Analysis
-
max time kernel
101s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
10-05-2024 16:12
General
-
Target
2ff600654e8bc24df8ca6ae128b918c1_JaffaCakes118.dll
-
Size
1.2MB
-
MD5
2ff600654e8bc24df8ca6ae128b918c1
-
SHA1
8a77bb477ae20d0376cabf30661e79d01b0b9262
-
SHA256
0f03f9d5f8d994375513f8839941e3784843030583098a0b7baace0ef9c896a8
-
SHA512
5f92fbd30bf99d66b3571d0c66b3e65e678aaa04bc239630b7ba7da452544fa790df4f96d2e9e41928bc48bf23ca193668fc0ad813ddce6217cfb2bddb3555d8
-
SSDEEP
24576:5uYfg4LhHr4NFXKJO1aUiDBvZ2+ITHmpclO9N:r9cKrUqZWLAcU
Malware Config
Signatures
-
Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
-
Dridex Shellcode 1 IoCs
Detects Dridex Payload shellcode injected in Explorer process.
-
Modifies Installed Components in the registry 2 TTPs 3 IoCs
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 4 IoCs
-
Enumerates connected drives 3 TTPs 6 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 60 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ff600654e8bc24df8ca6ae128b918c1_JaffaCakes118.dll,#11⤵
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\bdechangepin.exeC:\Windows\system32\bdechangepin.exe1⤵
-
C:\Users\Admin\AppData\Local\w5NhE\bdechangepin.exeC:\Users\Admin\AppData\Local\w5NhE\bdechangepin.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\wscript.exeC:\Windows\system32\wscript.exe1⤵
-
C:\Users\Admin\AppData\Local\En0\wscript.exeC:\Users\Admin\AppData\Local\En0\wscript.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\system32\iexpress.exeC:\Windows\system32\iexpress.exe1⤵
-
C:\Users\Admin\AppData\Local\1cqp4N\iexpress.exeC:\Users\Admin\AppData\Local\1cqp4N\iexpress.exe1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\1cqp4N\VERSION.dllFilesize
1.2MB
MD5f8ee36350747301bcf24ff928c343b92
SHA10134fbbc78db3dfb194f559d107206e1c1635542
SHA25604ce98d2f2536b50b15963c287a37c25fe90839247b5cb4128d4fcd8d18ebbd4
SHA5129f1e8b77e3ccc882d867559c2907543f36cee73bd216797d212e5ec0dbdacaf62a1507dcb7844f55c02f47b5b726b237dabb29cc8f8bfb40f6109af433ba2ca6
-
C:\Users\Admin\AppData\Local\1cqp4N\iexpress.exeFilesize
166KB
MD517b93a43e25d821d01af40ba6babcc8c
SHA197c978d78056d995f751dfef1388d7cce4cc404a
SHA256d070b79fa254c528babb73d607a7a8fd53db89795d751f42fc0a283b61a76fd3
SHA5126b5743b37a3be8ae9ee2ab84e0749c32c60544298a7cce396470aa40bbd13f2e838d5d98159f21d500d20817c51ebce4b1d2f554e3e05f6c7fc97bc9d70ea391
-
C:\Users\Admin\AppData\Local\En0\VERSION.dllFilesize
1.2MB
MD585d7287d8edca788d31f32d11d5502d0
SHA1f22f171107287d82b1dd06112ef1bfb1311cff1e
SHA2560599cbf7fd3b4066b3fb9ad8381cf5c721be94e8234af51b40cc9929de16606b
SHA512eb616c8778bbc159d8d85fb81319232ce1f43b306e10f67a6379e56a727137bc0fa258d947241e9ddccdf04f780237c4aa54951429b7150fb8bdc891993df5a0
-
C:\Users\Admin\AppData\Local\En0\wscript.exeFilesize
166KB
MD5a47cbe969ea935bdd3ab568bb126bc80
SHA115f2facfd05daf46d2c63912916bf2887cebd98a
SHA25634008e2057df8842df210246995385a0441dc1e081d60ad15bd481e062e7f100
