Analysis
-
max time kernel
117s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
27-07-2024 23:19
Static task
static1
Behavioral task
behavioral1
Sample
024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe
Resource
win10v2004-20240709-en
General
-
Target
024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe
-
Size
3.6MB
-
MD5
024a2b33f4a43ab679b44f1b9bcb6bcc
-
SHA1
f154baff6d0e53d0f40ca49db29d911ec3231a8f
-
SHA256
4ad56ad56865d9c280cdff0b03a69b51a36a032847ee7d7bc62b8aecb0b6981c
-
SHA512
5b8d0e9605e929763ccbe286d4c63f3c12b0338cbcd1fcff301482de45c9f3d2e9240fab5f54179685a2c856a24af03c2fec4c6969070698d7da2b099b5c08a4
-
SSDEEP
49152:CxHSYI6JgG2BvvPG8i51PFZgBciXPFKz+cWvjVrKJczGdcN:+SYI6JgGkv3G8i5ZFZJiXPFOSp3zs
Malware Config
Signatures
-
BitRAT payload 17 IoCs
Processes:
resource yara_rule behavioral2/memory/5084-28-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-29-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-30-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-31-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-33-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-34-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-35-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-36-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-38-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-39-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-37-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-42-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-41-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-45-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-44-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-47-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat behavioral2/memory/5084-48-0x0000000000400000-0x0000000000811000-memory.dmp family_bitrat -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exeASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation 024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe Key value queried \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe -
Executes dropped EXE 1 IoCs
Processes:
ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exepid process 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe -
Processes:
resource yara_rule behavioral2/memory/5084-28-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-26-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-29-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-27-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-30-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-31-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-33-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-34-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-35-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-36-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-38-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-39-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-37-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-42-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-41-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-45-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-44-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-47-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-48-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-51-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-50-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/4800-56-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-58-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-57-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/4800-60-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/4800-61-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/4800-62-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-65-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-64-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-67-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-68-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-70-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-71-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-73-0x0000000000400000-0x0000000000811000-memory.dmp upx behavioral2/memory/5084-74-0x0000000000400000-0x0000000000811000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
reg.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\VCAZZSD26923540123KJLVYTYREXTQQQ = "C:\\Users\\Admin\\AppData\\Local\\ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe" reg.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
mscorsvw.exepid process 5084 mscorsvw.exe 5084 mscorsvw.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exedescription pid process target process PID 3476 set thread context of 5084 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe mscorsvw.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
cmd.exereg.exemscorsvw.exe024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.execmd.execmd.exeASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exeASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exemscorsvw.exedescription pid process Token: SeDebugPrivilege 396 024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe Token: SeDebugPrivilege 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe Token: SeShutdownPrivilege 5084 mscorsvw.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
mscorsvw.exepid process 5084 mscorsvw.exe 5084 mscorsvw.exe -
Suspicious use of WriteProcessMemory 22 IoCs
Processes:
024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.execmd.exeASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.execmd.exedescription pid process target process PID 396 wrote to memory of 2536 396 024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe cmd.exe PID 396 wrote to memory of 2536 396 024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe cmd.exe PID 396 wrote to memory of 2536 396 024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe cmd.exe PID 396 wrote to memory of 3584 396 024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe cmd.exe PID 396 wrote to memory of 3584 396 024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe cmd.exe PID 396 wrote to memory of 3584 396 024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe cmd.exe PID 3584 wrote to memory of 3476 3584 cmd.exe ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe PID 3584 wrote to memory of 3476 3584 cmd.exe ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe PID 3584 wrote to memory of 3476 3584 cmd.exe ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe PID 3476 wrote to memory of 4932 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe cmd.exe PID 3476 wrote to memory of 4932 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe cmd.exe PID 3476 wrote to memory of 4932 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe cmd.exe PID 4932 wrote to memory of 4284 4932 cmd.exe reg.exe PID 4932 wrote to memory of 4284 4932 cmd.exe reg.exe PID 4932 wrote to memory of 4284 4932 cmd.exe reg.exe PID 3476 wrote to memory of 5084 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe mscorsvw.exe PID 3476 wrote to memory of 5084 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe mscorsvw.exe PID 3476 wrote to memory of 5084 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe mscorsvw.exe PID 3476 wrote to memory of 5084 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe mscorsvw.exe PID 3476 wrote to memory of 5084 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe mscorsvw.exe PID 3476 wrote to memory of 5084 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe mscorsvw.exe PID 3476 wrote to memory of 5084 3476 ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe mscorsvw.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\024a2b33f4a43ab679b44f1b9bcb6bcc_JaffaCakes118.exe" "C:\Users\Admin\AppData\Local\ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c, "C:\Users\Admin\AppData\Local\ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe"C:\Users\Admin\AppData\Local\ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "VCAZZSD26923540123KJLVYTYREXTQQQ" /t REG_SZ /d "C:\Users\Admin\AppData\Local\ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "VCAZZSD26923540123KJLVYTYREXTQQQ" /t REG_SZ /d "C:\Users\Admin\AppData\Local\ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe"5⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"4⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "VCAZZSD26923540123KJLVYTYREXTQQQ" /t REG_SZ /d "C:\Users\Admin\AppData\Local\ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe"4⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "VCAZZSD26923540123KJLVYTYREXTQQQ" /t REG_SZ /d "C:\Users\Admin\AppData\Local\ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exe"5⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"4⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\ASDWRTEssscx342VJHVYGHVJJ7890MSDDERMYULLNMM.exeFilesize
3.6MB
MD5024a2b33f4a43ab679b44f1b9bcb6bcc
SHA1f154baff6d0e53d0f40ca49db29d911ec3231a8f
SHA2564ad56ad56865d9c280cdff0b03a69b51a36a032847ee7d7bc62b8aecb0b6981c
SHA5125b8d0e9605e929763ccbe286d4c63f3c12b0338cbcd1fcff301482de45c9f3d2e9240fab5f54179685a2c856a24af03c2fec4c6969070698d7da2b099b5c08a4
-
memory/396-15-0x0000000075240000-0x00000000759F0000-memory.dmpFilesize
7.7MB
-
memory/396-5-0x0000000005690000-0x00000000056BE000-memory.dmpFilesize
184KB
-
memory/396-1-0x00000000009D0000-0x0000000000D66000-memory.dmpFilesize
3.6MB
-
memory/396-4-0x0000000075240000-0x00000000759F0000-memory.dmpFilesize
7.7MB
-
memory/396-8-0x000000000A350000-0x000000000A3E2000-memory.dmpFilesize
584KB
-
memory/396-6-0x0000000005770000-0x00000000057A0000-memory.dmpFilesize
192KB
-
memory/396-7-0x000000000A820000-0x000000000ADC4000-memory.dmpFilesize
5.6MB
-
memory/396-3-0x0000000005B10000-0x0000000005BAC000-memory.dmpFilesize
624KB
-
memory/396-9-0x000000007524E000-0x000000007524F000-memory.dmpFilesize
4KB
-
memory/396-10-0x0000000075240000-0x00000000759F0000-memory.dmpFilesize
7.7MB
-
memory/396-14-0x0000000075240000-0x00000000759F0000-memory.dmpFilesize
7.7MB
-
memory/396-0-0x000000007524E000-0x000000007524F000-memory.dmpFilesize
4KB
-
memory/396-2-0x00000000057B0000-0x0000000005B04000-memory.dmpFilesize
3.3MB
-
memory/3476-20-0x0000000075240000-0x00000000759F0000-memory.dmpFilesize
7.7MB
-
memory/3476-19-0x0000000075240000-0x00000000759F0000-memory.dmpFilesize
7.7MB
-
memory/3476-21-0x0000000075240000-0x00000000759F0000-memory.dmpFilesize
7.7MB
-
memory/3476-22-0x0000000075240000-0x00000000759F0000-memory.dmpFilesize
7.7MB
-
memory/3476-23-0x00000000081E0000-0x00000000081F8000-memory.dmpFilesize
96KB
-
memory/3476-24-0x00000000081F0000-0x00000000081F6000-memory.dmpFilesize
24KB
-
memory/3476-25-0x00000000071B0000-0x00000000071D2000-memory.dmpFilesize
136KB
-
memory/4800-63-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/4800-62-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/4800-61-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/4800-60-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/4800-56-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-37-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-50-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-33-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-34-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-35-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-36-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-38-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-39-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-31-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-40-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/5084-43-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/5084-42-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-41-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-45-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-46-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/5084-44-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-47-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-48-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-49-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/5084-51-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-52-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/5084-32-0x000000006DAC0000-0x000000006DAF9000-memory.dmpFilesize
228KB
-
memory/5084-30-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-59-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/5084-58-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-57-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-27-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-29-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-26-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-28-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-66-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/5084-65-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-64-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-67-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-69-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/5084-68-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-70-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-72-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/5084-71-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-73-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB
-
memory/5084-75-0x000000006DA30000-0x000000006DA69000-memory.dmpFilesize
228KB
-
memory/5084-74-0x0000000000400000-0x0000000000811000-memory.dmpFilesize
4.1MB