Analysis
-
max time kernel
148s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
20-06-2024 11:25
Static task
static1
Behavioral task
behavioral1
Sample
058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe
-
Size
225KB
-
MD5
058e65cc5c8b62de498e338e97d3ec3e
-
SHA1
f0bb915425b732dc0ffebeabf3b650a1d4528fbd
-
SHA256
21b69f6e7ed146f49d0036fad6443ef2f9dadff438c54d7c8d6d24704b44b8a3
-
SHA512
eb7c3dcbf9571723193528d6fd3d2422d0753ad0f7e1dd06f292ac9eb73fd11d1f88364d973694a2a277683fe77996a81b2f907c13cc5e53a7db07546d6a25a3
-
SSDEEP
6144:CBob4HOMvkodK1YoFeasedwvP6bQ7yMP+DE827D1w:CBeOlvk9Fjse+6b7MP+Dd2vG
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE 10 IoCs
Processes:
draft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exepid process 2668 draft32.exe 2960 draft32.exe 1912 draft32.exe 1140 draft32.exe 2040 draft32.exe 320 draft32.exe 1800 draft32.exe 2340 draft32.exe 1660 draft32.exe 1520 draft32.exe -
Loads dropped DLL 20 IoCs
Processes:
058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exepid process 2348 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe 2348 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe 2668 draft32.exe 2668 draft32.exe 2960 draft32.exe 2960 draft32.exe 1912 draft32.exe 1912 draft32.exe 1140 draft32.exe 1140 draft32.exe 2040 draft32.exe 2040 draft32.exe 320 draft32.exe 320 draft32.exe 1800 draft32.exe 1800 draft32.exe 2340 draft32.exe 2340 draft32.exe 1660 draft32.exe 1660 draft32.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 11 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
draft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exe058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exedraft32.exedescription ioc process File opened for modification \??\PhysicalDrive0 draft32.exe File opened for modification \??\PhysicalDrive0 draft32.exe File opened for modification \??\PhysicalDrive0 draft32.exe File opened for modification \??\PhysicalDrive0 draft32.exe File opened for modification \??\PhysicalDrive0 draft32.exe File opened for modification \??\PhysicalDrive0 draft32.exe File opened for modification \??\PhysicalDrive0 draft32.exe File opened for modification \??\PhysicalDrive0 draft32.exe File opened for modification \??\PhysicalDrive0 draft32.exe File opened for modification \??\PhysicalDrive0 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe File opened for modification \??\PhysicalDrive0 draft32.exe -
Drops file in System32 directory 22 IoCs
Processes:
draft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exe058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exedraft32.exedescription ioc process File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\draft32.exe 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe -
Modifies registry class 33 IoCs
Processes:
draft32.exedraft32.exedraft32.exe058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 40 IoCs
Processes:
058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedescription pid process target process PID 2348 wrote to memory of 2668 2348 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe draft32.exe PID 2348 wrote to memory of 2668 2348 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe draft32.exe PID 2348 wrote to memory of 2668 2348 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe draft32.exe PID 2348 wrote to memory of 2668 2348 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe draft32.exe PID 2668 wrote to memory of 2960 2668 draft32.exe draft32.exe PID 2668 wrote to memory of 2960 2668 draft32.exe draft32.exe PID 2668 wrote to memory of 2960 2668 draft32.exe draft32.exe PID 2668 wrote to memory of 2960 2668 draft32.exe draft32.exe PID 2960 wrote to memory of 1912 2960 draft32.exe draft32.exe PID 2960 wrote