SHA512f5c81e6dc4d916944304fc85136e1ff6dee29a21e50a54fe6280a475343eccbfe094171d62475db5f38e07898c061126158c34d48b9d8f4f57f76d49e564e3fc
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbresFilesize
2KB
MD5f99df439735aaf6158a166325ccf4836
SHA12178581f895f463234a21ca16712983304c7b525
SHA256ef8ed0a7af9bfd8b44189d867a289cc0ec8c84dce9721174e198c39a515c9e67
SHA512c49095254811936a26dfbebcbcb5d50f9ab4189dfca6ca20c12c9908b7a5432a27017335d97670daff290357bca4d533c52e848b1678255a69d5aa731e13f70d
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133598312660788004.txtFilesize
75KB
MD579ea60e4feeffe4483ba2d0ea61852fb
SHA17d5921a1b6240cc717ad4f4478bbcfc42f3af8e8
SHA2561e85f6cd486b20682b1a6af9f34e7993a558f3b5dccd1e80a55178847e794923
SHA5124d0866c2b63af9570fa20bca628a6e67b3704d7ab5a8a1311fb614f38b54444cc6630390092282f075751cae38000a17e4bf1cb992a8900b0c72965c0b24dbf4
-
C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\6KUWUA35\microsoft.windows[1].xmlFilesize
97B
MD5689df38489ed790b0068b7f3cae1d440
SHA16df6ffaae31903b96024a7b81f25f1ed61c3f152
SHA256fc336b0ef0f4f06ea66d92f25dd66dd1b0d697da62b5073ed5199fffac8a08aa
SHA5121f26ccb99ee3babc3617eb635a75f02d34be865c200a866eb28024ad0d8ccbe4110b0dd1a3d2ab14fd84b2eb345fed8bb65a19437ff99c1b2d84e2b3ce9acbb2
-
C:\Users\Admin\AppData\Local\w5NhE\DUI70.dllFilesize
1.5MB
MD539fe0fe5f1c285522f33666e51247a52
SHA1b0d4c13f69b58d55f9a22acfc131aec965f15a4a
SHA256a453482a608065c054f1bfbf1b0b5d087ed29e4a658c0fc20aca0a650ac6046d
SHA512779c589ed118c51a8ad50de3bc3f541993758a8390fa20b5f793e266dc44c58c2fa48e68819aed8e8cfaec5e6ddbf1ae90556d7b5d8566d9fe7000a4d1244748
-
C:\Users\Admin\AppData\Local\w5NhE\bdechangepin.exeFilesize
373KB
MD5601a28eb2d845d729ddd7330cbae6fd6
SHA15cf9f6f9135c903d42a7756c638333db8621e642
SHA2564d43f37576a0ebbaf97024cd5597d968ffe59c871b483554aea302dccb7253f6
SHA5121687044612ceb705f79c806b176f885fd01449251b0097c2df70280b7d10a2b830ee30ac0f645a7e8d8067892f6562d933624de694295e22318863260222859d
-
C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Kscubvdexgimjec.lnkFilesize
1KB
MD577acd9cd349b8ee8e5d8e8f1e7bee69a
SHA1ecc494de648c32c29436a308faa26b31eecbef6e
SHA256df5e8fbdc85bb9ecdc6899badda02df901109e566ed2750df3bdbbb0757b3dca
SHA51284f7ff0e50c9ff1ed54e23fdab0cee70945b693a4813a54b726065c5e8995da7bc76ca541ac81c4744eafc12a7e04bfa2d7067f326ae700cf4317e5602ffb9a3
-
memory/228-0-0x00007FFA829B0000-0x00007FFA82AF0000-memory.dmpFilesize
1.2MB
-
memory/228-41-0x00007FFA91BF0000-0x00007FFA91DE5000-memory.dmpFilesize
2.0MB
-
memory/228-3-0x00007FFA91BF0000-0x00007FFA91DE5000-memory.dmpFilesize
2.0MB
-
memory/228-40-0x00007FFA829B0000-0x00007FFA82AF0000-memory.dmpFilesize
1.2MB
-
memory/1292-460-0x0000000004B20000-0x0000000004B21000-memory.dmpFilesize
4KB
-
memory/1652-314-0x0000000003F60000-0x0000000003F61000-memory.dmpFilesize
4KB
-
memory/1672-182-0x0000020D75A00000-0x0000020D75A20000-memory.dmpFilesize
