Analysis
-
max time kernel
29s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
27-06-2024 19:59
General
-
Target
17555e2385b38ef8f73ad76211e74fd1_JaffaCakes118.exe
-
Size
168KB
-
MD5
17555e2385b38ef8f73ad76211e74fd1
-
SHA1
5183e4999d648d6ffbafc744a72f5c07301ef51d
-
SHA256
d9903b3f3f63da64acb7ec45ebc26b8239840c7efa29a20933d62bd2c28b3d67
-
SHA512
e04cc2fdf0e05807a3202905315bf1e564f2d108b23caeb160ab2c3cc8c188a4f1a2b59a09df3ff5cb473ff70b19b8d5f213d60b832b7b9e278ca6a8334b3a9b
-
SSDEEP
3072:Dxf026qbJ1y4GNq5jz+/YiMaY7lsSMsp7P+unkRYx5w:oqHGoq/TMFh1Mspi5n
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Signatures
-
Modifies firewall policy service 3 TTPs 9 IoCs
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass 3 TTPs 3 IoCs
-
Windows security bypass 2 TTPs 18 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 35 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification 2 TTPs 14 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 11 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 3 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 50 IoCs
-
Suspicious behavior: EnumeratesProcesses 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 44 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\17555e2385b38ef8f73ad76211e74fd1_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\17555e2385b38ef8f73ad76211e74fd1_JaffaCakes118.exe"2⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Loads dropped DLL
- Windows security modification
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"3⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Deletes itself
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:25⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Enumerates connected drives
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
6Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5961a348b0c45befe83f768bce68aff83
SHA194981f43e5a037c4fe11e72dc3c42c56fd90bcbb
SHA25664b35ef90e5bc1cc331bd0c915f019c7460d16fce9f229d75915b934662f486f
SHA5123d4e80fc5215a753021b101177efdc3eb90b087c2317dc7ad575546d0d9fe5c1b7ac01433cf17e09fd476376f4cf9bd0c7578cce7ea128902fc1c71778d5aae2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD59b6dd3be299dfdfa6880536eb5cf5fbb
SHA183ffd46dbede567c0e6ceb3121be2257efd836c3
SHA25651c11ab9acd3ca2c984e4e380188d5df0c940f0d576fbf2e2da331517f5735a2
SHA512ba42499c5f1e1077b4e44d687198159d1546567696bc32a4d54dab1a6c11a379892f2c312959d6a741f1195ecd0fdf117cc6fb3a59a17f64064370b7232ac6d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5d7dba4d54dcf23b1bf334af9d78aaf72
SHA1cdcdbb37c51fedbe102d3b3685030f1e5530ac7f
SHA256e8de6a266fa661f3f127efa58076fc460bf006639420f21c32f5d8fc830bae81
SHA512d9c12ea57be2c639fb0d4ba77551a175579914eb28af4c8dc5a7056e6e12f7d828eac05a8867350b07287bb3413460d63ac36be9da35a010a52b1cdb3b1c7fa9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD586d41354b03f5a75ff2f3a2b753f2ae4
SHA17c5d2bf712adebc3e682741bcc0162390ec645a3
SHA256039ecff40a02ea2d617aaef6f1fbcdf9eb6e447f11f324658d9889bd4eab21da
SHA5128507818b8574ead1330fddebaa4172fa3a3b8b521903ad125e7969ec99547cd37ba7f95b9cbc4d28272247140e87bb400382b05aa45cacfdf656534a28870181
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5a49bb71eed9ab5767e34020401c24781
SHA18e6a9a40c4c839d8f23f4ea469b168d23bd9d950
SHA256fba5afefbb670dde4d38bdc5b1a7292f9611b78eda336742aa8bee9a5bac53e6
