Analysis
-
max time kernel
98s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28-06-2024 07:13
General
-
Target
193ea6da81b5c7dd4ab6f8d75edacbad_JaffaCakes118.exe
-
Size
667KB
-
MD5
193ea6da81b5c7dd4ab6f8d75edacbad
-
SHA1
b7b8efc05cbd82a238230bd0ae424487b0e43df6
-
SHA256
300edf71749edacda3c092d9eb778673c9d7b1c49e215e3ea36ac22f80f74b07
-
SHA512
847c2feca8d9af6f35e93e13b549b1170e05ceb2d475a8496a0df586b8df1dd955ab3f230ad100c734834887256c09349a80a4b2ec34955919ec4b7846cac75a
-
SSDEEP
12288:WbMqmnEEb4E9F/ATyGv4XKGQi2lJLm1Giizl6oAlpxElrW1A:WI9EEb4Ev/ATEXKGVnGTzpA1Ec1A
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies security service 2 TTPs 1 IoCs
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
-
ModiLoader Second Stage 10 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Disables taskbar notifications via registry modification
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 8 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 41 IoCs
-
Enumerates connected drives 3 TTPs 4 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Program Files directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 36 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
-
Modifies registry class 20 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 47 IoCs
-
Suspicious use of FindShellTrayWindow 24 IoCs
-
Suspicious use of SendNotifyMessage 20 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 2 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\193ea6da81b5c7dd4ab6f8d75edacbad_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\193ea6da81b5c7dd4ab6f8d75edacbad_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\193ea6da81b5c7dd4ab6f8d75edacbad_JaffaCakes118.exe193ea6da81b5c7dd4ab6f8d75edacbad_JaffaCakes118.exe2⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\DV245F.exeC:\Users\Admin\DV245F.exe3⤵
- Modifies visiblity of hidden/system files in Explorer
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\ceaseum.exe"C:\Users\Admin\ceaseum.exe"4⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del DV245F.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\aohost.exeC:\Users\Admin\aohost.exe3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\aohost.exeaohost.exe4⤵
- Executes dropped EXE
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\bohost.exeC:\Users\Admin\bohost.exe3⤵
- Modifies security service
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Users\Admin\bohost.exeC:\Users\Admin\bohost.exe startC:\Users\Admin\AppData\Roaming\85D9D\CC47E.exe%C:\Users\Admin\AppData\Roaming\85D9D4⤵
- Executes dropped EXE
-
C:\Users\Admin\bohost.exeC:\Users\Admin\bohost.exe startC:\Program Files (x86)\9D1C8\lvvm.exe%C:\Program Files (x86)\9D1C84⤵
- Executes dropped EXE
-
C:\Users\Admin\dohost.exeC:\Users\Admin\dohost.exe3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c tasklist&&del 193ea6da81b5c7dd4ab6f8d75edacbad_JaffaCakes118.exe3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4612 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Defense Evasion
Modify Registry
5Hide Artifacts
1Hidden Files and Directories
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9Filesize
471B
MD5b4b19f96a22192db9a83ba8a65a2e8d1
SHA1e50926c1b3d5390c2489e1f1c000654bf2c773ff
SHA25691ee46abed31c2de11cdf68d792ef2c6f188ce82edc28bd4eb702c56167c7a7d
SHA5125166f784b73b0f83a0bd9b02cdb89ee560b69b0eff9afff8601edd301ce409a1f42b586c68d4f34b291797527bba6f092777e2e17131b0766a1f93121045331b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9Filesize
420B
MD5cac4b7d2c6b21f11e9e77a4221669cb2
SHA18953c40b90ddbd5a8c553f5541b657eed03f6c3e
SHA25695d2b410357d747480e14b6e506db50598ef1d8cf9f8c070f6b6a845a8e15cd4
SHA512e0474e440b39f8d2de0b5596845c4b2eb572ec5779a8f2f9954e0c3df188ce791024aa9041b3ba67de3c26f13e0f28df32616e757406795db4033b2cecd3c40c
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbresFilesize
2KB
MD588293a4f71c73cbaa508a620900da46a
SHA10b45d5ca0e3b9a4662be347a6049d3f693b7f834
SHA256b6c88b71e99d28bae5f55899f51d32d53da175b40c834a4e6e428e095069eecb
SHA5120dcf1a47cf59b1ce42ab059ad5af99e103125f410fafdf8e081d33358daa13af0a63cb35adeb14ceccb54ace63b4cdf75a2b5bcb6a62646327e18f67690ffe1c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\5MIHM5LV\microsoft.windows[1].xmlFilesize
96B
MD584209e171da10686915fe7efcd51552d
SHA16bf96e86a533a68eba4d703833de374e18ce6113
SHA25604d6050009ea3c99cc718ad1c07c5d15268b459fcfb63fcb990bc9761738907b
SHA51248d2524000911cfb68ef866dedac78ee430d79aa3f4b68399f645dc2066841e6962e11a3362cbcec46680357dcd3e58cfef9994450fed1d8af04df44f76b0dfd
-
C:\Users\Admin\AppData\Roaming\85D9D\D1C8.5D9Filesize
1KB
MD5c018fcc18cac0062dfb8d3102ceec587
SHA17f3dc25399892559b85bff7fed2ac8f249c39aec
SHA256ed101344de04fcff72a12608330c71b63996b91461685ee3126bf3dc85af0409
SHA512c833dc28a4155f283759a5d18be08bc863430ac4bda626842ab0e8bec145a513a500b56dd44171a62f97a28ef5861e8187f61465b174a054fb45121ef6b51110
-
C:\Users\Admin\AppData\Roaming\85D9D\D1C8.5D9Filesize
600B
MD5e18fcd9bfd1916e45a10101aa460094a
SHA102d137760faa4963133c684740a82a0b04b93686
SHA2561f4f958550076b8f58f83059f24b0727e4ef63b1c4a263ef64d31d8e9e686c57
SHA5127dd1d1d42c4a920b099386bdbdf0e8dfc0cb40f2d376b9766707741d25ba2e504f41b40ba5ce793ce9afa9b7b84c112d2b356722f67aeae95a03bb0b226ef16d
-
C:\Users\Admin\AppData\Roaming\85D9D\D1C8.5D9Filesize
897B
MD5696fb9dc92d3d57ad324e8f0d1ca28e1
SHA1c7ff515f4658200b4698d3e77d318f684c20b045
SHA256cf5d8efe75c3fd0e71e07cedd6cd69260fa4f2089fa1eb417c1c4541c7979948
SHA51223ca85a36eaf660a26207b86cd13a6902b5b522c1d00d7f82960bb06b4700d7ac2e72fc8c65468089a1b7d20aca91236567b39822ce434abd7defbe31b94f1f3
-
C:\Users\Admin\DV245F.exeFilesize
216KB
MD500b1af88e176b5fdb1b82a38cfdce35b
SHA1c0f77262df92698911e0ac2f7774e93fc6b06280
SHA25650f026d57fea9c00d49629484442ea59cccc0053d7db73168d68544a3bbf6f59
SHA5129e55e7c440af901f9c6d0cdae619f6e964b9b75c9351c76ea64362ff161c150b12a1caabb3d2eb63353a59ae70e7159ca6b3793ed0cc11994766846ac316107f
-
C:\Users\Admin\aohost.exeFilesize
152KB
MD54401958b004eb197d4f0c0aaccee9a18
SHA150e600f7c5c918145c5a270b472b114faa72a971
SHA2564c477ed134bc76fa7b912f1aad5e59d4f56f993baa16646e25fec2fdeed3bd8b
SHA512f0548bdaafce2cde2f9d3bd1c26ed3c8e9321ef6d706bd372e18886d834828e5bb54ae44f19764e94574ceb4a1a2a99bdd8476e174b05114fcac9a6d4a2d58e6
-
C:\Users\Admin\bohost.exeFilesize
173KB
MD50578a41258df62b7b4320ceaafedde53
SHA150e7c0b00f8f1e5355423893f10ae8ee844d70f4
SHA25618941e3030ef70437a5330e4689ec262f887f6f6f1da1cd66c0cbae2a76e75bf
SHA5125870a73798bad1f92b4d79f20bf618112ec8917574f6b25ab968c47afff419a829eef57b0282fb4c53e6e636436c8cf52a01426c46bdd4a0ea948d371f0feb09
-
C:\Users\Admin\ceaseum.exeFilesize
216KB
MD522ecf10bcbacf958cfa9f3155fb91f91
SHA129ed397b7c84e885efbd9fd40705b3361ed696fd
SHA256cf0c2ec5dbf194fe18038e5e8b52492b573cd46bce9d224629fb4db52f71956d
SHA512b0320be395e06aec9058ecec8b144f0421a7c4a0784685c3359c577ff440620bc7f1cc4e61a38331f22cec1383b0fc7ad2d18bcde591ed9f1fef7a6a528e65b5
-
C:\Users\Admin\dohost.exeFilesize
