Analysis
-
max time kernel
133s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 10:39
Static task
static1
Behavioral task
behavioral1
Sample
19d126e528c422aec7280cca54bd14c2_JaffaCakes118.dll
Resource
win7-20240220-en
General
-
Target
19d126e528c422aec7280cca54bd14c2_JaffaCakes118.dll
-
Size
104KB
-
MD5
19d126e528c422aec7280cca54bd14c2
-
SHA1
1ce611d34fdd94723739294e65629cbafbf0a819
-
SHA256
292a49e16b1499130d69a513421f607cf1dbf13a442dc68cf8578689447eca8f
-
SHA512
a7c1a43165318dc1b347269ee0792cf7494cee788316de332af672b192fd8d263ae44f6378f9be22b6322cef0778a70cd002e9ad42582ef83bdabfd247136572
-
SSDEEP
3072:Yx73qAAdzsMEYQ5sdTtz1Eu93H3bOtCLu:qqAAdzOvEEwH3beCS
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
rundll32mgr.exeWaterMark.exepid process 952 rundll32mgr.exe 2876 WaterMark.exe -
Processes:
resource yara_rule behavioral2/memory/952-6-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/952-7-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/952-9-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/952-8-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/952-5-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/952-10-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/952-13-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/2876-24-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/2876-26-0x0000000000400000-0x0000000000421000-memory.dmp upx behavioral2/memory/2876-35-0x0000000000400000-0x0000000000421000-memory.dmp upx -
Drops file in System32 directory 1 IoCs
Processes:
rundll32.exedescription ioc process File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe -
Drops file in Program Files directory 3 IoCs
Processes:
rundll32mgr.exedescription ioc process File opened for modification C:\Program Files (x86)\Microsoft\WaterMark.exe rundll32mgr.exe File opened for modification C:\Program Files (x86)\Microsoft\px40F1.tmp rundll32mgr.exe File created C:\Program Files (x86)\Microsoft\WaterMark.exe rundll32mgr.exe -
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 2544 3128 WerFault.exe rundll32.exe 2968 2188 WerFault.exe svchost.exe -
Processes:
iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2616258566" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2619071387" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C790EE4A-353A-11EF-8383-5A352D2CFE47} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2616258566" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2616258566" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115591" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115591" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2619227483" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115591" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115591" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31115591" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C7935115-353A-11EF-8383-5A352D2CFE47} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31115591" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2616258566" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426336179" iexplore.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
WaterMark.exepid process 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe 2876 WaterMark.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WaterMark.exedescription pid process Token: SeDebugPrivilege 2876 WaterMark.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
iexplore.exeiexplore.exepid process 4692 iexplore.exe 3380 iexplore.exe -
Suspicious use of SetWindowsHookEx 10 IoCs
Processes:
iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEpid process 4692 iexplore.exe 4692 iexplore.exe 3380 iexplore.exe 3380 iexplore.exe 4896 IEXPLORE.EXE 4896 IEXPLORE.EXE 640 IEXPLORE.EXE 640 IEXPLORE.EXE 4896 IEXPLORE.EXE 4896 IEXPLORE.EXE -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
rundll32mgr.exeWaterMark.exepid process 952 rundll32mgr.exe 2876 WaterMark.exe -
Suspicious use of WriteProcessMemory 28 IoCs
Processes:
rundll32.exerundll32.exerundll32mgr.exeWaterMark.exeiexplore.exeiexplore.exedescription pid process target process PID 1524 wrote to memory of 3128 1524 rundll32.exe rundll32.exe PID 1524 wrote to memory of 3128 1524 rundll32.exe rundll32.exe PID 1524 wrote to memory of 3128 1524 rundll32.exe rundll32.exe PID 3128 wrote to memory of 952 3128 rundll32.exe rundll32mgr.exe PID 3128 wrote to memory of 952 3128 rundll32.exe rundll32mgr.exe PID 3128 wrote to memory of 952 3128 rundll32.exe rundll32mgr.exe PID 952 wrote to memory of 2876 952 rundll32mgr.exe WaterMark.exe PID 952 wrote to memory of 2876 952 rundll32mgr.exe WaterMark.exe PID 952 wrote to memory of 2876 952 rundll32mgr.exe WaterMark.exe PID 2876 wrote to memory of 2188 2876 WaterMark.exe svchost.exe PID 2876 wrote to memory of 2188 2876 WaterMark.exe svchost.exe PID 2876 wrote to memory of 2188 2876 WaterMark.exe svchost.exe PID 2876 wrote to memory of 2188 2876 WaterMark.exe svchost.exe PID 2876 wrote to memory of 2188 2876 WaterMark.exe svchost.exe PID 2876 wrote to memory of 2188 2876 WaterMark.exe svchost.exe PID 2876 wrote to memory of 2188 2876 WaterMark.exe svchost.exe PID 2876 wrote to memory of 2188 2876 WaterMark.exe svchost.exe PID 2876 wrote to memory of 2188 2876 WaterMark.exe svchost.exe PID 2876 wrote to memory of 3380 2876 WaterMark.exe iexplore.exe PID 2876 wrote to memory of 3380 2876 WaterMark.exe iexplore.exe PID 2876 wrote to memory of 4692 2876 WaterMark.exe iexplore.exe PID 2876 wrote to memory of 4692 2876 WaterMark.exe iexplore.exe PID 4692 wrote to memory of 4896 4692 iexplore.exe IEXPLORE.EXE PID 4692 wrote to memory of 4896 4692 iexplore.exe IEXPLORE.EXE PID 4692 wrote to memory of 4896 4692 iexplore.exe IEXPLORE.EXE PID 3380 wrote to memory of 640 3380 iexplore.exe IEXPLORE.EXE PID 3380 wrote to memory of 640 3380 iexplore.exe IEXPLORE.EXE PID 3380 wrote to memory of 640 3380 iexplore.exe IEXPLORE.EXE
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19d126e528c422aec7280cca54bd14c2_JaffaCakes118.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19d126e528c422aec7280cca54bd14c2_JaffaCakes118.dll,#12⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe5⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 2046⤵
- Program crash
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3380 CREDAT:17410 /prefetch:26⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4692 CREDAT:17410 /prefetch:26⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 6083⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3128 -ip 31281⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2188 -ip 21881⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C790EE4A-353A-11EF-8383-5A352D2CFE47}.datFilesize
5KB
MD5bdb8efed3e9c7e287c38ea5f325ce038
SHA1cfa3a7e8554542e9a145fbd30ee65ebe638e4a35
SHA256e4dafa6f8f19e8cf617b498f9067bea3d986dfe209a45f1d5d5468da6d36db55
SHA512c5e541c35990e5f5919d0337309fd464e5404a35798101cdc77373e6ea95e9b7c5114a2c79491fca18d8dc52b7309b29b4101ff5ec6c7ee81f7a4cba15ba1634
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C7935115-353A-11EF-8383-5A352D2CFE47}.datFilesize
5KB
MD56a1ddab0bfe07f67abb156dfadaccd1b
SHA1ce03867f5d0bb30a277e0feb072f183c9adafddb
SHA256234a8af58d72327c33a951791a0024f6e481b35799d7dbb13eadf2680e3f3822
SHA5126094293f42567262bb9bbfce29ee4a4068adc62ece9df6e06065f614e21c963fe4fd0d38ffe917e6d5663bf5af105d0f2136d745015b96a18c27eadc395cacf6
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC340.tmpFilesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\REQ5K173\suggestions[1].en-USFilesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Windows\SysWOW64\rundll32mgr.exeFilesize
60KB
MD5cd963c64ad0bea4ca85a4819f6eefed1
SHA1d9cd6316cf3c6ce5ceec9694c2debc7b7981775f
SHA25633c4b715dc8b183dff9aac65cc42c7f2c70658580b8e3d449878251482a5d906
SHA512f7cd12c57eff3acf7c89b0e7b55dfa81623618a65d6c49b490c199cfe63ae9e858f2681c8ef1425d1e4b25f7b0bbd6d4a9d9788956c23f52fece3d5d79b5907e
-
memory/952-5-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/952-8-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/952-10-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/952-16-0x00000000008A0000-0x00000000008A1000-memory.dmpFilesize
4KB
-
memory/952-13-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/952-9-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/952-7-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/952-6-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2188-29-0x0000000000EA0000-0x0000000000EA1000-memory.dmpFilesize
4KB
-
memory/2188-30-0x0000000000E80000-0x0000000000E81000-memory.dmpFilesize
4KB
-
memory/2876-26-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2876-32-0x0000000000070000-0x0000000000071000-memory.dmpFilesize
4KB
-
memory/2876-31-0x0000000077992000-0x0000000077993000-memory.dmpFilesize
4KB
-
memory/2876-27-0x0000000077992000-0x0000000077993000-memory.dmpFilesize
4KB
-
memory/2876-25-0x0000000000060000-0x0000000000061000-memory.dmpFilesize
4KB
-
memory/2876-35-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/2876-24-0x0000000000400000-0x0000000000421000-memory.dmpFilesize
132KB
-
memory/3128-3-0x000000006D1C0000-0x000000006D1DA000-memory.dmpFilesize
104KB