Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23-07-2024 09:17
Static task
static1
Behavioral task
behavioral1
Sample
66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe
Resource
win7-20240708-en
General
-
Target
66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe
-
Size
288KB
-
MD5
66faf8e2375b44fd77895c5f0fad3873
-
SHA1
42fc8b321ef7df3722ac23aa46c63a2132670ad7
-
SHA256
b685bdd04753aa7ae2596497896c6d3bfd0314e81f6d03ab1fa189af0acd2397
-
SHA512
8d2bc46b56d995628e1e6036574686d0a90064698f38dde4600537e59d29d518c734463c73ca1af2b10806839c0c206933ef0b308bdc1d65ac7640d35685f629
-
SSDEEP
6144:S+s2FguwbkEvZ9+ZiKE4ZnNfqe42bzDtLFMI1fA4WMdE:e2gWEsnNe2bzL1pm
Malware Config
Extracted
cybergate
v1.07.5
Cyber
sequence.no-ip.biz:100
T67OKP4PD7XRO1
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
winlogin
-
install_file
winlogin.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
tommerup
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
Processes:
vbc.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{YI5QIC5E-57CN-6MK0-MW02-YCTX4G8YO675} vbc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{YI5QIC5E-57CN-6MK0-MW02-YCTX4G8YO675}\StubPath = "C:\\Windows\\system32\\winlogin\\winlogin.exe Restart" vbc.exe -
Executes dropped EXE 1 IoCs
Processes:
winlogin.exepid process 2456 winlogin.exe -
Loads dropped DLL 1 IoCs
Processes:
vbc.exepid process 2668 vbc.exe -
Processes:
resource yara_rule behavioral1/memory/2752-28-0x0000000010410000-0x0000000010475000-memory.dmp upx behavioral1/memory/2752-32-0x0000000010480000-0x00000000104E5000-memory.dmp upx -
Uses the VBS compiler for execution 1 TTPs
-
Adds Run key to start application 2 TTPs 3 IoCs
Processes:
66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exevbc.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\DefaultSystem = "C:\\ProgramData\\Sys32c.exe" 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\winlogin\\winlogin.exe" vbc.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\winlogin\\winlogin.exe" vbc.exe -
Drops file in System32 directory 4 IoCs
Processes:
vbc.exevbc.exedescription ioc process File opened for modification C:\Windows\SysWOW64\winlogin\ vbc.exe File created C:\Windows\SysWOW64\winlogin\winlogin.exe vbc.exe File opened for modification C:\Windows\SysWOW64\winlogin\winlogin.exe vbc.exe File opened for modification C:\Windows\SysWOW64\winlogin\winlogin.exe vbc.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exedescription pid process target process PID 2884 set thread context of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
vbc.exepid process 2752 vbc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vbc.exepid process 2668 vbc.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
vbc.exedescription pid process Token: SeBackupPrivilege 2668 vbc.exe Token: SeRestorePrivilege 2668 vbc.exe Token: SeDebugPrivilege 2668 vbc.exe Token: SeDebugPrivilege 2668 vbc.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exevbc.exedescription pid process target process PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2884 wrote to memory of 2752 2884 66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe vbc.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe PID 2752 wrote to memory of 2596 2752 vbc.exe iexplore.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\66faf8e2375b44fd77895c5f0fad3873_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"3⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\winlogin\winlogin.exe"C:\Windows\system32\winlogin\winlogin.exe"4⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Admin2.txtFilesize
224KB
MD5efc16116272c74d95b1fa54f2e7b4516
SHA19f783f505bca4adfbe9d4fde95535a0b3e1cf107
SHA256212c1c6962bfe12d6c3271cfdb213d92663a3dd009675b29cf752799481b6aa1
SHA5127a063bc5d2185621bfb75ca5bc7be2bcc2b48d8ba44047c05994ae79c95804184ea4f9fb017027a0c455085a22901db57c8c33f0114de8f8ffca797ba5828928
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD59a633f61751a5aa3ec893e1aa0720640
SHA1a3e495076e93150afbc6e01e653b9c1fcd97255c
SHA256eb0d435d268969b5528fddeba3a4b0d265e19b2902877d842c89732f81729539
SHA5120b7736d900f42dd030ba002d78023b4bde0fb6bc209ec2ca05d543d67411fd1b5e6dda26ac241c98f74333a2187ee7bd710450e1cc528deefaddea3cc943e904
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD540b1bcc66ba99b46da7419b5429604d6
SHA12303acbe25d12a7c9fd7d3aee290bce1827f782b
SHA25605dd6f41ae3ea0a2fd7d2a7d14de0b0205d447ae6475b10f7d55b5ac977f301c
SHA512247e235b4aa0490ee1fc7f6db17a140494a3cd298342be72a9b1806c76ad783205d8807d1da86f01e5e246afe379567c35db6f871d50b16f96ed2f8d12dea79f
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD56ff4144e3e9d5278d4e8e237334060e4
SHA124ce55526245bc4037a2a1c9d8bb4ae8ea23e4fc
SHA2564403a89e95341070d5c3a6f30fe9729fb89df48e745dba5ed7e67d1dd8e413c8
SHA5127844d7c0720b51dd34c184f409c199581f9d2f6cd1910ec0a9e6e146779d81308687d20930355add5bb394c46a0d335338b75d46908e36b245f785aa9d030008
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5b838a813ed6db0b843cd8dc219620131
SHA19c3064cfcffaa1939f80bca2104aad72e281273d
SHA2566425481479ca0ee668558d54975bfa252f57c7b8cdb31b2a5a4a09dfb4ce13ed
SHA512a1358f74e7ae3c35e8c5ad61592b146189d33830ba9722a5becddb842c9f192193f93fe83d6b0106414dcc29481432a0c9add18efdd505dab5963141406cee5b
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5b01300a895b4c7663bd82389a956ee62
SHA1575ee65ee3061d62d2781041a91cf2d623be1bf1
SHA2568610b8dc954d43b5e48d171b87f66c7601f449766733c5f7fff2885cdd7133dd
SHA512c0d7369fbb5db4f09cbdef3581d154acbc319bea3d0d41df2dc7f938af68e9b542145a00c02b9e8bf4bbb38af9610d85ecd8c5abe161916e6fbecdeb41679230
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5150cbdaa1d6f804a06f25e39cf21ebc9
SHA1167d20a9eb35edc9004673cb14cd0d8860a5fd94
SHA2566c669413653d9c8ed4ba88155d2e3939189ebbf2cd22ec70a898ef301ab12ccf
SHA5127609bd61a981d47076a0123865afc595635a0282a951f31ec22a8d00c869fd5c98e82dcbcd2a3e7460453ce4ef4fe43aa326c31e888b0dbafeec44781da9a11a
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5fa34dd0e05b9140ec9674d7c376950dd
SHA1c9dacec0edb03e7dad8158f144d749ee44a29bf5
SHA2569f26b54f72e14bfebff24ceb40d1f1a1496bbaab951365f459b1044254c22609
SHA5122c40458c96f9bb5e3fcc1dab3019ad62cf25fbb4fa68574db499fd6cace2245920ac41a081142202c5b191cfc937bb6eef54637bd9dbd6daa31c27e623edcb89
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5419f53578fbead61cbaca2a2d838ab33
SHA1cef5f9aa4ab8493c92c9434a45a6b061b776d6fe
SHA256799bda8fa187f3042fc0e201af5b95bb96fef576adb4d58664cfbfbe91225a08
SHA5126a5df2d75a7125bb372cfdb2faee8209e5cb31832927ed6d2ddbab6a6847b86ea025ffe3b7610c84d675fc0c7d2e78e8008dc1ed186f03774fcfac12a8d23e21
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD53a2e39a6dd4154274b418fa168d86d81
SHA1298cbabb72a263d9b2e6360a919fe3626a376a41
SHA256a78cd220f5d2edce76698b57fc13e034661fb70d91c65fee0a764b33fc013e24
SHA512c9bd82f57037b047b650d900d0e4ac527ebf66259e0c75469e7558cff32beee76be9f25ba199aa9df4e522def24387d52422738a6a280240f24707fbdfc8f338
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5cdf69d6d2ed42dd985c6e3cd3d17f902
SHA1cb55213f229f411051d1fbdde2cbf8428b55e300
SHA256173d8c2b776b01446a87edd00fd79850570ca300a4e8134028f9823b636b7477
SHA512a0692ad3f23fa30387c47c6180377a9e27d5b7957862263158d78afd5d15c32383a4399baad9cd4944107fb3148573ef8b3a58c8a5e52b8a46b2334807102afc
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5849894f33c3700323159af80a6240514
SHA16f6e89e7d9151c6d0a8e27d4eb1fd8e074bad34b
SHA2562744daa3cef465564c51aa9b0db7dfbe677efa83e112e55c5bc4c138bf5ff646
SHA512498b6eff5ff2ca39c58f4fc0d6358c69738c08a7c1482d9600e471518025f4795868415f66509fd1fc4b189b43a6cf3aebf5c4fe1acc22dd585a50ad68fd0e3b
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5ea686625310033538bb428094f9a53c0
SHA1c578796af3156cef6cfdd8f51f2fcf4a8fc9e0d5
SHA256107bd67c640387d060f9f33896f389ab2216aad880ad391aaed0ff289241f3b0
SHA5121db8b6ce9ae96660e431a3fc417b7cc376db5589648d32328fe07fc0a1e8fb27d162ff6df65a8c3f03f0f0827eb6bf48d6728cbf6d948a2fd365e4f36325d7fd
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5b6fbe0244fdde9f8ac49fbce935a01b5
SHA1c7bfda933124941d0e67c63e16fa52dacfcdca0c
SHA256ca4c211162a560e3060f1567b8fa9308a2f57c4054ff6327919c3f85df9715fe
SHA512cefa8baf1e5610e7009f0245f9c3d5f364820c1210465a77f90637dffbfcdf77610f96fe30c917ce82c6784b1dabae3e691835964acf1059c68c3332afdbaeb5
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5271027e94b8794a40a62591b9424bf02
SHA1bc5ca0cdc52c1b178aa044b9753697dd9777ee7c
SHA25638fc881825c1dcb7078d086350e817c9d50412d27dffe67f758eb3c365a73b9f
SHA5125d0cec9eb7a261e314c4611307f5fcf9340bf12a78d961155eedd75d3161b6e777488d50fb5092cb8bd47d410a573cc57a2cda642262c14d643531046e715b8c
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD59947a32e1a634939b04a832b9f50030d
SHA104304b097434d29d4aeed16b4a39649b32ad4ff5
SHA2562eaac5d4ff6fd507acb04f18f5ed1181878975d4501cdcf380ac4f040e08b83f
SHA5123351496355aa8b3eca6b97d5523888cd104d7e032d93572f624f92f6148c5fada0ec8635ca55028ab6cf97f02980522579683b61f7c3f48025d853a48bb0996c
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5d4e7bf80a251911e4dbd9cb6a3df4f41
SHA11c640a2da865fec458cf9a407512031d1c1370a5
SHA256d2c9c172a02ba85fa6efdb61eda04a5140c9168fcb54cb73f759819f06898c53
SHA512f1a0fcb89818440ebcca87a85f353e02fcd4a7087830b5b357985e60ca087bd79243459bfe63a0a8403df7c459903a9ed1cf7b20876e97d683a0907e70e7cae9
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5f350f0f8b29a0fd2eb4c6b703aeefd80
SHA1fce52193fb12cba1e255d899485e7cd8da0cf271
SHA25617f262d38844cc097920ee9dbc4610b71f0b9d8d70d0ef9574872b302cc317ba
SHA51250f9c450b7e6f999138b57be9ba749a6cb1f2868f7f28eae1728f3433cddd9970d3c3b9c0e589403fc4f6c6433060fdb7461cc889f2ac11630a771c1addddb66
-
C:\Users\Admin\AppData\Local\Temp\Admin7Filesize
8B
MD5cdccdcd3ac4f0db57c2f54835e978ed6
SHA1b90c42b788594951a9f92dac852699d7305cd793
SHA25656c486d59795bbe86c2e158c188972254dd53fee694bd7ef3f5aa4d1e51ba01b
SHA5122491f016f41e5e05fa6d44ade9c14c445ef1c7f74ad03c6a8f73d1c1af6f0aca7339f9ba3c19376c3894d18c4c79622fa32ffab82c6648fb738b14698121d8ce
-
C:\Users\Admin\AppData\Roaming\Adminlog.datFilesize
15B
MD5bf3dba41023802cf6d3f8c5fd683a0c7
SHA1466530987a347b68ef28faad238d7b50db8656a5
SHA2564a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
SHA512fec60f447dcc90753d693014135e24814f6e8294f6c0f436bc59d892b24e91552108dba6cf5a6fa7c0421f6d290d1bafee9f9f2d95ea8c4c05c2ad0f7c1bb314
-
C:\Windows\SysWOW64\winlogin\winlogin.exeFilesize
1.1MB
MD534aa912defa18c2c129f1e09d75c1d7e
SHA19c3046324657505a30ecd9b1fdb46c05bde7d470
SHA2566df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386
SHA512d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98
-
memory/2668-33-0x00000000001C0000-0x00000000001C1000-memory.dmpFilesize
4KB
-
memory/2668-39-0x00000000001E0000-0x00000000001E1000-memory.dmpFilesize
4KB
-
memory/2668-44-0x0000000000360000-0x0000000000361000-memory.dmpFilesize
4KB
-
memory/2668-89-0x0000000000400000-0x000000000051E000-memory.dmpFilesize
1.1MB
-
memory/2752-10-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-12-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-32-0x0000000010480000-0x00000000104E5000-memory.dmpFilesize
404KB
-
memory/2752-28-0x0000000010410000-0x0000000010475000-memory.dmpFilesize
404KB
-
memory/2752-3-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-23-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-24-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-5-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-7-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-14-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-11-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-328-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-15-0x000000007EFDE000-0x000000007EFDF000-memory.dmpFilesize
4KB
-
memory/2752-17-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-21-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-22-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-20-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2752-18-0x0000000000400000-0x0000000000455000-memory.dmpFilesize
340KB
-
memory/2884-0-0x0000000074D61000-0x0000000074D62000-memory.dmpFilesize
4KB
-
memory/2884-25-0x0000000074D60000-0x000000007530B000-memory.dmpFilesize
5.7MB
-
memory/2884-2-0x0000000074D60000-0x000000007530B000-memory.dmpFilesize
5.7MB
-
memory/2884-1-0x0000000074D60000-0x000000007530B000-memory.dmpFilesize
5.7MB