Analysis
-
max time kernel
149s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
28-06-2024 14:02
General
-
Target
1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe
-
Size
129KB
-
MD5
1a65f67b34573fc5611d04abacb1eb0d
-
SHA1
4c89ea6a0342ac4a54a9940132af406ea8a5644f
-
SHA256
4764c52d458b81c44ec06695acb16e8669ff758f3e28e7fc1488e1d79fb7fbbc
-
SHA512
999b023ebf5c041c8e8e3129cf3cca3ea06d4e3ac8325350ec44bc523edea93ce7ea15f487d5cccf104b3bd01537be4e76510f7c2364fa4e379e11b12a60acc6
-
SSDEEP
3072:ctPVDgXBYV9eCYS34uO/VGNtJvI6MJCyzjV:OGRYzN739O/ANzvWJX
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 54 IoCs
-
Loads dropped DLL 28 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Maps connected drives based on registry 3 TTPs 56 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory 56 IoCs
-
Suspicious use of SetThreadContext 27 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Users\Admin\AppData\Local\Temp\1A65F6~1.EXE3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Users\Admin\AppData\Local\Temp\1A65F6~1.EXE4⤵
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe8⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe10⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe12⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe14⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe16⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe18⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe20⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe22⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe24⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe26⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe28⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe30⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe32⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe34⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe36⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe38⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe40⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe42⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe44⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe46⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe48⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe50⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe52⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe54⤵
- Executes dropped EXE
- Loads dropped DLL
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe56⤵
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe57⤵
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe58⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
\??\PIPE\srvsvcMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Windows\SysWOW64\wnfpt2.exeFilesize
129KB
MD51a65f67b34573fc5611d04abacb1eb0d
SHA14c89ea6a0342ac4a54a9940132af406ea8a5644f
SHA2564764c52d458b81c44ec06695acb16e8669ff758f3e28e7fc1488e1d79fb7fbbc
SHA512999b023ebf5c041c8e8e3129cf3cca3ea06d4e3ac8325350ec44bc523edea93ce7ea15f487d5cccf104b3bd01537be4e76510f7c2364fa4e379e11b12a60acc6
-
memory/1044-298-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1044-302-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1272-173-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1272-166-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1348-89-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1348-84-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1348-85-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1348-83-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1632-122-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1632-118-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1668-287-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1668-281-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1804-354-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1804-350-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1816-424-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1816-427-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1844-337-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1844-341-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1952-216-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1952-221-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2108-315-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2108-312-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2152-436-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2156-370-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2156-375-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2356-199-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2356-205-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2400-9-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2400-22-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2400-11-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2400-6-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2400-12-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2400-0-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2400-3-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2400-8-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2400-4-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2400-10-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2424-363-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2424-367-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2448-189-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2448-184-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2468-324-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2468-328-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2476-156-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2476-151-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2484-388-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2484-384-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2540-51-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2540-56-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2572-247-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2572-254-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2652-35-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2652-34-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2652-33-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2652-40-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2656-414-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2656-411-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2788-397-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2788-401-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2820-134-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2820-139-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2828-106-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2828-101-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2872-237-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2872-231-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2880-68-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2880-67-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2880-66-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2880-73-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3008-264-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3008-270-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB