152e0a7a5b4e847d45c2ec0442720604201e77187848bcedff0a582e8705ffdd

Analysis

max time kernel
142s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64799b0477c20276f1f2a0c940aa851b_JaffaCakes118.exe
Size

276KB
MD5

64799b0477c20276f1f2a0c940aa851b
SHA1

b28799be97ffe3e5a352d97ea3b54149917a8ca6
SHA256

152e0a7a5b4e847d45c2ec0442720604201e77187848bcedff0a582e8705ffdd
SHA512

92b3da120ff1438299e74ffce838f343f101ab2369054a11766eb293b16bcb936ee3b7ca61fa2a4d6e30bb5fd816aeb7db33d9e78493c6d7376ad700db3e3741
SSDEEP

6144:+saocyLCPcZvJNGRQFlVuoNz6MnIC/HKS4lVrBGd4UOuNEkY:+tobZJNBlVVzFxf/4XrBKOjk

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

installer.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	installer.exe

Executes dropped EXE 2 IoCs

Processes:

installer.exe50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe

pid process

3432 installer.exe
3152 50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe
Loads dropped DLL 1 IoCs

Processes:

64799b0477c20276f1f2a0c940aa851b_JaffaCakes118.exe

pid process

2332 64799b0477c20276f1f2a0c940aa851b_JaffaCakes118.exe

pid	process
3432	installer.exe
3152	50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe

pid	process
2332	64799b0477c20276f1f2a0c940aa851b_JaffaCakes118.exe

Drops desktop.ini file(s) 2 IoCs

Processes:

installer.exe

description	ioc	process
File created	C:\Windows\assembly\Desktop.ini	installer.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	installer.exe

Drops file in Windows directory 3 IoCs

Processes:

installer.exe

description	ioc	process
File opened for modification	C:\Windows\assembly	installer.exe
File created	C:\Windows\assembly\Desktop.ini	installer.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

installer.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81	installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 0400000001000000100000008ccadc0b22cef5be72ac411a11a8d8120f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce7f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c06200000001000000200000008d722f81a9c113c0791df136a2966db26c950a971db46b4199f4ea54b78bfb9f1400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb5748501d00000001000000100000005b3b67000eeb80022e42605b6b3b72400b000000010000000e00000074006800610077007400650000007e000000010000000800000000c0032f2df8d60168000000010000000000000003000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b81190000000100000010000000dc73f9b71e16d51d26527d32b11a6a3d2000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 5c000000010000000400000000080000190000000100000010000000dc73f9b71e16d51d26527d32b11a6a3d03000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b816800000001000000000000007e000000010000000800000000c0032f2df8d6010b000000010000000e00000074006800610077007400650000001d00000001000000100000005b3b67000eeb80022e42605b6b3b72401400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb5748506200000001000000200000008d722f81a9c113c0791df136a2966db26c950a971db46b4199f4ea54b78bfb9f53000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703010f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce0400000001000000100000008ccadc0b22cef5be72ac411a11a8d8122000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	installer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe

description pid process

Token: SeDebugPrivilege 3152 50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe

pid process

3152 50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe
3152 50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe

description	pid	process
Token: SeDebugPrivilege	3152	50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe

pid	process
3152	50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe
3152	50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

64799b0477c20276f1f2a0c940aa851b_JaffaCakes118.exeinstaller.exe

description	pid	process	target process
PID 2332 wrote to memory of 3432	2332	64799b0477c20276f1f2a0c940aa851b_JaffaCakes118.exe	installer.exe
PID 2332 wrote to memory of 3432	2332	64799b0477c20276f1f2a0c940aa851b_JaffaCakes118.exe	installer.exe
PID 2332 wrote to memory of 3432	2332	64799b0477c20276f1f2a0c940aa851b_JaffaCakes118.exe	installer.exe
PID 3432 wrote to memory of 3152	3432	installer.exe	50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe
PID 3432 wrote to memory of 3152	3432	installer.exe	50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe
PID 3432 wrote to memory of 3152	3432	installer.exe	50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe

C:\Users\Admin\AppData\Local\Temp\64799b0477c20276f1f2a0c940aa851b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\64799b0477c20276f1f2a0c940aa851b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2332

C:\Users\Admin\AppData\Local\Temp\nsq60DA.tmp\installer.exe
C:\Users\Admin\AppData\Local\Temp\nsq60DA.tmp\installer.exe 50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe /t /dT131920201S /e5367142 /u50d1d9d5-cf90-407c-820a-35e05bc06f2f
2⤵
- Checks computer location settings
- Executes dropped EXE
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:3432

C:\Users\Admin\AppData\Local\Temp\nsq60DA.tmp\50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe
"C:\Users\Admin\AppData\Local\Temp\nsq60DA.tmp\50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe" /t /dT131920201S /e5367142 /u50d1d9d5-cf90-407c-820a-35e05bc06f2f
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821

Filesize
95KB

MD5
521d449e191aabb7e264de9fa8d0abc8

SHA1
30b0d9cf16a3a75d45b453a20856aef65bc402ad

SHA256
6aa200a5a0143559c788759ca82003dc0c38ffe582c430153a28d0e430585cf8

SHA512
4febaf19c283ce9389e092a7209b0b8b519e8c39cfdd3c1388ee70c6eed4d867aeed5daa9cac25739787dbbfa44e306129d9a6e43eb9ffdec246df1d98e54dea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B

Filesize
604B

MD5
5a1ab1871c1dd0bbe715482943c74be6

SHA1
da4ce17e39abb581883120980f00a91cb029127c

SHA256
5fab31aa7540eaebb07d0315e540564b06d612b4b4eb3f2a645fd86a59e6b37c

SHA512
88d80e7ffc33aadb7e28363aad82f51e78bc09ef3ef193a7acb867c825bf633b04bb623796e699262c2f1b40f339bc5277b5520f17d87b2d1f6724288330545d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9

Filesize
5B

MD5
4842e206e4cfff2954901467ad54169e

SHA1
80c9820ff2efe8aa3d361df7011ae6eee35ec4f0

SHA256
2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e

SHA512
ff537b1808fcb03cfb52f768fbd7e7bd66baf6a8558ee5b8f2a02f629e021aa88a1df7a8750bae1f04f3b9d86da56f0bdcba2fdbc81d366da6c97eb76ecb6cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821

Filesize
202B

MD5
c229becdfd231a4f1d5596318733a76f

SHA1
bd5943d817a50b0bb780dfac065d56352a2418b2

SHA256
8be4822245b27e488e7abf793af6e042dfdadfe92da353808801db02ca6eb21e

SHA512
55ccf63783f3b3e603cc5f19a09b89122b11976439c8c1ed836c58169f627d9fdb69601c2247949ad2b77518e1dbb10a76af0eed3562023e803fa94d9a59190f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B

Filesize
188B

MD5
d38299565caacb74cd95fb3ba6051edf

SHA1
0d7bbdd88826f0da94d4cdb64460be4b6d17904a

SHA256
427a62d26e202e5d642b905c37e145882543d2599335b9c6db26afe0a96e0841

SHA512
40693d6d4e52d67e4c99349a2499b93e303ab4054a4a1ada2069c2ab0f9748ceab4a4daecfa79815f3e152512dd771db0844840c227f5913e39858977740609e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9

Filesize
404B

MD5
e167360445859ba11d61c8179a4d2b00

SHA1
0d84d391457f78a30b439b71bd042d4e156b22f0

SHA256
4c992d76095bce21a6328dde3d2d8bf133f9215a17b17d465b56ba7d3188fdce

SHA512
c9fc317042f4360cd7ac1f460cea53fadf607c5726c91d8798452c1d45e59336ab515b38b4883b6c92cb926e85caf8e3e880a329662f118199a11e4fccef73df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959

Filesize
482B

MD5
c0541c60a457e8f9b6bd5d2e446b1e94

SHA1
56e3569e054282d29e982107d61ffa37a298bb28

SHA256
12da124ad1a95b2c56237e7f05455d3263a1cc05f85b9a3291634eb182c6f65a

SHA512
6b14af5f5831d862b77bf16680ac9dbc00944c9391132d295cc206003f406b2643ac1eef7919f4a0ff87822c687177a8b7f17a02c011bfe5a3c5685901c16573

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq60DA.tmp\50d1d9d5-cf90-407c-820a-35e05bc06f2f.exe

Filesize
256KB

MD5
6e68cf541f031c7de9da6ec8d86862aa

SHA1
115f143b5f585a27006159dc1b2d4d23a7af5295

SHA256
d1763b911eebce060a4c479190e83ff5747f5e75f938fb1cb23d5fcaba249e35

SHA512
022af872f2343293a0d71c6cc3ca3f13001ce7ad8e04cf740b75574272cad1dcb40a97a0e860082e7080a69a0367438728f1983317349d5a33ca969c3d877de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq60DA.tmp\installer.exe

Filesize
214KB

MD5
7cf3bce5ecf2aea97b49e2eba8ca0aba

SHA1
543f5fc23df08f946488d27b2fb16b13b6311d1a

SHA256
7358afae03a24b31c0d82ee4e5fd2f17cafe6c3bdd8e26326aa4118f2169f736

SHA512
5f9184189940af27e25ae2988db8d15923dac81b2410c5fe3287f126fb50df43735fccb4e4d9f376e9f24700604c157aa1828622dab54014d9583a56ab698d8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq60DA.tmp\nsExec.dll

Filesize
8KB

MD5
249ae678f0dac4c625c6de6aca53823a

SHA1
6ac2b9e90e8445fed4c45c5dbf2d0227cd3b5201

SHA256
7298024a36310b7c4c112be87b61b62a0b1be493e2d5252a19e5e976daf674ce

SHA512
66e4081a40f3191bf28b810cf8411cb3c8c3e3ec5943e18d6672414fb5e7b4364f862cba44c9115c599ac90890ef02a773e254e7c979e930946bc52b0693aad7

Download Submit
memory/2332-30-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2332-1-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2332-73-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2332-31-0x000000006E940000-0x000000006E948000-memory.dmp

Filesize
32KB

Download
memory/2332-0-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2332-69-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/3152-63-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download
memory/3152-55-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download
memory/3152-62-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download
memory/3152-54-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download
memory/3152-64-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download
memory/3152-66-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download
memory/3152-45-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download
memory/3432-11-0x0000000073EC2000-0x0000000073EC3000-memory.dmp

Filesize
4KB

Download
memory/3432-12-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download
memory/3432-58-0x0000000073EC2000-0x0000000073EC3000-memory.dmp

Filesize
4KB

Download
memory/3432-59-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download
memory/3432-68-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download
memory/3432-13-0x0000000073EC0000-0x0000000074471000-memory.dmp

Filesize
5.7MB

Download