to memory of 1912 2960 draft32.exe draft32.exe PID 2960 wrote to memory of 1912 2960 draft32.exe draft32.exe PID 2960 wrote to memory of 1912 2960 draft32.exe draft32.exe PID 1912 wrote to memory of 1140 1912 draft32.exe draft32.exe PID 1912 wrote to memory of 1140 1912 draft32.exe draft32.exe PID 1912 wrote to memory of 1140 1912 draft32.exe draft32.exe PID 1912 wrote to memory of 1140 1912 draft32.exe draft32.exe PID 1140 wrote to memory of 2040 1140 draft32.exe draft32.exe PID 1140 wrote to memory of 2040 1140 draft32.exe draft32.exe PID 1140 wrote to memory of 2040 1140 draft32.exe draft32.exe PID 1140 wrote to memory of 2040 1140 draft32.exe draft32.exe PID 2040 wrote to memory of 320 2040 draft32.exe draft32.exe PID 2040 wrote to memory of 320 2040 draft32.exe draft32.exe PID 2040 wrote to memory of 320 2040 draft32.exe draft32.exe PID 2040 wrote to memory of 320 2040 draft32.exe draft32.exe PID 320 wrote to memory of 1800 320 draft32.exe draft32.exe PID 320 wrote to memory of 1800 320 draft32.exe draft32.exe PID 320 wrote to memory of 1800 320 draft32.exe draft32.exe PID 320 wrote to memory of 1800 320 draft32.exe draft32.exe PID 1800 wrote to memory of 2340 1800 draft32.exe draft32.exe PID 1800 wrote to memory of 2340 1800 draft32.exe draft32.exe PID 1800 wrote to memory of 2340 1800 draft32.exe draft32.exe PID 1800 wrote to memory of 2340 1800 draft32.exe draft32.exe PID 2340 wrote to memory of 1660 2340 draft32.exe draft32.exe PID 2340 wrote to memory of 1660 2340 draft32.exe draft32.exe PID 2340 wrote to memory of 1660 2340 draft32.exe draft32.exe PID 2340 wrote to memory of 1660 2340 draft32.exe draft32.exe PID 1660 wrote to memory of 1520 1660 draft32.exe draft32.exe PID 1660 wrote to memory of 1520 1660 draft32.exe draft32.exe PID 1660 wrote to memory of 1520 1660 draft32.exe draft32.exe PID 1660 wrote to memory of 1520 1660 draft32.exe draft32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 536 "C:\Users\Admin\AppData\Local\Temp\058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 528 "C:\Windows\SysWOW64\draft32.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 540 "C:\Windows\SysWOW64\draft32.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 524 "C:\Windows\SysWOW64\draft32.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 532 "C:\Windows\SysWOW64\draft32.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 552 "C:\Windows\SysWOW64\draft32.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 556 "C:\Windows\SysWOW64\draft32.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 544 "C:\Windows\SysWOW64\draft32.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 564 "C:\Windows\SysWOW64\draft32.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 560 "C:\Windows\SysWOW64\draft32.exe"11⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Windows\SysWOW64\draft32.exeFilesize
225KB
MD5058e65cc5c8b62de498e338e97d3ec3e
SHA1f0bb915425b732dc0ffebeabf3b650a1d4528fbd
SHA25621b69f6e7ed146f49d0036fad6443ef2f9dadff438c54d7c8d6d24704b44b8a3
SHA512eb7c3dcbf9571723193528d6fd3d2422d0753ad0f7e1dd06f292ac9eb73fd11d1f88364d973694a2a277683fe77996a81b2f907c13cc5e53a7db07546d6a25a3
-
memory/320-124-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/320-122-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/320-129-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1140-112-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1140-116-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1520-146-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1520-148-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1660-140-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1660-142-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1660-147-