Analysis

  • max time kernel
    92s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/04/2024, 07:40

General

  • Target

    004b99c7f22dae72be75009dbc37a1ed_JaffaCakes118.exe

  • Size

    2.2MB

  • MD5

    004b99c7f22dae72be75009dbc37a1ed

  • SHA1

    65a4deebd20b9118783648d683b9b937155992b1

  • SHA256

    8abda48d158a2f9f4bc46409d75f3a1da21e94254b6d58abdc1a34b15913d3d7

  • SHA512

    79273b141641db85e7af24683734ee8a6dc7c0d9c3efa1e50d88a6bae6b536498f8c8a952fb13030a8d205f738f59c17641460cb4cdc50416b7c108cbc514b88

  • SSDEEP

    24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZ7:0UzeyQMS4DqodCnoe+iitjWwwP

Score
10/10

Malware Config

Extracted

Family

pony

C2

http://don.service-master.eu/gate.php

Attributes
  • payload_url

    http://don.service-master.eu/shit.exe

Signatures

  • Pony,Fareit

    Pony is a Remote Access Trojan application that steals information.

  • Drops startup file 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\004b99c7f22dae72be75009dbc37a1ed_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\004b99c7f22dae72be75009dbc37a1ed_JaffaCakes118.exe"
    1⤵
    • Drops startup file
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:3984
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:3620
      • C:\Users\Admin\AppData\Local\Temp\004b99c7f22dae72be75009dbc37a1ed_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\004b99c7f22dae72be75009dbc37a1ed_JaffaCakes118.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4200
        • \??\c:\windows\system\explorer.exe
          c:\windows\system\explorer.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Drops file in Windows directory
          • Suspicious use of WriteProcessMemory
          PID:2964
          • \??\c:\windows\system\explorer.exe
            "c:\windows\system\explorer.exe"
            4⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:6052
            • \??\c:\windows\system\spoolsv.exe
              c:\windows\system\spoolsv.exe SE
              5⤵
              • Executes dropped EXE
              PID:440
              • \??\c:\windows\system\spoolsv.exe
                "c:\windows\system\spoolsv.exe"
                6⤵
                  PID:2692
                  • \??\c:\windows\system\explorer.exe
                    c:\windows\system\explorer.exe
                    7⤵
                      PID:1436
                • \??\c:\windows\system\spoolsv.exe
                  c:\windows\system\spoolsv.exe SE
                  5⤵
                    PID:4224
                    • \??\c:\windows\system\spoolsv.exe
                      "c:\windows\system\spoolsv.exe"
                      6⤵
                        PID:4164
                    • \??\c:\windows\system\spoolsv.exe
                      c:\windows\system\spoolsv.exe SE
                      5⤵
                        PID:5444
                        • \??\c:\windows\system\spoolsv.exe
                          "c:\windows\system\spoolsv.exe"
                          6⤵
                            PID:2592
                        • \??\c:\windows\system\spoolsv.exe
                          c:\windows\system\spoolsv.exe SE
                          5⤵
                            PID:4488
                            • \??\c:\windows\system\spoolsv.exe
                              "c:\windows\system\spoolsv.exe"
                              6⤵
                                PID:1404
                            • \??\c:\windows\system\spoolsv.exe
                              c:\windows\system\spoolsv.exe SE
                              5⤵
                                PID:4160
                                • \??\c:\windows\system\spoolsv.exe
                                  "c:\windows\system\spoolsv.exe"
                                  6⤵
                                    PID:6116
                                • \??\c:\windows\system\spoolsv.exe
                                  c:\windows\system\spoolsv.exe SE
                                  5⤵
                                    PID:4448
                                    • \??\c:\windows\system\spoolsv.exe
                                      "c:\windows\system\spoolsv.exe"
                                      6⤵
                                        PID:4452
                                    • \??\c:\windows\system\spoolsv.exe
                                      c:\windows\system\spoolsv.exe SE
                                      5⤵
                                        PID:4824
                                        • \??\c:\windows\system\spoolsv.exe
                                          "c:\windows\system\spoolsv.exe"
                                          6⤵
                                            PID:3576
                                        • \??\c:\windows\system\spoolsv.exe
                                          c:\windows\system\spoolsv.exe SE
                                          5⤵
                                            PID:2952
                                            • \??\c:\windows\system\spoolsv.exe
                                              "c:\windows\system\spoolsv.exe"
                                              6⤵
                                                PID:2428
                                            • \??\c:\windows\system\spoolsv.exe
                                              c:\windows\system\spoolsv.exe SE
                                              5⤵
                                                PID:3568
                                                • \??\c:\windows\system\spoolsv.exe
                                                  "c:\windows\system\spoolsv.exe"
                                                  6⤵
                                                    PID:3728
                                                • \??\c:\windows\system\spoolsv.exe
                                                  c:\windows\system\spoolsv.exe SE
                                                  5⤵
                                                    PID:3264
                                                    • \??\c:\windows\system\spoolsv.exe
                                                      "c:\windows\system\spoolsv.exe"
                                                      6⤵
                                                        PID:4984
                                                    • \??\c:\windows\system\spoolsv.exe
                                                      c:\windows\system\spoolsv.exe SE
                                                      5⤵
                                                        PID:3804
                                                        • \??\c:\windows\system\spoolsv.exe
                                                          "c:\windows\system\spoolsv.exe"
                                                          6⤵
                                                            PID:3208
                                                        • \??\c:\windows\system\spoolsv.exe
                                                          c:\windows\system\spoolsv.exe SE
                                                          5⤵
                                                            PID:3108
                                                            • \??\c:\windows\system\spoolsv.exe
                                                              "c:\windows\system\spoolsv.exe"
                                                              6⤵
                                                                PID:3800
                                                            • \??\c:\windows\system\spoolsv.exe
                                                              c:\windows\system\spoolsv.exe SE
                                                              5⤵
                                                                PID:3084
                                                                • \??\c:\windows\system\spoolsv.exe
                                                                  "c:\windows\system\spoolsv.exe"
                                                                  6⤵
                                                                    PID:4420
                                                                • \??\c:\windows\system\spoolsv.exe
                                                                  c:\windows\system\spoolsv.exe SE
                                                                  5⤵
                                                                    PID:4700
                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                      "c:\windows\system\spoolsv.exe"
                                                                      6⤵
                                                                        PID:5632
                                                                    • \??\c:\windows\system\spoolsv.exe
                                                                      c:\windows\system\spoolsv.exe SE
                                                                      5⤵
                                                                        PID:3404
                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                          "c:\windows\system\spoolsv.exe"
                                                                          6⤵
                                                                            PID:4044
                                                                            • \??\c:\windows\system\explorer.exe
                                                                              c:\windows\system\explorer.exe
                                                                              7⤵
                                                                                PID:2080
                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                            c:\windows\system\spoolsv.exe SE
                                                                            5⤵
                                                                              PID:3924
                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                "c:\windows\system\spoolsv.exe"
                                                                                6⤵
                                                                                  PID:6096
                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                c:\windows\system\spoolsv.exe SE
                                                                                5⤵
                                                                                  PID:1852
                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                    "c:\windows\system\spoolsv.exe"
                                                                                    6⤵
                                                                                      PID:5316
                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                    c:\windows\system\spoolsv.exe SE
                                                                                    5⤵
                                                                                      PID:6120
                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                        "c:\windows\system\spoolsv.exe"
                                                                                        6⤵
                                                                                          PID:4568
                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                        c:\windows\system\spoolsv.exe SE
                                                                                        5⤵
                                                                                          PID:3548
                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                            "c:\windows\system\spoolsv.exe"
                                                                                            6⤵
                                                                                              PID:5876
                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                            5⤵
                                                                                              PID:840
                                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                                "c:\windows\system\spoolsv.exe"
                                                                                                6⤵
                                                                                                  PID:1972
                                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                                c:\windows\system\spoolsv.exe SE
                                                                                                5⤵
                                                                                                  PID:3304
                                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                                    "c:\windows\system\spoolsv.exe"
                                                                                                    6⤵
                                                                                                      PID:1516
                                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                                    c:\windows\system\spoolsv.exe SE
                                                                                                    5⤵
                                                                                                      PID:5860
                                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                                        "c:\windows\system\spoolsv.exe"
                                                                                                        6⤵
                                                                                                          PID:2484
                                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                                        c:\windows\system\spoolsv.exe SE
                                                                                                        5⤵
                                                                                                          PID:4916
                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                            "c:\windows\system\spoolsv.exe"
                                                                                                            6⤵
                                                                                                              PID:5188
                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                            5⤵
                                                                                                              PID:5604
                                                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                                                "c:\windows\system\spoolsv.exe"
                                                                                                                6⤵
                                                                                                                  PID:5840
                                                                                                              • \??\c:\windows\system\spoolsv.exe
                                                                                                                c:\windows\system\spoolsv.exe SE
                                                                                                                5⤵
                                                                                                                  PID:6012
                                                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                                                    "c:\windows\system\spoolsv.exe"
                                                                                                                    6⤵
                                                                                                                      PID:2588
                                                                                                                  • \??\c:\windows\system\spoolsv.exe
                                                                                                                    c:\windows\system\spoolsv.exe SE
                                                                                                                    5⤵
                                                                                                                      PID:2180
                                                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                                                        "c:\windows\system\spoolsv.exe"
                                                                                                                        6⤵
                                                                                                                          PID:2868
                                                                                                                      • \??\c:\windows\system\spoolsv.exe
                                                                                                                        c:\windows\system\spoolsv.exe SE
                                                                                                                        5⤵
                                                                                                                          PID:1968
                                                                                                                        • \??\c:\windows\system\spoolsv.exe
                                                                                                                          c:\windows\system\spoolsv.exe SE
                                                                                                                          5⤵
                                                                                                                            PID:2480
                                                                                                                          • \??\c:\windows\system\spoolsv.exe
                                                                                                                            c:\windows\system\spoolsv.exe SE
                                                                                                                            5⤵
                                                                                                                              PID:2192
                                                                                                                            • \??\c:\windows\system\spoolsv.exe
                                                                                                                              c:\windows\system\spoolsv.exe SE
                                                                                                                              5⤵
                                                                                                                                PID:5584
                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                        C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
                                                                                                                        1⤵
                                                                                                                          PID:5448
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
                                                                                                                          1⤵
                                                                                                                            PID:5988

                                                                                                                          Network

                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                Replay Monitor

                                                                                                                                Loading Replay Monitor...

                                                                                                                                Downloads

                                                                                                                                • C:\Windows\Parameters.ini

                                                                                                                                  Filesize

                                                                                                                                  74B

                                                                                                                                  MD5

                                                                                                                                  6687785d6a31cdf9a5f80acb3abc459b

                                                                                                                                  SHA1

                                                                                                                                  1ddda26cc18189770eaaa4a9e78cc4abe4fe39c9

                                                                                                                                  SHA256

                                                                                                                                  3b5ebe1c6d4d33c14e5f2ca735fc085759f47895ea90192999a22a035c7edc9b

                                                                                                                                  SHA512

                                                                                                                                  5fe9429d64ee6fe0d3698cabb39757729b48d525500afa5f073d69f14f791c8aa2bc7ce0467d48d66fc58d894983391022c59035fa67703fefd309ec4a5d9962

                                                                                                                                • C:\Windows\System\explorer.exe

                                                                                                                                  Filesize

                                                                                                                                  2.2MB

                                                                                                                                  MD5

                                                                                                                                  cfa0dac9dae26628eb98ef2b510f501b

                                                                                                                                  SHA1

                                                                                                                                  e9848550c04e28201c7136f2d0afdad89c2ef831

                                                                                                                                  SHA256

                                                                                                                                  167c77b714001a6dacfef358273aaa209634ec611a5ce4a9d6f1e722c4da8a2e

                                                                                                                                  SHA512

                                                                                                                                  59b7a6cb2f2d047477366eea3121f0f3ddf7318705f4d255e6e2ece290ef99b2b12f05098526da3ac01e49746a5890c80ccfb2743d8133f82bf26887fa32fb76

                                                                                                                                • C:\Windows\System\spoolsv.exe

                                                                                                                                  Filesize

                                                                                                                                  2.2MB

                                                                                                                                  MD5

                                                                                                                                  8cecb6fcf478c20c970eadb7add7e19d

                                                                                                                                  SHA1

                                                                                                                                  572e2a1f9c8753f6fde6e7b658fe932c546f49c6

                                                                                                                                  SHA256

                                                                                                                                  4791b4278fc71ad321d07a4fa03e2685a2178d6a0bd680f156ec11fbe06cc15b

                                                                                                                                  SHA512

                                                                                                                                  0fa91aeb3ecc7796f38236f319e74ecf1e5155f8acc3d64a02511531b0ed7cff6002e34be289b650abb3d6dd288b9d3185598bebcdfb4ed5de1e4feb048462d9

                                                                                                                                • memory/440-1588-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/440-634-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/440-90-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/440-641-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/840-1597-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/840-1626-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/840-1255-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/1404-1686-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/1436-1605-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/1852-1582-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/1852-1050-0x0000000000750000-0x0000000000751000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/1852-1601-0x0000000000750000-0x0000000000751000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/1968-1761-0x00000000020C0000-0x00000000020C1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/2180-1584-0x0000000002200000-0x0000000002201000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/2428-1795-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/2428-1804-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/2592-1653-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/2692-1599-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/2692-1600-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/2692-1773-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/2952-448-0x0000000002200000-0x0000000002201000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/2952-1117-0x0000000002200000-0x0000000002201000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/2952-1111-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/2964-75-0x00000000006A0000-0x00000000006A1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/2964-79-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/2964-73-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/2964-29-0x00000000006A0000-0x00000000006A1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3084-779-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3084-1462-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3084-1460-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3108-1459-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3108-1355-0x0000000000690000-0x0000000000691000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3108-707-0x0000000000690000-0x0000000000691000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3264-569-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3264-1248-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3264-1254-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3304-1319-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3304-1634-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3304-1603-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3404-1506-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3404-923-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3404-1583-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3548-1186-0x0000000002450000-0x0000000002451000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3548-1613-0x0000000002450000-0x0000000002451000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3548-1595-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3568-1179-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3568-1185-0x0000000000780000-0x0000000000781000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3568-513-0x0000000000780000-0x0000000000781000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3576-1801-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/3804-642-0x0000000002200000-0x0000000002201000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3804-1318-0x0000000002200000-0x0000000002201000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3804-1312-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3924-1507-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3984-0-0x00000000007B0000-0x00000000007B1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3984-22-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3984-13-0x00000000007B0000-0x00000000007B1000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/3984-14-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/3984-1-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/4160-922-0x0000000000860000-0x0000000000861000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4160-985-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/4160-293-0x0000000000860000-0x0000000000861000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4164-1615-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/4164-1622-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/4200-16-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/4200-71-0x0000000000440000-0x0000000000509000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  804KB

                                                                                                                                • memory/4200-72-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/4200-18-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/4224-1609-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/4224-135-0x0000000000750000-0x0000000000751000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4224-777-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/4224-706-0x0000000000750000-0x0000000000751000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4448-343-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4448-1042-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/4448-986-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4452-1793-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/4488-856-0x0000000000840000-0x0000000000841000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4488-243-0x0000000000840000-0x0000000000841000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4488-921-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/4700-1461-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/4700-1508-0x0000000002300000-0x0000000002301000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4700-857-0x0000000002300000-0x0000000002301000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4824-388-0x0000000002310000-0x0000000002311000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4824-1049-0x0000000002310000-0x0000000002311000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/4824-1043-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/4916-1616-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/5444-849-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/5444-1621-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/5444-183-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/5444-778-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/5604-1463-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/5604-1643-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/5860-1636-0x0000000000860000-0x0000000000861000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/5860-1356-0x0000000000860000-0x0000000000861000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/5860-1611-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/6012-1674-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/6012-1509-0x0000000000760000-0x0000000000761000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/6052-568-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/6052-81-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/6116-1764-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  248KB

                                                                                                                                • memory/6120-1594-0x0000000000400000-0x00000000005D3000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  1.8MB

                                                                                                                                • memory/6120-1118-0x0000000002200000-0x0000000002201000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB

                                                                                                                                • memory/6120-1604-0x0000000002200000-0x0000000002201000-memory.dmp

                                                                                                                                  Filesize

                                                                                                                                  4KB