Analysis
-
max time kernel
56s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 08:14
Behavioral task
behavioral1
Sample
a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe
Resource
win7-20240611-en
General
-
Target
a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe
-
Size
2.2MB
-
MD5
a8aff845ce99b65136f8cd2e41dd4006
-
SHA1
3dfc1b39af35a3406edda60438f9d9fd450da7e1
-
SHA256
f0a2a5c6c2ac22ee7eb88d6fd42eb42b60a2a615173b5441be63e1c1066e037e
-
SHA512
9781f60aaa1957f994268462b6ad41ab935f41c31669d0e929f3f559232b652b8b03113dfe171bd76064b0cf29144262a019fc000232cae60fb4ba3bf044fc49
-
SSDEEP
24576:0UzNkyrbtjbGixCOPKH2I1iIWILtfOIJ+HKodCHPC0cF3u7P1+eWQ8f/x52vHNZH:0UzeyQMS4DqodCnoe+iitjWww7
Malware Config
Extracted
pony
http://don.service-master.eu/gate.php
-
payload_url
http://don.service-master.eu/shit.exe
Signatures
-
Drops startup file 2 IoCs
Processes:
a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe -
Executes dropped EXE 2 IoCs
Processes:
explorer.exeexplorer.exepid process 264 explorer.exe 2908 explorer.exe -
Loads dropped DLL 2 IoCs
Processes:
a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exepid process 2536 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe 2536 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe -
Suspicious use of SetThreadContext 2 IoCs
Processes:
a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exeexplorer.exedescription pid process target process PID 1720 set thread context of 2536 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe PID 264 set thread context of 2908 264 explorer.exe explorer.exe -
Drops file in Windows directory 3 IoCs
Processes:
a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exea8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exeexplorer.exedescription ioc process File opened for modification C:\Windows\Parameters.ini a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe File opened for modification \??\c:\windows\system\explorer.exe a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe File opened for modification C:\Windows\Parameters.ini explorer.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exepid process 2536 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exeexplorer.exepid process 2536 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe 2536 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe 2908 explorer.exe 2908 explorer.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exea8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exeexplorer.exedescription pid process target process PID 1720 wrote to memory of 1576 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe splwow64.exe PID 1720 wrote to memory of 1576 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe splwow64.exe PID 1720 wrote to memory of 1576 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe splwow64.exe PID 1720 wrote to memory of 1576 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe splwow64.exe PID 1720 wrote to memory of 2536 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe PID 1720 wrote to memory of 2536 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe PID 1720 wrote to memory of 2536 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe PID 1720 wrote to memory of 2536 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe PID 1720 wrote to memory of 2536 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe PID 1720 wrote to memory of 2536 1720 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe PID 2536 wrote to memory of 264 2536 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe explorer.exe PID 2536 wrote to memory of 264 2536 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe explorer.exe PID 2536 wrote to memory of 264 2536 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe explorer.exe PID 2536 wrote to memory of 264 2536 a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe explorer.exe PID 264 wrote to memory of 2908 264 explorer.exe explorer.exe PID 264 wrote to memory of 2908 264 explorer.exe explorer.exe PID 264 wrote to memory of 2908 264 explorer.exe explorer.exe PID 264 wrote to memory of 2908 264 explorer.exe explorer.exe PID 264 wrote to memory of 2908 264 explorer.exe explorer.exe PID 264 wrote to memory of 2908 264 explorer.exe explorer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe"1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
C:\Users\Admin\AppData\Local\Temp\a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\a8aff845ce99b65136f8cd2e41dd4006_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
\??\c:\windows\system\explorer.exe"c:\windows\system\explorer.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\explorer.exec:\windows\system\explorer.exe7⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exe"c:\windows\system\spoolsv.exe"6⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
-
\??\c:\windows\system\spoolsv.exec:\windows\system\spoolsv.exe SE5⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\Parameters.iniMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Windows\Parameters.iniFilesize
74B
MD56687785d6a31cdf9a5f80acb3abc459b
SHA11ddda26cc18189770eaaa4a9e78cc4abe4fe39c9
SHA2563b5ebe1c6d4d33c14e5f2ca735fc085759f47895ea90192999a22a035c7edc9b
SHA5125fe9429d64ee6fe0d3698cabb39757729b48d525500afa5f073d69f14f791c8aa2bc7ce0467d48d66fc58d894983391022c59035fa67703fefd309ec4a5d9962
-
C:\Windows\system\explorer.exeFilesize
2.2MB
MD5fee7393aca875b7c18149c68030ba633
SHA16e499279eb6b18bdd656c349e7ec3780c815f94b
SHA2567afc3f927df60e0df0daf36f2ad54599258bd9cfdedcadd95676a2f8bfac49a2
SHA512452d6a0319a97a38be4d6be0a220854bb0e92273b5365f643f04b92d46770191b25ca3dfe91d8bdcfab0b47db6b4ff2014db239363f5c9076f83fb415a252c87
-
C:\Windows\system\spoolsv.exeFilesize
2.2MB
MD5ef4f9e31eacb9e7a57f8af0f953d837d
SHA14f27eb3f54f75800a99c227d12b57731f1578acf
SHA25666d64a2aee1d33efb0eb4dbd0835925512eefbb94f47994a87bcf8ad1543b16e
SHA512a1b0fd25774bfa64e52ebda061a0c5ffd9a05d3374c4a30b2cd0bb274977730144fe508bf738bcfa799cda2dbf433de896519f3c628d575699168747fc97c2b0
-
memory/264-60-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/264-42-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/264-70-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/364-1688-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/676-1938-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/924-3156-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/948-2238-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/1028-1418-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/1556-2237-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/1588-2236-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/1596-1685-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/1648-2492-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/1676-2240-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/1708-3039-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/1720-0-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB
-
memory/1720-19-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB
-
memory/1720-29-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/1720-17-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/1992-2241-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2036-1941-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2068-2247-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2072-1686-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2212-2239-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2220-1944-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2236-1939-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2284-1417-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2312-1689-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2316-2235-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2380-1424-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2536-49-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/2536-25-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/2536-28-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/2536-22-0x000000007EFDE000-0x000000007EFDF000-memory.dmpFilesize
4KB
-
memory/2536-20-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/2568-1940-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2680-2489-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2728-1943-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2748-1416-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2856-2491-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2864-1687-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2900-1415-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/2908-1409-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/2916-1945-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/3008-1942-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/3016-2490-0x0000000000400000-0x00000000005D3000-memory.dmpFilesize
1.8MB
-
memory/3384-2998-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/3384-3082-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/3588-3011-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/3588-3015-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/4132-3165-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/4396-3182-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/4404-3210-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/4676-3242-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/4772-3253-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB
-
memory/4836-3277-0x0000000000400000-0x000000000043E000-memory.dmpFilesize
248KB