e1a0aa38de99703d1b62f36bbb1ee1a9a7e66b34e803da6cded01fa8cbb98c5c

Analysis

max time kernel
140s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2024 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Size

1.8MB
MD5

e2a7e5f92c8c72c67f4c54b4c56c7bd1
SHA1

3fbb75d1987023f41be41db9d91d4e9c9b8b8fdb
SHA256

e1a0aa38de99703d1b62f36bbb1ee1a9a7e66b34e803da6cded01fa8cbb98c5c
SHA512

ccee1fd89b105cef45e4c6008ec723edb7185d054120dbe5a76ac538fe12a6f29765542e8b851bda429729c2382863d4817a1b65ab13d8f8de362130e63ba232
SSDEEP

24576:0SU65gZxLNjajuoLjf0Zf0T+uiYQn9PWKJ5vZUTBlQoajr6vMInYcWn:pPgDLICo/f0Zf0tiYQnkM5vOfM9IYcI

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\cpmt.dll	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
File opened for modification	C:\Windows\cpmt.dll	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\ = "QMDispatch.QMFunction"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\ProgID	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\InprocHandler32\ = "ole32.dll"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\ProgID	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\VersionIndependentProgID	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\ProxyStubClsid32	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\InprocHandler32	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\FLAGS\ = "0"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\CurVer\ = "QMDispatch.QMRoutine.1"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\HELPDIR	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\TypeLib	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction\CLSID\ = "{EBEB87A4-E151-4054-AB45-A6E094C5334B}"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\Programmable	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\ProgID\ = "QMDispatch.QMFunction"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\0	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\E2A7E5~1.EXE"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\TypeLib	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\TypeLib\ = "{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\InprocHandler32	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\CurVer	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InprocServer32	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\TypeLib	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\ = "QMRoutine Class"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\CLSID\ = "{C07DB6A3-34FC-4084-BE2E-76BB9203B049}"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0E59F1D5-1FBE-11D0-8FF2-00A0D10038BC}	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine.1\CLSID	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\0\win32	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\TypeLib\ = "{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\ProgID\ = "QMDispatch.QMRoutine.1"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\TypeLib\Version = "1.0"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\TypeLib\Version = "1.0"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction\ = "QMDispatch.QMFunction"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine.1	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\ = "QMRoutine Class"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\VersionIndependentProgID\ = "QMDispatch.QMRoutine"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\ = "QMDispatch 1.0 Type Library"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\0\win32\ = "C:\\Windows\\cpmt.dll"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\HELPDIR\ = "C:\\Windows\\"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\ProxyStubClsid32	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine.1\CLSID\ = "{C07DB6A3-34FC-4084-BE2E-76BB9203B049}"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine\CLSID	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\ProgID	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InprocServer32\ = "C:\\Windows\\cpmt.dll"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\InprocServer32\ThreadingModel = "Apartment"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EBEB87A4-E151-4054-AB45-A6E094C5334B}\LocalServer32	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\ = "IQMRoutine"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMFunction\CLSID	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E6AD2DF7-46DC-417F-AE61-D433C510416D}\ = "IQMRoutine"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMDispatch.QMRoutine.1\ = "QMRoutine Class"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}\1.0\FLAGS	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C07DB6A3-34FC-4084-BE2E-76BB9203B049}\TypeLib\ = "{5FD5723F-D6F6-4F31-A7D0-318E72D28E80}"	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
5064	e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e2a7e5f92c8c72c67f4c54b4c56c7bd1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\474A.tmp

Filesize
625B

MD5
b056449c7a452c29bc12cf23820af695

SHA1
5b32b812e5277f6c129a1211ad6e671cf75caaa1

SHA256
3dad5c4e7ad24c0966a7b343394e3397c683be83e3040c53d9e396ebefe53d4c

SHA512
3c10e270cb752f367e752ab1293070cfb025a115399274a541f0e8a8356353dfdf08c2f6619539765318beced47fb590890dba9a7071980d14c0e07a3e2b6199

Download Submit
C:\Users\Admin\AppData\Local\Temp\pmtkp.dll

Filesize
48KB

MD5
3f2532ea6180626395b2006ffedf7fca

SHA1
6634801e48a16c1c40cde9ce4cf4080984251f21

SHA256
0175158308879005dbb4db2bcccd4459bfbbe8a7669a6485754eeaec637ea930

SHA512
85fa904de2bb73b04daed671b5d58aad683600ed3e41494aeee5bdf9243408031d32628a741caff4df855e39c72d4cc9d8440e79dd69139b1cf9e3ea59676502

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp01.dll

Filesize
40KB

MD5
e0d350836bfdb31322210f5823dcb9de

SHA1
b3e0ac9ac16a1a3b3a66c47509218c2e98fccd1a

SHA256
8dea6a462fdf0a6127e646151c4c1e51b649e6b50abe5ac1ffb5ca65fca0a50c

SHA512
8c7adf84c9c338d5d1d84ceed10847076ba908a2a466e7cf0781349b1a5916e17001725b3e1aab68ecf4f279db2de2cd3e3b0172cc042d21392bac668195a8d8

Download Submit
memory/5064-72-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-74-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-69-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-70-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-71-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-67-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-73-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-68-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-75-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-76-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-77-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-78-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-79-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/5064-80-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download