Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
28-06-2024 07:51
Static task
static1
Behavioral task
behavioral1
Sample
19589a971eb420559794afd71081d286_JaffaCakes118.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
19589a971eb420559794afd71081d286_JaffaCakes118.dll
Resource
win10v2004-20240508-en
General
-
Target
19589a971eb420559794afd71081d286_JaffaCakes118.dll
-
Size
140KB
-
MD5
19589a971eb420559794afd71081d286
-
SHA1
71cbacfb391011112b322d2ff2ed583786dd2752
-
SHA256
4b983caf22b55ad0ff2b73a2d9427eedae29e418a9141d091464e7a4f799f3d3
-
SHA512
c4948631d01743602c99dee4c778fd644b68904875460292d929ed0f95b74e0fbb1f40e9c2bf506edc5eb4f2f7bfd328357f11b5c486cb457f9fa00923323fa5
-
SSDEEP
3072:dNEqkap78EyjCY2Dy8pRuuOKi1xywc/h:HEqkE4x0yeupTnnc/h
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
svchost.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,c:\\program files (x86)\\microsoft\\watermark.exe" svchost.exe -
Executes dropped EXE 2 IoCs
Processes:
rundll32Srv.exeWaterMark.exepid process 2004 rundll32Srv.exe 2716 WaterMark.exe -
Loads dropped DLL 4 IoCs
Processes:
rundll32.exerundll32Srv.exepid process 3000 rundll32.exe 3000 rundll32.exe 2004 rundll32Srv.exe 2004 rundll32Srv.exe -
Processes:
resource yara_rule behavioral1/memory/3000-3-0x0000000000220000-0x0000000000261000-memory.dmp upx \Windows\SysWOW64\rundll32Srv.exe upx behavioral1/memory/2004-14-0x0000000000400000-0x0000000000441000-memory.dmp upx behavioral1/memory/2716-23-0x0000000000400000-0x0000000000441000-memory.dmp upx behavioral1/memory/2716-26-0x0000000000400000-0x0000000000441000-memory.dmp upx behavioral1/memory/2716-333-0x0000000000400000-0x0000000000441000-memory.dmp upx behavioral1/memory/2716-557-0x0000000000400000-0x0000000000441000-memory.dmp upx -
Drops file in System32 directory 3 IoCs
Processes:
rundll32.exesvchost.exedescription ioc process File created C:\Windows\SysWOW64\rundll32Srv.exe rundll32.exe File created C:\Windows\SysWOW64\dmlconf.dat svchost.exe File opened for modification C:\Windows\SysWOW64\dmlconf.dat svchost.exe -
Drops file in Program Files directory 64 IoCs
Processes:
svchost.exedescription ioc process File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html svchost.exe File opened for modification C:\Program Files\Java\jre7\bin\kinit.exe svchost.exe File opened for modification C:\Program Files\Windows Journal\jnwdui.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll svchost.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll svchost.exe File opened for modification C:\Program Files\Common Files\System\DirectDB.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\librawaud_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe svchost.exe File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll svchost.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll svchost.exe File opened for modification C:\Program Files\Internet Explorer\F12Tools.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationBuildTasks.resources.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll svchost.exe File opened for modification C:\Program Files\Internet Explorer\D3DCompiler_47.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libx26410b_plugin.dll svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe svchost.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html svchost.exe File opened for modification C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe svchost.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationTypes.resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libspdif_plugin.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll svchost.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\settings.html svchost.exe File opened for modification C:\Program Files\Internet Explorer\F12.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll svchost.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll svchost.exe File opened for modification C:\Program Files\7-Zip\7zG.exe svchost.exe File opened for modification C:\Program Files\DVD Maker\DVDMaker.exe svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1665.dll svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\mozwer.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll svchost.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html svchost.exe File opened for modification C:\Program Files\Mozilla Firefox\osclientcerts.dll svchost.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll svchost.exe -
Suspicious behavior: EnumeratesProcesses 37 IoCs
Processes:
WaterMark.exesvchost.exepid process 2716 WaterMark.exe 2716 WaterMark.exe 2716 WaterMark.exe 2716 WaterMark.exe 2716 WaterMark.exe 2716 WaterMark.exe 2716 WaterMark.exe 2716 WaterMark.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe 2488 svchost.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
WaterMark.exesvchost.exesvchost.exedescription pid process Token: SeDebugPrivilege 2716 WaterMark.exe Token: SeDebugPrivilege 2488 svchost.exe Token: SeDebugPrivilege 2716 WaterMark.exe Token: SeDebugPrivilege 2640 svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
rundll32.exerundll32.exerundll32Srv.exeWaterMark.exesvchost.exedescription pid process target process PID 2980 wrote to memory of 3000 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 3000 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 3000 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 3000 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 3000 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 3000 2980 rundll32.exe rundll32.exe PID 2980 wrote to memory of 3000 2980 rundll32.exe rundll32.exe PID 3000 wrote to memory of 2004 3000 rundll32.exe rundll32Srv.exe PID 3000 wrote to memory of 2004 3000 rundll32.exe rundll32Srv.exe PID 3000 wrote to memory of 2004 3000 rundll32.exe rundll32Srv.exe PID 3000 wrote to memory of 2004 3000 rundll32.exe rundll32Srv.exe PID 2004 wrote to memory of 2716 2004 rundll32Srv.exe WaterMark.exe PID 2004 wrote to memory of 2716 2004 rundll32Srv.exe WaterMark.exe PID 2004 wrote to memory of 2716 2004 rundll32Srv.exe WaterMark.exe PID 2004 wrote to memory of 2716 2004 rundll32Srv.exe WaterMark.exe PID 2716 wrote to memory of 2640 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2640 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2640 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2640 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2640 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2640 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2640 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2640 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2640 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2640 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2488 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2488 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2488 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2488 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2488 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2488 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2488 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2488 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2488 2716 WaterMark.exe svchost.exe PID 2716 wrote to memory of 2488 2716 WaterMark.exe svchost.exe PID 2488 wrote to memory of 256 2488 svchost.exe smss.exe PID 2488 wrote to memory of 256 2488 svchost.exe smss.exe PID 2488 wrote to memory of 256 2488 svchost.exe smss.exe PID 2488 wrote to memory of 256 2488 svchost.exe smss.exe PID 2488 wrote to memory of 256 2488 svchost.exe smss.exe PID 2488 wrote to memory of 336 2488 svchost.exe csrss.exe PID 2488 wrote to memory of 336 2488 svchost.exe csrss.exe PID 2488 wrote to memory of 336 2488 svchost.exe csrss.exe PID 2488 wrote to memory of 336 2488 svchost.exe csrss.exe PID 2488 wrote to memory of 336 2488 svchost.exe csrss.exe PID 2488 wrote to memory of 372 2488 svchost.exe wininit.exe PID 2488 wrote to memory of 372 2488 svchost.exe wininit.exe PID 2488 wrote to memory of 372 2488 svchost.exe wininit.exe PID 2488 wrote to memory of 372 2488 svchost.exe wininit.exe PID 2488 wrote to memory of 372 2488 svchost.exe wininit.exe PID 2488 wrote to memory of 384 2488 svchost.exe csrss.exe PID 2488 wrote to memory of 384 2488 svchost.exe csrss.exe PID 2488 wrote to memory of 384 2488 svchost.exe csrss.exe PID 2488 wrote to memory of 384 2488 svchost.exe csrss.exe PID 2488 wrote to memory of 384 2488 svchost.exe csrss.exe PID 2488 wrote to memory of 420 2488 svchost.exe winlogon.exe PID 2488 wrote to memory of 420 2488 svchost.exe winlogon.exe PID 2488 wrote to memory of 420 2488 svchost.exe winlogon.exe PID 2488 wrote to memory of 420 2488 svchost.exe winlogon.exe PID 2488 wrote to memory of 420 2488 svchost.exe winlogon.exe PID 2488 wrote to memory of 468 2488 svchost.exe services.exe PID 2488 wrote to memory of 468 2488 svchost.exe services.exe PID 2488 wrote to memory of 468 2488 svchost.exe services.exe PID 2488 wrote to memory of 468 2488 svchost.exe services.exe
Processes
-
C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe1⤵
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\wininit.exewininit.exe1⤵
-
C:\Windows\system32\services.exeC:\Windows\system32\services.exe2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch3⤵
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding4⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k RPCSS3⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted3⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted3⤵
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"4⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs3⤵
-
C:\Windows\system32\wbem\WMIADAP.EXEwmiadap.exe /F /T /R4⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k NetworkService3⤵
-
C:\Windows\System32\spoolsv.exeC:\Windows\System32\spoolsv.exe3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork3⤵
-
C:\Windows\system32\taskhost.exe"taskhost.exe"3⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation3⤵
-
C:\Windows\system32\sppsvc.exeC:\Windows\system32\sppsvc.exe3⤵
-
C:\Windows\system32\lsass.exeC:\Windows\system32\lsass.exe2⤵
-
C:\Windows\system32\lsm.exeC:\Windows\system32\lsm.exe2⤵
-
C:\Windows\system32\csrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=161⤵
-
C:\Windows\system32\winlogon.exewinlogon.exe1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19589a971eb420559794afd71081d286_JaffaCakes118.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\19589a971eb420559794afd71081d286_JaffaCakes118.dll,#13⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32Srv.exeC:\Windows\SysWOW64\rundll32Srv.exe4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\WaterMark.exe"C:\Program Files (x86)\Microsoft\WaterMark.exe"5⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe6⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe6⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.htmlFilesize
201KB
MD5767eb5d6751aa8fcff636622d12f7046
SHA1eac9bfdcdd60fdbf9026ec238fb3f2ab29b63d9d
SHA256ae220ed6ae256b5e3cc14a22cfb7939f2840582662a424dbc57ff1e6e068d2d5
SHA512f24289c178882e1ef77c668df03abb85e6f2d89f59b54933218c95718d9138e34e210f84b050cceac83d953e64b1d47213dc56de96d7a88bc3af34086488272b
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.htmlFilesize
198KB
MD5664c40bc41bb809363bb527caf71eae7
SHA1d63e50230a1d575517d0ee638ae631f6eaa62879
SHA2563fb0037804ec5de62b46a7427f69eada8d40579fb0ffc79213c7587c2e9933bc
SHA5128d30aeda2932ff39337f29c169ecb6ea942df15240c4d5d5baa7f60f9a9853880d4892eddf13259786ab7ab6d2f6cdf5c6e466363df7068b01e4167e7aff35d3
-
\Windows\SysWOW64\rundll32Srv.exeFilesize
94KB
MD5f6736faa3126f64ed4a7109e40c47806
SHA10d50917f44d6e173bac24916c95343616dcbf18c
SHA256bc0cb854888c155cbfed860a6546bea3c82db643df30437fe14d91194939a874
SHA51229cc26cd4df360252917a5d913e5e4776b6d05061b464f09dbb33918491affdc15cac9e142a9227a48f27d26db1f8ee85bd3d417365d6fef9b2fd380e090efe5
-
memory/2004-14-0x0000000000400000-0x0000000000441000-memory.dmpFilesize
260KB
-
memory/2004-11-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/2488-72-0x0000000077CA0000-0x0000000077CA1000-memory.dmpFilesize
4KB
-
memory/2488-53-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2488-65-0x0000000000190000-0x0000000000191000-memory.dmpFilesize
4KB
-
memory/2488-66-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2488-69-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2488-67-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2488-68-0x00000000001A0000-0x00000000001A1000-memory.dmpFilesize
4KB
-
memory/2488-60-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2488-64-0x0000000020010000-0x000000002001B000-memory.dmpFilesize
44KB
-
memory/2640-43-0x0000000020010000-0x0000000020021000-memory.dmpFilesize
68KB
-
memory/2640-28-0x0000000020010000-0x0000000020021000-memory.dmpFilesize
68KB
-
memory/2640-778-0x0000000020010000-0x0000000020021000-memory.dmpFilesize
68KB
-
memory/2640-48-0x0000000020010000-0x0000000020021000-memory.dmpFilesize
68KB
-
memory/2640-30-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/2640-41-0x0000000020010000-0x0000000020021000-memory.dmpFilesize
68KB
-
memory/2640-40-0x0000000000090000-0x0000000000091000-memory.dmpFilesize
4KB
-
memory/2640-35-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/2640-36-0x0000000020010000-0x0000000020021000-memory.dmpFilesize
68KB
-
memory/2640-34-0x00000000000A0000-0x00000000000A1000-memory.dmpFilesize
4KB
-
memory/2716-59-0x0000000077C9F000-0x0000000077CA0000-memory.dmpFilesize
4KB
-
memory/2716-51-0x00000000002B0000-0x00000000002B1000-memory.dmpFilesize
4KB
-
memory/2716-26-0x0000000000400000-0x0000000000441000-memory.dmpFilesize
260KB
-
memory/2716-25-0x00000000002A0000-0x00000000002A1000-memory.dmpFilesize
4KB
-
memory/2716-23-0x0000000000400000-0x0000000000441000-memory.dmpFilesize
260KB
-
memory/2716-333-0x0000000000400000-0x0000000000441000-memory.dmpFilesize
260KB
-
memory/2716-557-0x0000000000400000-0x0000000000441000-memory.dmpFilesize
260KB
-
memory/3000-50-0x000000006D040000-0x000000006D063000-memory.dmpFilesize
140KB
-
memory/3000-3-0x0000000000220000-0x0000000000261000-memory.dmpFilesize
260KB
-
memory/3000-10-0x0000000000220000-0x0000000000261000-memory.dmpFilesize
260KB
-
memory/3000-1-0x000000006D040000-0x000000006D063000-memory.dmpFilesize
140KB