128KB
-
memory/1672-170-0x0000020D75600000-0x0000020D75620000-memory.dmpFilesize
128KB
-
memory/1672-156-0x0000020D74500000-0x0000020D74600000-memory.dmpFilesize
1024KB
-
memory/1672-159-0x0000020D75640000-0x0000020D75660000-memory.dmpFilesize
128KB
-
memory/1672-155-0x0000020D74500000-0x0000020D74600000-memory.dmpFilesize
1024KB
-
memory/1672-154-0x0000020D74500000-0x0000020D74600000-memory.dmpFilesize
1024KB
-
memory/1752-88-0x00007FFA82EA0000-0x00007FFA82FE1000-memory.dmpFilesize
1.3MB
-
memory/1752-85-0x00000204A4080000-0x00000204A4087000-memory.dmpFilesize
28KB
-
memory/2492-321-0x0000014CF7440000-0x0000014CF7460000-memory.dmpFilesize
128KB
-
memory/2492-316-0x0000014CF6300000-0x0000014CF6400000-memory.dmpFilesize
1024KB
-
memory/2492-332-0x0000014CF7400000-0x0000014CF7420000-memory.dmpFilesize
128KB
-
memory/2492-353-0x0000014CF7800000-0x0000014CF7820000-memory.dmpFilesize
128KB
-
memory/3424-49-0x00007FFA82E60000-0x00007FFA82FE6000-memory.dmpFilesize
1.5MB
-
memory/3424-54-0x00007FFA82E60000-0x00007FFA82FE6000-memory.dmpFilesize
1.5MB
-
memory/3424-48-0x0000019A15370000-0x0000019A15377000-memory.dmpFilesize
28KB
-
memory/3480-145-0x0000000003310000-0x0000000003311000-memory.dmpFilesize
4KB
-
memory/3480-13-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-34-0x00007FFA8FE0A000-0x00007FFA8FE0B000-memory.dmpFilesize
4KB
-
memory/3480-4-0x00000000033C0000-0x00000000033C1000-memory.dmpFilesize
4KB
-
memory/3480-6-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-35-0x00000000012A0000-0x00000000012A7000-memory.dmpFilesize
28KB
-
memory/3480-9-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-144-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-8-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-7-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-15-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-36-0x00007FFA91BD0000-0x00007FFA91BE0000-memory.dmpFilesize
64KB
-
memory/3480-14-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-17-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-12-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-37-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-25-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-11-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-16-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3480-10-0x0000000140000000-0x0000000140140000-memory.dmpFilesize
1.2MB
-
memory/3536-462-0x00000200C4D00000-0x00000200C4E00000-memory.dmpFilesize
1024KB
-
memory/3536-463-0x00000200C4D00000-0x00000200C4E00000-memory.dmpFilesize
1024KB
-
memory/3540-153-0x00000000042D0000-0x00000000042D1000-memory.dmpFilesize
4KB
-
memory/4192-65-0x00007FFA82EA0000-0x00007FFA82FE1000-memory.dmpFilesize
1.3MB
-
memory/4192-68-0x000001B2B96D0000-0x000001B2B96D7000-memory.dmpFilesize
28KB
-
memory/4192-71-0x00007FFA82EA0000-0x00007FFA82FE1000-memory.dmpFilesize
1.3MB