SHA5125867207012ca5797259d998f5452fc096ef66fbae16b796faaea6a022afc2da6e6ea621d9ac6f31dd845e163e354bd975a2f7e26183434b99857e720c729c6b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD535d982a3cc2336c254bb3a89188488a0
SHA1ae220a9a46b07e2854889985aea83e7b6315bb46
SHA2562ea4a9fc39b6fb93857adb30616801b41cbe793b3c933e02f69d3005c8abf09e
SHA512d308acf6aba3ad0e60a0694fe3daae61cf472ce5b81937e40e2a53566bf3ec9260082ab08f4fbbfc9a76c8cf55412172b52afdd44258a5c3a699798ff3d3f83b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD592015bbcf3ff081e5d04f8b79b9c641e
SHA10cb3ab46350a024916877c9a2fd3be4afe628d80
SHA256a76ced331f02dbcad4492a2d52985407cfea0bfad2fcb807828b8046b1d6f128
SHA512689712d5648b6c652d1fdf7da26a64e0d9e74f50cfc48d31293fa14d931aa6bbec8dd5ec09bbd075685f45cb0f1242cde58a0cae89a919d17a3fd742c1c492b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5a6db1b5989cd7006c53a54818fa163ef
SHA13af3d95321e37877b6370ae182b1eb7bc863b3b9
SHA256a84fe5d73152d85a52285cbce3893d45b39ed215302947ac85d5cd6340568cca
SHA5125221d085819912491308e488603587a4aba6a05faa2a3ccdc91790a7cb38162dd123d7004bbae04e48fab9d162889726f126e4488e3e0fc3f7d153567f71f045
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5254523cbfba28f88741f1b1b614ecbc7
SHA11d2b6a5be1f2cd343420528e4a7c1cf6a77d76ca
SHA25645f360387f847a3e5a3dc63f4067cf7286ff34b0b25870dc668882c5859bf702
SHA512fa39bb2c44ea83273d295457f6b12b026aca9738f7e5e04e385e5a17b356b88e21a297f212b03517b1880beab6c24733ef2a54a1208983b18c01c9a309cfb36b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5cf0ae4cdd4e006d581a94aa999537ea0
SHA17cf8efffe7ea2972e8b620f28dcd1e296f6b0103
SHA25642d14d15f4f048348c9b42b4bd2fda4190aa07f056010d35129c95c3f6049fad
SHA512a6238d8c0118366a9140edda1f009797d229bc73d738bed46bbb40c38598b967cdb1e9991fb6496161a3c731fe2527cc0a3f1984c368e2021d1239f755a4a245
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD530042c2b6203ef5422dba856ccad14fe
SHA15c73f1dd54d00a5fa119ffac56d747b24fd0ebba
SHA256adfd01eed62ff81e8566a758352006b7eceb6cc2e64e1d08b708ceab919c19fa
SHA51292f6fe2cfef051e8ab07d4a03888dcd584c57a80f572f9c9970707deb51d5664dc2c262bbdb31f3c2b7b08fc8cf88c306c7d16f0df0c8ce8b6fbb497bbff3cce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e2d5f9677a3dbe09953d75602cd4ab44
SHA1faddaf697d1f7980b5d24b1fef4563641c93c55f
SHA25634568e522559d97a75db5c411d27da788bd29a3ba474ec68dc308ec66525ce7e
SHA5122cd30d1aab6b9e65597edab8429af450a67268c4a0edffebbd05e490a1eef846f54dabb428d8aa7a00f240c4f9858e67e42935206e103980c512f4806fb0df20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c0bfbbdae81156e13b3e1da7006f186f
SHA14c8de0a259759cfb0e9b45564f117a02e761246d
SHA2561b7e4aa4c4f4d87fcef88f67120a8755bf8065d46ef2e7db345c517533680d2a
SHA5122035bb77ded18854885718c28f7d68449cb9c5db0185eef0ef0cdadfe4565880946539f2c577f41998a1e7eae267e38d41b4f0850e5482978d8032f76a0422a3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c0aa1eb98d9b8edc82612f8872299d89
SHA13afc85887805ccc1c88c83816094a2388517da15
SHA2567a975159a33a2091221387778b842c60bea94c67d1fe2e68476920a5aad5d52b
SHA512c8693d85c004141214061f67a2a4ed2bfed23426ff96fead01095863b4bb338b6d0f6467c329ed2ea234c2414bf60d587b8724ff9f324f309fe5bf034e5376d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD540a18fc8b3823c22df5accb5b60ea352
SHA187e43d98aa93599d7166b457706d854a8dedca22
SHA2563b88b3dcba581990bd204417e004cdb2323c2666f2007ff463f653150269daf9
SHA512064cbf803764ee7f243ab463fd81f413e65a9cf7b6d0f3c57fbeae2c094fffea4b311b9a3eb147eff31eadfdfffe00e3461c7c9d4bfee035f0ed49c2447b2b85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5ab3c358465a888538928297ec5726cae
SHA19d9037d4f43a01aa98fd5a5e9893a214d18dbee6
SHA2563bf813dc359134eefdef548e413d0fbc959f21a28556d2eb07307f2fb2be1fa0
SHA512af2c173b16ebef0fcfeb13ca336d456e8652d2b72048825602dba2443da84ba1c641867c81768d1fd5c8b71f2f2c75876fa111520ef43417eabed700252753fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e5938f9890380f0b7e2232d2c17e3aea
SHA1d72efe208981b6574bc3f667135ce59a65db94df
SHA2562d8c6f8040e2b6651b7f1e54e491091dbe3c24486766f9cd529e33e777eaca33
SHA512c6d5a0131a1bd7a86d0a0a9f8e31db1ae28bc9d509a43bcd8b79358261ec40072ac0cc8c21303ae6f5bc85edb7d9fb4a7c7b41671e83151b764171acfa647cba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD510cf11c27a66913afe1a1a8ce1eb6d66
SHA17b33c6259d271ed28c20b4a73a9967d40b1cc154
SHA2561da9dfc16fe68ee94f35f694d8304fe297388aa54ce50e90b488ae61175b3506
SHA5128d6822f98897aacec284af0f08ba1d9bcd61fcb742f714a45103cc79ba558fd798f24e8c6aa82f43f07d6e0844aa61532d3f7c8b075458bfce01beb3ec86cd76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5986b4fd6961612a3c04d4e4de5f64d9b
SHA112bb08d9d592a6548df363d2ae82b78ef254b973
SHA256d10331ed0d962b15d54a4f9b5245f63f1011cc1907a63342dec1debae12fc367
SHA512b8d348522c9513a15e9b176232bc0aa6ce68cbc755d27bdb85b77cd136b9d3a1d51d48bd4366e368c39800ef1504066fdb303b2981a7ba330efb3904c3effb92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5370bf9175fc0747c5c1318bd9e756fd2
SHA1b15b3635ea2f290b31b1f85838521da264ae87ac
SHA2564044d5c607db737db8c7f076e80851acfb973fa628ae2404eca49844d057d70d
SHA512010f6d4b4c05ce224e0e42193ff41eeab579ac9a7105e7d238a2cbe57999f1b7f4658d9ceaacaacae6308f8945b48cee757e685a8fa3b5f89991875430fab3e6
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D012ED91-34BF-11EF-9684-CE8752B95906}.datFilesize
5KB
MD54181e1951a931188ac0f32892d593431
SHA1b8f1a779c25bc933333c041b4035a7127c3b5454
SHA256a8e61cb1e6edac80a3285b293e440b65741adb535ec22d5752202c665a203250
SHA512c953d173a0791e96419bb409be5689cb8eb1fcd70fdbf5fa99fce042d43a163dcaff2bd4001e79547dedccf37106beb2943be952f85d5a73c4ca6ba8f181839c
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0154EF1-34BF-11EF-9684-CE8752B95906}.datFilesize
3KB
MD50ea83fe679597b634c54de3d35f829fa
SHA1f5109c250968f893c10e28fdeb7ba9ec4f18ab9e
SHA256a944f3d47a4710707bbc56eeda59fa0157868bbc6b119bd3281f9cec7221b194
SHA51293e82192caae3608302612b4fc8fdda9935b477f1d93fec33969ff26126f08ac7faf1056e251cd70ba2da09c7f44fdbd21af61f80feea3e74e295ee932ffb16d
-
C:\Users\Admin\AppData\Local\Temp\CabC101.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\TarC1FE.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
C:\Windows\SYSTEM.INIFilesize
257B
MD5f7aef9e5c369f29598de02dbad853ad8
SHA157b09170f9e9446553690d1267d19f45f77d6366
SHA256cc21038da86c2015dde98ba8b3df1f50baa76762e059fa9ae78c38ef154f9f19
SHA512ba57939a305e815b578a6ad852b484d54a91e38d8fee69f0030998728f3e39ae3796b34c9dee2aad26ce60c4041a516a48a19a626e0c03c690b25cf2cfd0a4c0
-
C:\klom.pifFilesize
100KB
MD5cded91271a04a3c739d196ea0963bc23
SHA1741d95bdcefafdc5c227a85737ecf44e57c3d014
SHA256fc13f346aca3f049df6291cecd5c5c9addca07cb8f1f4301f231d94cef239b12
SHA512769002bb1dff99b68c5c8c529954f639405c0edfb1f71766a3572fb68c34e5116d73093318117ef1ed7c1772d3e7e17388a20b607a7014f7db2d5dcb34d9c3b9
-
\Program Files (x86)\Microsoft\WaterMark.exeFilesize
168KB
MD517555e2385b38ef8f73ad76211e74fd1
SHA15183e4999d648d6ffbafc744a72f5c07301ef51d
SHA256d9903b3f3f63da64acb7ec45ebc26b8239840c7efa29a20933d62bd2c28b3d67
SHA512e04cc2fdf0e05807a3202905315bf1e564f2d108b23caeb160ab2c3cc8c188a4f1a2b59a09df3ff5cb473ff70b19b8d5f213d60b832b7b9e278ca6a8334b3a9b
-
memory/1104-42-0x0000000001C60000-0x0000000001C62000-memory.dmpFilesize
8KB
-
memory/2232-5-0x00000000025D0000-0x000000000365E000-memory.dmpFilesize
16.6MB
-
memory/2232-19-0x0000000000401000-0x0000000000416000-memory.dmpFilesize
84KB
-
memory/2232-2-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2232-3-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2232-4-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2232-20-0x00000000025D0000-0x000000000365E000-memory.dmpFilesize
16.6MB
-
memory/2232-1-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2232-7-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2232-8-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2232-18-0x0000000000416000-0x0000000000420000-memory.dmpFilesize
40KB
-
memory/2232-17-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2232-82-0x00000000025D0000-0x000000000365E000-memory.dmpFilesize
16.6MB
-
memory/2232-0-0x0000000000400000-0x0000000000434000-memory.dmpFilesize
208KB
-
memory/2276-34-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-65-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-69-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-70-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-72-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-73-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-76-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-64-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-63-0x00000000771BF000-0x00000000771C0000-memory.dmpFilesize
4KB
-
memory/2276-62-0x0000000004030000-0x0000000004031000-memory.dmpFilesize
4KB
-
memory/2276-97-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-61-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-116-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-59-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-60-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-49-0x0000000000870000-0x0000000000872000-memory.dmpFilesize
8KB
-
memory/2276-235-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-50-0x00000000008C0000-0x00000000008C1000-memory.dmpFilesize
4KB
-
memory/2276-52-0x00000000008C0000-0x00000000008C1000-memory.dmpFilesize
4KB
-
memory/2276-38-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-53-0x0000000000870000-0x0000000000872000-memory.dmpFilesize
8KB
-
memory/2276-39-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/2276-417-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-463-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2276-40-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2276-54-0x00000000771BF000-0x00000000771C0000-memory.dmpFilesize
4KB
-
memory/2276-55-0x0000000000870000-0x0000000000872000-memory.dmpFilesize
8KB
-
memory/2276-29-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-31-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-23-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-32-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-56-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-33-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-57-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-58-0x00000000025F0000-0x000000000367E000-memory.dmpFilesize
16.6MB
-
memory/2276-41-0x00000000003E0000-0x00000000003E1000-memory.dmpFilesize
4KB
-
memory/2276-22-0x0000000000400000-0x0000000000434000-memory.dmpFilesize
208KB