afe
SHA256915c62220b0c5c200f342ca177df76e65c5048c7b61868d32e4efc0dea4adbef
SHA5124e44d5646c752ebef7537833e0bd4fe1c1ca3b89cb11a2a1afeb15e24e74f011c742948cee54e099bcabde3dcd157a5fe25cea0597148008831f547ab5579787
-
C:\Windows\Zont911\Tupe.batFilesize
278B
MD52aae081f3acb9615cd58a9a05a24bc3f
SHA182386fc85643d0aedfddb39a8f628ff1f51de8be
SHA2564438fb1637120602efbe98aca834c02365b9132fe36ffd8c26d7f5c22d9ec1bd
SHA51247a68649c4f01e9d084fa2838a7b79fd9719c4bf1dfa35d6efac92423c7423cd01fb9944610b88c73a82a2968aeb956e127308a4b5cc39fd9d8e1ede1bbff958
-
memory/1132-36-0x0000000000400000-0x00000000009B3000-memory.dmpFilesize
5.7MB
-
memory/1492-82-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-67-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-76-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-74-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-72-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-70-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-78-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-60-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-59-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-65-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-63-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/1492-57-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/2784-56-0x00000000023F0000-0x00000000023F1000-memory.dmpFilesize
4KB
-
memory/2784-55-0x0000000000400000-0x0000000000900000-memory.dmpFilesize
5.0MB
-
memory/2784-10-0x00000000023F0000-0x00000000023F1000-memory.dmpFilesize
4KB
-
memory/2868-62-0x0000000000400000-0x00000000009B3000-memory.dmpFilesize
5.7MB
-
memory/2868-51-0x0000000000400000-0x00000000009B3000-memory.dmpFilesize
5.7MB
-
memory/3140-41-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/3140-40-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/3216-52-0x0000000000400000-0x00000000009B3000-memory.dmpFilesize
5.7MB
-
memory/3636-38-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/3636-35-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/4120-0-0x0000000000B00000-0x0000000000B01000-memory.dmpFilesize
4KB
-
memory/4120-9-0x0000000000400000-0x0000000000900000-memory.dmpFilesize
5.0MB
-
memory/5028-54-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB
-
memory/5028-43-0x0000000000400000-0x0000000000ABA000-memory.dmpFilesize
6.7MB