systembc | a8bf7dbcfe29c3c9c0bed1be3cd9cc2935e2bf60313c5721e37fbad5048f67c6

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exe
Size

2.2MB
MD5

8cea9bc30046ce76a8d9d211206b9197
SHA1

408b79f4b244be9e288efe7185dc915aaf4a9cbc
SHA256

a8bf7dbcfe29c3c9c0bed1be3cd9cc2935e2bf60313c5721e37fbad5048f67c6
SHA512

95d2b4117ec60f1b0d1611e742da358d77e1488a66e5f87105bb0b1e71ba016e3e153769d51701a47bd8ca85ada38150ee50e7edfc77e1a352a867399d27dcae
SSDEEP

24576:gUHmsocCmYbx4wLMR+OXY0WvY0WvY0WvY0WvY0WvY0WvY0WvY0WPY0WvY0WvY0WI:xGkYbx4wLMR+d7c

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

spexblog17.xyz:4044

admstat45.xyz:4044

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 1 IoCs

Processes:

hxgm.exe

pid process

18200 hxgm.exe

pid	process
18200	hxgm.exe

Drops file in System32 directory 2 IoCs

Processes:

8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exehxgm.exe

description	ioc	process
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	hxgm.exe

Drops file in Windows directory 2 IoCs

Processes:

8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exe

description	ioc	process
File created	C:\Windows\Tasks\hxgm.job	8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exe
File opened for modification	C:\Windows\Tasks\hxgm.job	8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exe

pid process

1884 8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exe

pid	process
1884	8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 18232 wrote to memory of 18200	18232	taskeng.exe	hxgm.exe
PID 18232 wrote to memory of 18200	18232	taskeng.exe	hxgm.exe
PID 18232 wrote to memory of 18200	18232	taskeng.exe	hxgm.exe
PID 18232 wrote to memory of 18200	18232	taskeng.exe	hxgm.exe

C:\Users\Admin\AppData\Local\Temp\8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1884

C:\Windows\system32\taskeng.exe
taskeng.exe {A5F57D6F-F3FD-482A-8103-2B0D23FE445E} S-1-5-21-3627615824-4061627003-3019543961-1000:SCFGBRBT\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:18232
- C:\ProgramData\nvbf\hxgm.exe
  C:\ProgramData\nvbf\hxgm.exe start2
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:18200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\nvbf\hxgm.exe

Filesize
2.2MB

MD5
8cea9bc30046ce76a8d9d211206b9197

SHA1
408b79f4b244be9e288efe7185dc915aaf4a9cbc

SHA256
a8bf7dbcfe29c3c9c0bed1be3cd9cc2935e2bf60313c5721e37fbad5048f67c6

SHA512
95d2b4117ec60f1b0d1611e742da358d77e1488a66e5f87105bb0b1e71ba016e3e153769d51701a47bd8ca85ada38150ee50e7edfc77e1a352a867399d27dcae

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
159KB

MD5
7a371f471adea03851cadc605ac62781

SHA1
68398e22743e2b16b8b9f46b785a29d6ce8191fb

SHA256
30f4811131a305072c62a8604b4b6987d42a6f83c7e2fb6aa8be578131e50743

SHA512
46b70cb5b2091dcd8aaaaf1bb43b6d5ffcc7b2d851966410cbe964f22cda2bfeb0b3b82806b5989ec5cb16e480c5d7081f453ef4a04483e8d93ba2c84d6b13c3

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
195KB

MD5
a0a7e2ae9ec98c05a5f52b6a21ff687d

SHA1
83b736aec8b45c252b21fc7633b89234e4d9ca44

SHA256
45a9726dc99eff2cf3ef89813462dde3b937364abe374b1b32f5cef5ed50d8b2

SHA512
1a5dbfb4e6deca29a1d8a8c75630f6ad321663699d5fbfa15b615f98ccb87ebbbb312f74d479ee48bbf7f826abe0273effb294531f765c59d16af57ed2edf624

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
10KB

MD5
85f6102f4f82d8da070be8da26bf3fe6

SHA1
a332c99f2218db94e9d5cd1999154e8e3444c504

SHA256
703c3ee9ef89a888d6af17876fed9d3b322c967fce3b3b55d8f358617dcb7bdb

SHA512
6a6f50292665d5f88986c6712d6ad0705a91fa5e369971dae3424753a5fb4d1771b30c1fca7e73bfcf259ec8689cd23c59df55ee527a7af175562ad021cb8b28

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
153KB

MD5
547f1796ab2d214b11747fbb66c217f6

SHA1
d7153ba233df7c742b35f2120a6955177b7b7add

SHA256
7684915a29d38fa334de0815650eec8d14ca725e2b215c6f7f51320ec444d549

SHA512
e3981799fcf3d7a3a9dcc08f58dc9c3185fb178a9864a73f6f075d89a7ef689758b218fe8c6f11ecb63e713e74f3459f4361c128a8f113ad1aaec71ddcfa88b3

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
99KB

MD5
4368290150127549b2fe7ed7ff63052b

SHA1
ac9c23e82542cc32b634c43f7f474996cdc51a8a

SHA256
695775837e36e7f2e5782bc25a2ae0d27694997c10f99a910eea53bd97215590

SHA512
073661fa5a8d06dba9a800ff66a85f753ca320590ddbcd34e9758d98e44752638e4991e87f8d33ff747175859566e238abb3352ef49364050ad9f368028a4110

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
144KB

MD5
b146342f86a0c2919d3be88739b13182

SHA1
54f14b729932f8075f95ff0a41135427d5c401aa

SHA256
41edba86fdfd66632b439e1f79a968e102f96f38d041ff5fc75f7e7c4917568d

SHA512
5bb9fa0c957c9fca5cf86245aaf323fcfc34458d23d61b821bc464367ed153b8b4a06065824f5caa923352e1aba39c463c97152aab19ebe41fb9b7078150aa38

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
76KB

MD5
0005c74c5a08b6de137890034043a1ce

SHA1
0e5e67ff2727812c13adcad235d34c7263cd2346

SHA256
7ff20e4bbe113160e9d95c225ebb948de4c41087fc3cc650f142f5f1f0f44bbc

SHA512
232ddee56435e6a9258e8dd47b0a384d61c1b4109c52b85d2221dc8e76b85dd318aaa86c3675d99eb819f8cb8d8e54f7e57215d0c7e6c7fb112dd2d37caa1124

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
2KB

MD5
39bb3bfbd29d5f117e31d5a692082be8

SHA1
dda700859e123108b72d60da3a936bc5bbe9891f

SHA256
db3ed2242fb00191dcfb302fbc992d2eac02498829a64e0f58d357dec59b1b53

SHA512
d63fa121c87ad3548083c2649afcfb568eb4ca6297c089f1373a8052487780cb6969068b54d21691cab95f1b502dd56ec6035055bcf8ab7ea0f75d1e87be6d95

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
97KB

MD5
e9bc5793545a667d3c4974139a95cac5

SHA1
d9049a6035b6fef4a684b79cf837cc3d14e11c8e

SHA256
061a525f68e09da34b372fd5517c7a8cd56e3db96b9c5017ef36d6b318e9e2f9

SHA512
9ea0c1c8fc8764919ee609b7bb036249d102f05684679118c893fe89e423f620ddc290cb57acae4c7d2a24566c31a7585b1a2e51de1cd1437b02e927cc43ccb9

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
148B

MD5
19ce0b77791e85dfc77e2cfb5442fb38

SHA1
59c4e67566d66d6b3dcf595e9404c72ef5111b3e

SHA256
1357fa3111a705dc0f798a379fa0040859ca594c65f901c99d3af4d1c8ed9c65

SHA512
810b599733e87b339967f52f1cb9a2eeb26656ed8d8200726204b9c0d21d8d809e74a20aa8946ed420602d0f6295251bcc75d5a1d2a652853a79104328e8b398

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
3KB

MD5
47adf630832bbf40d083fab0748a3d03

SHA1
f8a83b16e4e163b6b8a98af59666a13c4a296501

SHA256
073fbbb95d41da9e0e3ec52c8ea085380ffd3cf0192440d80ff630d3563ade36

SHA512
303baa09570b91d647fcbdfd834056f94398f8c1fb16d551ca139236137238f2c2f036cbbb71b09ad0ecfdbc1cd36178bd8dd24319d57d86729d02aea8180eae

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
4KB

MD5
a36303ad87ab8f56b058368bca3f0d51

SHA1
2772dafdb6cdb5e953e0c9e63d49237ad4bf5a81

SHA256
d733c16995e60378db8efdf8cd03467092119d7f5fc817b9c627c7c56d02fbe4

SHA512
ae2fc621b3130ebf2c2c4f0462d66c28c65c97c328a1cef7b65f78df31260a956b61355fbbe6cc3a43a66eb6608dc1ec01351ca28ce7dd21ff936619811f3a6f

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
85KB

MD5
077b0d88411c59c612fef3a7ce78289e

SHA1
515f4e19d5c15f406b9578597c2ef9c4bb9b20c5

SHA256
3e319e56c1b9cb0c01d15fb0169fe0ee1ab22547af1104771b74fc2525e7c5c7

SHA512
8c165f33d3e92981c67396fa4925b9b9c7f2df77bdfab420f16bfc0363341f2c2923be3460ebf27f696b8e0b90626558fc33fc96f55ed30b9917a93f2fbf0ca8

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
4KB

MD5
89e898f5c9eca72d4e0632ddaeb44620

SHA1
e3e47f5f991d0ee42975f0a74c8c3baefcdef15b

SHA256
b5772fc031888f6097d4e8e658ddbdab95e36f44404f8ca810b040a8f2ff07fc

SHA512
709e09af8fe8d5ec8188b0d639b7d69163ee007feec3450d29c8be46b1a6be6d6b6253811567c5bda138bc8c560365ccfd8714037567ed2de80acadb408aa66e

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
22KB

MD5
5d66070acfb70953c8713ceddd8f5d10

SHA1
9a8cafbb595e6972a6d063d7c7e1bf082ddbc0c8

SHA256
f306d9b046199fac9cad93564eba659ba48b3682910f723b4a6a630a8a222117

SHA512
c797d84628e58e14a3e310f7b8a559aa9b7110aaf3c2f6a36de5512df7e30d0527de32487511023175f5bfe6f0bb868ed4027b5dead951d88d6c46dba359a87a

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
25KB

MD5
d2cc6d83fc503f137f294cc6ba985a3e

SHA1
6dab73e17da895d8da50e664bd14b5d4d0efb892

SHA256
0541da9245f9f3c5da3c53ba39876b5ec75ae1c5570b74651f6a2ce3871d2910

SHA512
f11846748a8e6b9d8fb757f9df4b8302f6dc9243e96f07badac759a3754823e3ca6cac69006269119357763137672fe156e89f342123758cfe0f434e4b7e1955

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
93KB

MD5
8b6583f08e3b0eb9400306230154c6f8

SHA1
1b4de1004741da1aa94e9a15fbaf080ce3703472

SHA256
5e87ea471516eb7e4105ab24c3690915aa97aa1ac2ce4b5c954909a8a9fa0905

SHA512
3aae025ed13d745c0d0fe79fefb9fe52e4c563ad0fac7567211b44f4f8e823b0bab43a6a647a7cda8970629a51968349357f9a6311cd22d836a6bb53ea67b483

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
13KB

MD5
f48ca88f720f995b71d61b10602c4d39

SHA1
f83b48ed06c09fd67ac90887c52341d007a78e8d

SHA256
7bae94db36115b5edcf4a48d4c7c88951bebd6306b9ba4d6d8c1593e2f05a1e3

SHA512
d0cf8b998256955369f0ff69465700c0b8b946e95a02ae36d3f20a7dd824d684c60395838e5816663ef16334551fbbcfb41bf3c3c34f48fb0cfed7085760ec56

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
2KB

MD5
9b7837cb36f1f4e77b53cdffe216293a

SHA1
64ca264dcb22eaabaaff22c0a4eb74523729badb

SHA256
5e33252c434a00f3a1959a02016b6e13a471e2d14fabf5d4e2c69f6fc48b40f3

SHA512
3d62953ac161c90fb23717578be8654543210a9c1fc800b58796f3c8b63623bfd66294ac8e2f4b5f5eba7722a67408ee46fd298669a6df49a20d17e13368b991

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
4KB

MD5
86d33cb4dfe7c5066a4db51cc9022508

SHA1
50bc5767fd0501c496d121dbc38811866ddcd0d9

SHA256
6e9b9153a6ca34a61ac0c99798f603c19b42da1630545aae69797a19f374d35a

SHA512
8c6b4c75702e1bd5c6a901da8df55bbe6102dc049bfa408859eeb67469b478024ee992b5c001c3e09d83ae7beddc8b98c6394882e7a31b9538a419c0ae5915fb

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
2KB

MD5
4a88c0050a7e6cec74ae083e15dcc055

SHA1
06c75fb5eaa907d42b80c2ce8d04a72aaca7f2b3

SHA256
a31cf86ac4634987be19d3f710bce8461a317e012d6236edbd63d2634aa364c0

SHA512
8ed447ea443942bcc853d06db1c87d5eaabf5b5f8661710d572d19245da7681edfeece0d296717ec595f873a2dbf192bc66521b5f6edd45b8e0cc48cf5ab6c6a

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
4KB

MD5
3311f8b88e35e0c2e4e3cbfb43cff729

SHA1
aa1262d61fee224a0a68fc5c44778eaf784c69d8

SHA256
4479f3f58601f1d729e3efe5ce7ec9881b2477d7cca3f207f56556d0b8e6d11c

SHA512
29609db621afa84cddf9f34d8b63450e417ff44a83961d58e198e279c2d131632eb9edacdbe3ec763fa2db9201500dbf6e01ece7482a6154fd263d5b21b5525b

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
15KB

MD5
d911332322a60aad2900d4502ef2a244

SHA1
c84ed1f9deb0b77d817d4ccdac786dfcb14d3c03

SHA256
d84510b114a159cbec5e0169f6a3d8ab6b1b229830a22fd68c90b9fc7e8dd834

SHA512
2ea52d351dd09680eeb22095cfc52b695a626686e89d227d48ba62eef21c21d6f1b1152244b4c81aced7c2655ec439d90205b13296b8ece4f45210733c8d0f12

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
30KB

MD5
5b2fc3f9717f72233e7373e694a7276b

SHA1
4e5ddc77205e1350fb97e9a2dbd76ece16fa4f0d

SHA256
0cfd43f91ed35c4add5b6c7f0699a9efc30adad6bfc6f4622157fc90e6352b73

SHA512
7d622b1fb2b781a01720eb52c8bfc2b515c4fe5c6d19c2a856b26c0d15697d684a6d3f8ad80cff3b130f2b00a216313fe9a6fba784ad2037e7eaf3f29bee7780

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
3KB

MD5
34bd163558a9bec01027aaf7b455c272

SHA1
12b39b31e0ae46bef2dad928ab3890f888870f03

SHA256
0cea906a038a097ad08a3649a8b2bd936881e5c37775b3ff4fe7bdb9f1d89574

SHA512
ff92fec3137a7f4fe2463420a081e51b3cd2b3922941d48fcb8e6c5f9f0ae39b920f0d1872df42c673952dcd1c53a94f7b50acd13b78055e941a6dcbfa644931

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
5KB

MD5
2129855f7fcc4565097a44dcb3e608f1

SHA1
41e860962229541458600b374828f8a8e9ae4687

SHA256
e58d2c480e90b48727ec5fe98be7f664a1bff8a594b13447b27cd1db298adc3a

SHA512
db50b35bec6dbaafa280dde0b784d190f9f9777c8d22fd8d528829971b5b23fa76300085c42bf68c24d6c48f7f15da43589797e2434bb8ee31faa4ad5ce7fe68

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
148B

MD5
a05cde45b44b66ef5bd22dea91211358

SHA1
9e87f747b33a6b0899ffb27399b1158540772060

SHA256
832cbda028da8d2630f827cd7e604c13560094ec08fdb5bd1c4cf4f3303126cb

SHA512
a4076aee2aed02493b19e94a59f8cd15ddc1f7086663836e4e448f77bb1fe1d62b5c04d448dcf39361af1eb9ee7455b416cb2fe841cf4a3cca53faf4ad9083de

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
4KB

MD5
68df7c570a39338bc18e3e2a058ba602

SHA1
68bc7eabc6a3a52f944a4897818457028007c20f

SHA256
443c10a085b0522d6276020df341c53f5a4c2b00105090abc933864aa41e710d

SHA512
581fd792f9bec6738ae802085a7713331891478ebf0b9eca89f094ce46c78ca5a2be66824386a3a4cfaa5dfb30b7ee926b8eb497837e489e754bd2b68aec3954

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
17KB

MD5
d456a0e676f4149446b326c4c9d359cf

SHA1
4a7c3ad345d7cdf9beeb093c869ec9d7fd242f3f

SHA256
e500889b7b4501321dcbd195820c74724e8d39451147f9a7dbca9171770961a1

SHA512
8a348b36fa09631eb6269c9a2468758fc6681a19dc7e42711f35704d8152430945e918d01becbaba199d23c324a6adfaa6574fb32a6ad915e622de0577a2a751

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
17KB

MD5
7c006e16b85b100c7118b3f74983d84e

SHA1
8cbcf5f6fca0158a5bcdfb33f91e81c15ed7e6f9

SHA256
c370a1baa7edef22ddb5c2798d545b172db0e2405903d9161f6424ec26424d25

SHA512
8c10e8c546f0cacee09aab96f7960b1d8dd18965071232f96bbc32c0eb6c4959185d78df58123fd744951b01fa26b57e3ce824f787bf769ae2f3caadd08f124d

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
4KB

MD5
cde447ff83884399ae0b3251d500f3bc

SHA1
3b3ece5f683c0160f23720670c0e6854e0cae434

SHA256
235097e962818386b3f38bd078f00116c238ea5b1201ba390f0b62d4f4f7537c

SHA512
59292878b9aa33ea28c85df582ad0805d60673674b20320df0fcd74030e8bac5f1591c0f3f4b75c70027d1870f34e7428a40551d8200dbac7097738bd92a8dcf

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
101KB

MD5
d11a4e8fc1959a3081edadd71ea7c17e

SHA1
3724248bd8fa9fe2e744bf533a05bf76fd8b06cb

SHA256
8b0648be5d626ef81684dbed8489aa2e7ce93eeb047e7f84dbfaacf3550fd497

SHA512
c1efa5eb84a4b9acf1d7dbd41d117a743b8bafd3839e36e068dc13b7759ec4f11cecfec9ab7eb3b9b130c4a1ec77dbe83c7d75f3aef4fa0140d8044c1b0f9cf8

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
4KB

MD5
0e7a05568f456da23e1183013c5014bf

SHA1
54215bea3b21e886379029685aa3cc4d39356d88

SHA256
308c4df52e43c2852d139608b1c436109aa19dbcfca5f910e6b2a0836c291121

SHA512
14bc92200178c43db8b4bd5642517ad42f56bf5e0eb12c72d3b781abd890668bebb135415b1a8f4e0b2bff634484b9e14448c65c7f996bc8eb9bbd422f0e3c33

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
24KB

MD5
8ffd915f0e95ff2c403185b558fea3a1

SHA1
a0c53de11b00c6ee576f86778477bd61404a7f48

SHA256
e769b3e0f6a2a05e02e739a2c5eb0391e78f028a4f215fedcc75099dd50fa1bd

SHA512
7ed4218c9faf2a4c2daa1ecf10f6c8f14290d3b5bf47d6291048335f123c15927868c8b75bc1b1344ee3f35573d1fbd3cc4139e2cd5ccfc7aa006cc497c30a57

Download Submit
memory/1884-28647-0x0000000000690000-0x00000000006A8000-memory.dmp

Filesize
96KB

Download
memory/1884-28638-0x0000000000400000-0x0000000000664000-memory.dmp

Filesize
2.4MB

Download
memory/1884-28637-0x0000000000400000-0x0000000000664000-memory.dmp

Filesize
2.4MB

Download
memory/1884-28636-0x0000000000690000-0x00000000006A8000-memory.dmp

Filesize
96KB

Download
memory/1884-0-0x0000000000400000-0x0000000000664000-memory.dmp

Filesize
2.4MB

Download
memory/18200-57289-0x00000000002A0000-0x00000000002B8000-memory.dmp

Filesize
96KB

Download
memory/18200-57290-0x0000000000400000-0x0000000000664000-memory.dmp

Filesize
2.4MB

Download