Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
21-04-2024 09:03
General
-
Target
feed7b12d5ec7fa13f905849815447b9_JaffaCakes118.exe
-
Size
413KB
-
MD5
feed7b12d5ec7fa13f905849815447b9
-
SHA1
970a9fd4bad1b5d496d3d920001193bc6bd7294a
-
SHA256
e251fd1ccc27889c4d67bce9a75ed4cf92ee129b84bcf5e66a8d5cbf08a64a83
-
SHA512
2c9d11c4b02e7b973f816074dfb85d11460febc266b78f43b01f1d7b14f3cb3ea6a5b53c89f90ff497ecfe8ed8d71e2cb5ce019643c0d5d1a149646e9880b9ff
-
SSDEEP
12288:eQ0YTD1c2obY7A9kIZEw4ivZHHADFzzzzzzzp:2gocM+uEw4IADFzzzzzzzp
Malware Config
Signatures
-
Detect Lumma Stealer payload V4 18 IoCs
-
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
-
Modifies security service 2 TTPs 20 IoCs
-
Executes dropped EXE 9 IoCs
-
Drops file in System32 directory 20 IoCs
-
Runs .reg file with regedit 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\feed7b12d5ec7fa13f905849815447b9_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\feed7b12d5ec7fa13f905849815447b9_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\a.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg3⤵
- Modifies security service
- Runs .reg file with regedit
-
C:\Windows\SysWOW64\msmnsgr.exeC:\Windows\system32\msmnsgr.exe 1260 "C:\Users\Admin\AppData\Local\Temp\feed7b12d5ec7fa13f905849815447b9_JaffaCakes118.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\a.bat3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg4⤵
- Modifies security service
- Runs .reg file with regedit
-
C:\Windows\SysWOW64\msmnsgr.exeC:\Windows\system32\msmnsgr.exe 1168 "C:\Windows\SysWOW64\msmnsgr.exe"3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\a.bat4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg5⤵
- Modifies security service
- Runs .reg file with regedit
-
C:\Windows\SysWOW64\msmnsgr.exeC:\Windows\system32\msmnsgr.exe 1180 "C:\Windows\SysWOW64\msmnsgr.exe"4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\a.bat5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg6⤵
- Modifies security service
- Runs .reg file with regedit
-
C:\Windows\SysWOW64\msmnsgr.exeC:\Windows\system32\msmnsgr.exe 1184 "C:\Windows\SysWOW64\msmnsgr.exe"5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\a.bat6⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg7⤵
- Modifies security service
- Runs .reg file with regedit
-
C:\Windows\SysWOW64\msmnsgr.exeC:\Windows\system32\msmnsgr.exe 1188 "C:\Windows\SysWOW64\msmnsgr.exe"6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\a.bat7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg8⤵
- Modifies security service
- Runs .reg file with regedit
-
C:\Windows\SysWOW64\msmnsgr.exeC:\Windows\system32\msmnsgr.exe 1196 "C:\Windows\SysWOW64\msmnsgr.exe"7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\a.bat8⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg9⤵
- Modifies security service
- Runs .reg file with regedit
-
C:\Windows\SysWOW64\msmnsgr.exeC:\Windows\system32\msmnsgr.exe 1192 "C:\Windows\SysWOW64\msmnsgr.exe"8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\a.bat9⤵
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg10⤵
- Modifies security service
- Runs .reg file with regedit
-
C:\Windows\SysWOW64\msmnsgr.exeC:\Windows\system32\msmnsgr.exe 1200 "C:\Windows\SysWOW64\msmnsgr.exe"9⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\a.bat10⤵
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg11⤵
- Modifies security service
- Runs .reg file with regedit
-
C:\Windows\SysWOW64\msmnsgr.exeC:\Windows\system32\msmnsgr.exe 1204 "C:\Windows\SysWOW64\msmnsgr.exe"10⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c c:\a.bat11⤵
-
C:\Windows\SysWOW64\regedit.exeREGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg12⤵
- Modifies security service
- Runs .reg file with regedit
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1504 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
2KB
MD5f82bc8865c1f6bf7125563479421f95c
SHA165c25d7af3ab1f29ef2ef1fdc67378ac9c82098d
SHA256f9799dc2afb8128d1925b69fdef1d641f312ed41254dd5f4ac543cf50648a2f6
SHA51200a9b7798a630779dc30296c3d0fed2589e7e86d6941f4502ea301c5bce2e80a5d8a4916e36183c7064f968b539ae6dac49094b1de3643a1a2fedc83cf558825
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
298B
MD54117e5a9c995bab9cd3bce3fc2b99a46
SHA180144ccbad81c2efb1df64e13d3d5f59ca4486da
SHA25637b58c2d66ab2f896316ee0cdba30dcc9aac15a51995b8ba6c143c8ba34bf292
SHA512bdb721bd3dea641a9b1f26b46311c05199de01c6b0d7ea2b973aa71a4f796b292a6964ddef32ba9dfc4a545768943d105f110c5d60716e0ff6f82914affb507c
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
2KB
MD51b2949b211ab497b739b1daf37cd4101
SHA112cad1063d28129ddd89e80acc2940f8dfbbaab3
SHA2563e906a8373d1dfa40782f56710768abd4365933ad60f2ca9e974743c25b4cb6c
SHA512a9e6555d435fe3e7a63059f20cd4c59531319421efcd90ca1d14498c28d9882ab0b7cd1af63dd50fa693b3b5a714db572d61867c56b86618423c7feaf043f2ef
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
3KB
MD51daa413d1a8cd1692f2e4ae22b54c74a
SHA12e02e2a23cfaa62f301e29a117e291ff93cc5d31
SHA25610732e2612780d9694faf0bb9b27cdc6f3376ad327da7dfc346e9e5579493d33
SHA512b947c70c7c4af971e3fbdc66fb7175b6624ac68c6a723dac7ecb5cf5f43bbe210fa0fa61fd4b6153dccf7de077d003ca03f061e209dc37773546b038e6aef277
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
1KB
MD5908860a865f8ed2e14085e35256578dd
SHA17ff5ee35cc7e96a661848eb95a70d0b8d2d78603
SHA256d2b73d92cf00a9dc61f2777a7f298e8c4bb72697236965f8931bdfc9d0924c5f
SHA512a93bb8cb180d957ef2b2c511d5ff66a25d2bcfb071af9884c146b8c422d1fadc9a4d390712bc2cb27640634854b3e59d5209803373cf1f42381d513747a65fd9
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
3KB
MD58d6eb64e58d3f14686110fcaf1363269
SHA1d85c0b208716b400894ba4cb569a5af4aa178a2f
SHA256c2a1a92cfa466fb5697626723b448c1730634ae4e0e533ad6cf11e8e8ebf2cf5
SHA5125022856e8efeab2cdda3d653c4c520f5b6bf5dfa841ffc224a3338acfa8a41fd16321a765077973be46dd6296c6a9bf8341a42c22fe4b0a7fc6edabbcbf16ee7
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
574B
MD55020988c301a6bf0c54a293ddf64837c
SHA15b65e689a2988b9a739d53565b2a847f20d70f09
SHA256a123ebc1fac86713cdd7c4a511e022783a581ea02ba65ea18360555706ae5f2d
SHA512921a07597f8c82c65c675f5b09a2552c7e2e8c65c8df59eebbe9aff0bfe439ad93f5efc97ba521be31299323051d61ead6a3f0be27302dc0f728b7a844fb2fcf
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
431B
MD59fa547ff360b09f7e093593af0b5a13b
SHA19debc99bb7450f59a7b09f16c0393e5c7a955ba4
SHA2567ff65c0be2004867f536ce9b94783da4b5e4bc06cca5bd899933c8b68a44c705
SHA51230e5aa130c6b0869dc3fbb79da54d42699be6de0af65c9127ea047548a22d98b68300f18432141207166687576ba86433d4ae9d3458dbcc2aec9f14198c58193
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
1024B
MD5159bb1d34a927f58fc851798c7c09b58
SHA1c3a26565004531f3a93e29eabb0f9a196b4c1ba2
SHA25653b81439ff38712958d57d158f1402a299c3a131d521c3a7a4a30c56542db7bd
SHA512b6f9a3d1cb628b79ca97a65645618190b20bfbddee0ceecea710c802d3d92cee3d1e3e675b5fb9ac994a0abb3f0681ed28abbab2fe61f4b54a0fb5d7a7f0034b
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
3KB
MD5cd085b8c40e69c2bf1eb3d59f8155b99
SHA13499260f24020fe6d54d9d632d34ba2770bb06e0
SHA25610546433db0c1ab764cd632eb0d08d93a530c6e52d1ec7fcb9c1fd32193f2a9c
SHA5123813b8a7f742f6a64da36492447f3f2fee6ea505d7d0dccebede84117ec06101321dfacc7901403ea557171085982ae1a4dc39dd666da9e67d61ea71dfbb8edb
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
2KB
MD563ff40a70037650fd0acfd68314ffc94
SHA11ab29adec6714edf286485ac5889fddb1d092e93
SHA2561e607f10a90fdbaffe26e81c9a5f320fb9c954391d2adcc55fdfdfca1601714b
SHA5122b41ce69cd1541897fbae5497f06779ac8182ff84fbf29ac29b7c2b234753fe44e7dfc6e4c257af222d466536fa4e50e247dcb68a9e1ad7766245dedfcfb6fdc
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
3KB
MD5831afd728dd974045c0654510071d405
SHA19484f4ee8e9eef0956553a59cfbcbe99a8822026
SHA25603223eaae4ac389215cb8a9cb4e4d5a70b67f791f90e57b8efd3f975f5cf6af2
SHA512ab7ac4d6d45b8aac5f82432468d40bd2b5bfae6d93006732ce27a6513fd3e7ddc94c029051092bf8b6f5649688c0f6600dbd88968732fc7b779e916e6bcda5c9
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
3KB
MD50bccb0cc2d0641cd0ac7ce17afe64b9f
SHA1103f5bc2b153913e8a614a7abb43941fe90862a4
SHA256cae50ec401dae988f1221cead7de58cf4301040fd9fbb8d1c4ad032034ee1842
SHA512cce4edc7c607ca3969fb19f93a836d87170e2c50fcf136acb3bcb5500b99b1ae73a999b7d648a3643f58cf960b071b24215e1c59f874ca38a50cf1ef90b06389
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
3KB
MD59e5db93bd3302c217b15561d8f1e299d
SHA195a5579b336d16213909beda75589fd0a2091f30
SHA256f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e
SHA512b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
784B
MD55a466127fedf6dbcd99adc917bd74581
SHA1a2e60b101c8789b59360d95a64ec07d0723c4d38
SHA2568cd3b8dd28ac014cf973d9ab4b03af1c274bbc9b5ee0ee4ab8af0bdb01573b84
SHA512695cafc932bc8f0a514bc515860cb275297665de63ca3394b55f42c457761ebf654d29d504674681a77b34e3356a469e8c5b97ff7efc24de330d5375f025cba5
-
C:\Users\Admin\AppData\Local\Temp\1.regFilesize
3KB
MD5d085cde42c14e8ee2a5e8870d08aee42
SHA1c8e967f1d301f97dbcf252d7e1677e590126f994
SHA256a15d5dfd655de1214e0aae2292ead17eef1f1b211d39fac03276bbd6325b0d9f
SHA512de2cebd45d3cf053df17ae43466db6a8b2d816bf4b9a8deb5b577cfedf765b5dcdc5904145809ad3ca03ccff308f8893ec1faa309dd34afcab7cc1836d698d7b
-
C:\Windows\SysWOW64\msmnsgr.exeFilesize
413KB
MD5feed7b12d5ec7fa13f905849815447b9
SHA1970a9fd4bad1b5d496d3d920001193bc6bd7294a
SHA256e251fd1ccc27889c4d67bce9a75ed4cf92ee129b84bcf5e66a8d5cbf08a64a83
SHA5122c9d11c4b02e7b973f816074dfb85d11460febc266b78f43b01f1d7b14f3cb3ea6a5b53c89f90ff497ecfe8ed8d71e2cb5ce019643c0d5d1a149646e9880b9ff
-
\??\c:\a.batFilesize
5KB
MD50019a0451cc6b9659762c3e274bc04fb
SHA15259e256cc0908f2846e532161b989f1295f479b
SHA256ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876
SHA512314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904
-
memory/1940-158-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-157-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-174-0x0000000002D10000-0x0000000002D11000-memory.dmpFilesize
4KB
-
memory/1940-172-0x0000000002D00000-0x0000000002D01000-memory.dmpFilesize
4KB
-
memory/1940-171-0x0000000002D00000-0x0000000002D01000-memory.dmpFilesize
4KB
-
memory/1940-169-0x0000000002D00000-0x0000000002D01000-memory.dmpFilesize
4KB
-
memory/1940-170-0x0000000002D00000-0x0000000002D01000-memory.dmpFilesize
4KB
-
memory/1940-168-0x00000000006C0000-0x00000000006C1000-memory.dmpFilesize
4KB
-
memory/1940-167-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-164-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-166-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-165-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-163-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-162-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-161-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-284-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/1940-286-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/1940-156-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-154-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-155-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-153-0x00000000023C0000-0x00000000023C1000-memory.dmpFilesize
4KB
-
memory/1940-152-0x00000000023C0000-0x00000000023C1000-memory.dmpFilesize
4KB
-
memory/1940-160-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/1940-159-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/2476-677-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/2476-675-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/2532-1320-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/2636-801-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/2636-799-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/3972-293-0x00000000023D0000-0x00000000023D1000-memory.dmpFilesize
4KB
-
memory/3972-292-0x00000000023D0000-0x00000000023D1000-memory.dmpFilesize
4KB
-
memory/3972-288-0x00000000023D0000-0x00000000023D1000-memory.dmpFilesize
4KB
-
memory/3972-289-0x00000000023D0000-0x00000000023D1000-memory.dmpFilesize
4KB
-
memory/3972-290-0x00000000023D0000-0x00000000023D1000-memory.dmpFilesize
4KB
-
memory/3972-287-0x00000000023D0000-0x00000000023D1000-memory.dmpFilesize
4KB
-
memory/3972-411-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/3972-409-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/3972-291-0x00000000023D0000-0x00000000023D1000-memory.dmpFilesize
4KB
-
memory/4464-1190-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/4464-1188-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/4508-931-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/4508-933-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/4516-1055-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/4516-1057-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/4664-23-0x00000000025E0000-0x00000000025E1000-memory.dmpFilesize
4KB
-
memory/4664-29-0x00000000023C0000-0x00000000023C1000-memory.dmpFilesize
4KB
-
memory/4664-19-0x00000000023F0000-0x00000000023F1000-memory.dmpFilesize
4KB
-
memory/4664-18-0x0000000002430000-0x0000000002431000-memory.dmpFilesize
4KB
-
memory/4664-17-0x0000000002570000-0x0000000002571000-memory.dmpFilesize
4KB
-
memory/4664-16-0x0000000002420000-0x0000000002421000-memory.dmpFilesize
4KB
-
memory/4664-15-0x0000000002410000-0x0000000002411000-memory.dmpFilesize
4KB
-
memory/4664-21-0x0000000002590000-0x0000000002591000-memory.dmpFilesize
4KB
-
memory/4664-151-0x0000000000760000-0x00000000007B0000-memory.dmpFilesize
320KB
-
memory/4664-24-0x00000000025F0000-0x00000000025F1000-memory.dmpFilesize
4KB
-
memory/4664-22-0x00000000025D0000-0x00000000025D1000-memory.dmpFilesize
4KB
-
memory/4664-25-0x00000000025C0000-0x00000000025C1000-memory.dmpFilesize
4KB
-
memory/4664-0-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/4664-26-0x0000000002D70000-0x0000000002D75000-memory.dmpFilesize
20KB
-
memory/4664-14-0x00000000023D0000-0x00000000023D1000-memory.dmpFilesize
4KB
-
memory/4664-27-0x00000000023C0000-0x00000000023C1000-memory.dmpFilesize
4KB
-
memory/4664-28-0x00000000023C0000-0x00000000023C1000-memory.dmpFilesize
4KB
-
memory/4664-13-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/4664-1-0x0000000000760000-0x00000000007B0000-memory.dmpFilesize
320KB
-
memory/4664-3-0x0000000000740000-0x0000000000741000-memory.dmpFilesize
4KB
-
memory/4664-12-0x0000000002560000-0x0000000002561000-memory.dmpFilesize
4KB
-
memory/4664-11-0x0000000002D80000-0x0000000002D84000-memory.dmpFilesize
16KB
-
memory/4664-9-0x0000000002D90000-0x0000000002D91000-memory.dmpFilesize
4KB
-
memory/4664-10-0x00000000007B0000-0x00000000007B1000-memory.dmpFilesize
4KB
-
memory/4664-8-0x0000000002380000-0x0000000002381000-memory.dmpFilesize
4KB
-
memory/4664-7-0x00000000023B0000-0x00000000023B1000-memory.dmpFilesize
4KB
-
memory/4664-6-0x00000000007D0000-0x00000000007D1000-memory.dmpFilesize
4KB
-
memory/4664-5-0x00000000007C0000-0x00000000007C1000-memory.dmpFilesize
4KB
-
memory/4664-20-0x00000000025A0000-0x00000000025A1000-memory.dmpFilesize
4KB
-
memory/4664-30-0x00000000023C0000-0x00000000023C1000-memory.dmpFilesize
4KB
-
memory/4664-4-0x0000000000730000-0x0000000000731000-memory.dmpFilesize
4KB
-
memory/4664-2-0x00000000023A0000-0x00000000023A1000-memory.dmpFilesize
4KB
-
memory/4664-31-0x0000000002DE0000-0x0000000002DE1000-memory.dmpFilesize
4KB
-
memory/4664-32-0x0000000002DF0000-0x0000000002DF1000-memory.dmpFilesize
4KB
-
memory/4664-33-0x0000000002580000-0x0000000002581000-memory.dmpFilesize
4KB
-
memory/4664-150-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/4864-542-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB
-
memory/4864-540-0x0000000000400000-0x000000000056D000-memory.dmpFilesize
1.4MB