24KB
MD5d7390e209a42ea46d9cbfc5177b8324e
SHA1eff57330de49be19d2514dd08e614afc97b061d2
SHA256d2d49c37bdf2313756897245c3050494b39e824af448450eca1c0e83cf95b1e5
SHA512de0eb11dd20cd9d74f47b138fb4189a299a57173fe2635150045b01629354f35b26e0575acd25501403af0db238a123b2e5a79582b47aee1d6e786f5eec1929d
-
memory/60-274-0x000001E3E36C0000-0x000001E3E36E0000-memory.dmpFilesize
128KB
-
memory/60-305-0x000001E3E3CA0000-0x000001E3E3CC0000-memory.dmpFilesize
128KB
-
memory/60-290-0x000001E3E3680000-0x000001E3E36A0000-memory.dmpFilesize
128KB
-
memory/60-269-0x000001DBE1760000-0x000001DBE1860000-memory.dmpFilesize
1024KB
-
memory/380-267-0x00000000041D0000-0x00000000041D1000-memory.dmpFilesize
4KB
-
memory/532-21-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB
-
memory/532-8-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB
-
memory/532-7-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB
-
memory/532-9-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB
-
memory/532-5-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB
-
memory/532-190-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB
-
memory/532-2-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB
-
memory/532-1-0x0000000000400000-0x00000000004CF000-memory.dmpFilesize
828KB
-
memory/568-424-0x00000000048E0000-0x00000000048E1000-memory.dmpFilesize
4KB
-
memory/1388-463-0x000002189F650000-0x000002189F670000-memory.dmpFilesize
128KB
-
memory/1388-432-0x000002189F280000-0x000002189F2A0000-memory.dmpFilesize
128KB
-
memory/1388-453-0x000002189F240000-0x000002189F260000-memory.dmpFilesize
128KB
-
memory/1652-713-0x00000207B7100000-0x00000207B7200000-memory.dmpFilesize
1024KB
-
memory/1652-715-0x00000207B7100000-0x00000207B7200000-memory.dmpFilesize
1024KB
-
memory/2340-40-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/2340-50-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/3588-79-0x0000000000400000-0x0000000000452000-memory.dmpFilesize
328KB
-
memory/3800-573-0x00000000047A0000-0x00000000047A1000-memory.dmpFilesize
4KB
-
memory/4000-711-0x0000000004DF0000-0x0000000004DF1000-memory.dmpFilesize
4KB
-
memory/4104-192-0x0000000000400000-0x0000000000452000-memory.dmpFilesize
328KB
-
memory/4104-265-0x0000000000400000-0x0000000000452000-memory.dmpFilesize
328KB
-
memory/4104-69-0x0000000000400000-0x0000000000452000-memory.dmpFilesize
328KB
-
memory/4104-93-0x0000000000400000-0x0000000000452000-memory.dmpFilesize
328KB
-
memory/4472-56-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/4472-47-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/4472-46-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/4472-68-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/4472-52-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/4796-0-0x0000000000400000-0x000000000041F000-memory.dmpFilesize
124KB
-
memory/4796-6-0x0000000000400000-0x000000000041F000-memory.dmpFilesize
124KB
-
memory/4812-576-0x000001B8E8900000-0x000001B8E8A00000-memory.dmpFilesize
1024KB
-
memory/4812-581-0x000001C0EA960000-0x000001C0EA980000-memory.dmpFilesize
128KB
-
memory/4812-611-0x000001C0EA920000-0x000001C0EA940000-memory.dmpFilesize
128KB
-
memory/4812-612-0x000001C0EAD40000-0x000001C0EAD60000-memory.dmpFilesize
128KB
-
memory/4812-577-0x000001B8E8900000-0x000001B8E8A00000-memory.dmpFilesize
1024KB
-
memory/4812-575-0x000001B8E8900000-0x000001B8E8A00000-memory.dmpFilesize
1024KB
-
memory/4952-156-0x0000000000400000-0x0000000000452000-memory.dmpFilesize
328KB