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1800-135-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1800-130-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1800-128-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1912-111-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1912-107-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1912-105-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2040-123-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2040-117-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2040-121-0x0000000002CE0000-0x0000000002D94000-memory.dmpFilesize
720KB
-
memory/2340-134-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2340-136-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2340-141-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2348-50-0x00000000028C0000-0x00000000028C1000-memory.dmpFilesize
4KB
-
memory/2348-22-0x0000000002370000-0x0000000002371000-memory.dmpFilesize
4KB
-
memory/2348-20-0x0000000002350000-0x0000000002351000-memory.dmpFilesize
4KB
-
memory/2348-19-0x0000000002320000-0x0000000002321000-memory.dmpFilesize
4KB
-
memory/2348-18-0x0000000002330000-0x0000000002331000-memory.dmpFilesize
4KB
-
memory/2348-17-0x0000000002300000-0x0000000002301000-memory.dmpFilesize
4KB
-
memory/2348-16-0x0000000002310000-0x0000000002311000-memory.dmpFilesize
4KB
-
memory/2348-15-0x00000000005A0000-0x00000000005A1000-memory.dmpFilesize
4KB
-
memory/2348-14-0x00000000022F0000-0x00000000022F1000-memory.dmpFilesize
4KB
-
memory/2348-13-0x00000000003E0000-0x00000000003E1000-memory.dmpFilesize
4KB
-
memory/2348-12-0x00000000003F0000-0x00000000003F1000-memory.dmpFilesize
4KB
-
memory/2348-11-0x00000000003B0000-0x00000000003B1000-memory.dmpFilesize
4KB
-
memory/2348-10-0x00000000003C0000-0x00000000003C1000-memory.dmpFilesize
4KB
-
memory/2348-8-0x00000000003A0000-0x00000000003A1000-memory.dmpFilesize
4KB
-
memory/2348-7-0x0000000000360000-0x0000000000361000-memory.dmpFilesize
4KB
-
memory/2348-6-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/2348-5-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/2348-51-0x00000000028B0000-0x00000000028B1000-memory.dmpFilesize
4KB
-
memory/2348-63-0x0000000002C70000-0x0000000002C71000-memory.dmpFilesize
4KB
-
memory/2348-64-0x0000000002D50000-0x0000000002E04000-memory.dmpFilesize
720KB
-
memory/2348-62-0x0000000002C80000-0x0000000002C81000-memory.dmpFilesize
4KB
-
memory/2348-61-0x0000000002C50000-0x0000000002C51000-memory.dmpFilesize
4KB
-
memory/2348-60-0x0000000002C60000-0x0000000002C61000-memory.dmpFilesize
4KB
-
memory/2348-59-0x0000000002AF0000-0x0000000002AF1000-memory.dmpFilesize
4KB
-
memory/2348-58-0x0000000002B00000-0x0000000002B01000-memory.dmpFilesize
4KB
-
memory/2348-57-0x0000000002AD0000-0x0000000002AD1000-memory.dmpFilesize
4KB
-
memory/2348-56-0x0000000002AE0000-0x0000000002AE1000-memory.dmpFilesize
4KB
-
memory/2348-55-0x0000000002AB0000-0x0000000002AB1000-memory.dmpFilesize
4KB
-
memory/2348-54-0x0000000002AC0000-0x0000000002AC1000-memory.dmpFilesize
4KB
-
memory/2348-53-0x0000000002910000-0x0000000002911000-memory.dmpFilesize
4KB
-
memory/2348-52-0x0000000002AA0000-0x0000000002AA1000-memory.dmpFilesize
4KB
-
memory/2348-24-0x0000000002390000-0x0000000002391000-memory.dmpFilesize
4KB
-
memory/2348-43-0x0000000002830000-0x0000000002831000-memory.dmpFilesize
4KB
-
memory/2348-49-0x0000000002890000-0x0000000002891000-memory.dmpFilesize
4KB
-
memory/2348-48-0x00000000028A0000-0x00000000028A1000-memory.dmpFilesize
4KB
-
memory/2348-47-0x0000000002870000-0x0000000002871000-memory.dmpFilesize
4KB
-
memory/2348-46-0x0000000002880000-0x0000000002881000-memory.dmpFilesize
4KB
-
memory/2348-45-0x0000000002850000-0x0000000002851000-memory.dmpFilesize
4KB
-
memory/2348-44-0x0000000002860000-0x0000000002861000-memory.dmpFilesize
4KB
-
memory/2348-42-0x0000000002840000-0x0000000002841000-memory.dmpFilesize
4KB
-
memory/2348-91-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2348-92-0x0000000000320000-0x0000000000350000-memory.dmpFilesize
192KB
-
memory/2348-1-0x0000000000320000-0x0000000000350000-memory.dmpFilesize
192KB
-
memory/2348-21-0x0000000002340000-0x0000000002341000-memory.dmpFilesize
4KB
-
memory/2348-0-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2348-2-0x0000000000250000-0x0000000000256000-memory.dmpFilesize
24KB
-
memory/2348-3-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB
-
memory/2348-4-0x0000000000350000-0x0000000000351000-memory.dmpFilesize
4KB
-
memory/2348-9-0x0000000000390000-0x0000000000391000-memory.dmpFilesize
4KB
-
memory/2348-23-0x0000000002360000-0x0000000002361000-memory.dmpFilesize
4KB
-
memory/2348-37-0x0000000002440000-0x0000000002441000-memory.dmpFilesize
4KB
-
memory/2348-36-0x0000000002450000-0x0000000002451000-memory.dmpFilesize
4KB
-
memory/2348-35-0x0000000002420000-0x0000000002421000-memory.dmpFilesize
4KB
-
memory/2348-34-0x0000000002430000-0x0000000002431000-memory.dmpFilesize
4KB
-
memory/2348-33-0x0000000002400000-0x0000000002401000-memory.dmpFilesize
4KB
-
memory/2348-32-0x0000000002410000-0x0000000002411000-memory.dmpFilesize
4KB
-
memory/2348-31-0x00000000023E0000-0x00000000023E1000-memory.dmpFilesize
4KB
-
memory/2348-30-0x00000000023F0000-0x00000000023F1000-memory.dmpFilesize
4KB
-
memory/2348-29-0x00000000023C0000-0x00000000023C1000-memory.dmpFilesize
4KB
-
memory/2348-28-0x00000000023D0000-0x00000000023D1000-memory.dmpFilesize
4KB
-
memory/2348-27-0x00000000023A0000-0x00000000023A1000-memory.dmpFilesize
4KB
-
memory/2348-26-0x00000000023B0000-0x00000000023B1000-memory.dmpFilesize
4KB
-
memory/2348-25-0x0000000002380000-0x0000000002381000-memory.dmpFilesize
4KB
-
memory/2668-71-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2668-79-0x00000000007C0000-0x00000000007C1000-memory.dmpFilesize
4KB
-
memory/2668-72-0x0000000000250000-0x0000000000280000-memory.dmpFilesize
192KB
-
memory/2668-73-0x0000000000290000-0x0000000000291000-memory.dmpFilesize
4KB
-
memory/2668-100-0x0000000000250000-0x0000000000280000-memory.dmpFilesize
192KB
-
memory/2668-99-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2668-97-0x0000000002CD0000-0x0000000002D84000-memory.dmpFilesize
720KB
-
memory/2668-93-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2668-74-0x00000000002A0000-0x00000000002A1000-memory.dmpFilesize
4KB
-
memory/2668-75-0x0000000000360000-0x0000000000361000-memory.dmpFilesize
4KB
-
memory/2668-76-0x0000000000380000-0x0000000000381000-memory.dmpFilesize
4KB
-
memory/2668-77-0x00000000003A0000-0x00000000003A1000-memory.dmpFilesize
4KB
-
memory/2668-78-0x00000000007A0000-0x00000000007A1000-memory.dmpFilesize
4KB
-
memory/2668-88-0x0000000002430000-0x0000000002431000-memory.dmpFilesize
4KB
-
memory/2668-80-0x00000000007E0000-0x00000000007E1000-memory.dmpFilesize
4KB
-
memory/2668-81-0x0000000001F30000-0x0000000001F31000-memory.dmpFilesize
4KB
-
memory/2668-82-0x0000000001F50000-0x0000000001F51000-memory.dmpFilesize
4KB
-
memory/2668-83-0x0000000001F70000-0x0000000001F71000-memory.dmpFilesize
4KB
-
memory/2668-84-0x0000000002000000-0x0000000002001000-memory.dmpFilesize
4KB
-
memory/2668-85-0x0000000001FA0000-0x0000000001FA1000-memory.dmpFilesize
4KB
-
memory/2668-86-0x0000000001FC0000-0x0000000001FC1000-memory.dmpFilesize
4KB
-
memory/2668-87-0x0000000001FE0000-0x0000000001FE1000-memory.dmpFilesize
4KB
-
memory/2960-98-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2960-106-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2960-101-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB