Analysis
-
max time kernel
150s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
28-06-2024 14:02
General
-
Target
1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe
-
Size
129KB
-
MD5
1a65f67b34573fc5611d04abacb1eb0d
-
SHA1
4c89ea6a0342ac4a54a9940132af406ea8a5644f
-
SHA256
4764c52d458b81c44ec06695acb16e8669ff758f3e28e7fc1488e1d79fb7fbbc
-
SHA512
999b023ebf5c041c8e8e3129cf3cca3ea06d4e3ac8325350ec44bc523edea93ce7ea15f487d5cccf104b3bd01537be4e76510f7c2364fa4e379e11b12a60acc6
-
SSDEEP
3072:ctPVDgXBYV9eCYS34uO/VGNtJvI6MJCyzjV:OGRYzN739O/ANzvWJX
Score
10/10
Malware Config
Extracted
Family
metasploit
Version
encoder/call4_dword_xor
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Checks computer location settings 2 TTPs 28 IoCs
Looks up country code configured in the registry, likely geofence.
-
Deletes itself 1 IoCs
-
Executes dropped EXE 56 IoCs
-
UPX packed file 55 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Maps connected drives based on registry 3 TTPs 58 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory 56 IoCs
-
Suspicious use of SetThreadContext 29 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 28 IoCs
-
Suspicious behavior: EnumeratesProcesses 58 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\1a65f67b34573fc5611d04abacb1eb0d_JaffaCakes118.exe"2⤵
- Checks computer location settings
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Users\Admin\AppData\Local\Temp\1A65F6~1.EXE3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Users\Admin\AppData\Local\Temp\1A65F6~1.EXE4⤵
- Checks computer location settings
- Deletes itself
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe6⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe7⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe8⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe9⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe10⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe11⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe12⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe13⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe14⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe15⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe16⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe17⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe18⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe19⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe20⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe21⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe22⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe23⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe24⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe25⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe26⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe27⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe28⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe29⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe30⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe31⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe32⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe33⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe34⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe35⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe36⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe37⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe38⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe39⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe40⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe41⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe42⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe43⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe44⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe45⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe46⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe47⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe48⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe49⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe50⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe51⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe52⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe53⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe54⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe55⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe56⤵
- Checks computer location settings
- Executes dropped EXE
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe57⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\SysWOW64\wnfpt2.exe"C:\Windows\system32\wnfpt2.exe" C:\Windows\SysWOW64\wnfpt2.exe58⤵
- Executes dropped EXE
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\SysWOW64\wnfpt2.exeFilesize
129KB
MD51a65f67b34573fc5611d04abacb1eb0d
SHA14c89ea6a0342ac4a54a9940132af406ea8a5644f
SHA2564764c52d458b81c44ec06695acb16e8669ff758f3e28e7fc1488e1d79fb7fbbc
SHA512999b023ebf5c041c8e8e3129cf3cca3ea06d4e3ac8325350ec44bc523edea93ce7ea15f487d5cccf104b3bd01537be4e76510f7c2364fa4e379e11b12a60acc6
-
\??\PIPE\srvsvcMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/324-158-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/324-154-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/528-122-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/744-77-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/744-75-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/744-74-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1048-0-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1048-3-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1048-4-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1048-5-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1048-38-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1292-105-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1292-106-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1292-104-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1392-166-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1600-235-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1736-191-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1740-67-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1740-68-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1740-69-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1968-100-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1968-98-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/1968-97-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2024-246-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2024-249-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2244-116-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2312-140-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2352-199-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2360-149-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/2360-145-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3068-242-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3068-239-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3080-54-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3080-53-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3080-52-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3104-223-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3104-220-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3348-44-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3348-48-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3348-45-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3348-46-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3576-229-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3680-174-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/3708-131-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4196-59-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4196-62-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4196-60-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4280-85-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4548-92-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4548-91-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4768-207-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4796-212-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4796-216-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4992-183-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB
-
memory/4992-178-0x0000000000400000-0x0000000000458000-memory.dmpFilesize
352KB