Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
-
submitted
28-06-2024 01:59
General
-
Target
186289681118b2e422babea77d2b83d9_JaffaCakes118.exe
-
Size
109KB
-
MD5
186289681118b2e422babea77d2b83d9
-
SHA1
483fcf6c86f34249283a8f58a4f25700c8aec546
-
SHA256
aa42191bd18cb6f98c9b5324d053ed40bf27c12396078891d9a70a2764802ee1
-
SHA512
9457affaebe567426de8c044bc3f48516d71d8e32b6219e8244c2cab5b69246bfdcafb94d0c85108a78e94e6fa2eec08ac35dd652d2017e8600af8460ecfe9b6
-
SSDEEP
3072:ZZfYO7p820efPp12eVH4CL9NVnkXHuQS/AgGgTQ:ZVh7p820kKeIuQsGg0
Malware Config
Signatures
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 10 IoCs
-
UPX packed file 10 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 59 IoCs
-
Suspicious behavior: EnumeratesProcesses 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 6 IoCs
-
Suspicious use of SetWindowsHookEx 26 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\186289681118b2e422babea77d2b83d9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\186289681118b2e422babea77d2b83d9_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\186289681118b2e422babea77d2b83d9_JaffaCakes118mgr.exeC:\Users\Admin\AppData\Local\Temp\186289681118b2e422babea77d2b83d9_JaffaCakes118mgr.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275458 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:472069 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:734212 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:4142086 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\SysWOW64\wuaucldt.exec:\windows\system32\wuaucldt.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\SysWOW64\wuaucldtmgr.exec:\windows\SysWOW64\wuaucldtmgr.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
\??\c:\users\admin\wuaucldt.exec:\users\admin\wuaucldt.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
\??\c:\users\admin\wuaucldtmgr.exec:\users\admin\wuaucldtmgr.exe4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del c:\windows\syswow64\wuaucldt.exe3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del c:\users\admin\appdata\local\temp\186289~1.EXE2⤵
- Deletes itself
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5a5488ac8a7bb74c6a071a37c612c4689
SHA15d50c68ed4eae8367074ac125ce65db9f8cc131f
SHA256c568d2cacbc840eab4268897a258f008988b4378400b4c873d3f225c4174c5ec
SHA5120442692af087cc043155b58abeef7340579f8c4c6438c81541a0b4b8e5be4016e8a779895e00e94c11ba42556c1ed589509b81b2b0ddac77b47e48b5ddd83170
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5a26679d7e174ccf11e4039ffd02e2227
SHA18fc2de14f1ed0b2cadcfbd35bc48d8bd92fe9a1f
SHA256b563ecb93936a325eab0282759e83cfb77bb50a71604d622ade5f0f6d688dcc2
SHA512e9e9f78580990f72194f6d8072f86cbd64529604023fbfd7dfd9a0ddacf9b91fa9f38879adcc999ea08e387048ec2e2deef53f20154761c6069ad39e2f73c743
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51c6e510673cad356cbcf6da3cede1eb3
SHA1ec91d29db04f90f99785416bb8a63c8ece39e6bf
SHA256a4c07228822fc078e9fd1087cc4eae48a3ccf806a77b70391914d37e6d52f996
SHA512257e15d71c744040f3c1a74ef57cc8780e620a58f28ed629aace05e244a4463db26e53aa5663aae223680a1267f7ce6d18cce19d19aaa7171a91df5c064f9ed6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD51adae661557179d2f4fc966b4ebd163b
SHA1c118d3ca8c0594af294ffc90508e00f9d3542c0e
SHA2569c461ad108f9a3a6049bf8e8516ffaaa5956a2909a114a30027cd38f90a659a3
SHA512d3af8e30ba64c2cbb789376c7db3a40ec595ceceb7622d98327a2bdaa414d3ac5eaf825bfc81d742515dfa10b7356dfc20fb50d23b10f95baf2b28678ccc8e7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD54555b40168f49d5798296da35abf5660
SHA18bc1230ed2df47678d86f6440ac9ecdfcec37a58
SHA25647f0f1fb2b0315247fa8ceca79e1e72369c28898782ec2c874a73060867958a1
SHA512b70fc5123c977978621181efc3b6fda3ad8e1bde14937a1c2e8bb453aaf03b989b18782463cd9907ca34be5eac4ac8bb275d931b1f597c26e3f689b2636794cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c5abfba3198f5d4e909bd20d4d0dd8e2
SHA17184ccbc16f679f286482f9d261fba9dfdfcd8ba
SHA2561ad8dbb69a1c2674b30de5c538abf0701303da5df05f152ab62afc418974cd01
SHA512637ceeca98bf9b0eb5e4e76e3020933f6fe41b46088ed6ad17cc584c0d58fc932e08d2813a3b256eae589244fdb7c86357c4ae734cf3ee0b52baeb3bb3e812d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD58358f568d7e1959ca36142ff288838aa
SHA1107b4311ca17d95156cac8cde29c29d8b309bb6d
SHA256ee13a8b0702ab38ff0ad4da082e9fd4065a2eb8530b8fcb4cd7ca9a090dc6494
SHA51232247148b3f2b279088741c28b348a0ff048ce9f2bf7f3c7a80cf0853e8516b194d2549face074c953e925b46ae6042b72306c6697b20d590154c7bb83209de0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD50e1e6a46b2cbcfbf016887bb23e1caf8
SHA1a85196f803140ddfced71b78745738b786baf1c9
SHA256b29b47f992d9cdfbe6a203b0bab2916a9f99eb77545483ac6d1b6845bcc2b1bc
SHA5126e13a0a046a643b42775eee36b7369fca2de690780f5a0d6a6b2713f49a8bc3376e6dfa89d179ee873470bdb8aece4194d8c21063c88356e9312b94cfe3909e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b865ada6c5c79489ded2eb6f9c7a0940
SHA1d52acc37ad5ad1beb404f46c8b6d8252df9a0510
SHA256904e0076ca489b22201deb457b29d320eded0c9570fdb0d3df1669db5bc8caa6
SHA512e899dfa0eab4a81d73b75fbe94dfb4541bf2777bd90d714dc17dc55c9e84947bd9094e5ce56380f6a4a1a1c5f8661b0888e9548e29414b820ff2e114da2cbcaf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5f4ba01a6e37825e49cf23f6fc8d9bb63
SHA1ba21ffa53fcb59dc5e3df8458a4e9c6376928681
SHA256e87a35b8e88c23a2373bae7880103ddd62356c03b2fadaa41060f6005acbae61
SHA512df14f50f4be9f798c2aa1b2205b73054faa9a502783b24a70b040260c043a13b035bfa48ac653429c53217a1f47169c7cb5999f21a6bdf092613f9bd771adc8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD50997a51fa3a5c8c700f6ad50bf74b311
SHA17e7e958bb3dff91d313db38c056a632d88da78fd
SHA25616c6c92266d7d2b15c2f4eb527804ff827af1bb37e10a90f01619c4a8f3cc3b8
SHA512585182904a35442d158f644b3fdb873e3fdbdf97d670b3a12aee46f512b414d74cbf854421e8b57dc78f048395424b10a01f319424d1bd25801a8e0f89d61003
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD588c582ae690a9070c9172ef54b979004
SHA175956f3cbec7037988b021699839ff89bcebddf9
SHA2560a8aabf0922f16dc1a0a14ff25d8a36d9656be6ec3c1a5b020641a055ff4f8a6
SHA512786ad2d73172019c434a3e54527e7d1e70f056bc89a4f20ee0e4c97f05b469be4f04d16266d2e18cb4e9ed695d338f75e10b6d6346ddc868bb7f8912e439fd1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5f024ea61544ac74a5406f6b5d3f8fdaf
SHA101fe7b15afbfef90095642cef97353eb922e5c59
SHA2560de6506bdc5b55493236d660f0865612220c8f27adf86a8adbc37c5cbfc24c12
SHA5120529d582af517adaedae9b78935e103fc7478c61ef9910a455913284585302793cd2d710c4c0826441fa2dd7497ff866ad6856dd5ae200d267d5b744f4a7c506
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5ccb3a96dc340d34be69845da770d6eb6
SHA1ff03da348174b2672f5206fdd8df24fe94837410
SHA256986bcb548069a3e5c4e0715cab99c9078053b985a2e16645c4ef6044772cc50a
SHA512add418a5f6649366e3b09d1fa27dd729ef2dfde507c930dfe3ed7f80441ffff0f33b0c13720d12e275fcba30af00ef6dc101a3283ab117c7524901563ca21e19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5f0c4008ebbfe9c55f054f9301277f0d1
SHA1ac22c5d09c1eac6aba38e09a0af1a73ce4b4cade
SHA2569b86842c8969776c824ed63425d6efdac009fed1a17dcc2de9b17d5f9c8a3edf
SHA5124b7130ecc1dcc5361aafa835afc61193e95b695d5ef9fa0cfe5baf40d10d8ef068d8eeb2f13b3fc4bcd23abd80e5df955e6a908c3b79aeb7c72e7b048a99b725
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e4464496e58d2b9f4e788dcb659e5a46
SHA18473b196d6360436ee85ab4ef2ce0437784b1eec
SHA256de5f1737a558f2ee445f6d9b9ddfafaf9692fe857c859e213b9cb1e1edc0d733
SHA51295c7250861f8cac9eb1dd4f3b1d1d24acbf128ffb381a3fa712dcafaa3e8249fbcdd88737b65cb952c78ed4a8d629d0856889c422d0920109ea49e0508b28403
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5c68229fe5b83e04cc5eaba9c7ed7e749
SHA1f46172d43c24c93bfd4de4a3c6648b7dc8d393a4
SHA25623bd19bf06ceacab2db1838ec0c04f455d361aef10939682707dc46f7f0212e1
SHA512415b04d3f1afd65496ec5d44619a48cc567824508b3deaded25b9e98adab28cd12b890978252de65d85ce10af403fad6ee02d8f673d35563f1df2a5d5f3718b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD54d1d8332e34236b6150bf863cc70d4c5
SHA1347622007d8e4855c74ccd8ad30cc83313d229f4
SHA256a6473e118f277e29ec2a7f556c80f1394fe96c6326f2131c531eef72c6602187
SHA51247fedbf96bd674b5e4147c39bc23b082bc81c8dbbd12d00ab5058a0f5577ad3db1329813e696dc63c56cb1b9d0d118c90ff1ddfc859292333cb694620d925eea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5a469229fd0d6a37e81cddb3957c944e0
SHA1d416e3ccd51c79889337b24c3421450f619fe9c7
SHA256303688c5b53f8ca4920a4a638cadd75b2732827929ab6af7e470e9bfc4153f4c
SHA5127a9404a9880aa6d97a8dc52566226004f2c3b9808a821348b8b12c4066b4c6df0314e04c3c6894526e578b7dbfce058ab3d6c3017fdc45d857857bf12fdd51b2
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1A336301-34F2-11EF-BD87-DEB4B2C1951C}.datFilesize
6KB
MD5cdd39a2e1d47e976a097e229fa60ce1b
SHA1bf28210e55b20f07f6809757006189f04d42ee40
SHA256fa6947ab55277e8a46caea3e1faa758af3f7ad47eced470e06c0c84474b12790
SHA5125e8c4d6927b4ccb7b4d36e88ab836f66a93159d8074567104568476aa52fa0bc342589f10c87bc33a63329ffc1992bdaa70482d6b1bd23e1e725efad1edd7dc1
-
C:\Users\Admin\AppData\Local\Temp\Cab88D2.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\Tar8971.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
\Users\Admin\AppData\Local\Temp\186289681118b2e422babea77d2b83d9_JaffaCakes118mgr.exeFilesize
73KB
MD523842802587d1c2570eec734a06cc188
SHA1aecd57ced1f79fa0dcc93076b3254216d08b907f
SHA256aa94699c1420a0a2c0d07a936fe2acc26cdbb410f7bc47552110504e91b4a8d8
SHA51280ebdf18eff5b25e4ce2dccb44d5b55a9e377b5b339da3a253679d0a4eb0e6fb57595aabb979014aa4e3d59f8622d4660df763d79d8a813365eff0538c05b1c7
-
\Windows\SysWOW64\wuaucldt.exeFilesize
109KB
MD5186289681118b2e422babea77d2b83d9
SHA1483fcf6c86f34249283a8f58a4f25700c8aec546
SHA256aa42191bd18cb6f98c9b5324d053ed40bf27c12396078891d9a70a2764802ee1
SHA5129457affaebe567426de8c044bc3f48516d71d8e32b6219e8244c2cab5b69246bfdcafb94d0c85108a78e94e6fa2eec08ac35dd652d2017e8600af8460ecfe9b6
-
memory/1200-14-0x0000000000400000-0x0000000000446000-memory.dmpFilesize
280KB
-
memory/1200-11-0x0000000000400000-0x0000000000446000-memory.dmpFilesize
280KB
-
memory/1200-12-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1200-129-0x0000000000400000-0x0000000000446000-memory.dmpFilesize
280KB
-
memory/1200-15-0x0000000000330000-0x0000000000331000-memory.dmpFilesize
4KB
-
memory/1200-16-0x0000000000400000-0x0000000000446000-memory.dmpFilesize
280KB
-
memory/1200-13-0x0000000000320000-0x0000000000321000-memory.dmpFilesize
4KB
-
memory/1648-72-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/1648-73-0x0000000070000000-0x000000007000B000-memory.dmpFilesize
44KB
-
memory/1648-57-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/2140-75-0x0000000000080000-0x0000000000089000-memory.dmpFilesize
36KB
-
memory/2140-84-0x0000000000080000-0x0000000000089000-memory.dmpFilesize
36KB
-
memory/2140-81-0x0000000000080000-0x0000000000089000-memory.dmpFilesize
36KB
-
memory/2140-78-0x0000000000080000-0x0000000000089000-memory.dmpFilesize
36KB
-
memory/2140-76-0x000000007EFDE000-0x000000007EFDF000-memory.dmpFilesize
4KB
-
memory/2140-83-0x0000000000080000-0x0000000000089000-memory.dmpFilesize
36KB
-
memory/2140-80-0x0000000000080000-0x0000000000089000-memory.dmpFilesize
36KB
-
memory/2232-4-0x0000000000220000-0x0000000000266000-memory.dmpFilesize
280KB
-
memory/2232-9-0x0000000000220000-0x0000000000266000-memory.dmpFilesize
280KB
-
memory/2232-17-0x0000000009000000-0x0000000009009000-memory.dmpFilesize
36KB
-
memory/2232-18-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/2232-1-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/2232-22-0x0000000000390000-0x00000000003AE000-memory.dmpFilesize
120KB
-
memory/2232-30-0x0000000000390000-0x00000000003AE000-memory.dmpFilesize
120KB
-
memory/2232-39-0x0000000000220000-0x0000000000266000-memory.dmpFilesize
280KB
-
memory/2504-40-0x0000000000400000-0x0000000000446000-memory.dmpFilesize
280KB
-
memory/2504-41-0x00000000002A0000-0x00000000002A1000-memory.dmpFilesize
4KB
-
memory/2504-43-0x0000000000400000-0x0000000000446000-memory.dmpFilesize
280KB
-
memory/2504-42-0x00000000002B0000-0x00000000002B1000-memory.dmpFilesize
4KB
-
memory/2504-70-0x0000000000400000-0x0000000000446000-memory.dmpFilesize
280KB
-
memory/2672-68-0x0000000000400000-0x0000000000446000-memory.dmpFilesize
280KB
-
memory/2672-67-0x0000000000400000-0x0000000000446000-memory.dmpFilesize
280KB
-
memory/2684-31-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/2684-56-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB