Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
28-06-2024 00:20
Static task
static1
Behavioral task
behavioral1
Sample
181858b30e17871444391ed77dbb889c_JaffaCakes118.exe
Resource
win7-20240611-en
General
-
Target
181858b30e17871444391ed77dbb889c_JaffaCakes118.exe
-
Size
121KB
-
MD5
181858b30e17871444391ed77dbb889c
-
SHA1
31463ddc72ea8f3939aef3c1b61580778d8219e8
-
SHA256
eebbb2f8fe7ae75890893ccf3e4de076cb347cab052b8737f2667742763d0a1f
-
SHA512
6d7e94b87198afb93b47d626366514c2dd4cd0b9e3ed14c573a0a1b48dc5a2e2c770f3c87f0100be805787c63dc0ed5dd8088812f1191769b63acf1222c00f09
-
SSDEEP
1536:P8kwilTEhU4HDa1KkjWXUa21mc/Mue9zp:XhlohUEK9ekp0
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
svchost.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe" svchost.exe -
Executes dropped EXE 1 IoCs
Processes:
WaterMark.exepid process 2056 WaterMark.exe -
Loads dropped DLL 2 IoCs
Processes:
181858b30e17871444391ed77dbb889c_JaffaCakes118.exepid process 636 181858b30e17871444391ed77dbb889c_JaffaCakes118.exe 636 181858b30e17871444391ed77dbb889c_JaffaCakes118.exe -
Processes:
resource yara_rule behavioral1/memory/2056-15-0x0000000000400000-0x0000000000426000-memory.dmp upx behavioral1/memory/2056-14-0x0000000000400000-0x0000000000426000-memory.dmp upx behavioral1/memory/636-9-0x0000000000400000-0x0000000000426000-memory.dmp upx behavioral1/memory/2056-17-0x0000000000400000-0x0000000000426000-memory.dmp upx behavioral1/memory/2056-509-0x0000000000400000-0x0000000000426000-memory.dmp upx behavioral1/memory/2056-512-0x0000000000400000-0x0000000000426000-memory.dmp upx -
Drops file in System32 directory 2 IoCs
Processes:
svchost.exedescription ioc process File created C:\Windows\SysWOW64\dmlconf.dat svchost.exe File opened for modification C:\Windows\SysWOW64\dmlconf.dat svchost.exe -
Drops file in Program Files directory 64 IoCs
Processes:
svchost.exedescription ioc process File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\pencht.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\promointl.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\InkObj.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_display_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\ado\msader15.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\dt_shmem.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Journal\JNWDRV.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Conversion.v3.5.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Photo Viewer\PhotoViewer.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\penusa.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\ipcclientcerts.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEWSS.DLL svchost.exe File opened for modification C:\Program Files\DVD Maker\OmdProject.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\fxplugins.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html svchost.exe File opened for modification C:\Program Files\Common Files\System\msadc\msadcer.dll svchost.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libsubsusf_plugin.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll svchost.exe -
Suspicious behavior: EnumeratesProcesses 37 IoCs
Processes:
WaterMark.exesvchost.exepid process 2056 WaterMark.exe 2056 WaterMark.exe 2056 WaterMark.exe 2056 WaterMark.exe 2056 WaterMark.exe 2056 WaterMark.exe 2056 WaterMark.exe 2056 WaterMark.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe 2800 svchost.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
WaterMark.exesvchost.exedescription pid process Token: SeDebugPrivilege 2056 WaterMark.exe Token: SeDebugPrivilege 2800 svchost.exe Token: SeDebugPrivilege 2056 WaterMark.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
181858b30e17871444391ed77dbb889c_JaffaCakes118.exeWaterMark.exesvchost.exedescription pid process target process PID 636 wrote to memory of 2056 636 181858b30e17871444391ed77dbb889c_JaffaCakes118.exe WaterMark.exe PID 636 wrote to memory of 2056 636 181858b30e17871444391ed77dbb889c_JaffaCakes118.exe WaterMark.exe PID 636 wrote to memory of 2056 636 181858b30e17871444391ed77dbb889c_JaffaCakes118.exe WaterMark.exe PID 636 wrote to memory of 2056 636 181858b30e17871444391ed77dbb889c_JaffaCakes118.exe WaterMark.exe PID 2056 wrote to memory of 2664 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2664 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2664 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2664 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2664 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2664 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2664 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2664 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2664 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2664 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2800 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2800 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2800 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2800 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2800 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2800 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2800 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2800 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2800 2056 WaterMark.exe svchost.exe PID 2056 wrote to memory of 2800 2056 WaterMark.exe svchost.exe PID 2800 wrote to memory of 256 2800 svchost.exe smss.exe PID 2800 wrote to memory of 256 2800 svchost.exe smss.exe PID 2800 wrote to memory of 256 2800 svchost.exe smss.exe PID 2800 wrote to memory of 256 2800 svchost.exe smss.exe PID 2800 wrote to memory of 256 2800 svchost.exe smss.exe PID 2800 wrote to memory of 332 2800 svchost.exe csrss.exe PID 2800 wrote to memory of 332 2800 svchost.exe csrss.exe PID 2800 wrote to memory of 332 2800 svchost.exe csrss.exe PID 2800 wrote to memory of 332 2800 svchost.exe csrss.exe PID 2800 wrote to memory of 332 2800 svchost.exe csrss.exe PID 2800 wrote to memory of 380 2800 svchost.exe wininit.exe PID 2800 wrote to memory of 380 2800 svchost.exe wininit.exe PID 2800 wrote to memory of 380 2800 svchost.exe wininit.exe PID 2800 wrote to memory of 380 2800 svchost.exe wininit.exe PID 2800 wrote to memory of 380 2800 svchost.exe wininit.exe PID 2800 wrote to memory of 392 2800 svchost.exe csrss.exe PID 2800 wrote to memory of 392 2800 svchost.exe csrss.exe PID 2800 wrote to memory of 392 2800 svchost.exe csrss.exe PID 2800 wrote to memory of 392 2800 svchost.exe csrss.exe PID 2800 wrote to memory of 392 2800 svchost.exe csrss.exe PID 2800 wrote to memory of 428 2800 svchost.exe winlogon.exe PID 2800 wrote to memory of 428 2800 svchost.exe winlogon.exe PID 2800 wrote to memory of 428 2800 svchost.exe winlogon.exe PID 2800 wrote to memory of 428 2800 svchost.exe winlogon.exe PID 2800 wrote to memory of 428 2800 svchost.exe winlogon.exe PID 2800 wrote to memory of 476 2800 svchost.exe services.exe PID 2800 wrote to memory of 476 2800 svchost.exe services.exe PID 2800 wrote to memory of 476 2800 svchost.exe services.exe PID 2800 wrote to memory of 476 2800 svchost.exe services.exe PID 2800 wrote to memory of 476 2800 svchost.exe services.exe PID 2800 wrote to memory of 484 2800 svchost.exe lsass.exe PID 2800 wrote to memory of 484 2800 svchost.exe lsass.exe PID 2800 wrote to memory of 484 2800 svchost.exe lsass.exe PID 2800 wrote to memory of 484 2800 svchost.exe lsass.exe PID 2800 wrote to memory of 484 2800 svchost.exe lsass.exe PID 2800 wrote to memory of 492 2800 svchost.exe lsm.exe PID 2800 wrote to memory of 492 2800 svchost.exe lsm.exe PID 2800 wrote to memory of 492 2800 svchost.exe lsm.exe PID 2800 wrote to memory of 492 2800 svchost.exe lsm.exe PID 2800 wrote to memory of 492 2800 svchost.exe lsm.exe
Processes
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe1⤵
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}4⤵
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding4⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\181858b30e17871444391ed77dbb889c_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\181858b30e17871444391ed77dbb889c_JaffaCakes118.exe"2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Microsoft\WaterMark.exeFilesize
121KB
MD5181858b30e17871444391ed77dbb889c
SHA131463ddc72ea8f3939aef3c1b61580778d8219e8
SHA256eebbb2f8fe7ae75890893ccf3e4de076cb347cab052b8737f2667742763d0a1f
SHA5126d7e94b87198afb93b47d626366514c2dd4cd0b9e3ed14c573a0a1b48dc5a2e2c770f3c87f0100be805787c63dc0ed5dd8088812f1191769b63acf1222c00f09
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.htmlFilesize
255KB
MD55f4201095cbe09d7e830777508216eed
SHA1dd5f76874b874f1188bf4534e92b0793978d8d8a
SHA2564543d11841b5146c00f7e978f7755ca98231a5f6621f8157d146efc52e1438f9
SHA51229138e1093a90021db769710d96089f7b85cb6b86bf9778050bf381035b3eaa9ff758d50245882530946a83aa0b4d460c89ac9420da76ac2d51d89a502d3cf09
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.htmlFilesize
251KB
MD5b7c18d9f72ba2960e2231121c8cb19f2
SHA1802f9e879ab5b8cbc02e92517f24c3fb55dd849f
SHA2568a74665f6d687dc1caaa92aac3033aef2067ed0c980593367d9a88dd8be102cc
SHA512609086059fc86a95408d1d6525ee61725ea0f92711c6cc51e3a3840a68892b489a14531e83b044a4161d8e2c17f68031fdd7d68701308929e01d0db5737d7d57
-
memory/636-9-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/636-10-0x00000000003A0000-0x00000000003C6000-memory.dmpFilesize
152KB
-
memory/636-0-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/2056-16-0x00000000002A0000-0x00000000002A1000-memory.dmpFilesize
4KB
-
memory/2056-12-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/2056-17-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/2056-14-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/2056-15-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/2056-512-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/2056-509-0x0000000000400000-0x0000000000426000-memory.dmpFilesize
152KB
-
memory/2056-51-0x000000007738F000-0x0000000077390000-memory.dmpFilesize
4KB
-
memory/2056-43-0x0000000000330000-0x0000000000331000-memory.dmpFilesize
4KB
-
memory/2664-39-0x0000000020010000-0x0000000020022000-memory.dmpFilesize
72KB
-
memory/2664-25-0x00000000000E0000-0x00000000000E1000-memory.dmpFilesize
4KB
-
memory/2664-34-0x0000000020010000-0x0000000020022000-memory.dmpFilesize
72KB
-
memory/2664-19-0x0000000020010000-0x0000000020022000-memory.dmpFilesize
72KB
-
memory/2664-27-0x0000000020010000-0x0000000020022000-memory.dmpFilesize
72KB
-
memory/2664-31-0x00000000000D0000-0x00000000000D1000-memory.dmpFilesize
4KB
-
memory/2664-21-0x00000000000C0000-0x00000000000C1000-memory.dmpFilesize
4KB
-
memory/2664-733-0x0000000020010000-0x0000000020022000-memory.dmpFilesize
72KB
-
memory/2664-26-0x00000000000C0000-0x00000000000C1000-memory.dmpFilesize
4KB
-
memory/2800-56-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2800-61-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/2800-60-0x0000000077390000-0x0000000077391000-memory.dmpFilesize
4KB
-
memory/2800-59-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2800-62-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2800-57-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/2800-58-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2800-52-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2800-45-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB