Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 11:25
Static task
static1
Behavioral task
behavioral1
Sample
058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe
Resource
win10v2004-20240508-en
General
-
Target
058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe
-
Size
225KB
-
MD5
058e65cc5c8b62de498e338e97d3ec3e
-
SHA1
f0bb915425b732dc0ffebeabf3b650a1d4528fbd
-
SHA256
21b69f6e7ed146f49d0036fad6443ef2f9dadff438c54d7c8d6d24704b44b8a3
-
SHA512
eb7c3dcbf9571723193528d6fd3d2422d0753ad0f7e1dd06f292ac9eb73fd11d1f88364d973694a2a277683fe77996a81b2f907c13cc5e53a7db07546d6a25a3
-
SSDEEP
6144:CBob4HOMvkodK1YoFeasedwvP6bQ7yMP+DE827D1w:CBeOlvk9Fjse+6b7MP+Dd2vG
Malware Config
Extracted
metasploit
encoder/fnstenv_mov
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Executes dropped EXE 10 IoCs
Processes:
draft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exepid process 3304 draft32.exe 1544 draft32.exe 3428 draft32.exe 2424 draft32.exe 1036 draft32.exe 3456 draft32.exe 916 draft32.exe 2988 draft32.exe 1552 draft32.exe 4028 draft32.exe -
Drops file in System32 directory 22 IoCs
Processes:
draft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exe058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exedescription ioc process File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe File created C:\Windows\SysWOW64\draft32.exe 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File created C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe File opened for modification C:\Windows\SysWOW64\draft32.exe draft32.exe -
Modifies registry class 33 IoCs
Processes:
draft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exe058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exedraft32.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key draft32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" draft32.exe -
Suspicious use of WriteProcessMemory 30 IoCs
Processes:
058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedraft32.exedescription pid process target process PID 3448 wrote to memory of 3304 3448 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe draft32.exe PID 3448 wrote to memory of 3304 3448 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe draft32.exe PID 3448 wrote to memory of 3304 3448 058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe draft32.exe PID 3304 wrote to memory of 1544 3304 draft32.exe draft32.exe PID 3304 wrote to memory of 1544 3304 draft32.exe draft32.exe PID 3304 wrote to memory of 1544 3304 draft32.exe draft32.exe PID 1544 wrote to memory of 3428 1544 draft32.exe draft32.exe PID 1544 wrote to memory of 3428 1544 draft32.exe draft32.exe PID 1544 wrote to memory of 3428 1544 draft32.exe draft32.exe PID 3428 wrote to memory of 2424 3428 draft32.exe draft32.exe PID 3428 wrote to memory of 2424 3428 draft32.exe draft32.exe PID 3428 wrote to memory of 2424 3428 draft32.exe draft32.exe PID 2424 wrote to memory of 1036 2424 draft32.exe draft32.exe PID 2424 wrote to memory of 1036 2424 draft32.exe draft32.exe PID 2424 wrote to memory of 1036 2424 draft32.exe draft32.exe PID 1036 wrote to memory of 3456 1036 draft32.exe draft32.exe PID 1036 wrote to memory of 3456 1036 draft32.exe draft32.exe PID 1036 wrote to memory of 3456 1036 draft32.exe draft32.exe PID 3456 wrote to memory of 916 3456 draft32.exe draft32.exe PID 3456 wrote to memory of 916 3456 draft32.exe draft32.exe PID 3456 wrote to memory of 916 3456 draft32.exe draft32.exe PID 916 wrote to memory of 2988 916 draft32.exe draft32.exe PID 916 wrote to memory of 2988 916 draft32.exe draft32.exe PID 916 wrote to memory of 2988 916 draft32.exe draft32.exe PID 2988 wrote to memory of 1552 2988 draft32.exe draft32.exe PID 2988 wrote to memory of 1552 2988 draft32.exe draft32.exe PID 2988 wrote to memory of 1552 2988 draft32.exe draft32.exe PID 1552 wrote to memory of 4028 1552 draft32.exe draft32.exe PID 1552 wrote to memory of 4028 1552 draft32.exe draft32.exe PID 1552 wrote to memory of 4028 1552 draft32.exe draft32.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe"1⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 1036 "C:\Users\Admin\AppData\Local\Temp\058e65cc5c8b62de498e338e97d3ec3e_JaffaCakes118.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 1160 "C:\Windows\SysWOW64\draft32.exe"3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 1128 "C:\Windows\SysWOW64\draft32.exe"4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 1124 "C:\Windows\SysWOW64\draft32.exe"5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 1132 "C:\Windows\SysWOW64\draft32.exe"6⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 1140 "C:\Windows\SysWOW64\draft32.exe"7⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 1136 "C:\Windows\SysWOW64\draft32.exe"8⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 1060 "C:\Windows\SysWOW64\draft32.exe"9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 1120 "C:\Windows\SysWOW64\draft32.exe"10⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\draft32.exeC:\Windows\system32\draft32.exe 1152 "C:\Windows\SysWOW64\draft32.exe"11⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\SysWOW64\draft32.exeFilesize
225KB
MD5058e65cc5c8b62de498e338e97d3ec3e
SHA1f0bb915425b732dc0ffebeabf3b650a1d4528fbd
SHA25621b69f6e7ed146f49d0036fad6443ef2f9dadff438c54d7c8d6d24704b44b8a3
SHA512eb7c3dcbf9571723193528d6fd3d2422d0753ad0f7e1dd06f292ac9eb73fd11d1f88364d973694a2a277683fe77996a81b2f907c13cc5e53a7db07546d6a25a3
-
memory/916-107-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/916-105-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1036-101-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1036-99-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1544-92-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1544-90-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1552-113-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/1552-111-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2424-98-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2424-96-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2988-108-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/2988-110-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/3304-88-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/3304-75-0x0000000002370000-0x0000000002371000-memory.dmpFilesize
4KB
-
memory/3304-89-0x00000000005F0000-0x0000000000620000-memory.dmpFilesize
192KB
-
memory/3304-67-0x00000000005F0000-0x0000000000620000-memory.dmpFilesize
192KB
-
memory/3304-86-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/3304-68-0x0000000002070000-0x0000000002071000-memory.dmpFilesize
4KB
-
memory/3304-69-0x0000000002080000-0x0000000002081000-memory.dmpFilesize
4KB
-
memory/3304-70-0x00000000020C0000-0x00000000020C1000-memory.dmpFilesize
4KB
-
memory/3304-71-0x00000000022F0000-0x00000000022F1000-memory.dmpFilesize
4KB
-
memory/3304-73-0x0000000002330000-0x0000000002331000-memory.dmpFilesize
4KB
-
memory/3304-74-0x0000000002350000-0x0000000002351000-memory.dmpFilesize
4KB
-
memory/3304-66-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/3304-76-0x0000000002390000-0x0000000002391000-memory.dmpFilesize
4KB
-
memory/3304-78-0x00000000024E0000-0x00000000024E1000-memory.dmpFilesize
4KB
-
memory/3304-79-0x0000000002500000-0x0000000002501000-memory.dmpFilesize
4KB
-
memory/3304-80-0x0000000002520000-0x0000000002521000-memory.dmpFilesize
4KB
-
memory/3304-81-0x0000000002540000-0x0000000002541000-memory.dmpFilesize
4KB
-
memory/3304-82-0x0000000002560000-0x0000000002561000-memory.dmpFilesize
4KB
-
memory/3304-77-0x00000000024C0000-0x00000000024C1000-memory.dmpFilesize
4KB
-
memory/3304-72-0x0000000002310000-0x0000000002311000-memory.dmpFilesize
4KB
-
memory/3428-93-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/3428-95-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/3448-15-0x00000000022E0000-0x00000000022E1000-memory.dmpFilesize
4KB
-
memory/3448-13-0x00000000022C0000-0x00000000022C1000-memory.dmpFilesize
4KB
-
memory/3448-3-0x0000000000940000-0x0000000000941000-memory.dmpFilesize
4KB
-
memory/3448-43-0x0000000002F90000-0x0000000002F91000-memory.dmpFilesize
4KB
-
memory/3448-44-0x0000000002F80000-0x0000000002F81000-memory.dmpFilesize
4KB
-
memory/3448-63-0x00000000030A0000-0x00000000030A1000-memory.dmpFilesize
4KB
-
memory/3448-62-0x00000000030B0000-0x00000000030B1000-memory.dmpFilesize
4KB
-
memory/3448-61-0x0000000003080000-0x0000000003081000-memory.dmpFilesize
4KB
-
memory/3448-59-0x0000000003090000-0x0000000003091000-memory.dmpFilesize
4KB
-
memory/3448-58-0x0000000003060000-0x0000000003061000-memory.dmpFilesize
4KB
-
memory/3448-5-0x0000000000540000-0x0000000000541000-memory.dmpFilesize
4KB
-
memory/3448-6-0x0000000000930000-0x0000000000931000-memory.dmpFilesize
4KB
-
memory/3448-7-0x0000000002240000-0x0000000002241000-memory.dmpFilesize
4KB
-
memory/3448-57-0x0000000003070000-0x0000000003071000-memory.dmpFilesize
4KB
-
memory/3448-56-0x0000000003040000-0x0000000003041000-memory.dmpFilesize
4KB
-
memory/3448-55-0x0000000003050000-0x0000000003051000-memory.dmpFilesize
4KB
-
memory/3448-54-0x0000000003020000-0x0000000003021000-memory.dmpFilesize
4KB
-
memory/3448-53-0x0000000003030000-0x0000000003031000-memory.dmpFilesize
4KB
-
memory/3448-52-0x0000000003000000-0x0000000003001000-memory.dmpFilesize
4KB
-
memory/3448-51-0x0000000003010000-0x0000000003011000-memory.dmpFilesize
4KB
-
memory/3448-50-0x0000000002FE0000-0x0000000002FE1000-memory.dmpFilesize
4KB
-
memory/3448-49-0x0000000002FF0000-0x0000000002FF1000-memory.dmpFilesize
4KB
-
memory/3448-48-0x0000000002FC0000-0x0000000002FC1000-memory.dmpFilesize
4KB
-
memory/3448-47-0x0000000002FD0000-0x0000000002FD1000-memory.dmpFilesize
4KB
-
memory/3448-46-0x0000000002FA0000-0x0000000002FA1000-memory.dmpFilesize
4KB
-
memory/3448-45-0x0000000002FB0000-0x0000000002FB1000-memory.dmpFilesize
4KB
-
memory/3448-42-0x0000000002F60000-0x0000000002F61000-memory.dmpFilesize
4KB
-
memory/3448-41-0x0000000002F70000-0x0000000002F71000-memory.dmpFilesize
4KB
-
memory/3448-8-0x0000000002290000-0x0000000002291000-memory.dmpFilesize
4KB
-
memory/3448-9-0x0000000002280000-0x0000000002281000-memory.dmpFilesize
4KB
-
memory/3448-10-0x00000000022B0000-0x00000000022B1000-memory.dmpFilesize
4KB
-
memory/3448-11-0x00000000022A0000-0x00000000022A1000-memory.dmpFilesize
4KB
-
memory/3448-12-0x00000000022D0000-0x00000000022D1000-memory.dmpFilesize
4KB
-
memory/3448-4-0x0000000002230000-0x0000000002231000-memory.dmpFilesize
4KB
-
memory/3448-14-0x00000000022F0000-0x00000000022F1000-memory.dmpFilesize
4KB
-
memory/3448-0-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/3448-16-0x0000000002310000-0x0000000002311000-memory.dmpFilesize
4KB
-
memory/3448-17-0x0000000002300000-0x0000000002301000-memory.dmpFilesize
4KB
-
memory/3448-18-0x0000000002330000-0x0000000002331000-memory.dmpFilesize
4KB
-
memory/3448-19-0x0000000002320000-0x0000000002321000-memory.dmpFilesize
4KB
-
memory/3448-20-0x0000000002350000-0x0000000002351000-memory.dmpFilesize
4KB
-
memory/3448-21-0x0000000002340000-0x0000000002341000-memory.dmpFilesize
4KB
-
memory/3448-22-0x0000000002480000-0x0000000002481000-memory.dmpFilesize
4KB
-
memory/3448-85-0x0000000000960000-0x0000000000990000-memory.dmpFilesize
192KB
-
memory/3448-84-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/3448-23-0x0000000002470000-0x0000000002471000-memory.dmpFilesize
4KB
-
memory/3448-24-0x00000000024A0000-0x00000000024A1000-memory.dmpFilesize
4KB
-
memory/3448-25-0x0000000002490000-0x0000000002491000-memory.dmpFilesize
4KB
-
memory/3448-26-0x00000000024C0000-0x00000000024C1000-memory.dmpFilesize
4KB
-
memory/3448-27-0x00000000024B0000-0x00000000024B1000-memory.dmpFilesize
4KB
-
memory/3448-28-0x00000000024E0000-0x00000000024E1000-memory.dmpFilesize
4KB
-
memory/3448-29-0x00000000024D0000-0x00000000024D1000-memory.dmpFilesize
4KB
-
memory/3448-30-0x0000000002500000-0x0000000002501000-memory.dmpFilesize
4KB
-
memory/3448-31-0x00000000024F0000-0x00000000024F1000-memory.dmpFilesize
4KB
-
memory/3448-32-0x0000000002520000-0x0000000002521000-memory.dmpFilesize
4KB
-
memory/3448-33-0x0000000002510000-0x0000000002511000-memory.dmpFilesize
4KB
-
memory/3448-1-0x0000000000960000-0x0000000000990000-memory.dmpFilesize
192KB
-
memory/3448-2-0x0000000000950000-0x0000000000956000-memory.dmpFilesize
24KB
-
memory/3448-34-0x0000000002540000-0x0000000002541000-memory.dmpFilesize
4KB
-
memory/3448-35-0x0000000002530000-0x0000000002531000-memory.dmpFilesize
4KB
-
memory/3448-36-0x0000000002570000-0x0000000002571000-memory.dmpFilesize
4KB
-
memory/3448-37-0x0000000002560000-0x0000000002561000-memory.dmpFilesize
4KB
-
memory/3456-104-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/3456-102-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB
-
memory/4028-114-0x0000000000400000-0x00000000004B4000-memory.dmpFilesize
720KB