547be9ca91b15b875a770be4ef3a8673946346710142c62f3b9475c121a00e0d

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 17:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe
Size

316KB
MD5

09fafe7d7d224818cf63384c4bb414ed
SHA1

d8a137fc145c22e536268e6f430e77dcf3fc0d8f
SHA256

547be9ca91b15b875a770be4ef3a8673946346710142c62f3b9475c121a00e0d
SHA512

765408b4042b3816072f05d43f68509cb4a699b3d459312fe7c637767e01f5157635233f7db408fc177da7bfcdaf03a30db62af165641baef373c22a72128bb7
SSDEEP

6144:v0WP9c/N2DCkpGXiOUlWao1IWmLbl3f6vB5MsJjC0DAU:v0Wa/N+8XuTo1Xql3fWB5bJe0Dt

Score

7^/10

persistence

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2960	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2924	enomob.exe
2700	enomob.exe

Loads dropped DLL 3 IoCs

pid	Process
956	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe
956	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe
2924	enomob.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\{F08D48C8-DA76-AD4E-F540-ECC2E1DBCFDF} = "C:\\Users\\Admin\\AppData\\Roaming\\Daukuf\\enomob.exe"	enomob.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2268 set thread context of 956	2268	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	28
PID 2924 set thread context of 2700	2924	enomob.exe	30

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	enomob.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	enomob.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	enomob.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe
2700	enomob.exe

Suspicious use of WriteProcessMemory 61 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 956	2268	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	28
PID 2268 wrote to memory of 956	2268	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	28
PID 2268 wrote to memory of 956	2268	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	28
PID 2268 wrote to memory of 956	2268	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	28
PID 2268 wrote to memory of 956	2268	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	28
PID 2268 wrote to memory of 956	2268	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	28
PID 2268 wrote to memory of 956	2268	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	28
PID 2268 wrote to memory of 956	2268	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	28
PID 2268 wrote to memory of 956	2268	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	28
PID 956 wrote to memory of 2924	956	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	29
PID 956 wrote to memory of 2924	956	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	29
PID 956 wrote to memory of 2924	956	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	29
PID 956 wrote to memory of 2924	956	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	29
PID 2924 wrote to memory of 2700	2924	enomob.exe	30
PID 2924 wrote to memory of 2700	2924	enomob.exe	30
PID 2924 wrote to memory of 2700	2924	enomob.exe	30
PID 2924 wrote to memory of 2700	2924	enomob.exe	30
PID 2924 wrote to memory of 2700	2924	enomob.exe	30
PID 2924 wrote to memory of 2700	2924	enomob.exe	30
PID 2924 wrote to memory of 2700	2924	enomob.exe	30
PID 2924 wrote to memory of 2700	2924	enomob.exe	30
PID 2924 wrote to memory of 2700	2924	enomob.exe	30
PID 2700 wrote to memory of 1184	2700	enomob.exe	19
PID 956 wrote to memory of 2960	956	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	31
PID 956 wrote to memory of 2960	956	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	31
PID 956 wrote to memory of 2960	956	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	31
PID 956 wrote to memory of 2960	956	09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe	31
PID 2700 wrote to memory of 1184	2700	enomob.exe	19
PID 2700 wrote to memory of 1184	2700	enomob.exe	19
PID 2700 wrote to memory of 1184	2700	enomob.exe	19
PID 2700 wrote to memory of 1184	2700	enomob.exe	19
PID 2700 wrote to memory of 1256	2700	enomob.exe	20
PID 2700 wrote to memory of 1256	2700	enomob.exe	20
PID 2700 wrote to memory of 1256	2700	enomob.exe	20
PID 2700 wrote to memory of 1256	2700	enomob.exe	20
PID 2700 wrote to memory of 1256	2700	enomob.exe	20
PID 2700 wrote to memory of 1304	2700	enomob.exe	21
PID 2700 wrote to memory of 1304	2700	enomob.exe	21
PID 2700 wrote to memory of 1304	2700	enomob.exe	21
PID 2700 wrote to memory of 1304	2700	enomob.exe	21
PID 2700 wrote to memory of 1304	2700	enomob.exe	21
PID 2700 wrote to memory of 936	2700	enomob.exe	23
PID 2700 wrote to memory of 936	2700	enomob.exe	23
PID 2700 wrote to memory of 936	2700	enomob.exe	23
PID 2700 wrote to memory of 936	2700	enomob.exe	23
PID 2700 wrote to memory of 936	2700	enomob.exe	23
PID 2700 wrote to memory of 956	2700	enomob.exe	28
PID 2700 wrote to memory of 956	2700	enomob.exe	28
PID 2700 wrote to memory of 956	2700	enomob.exe	28
PID 2700 wrote to memory of 956	2700	enomob.exe	28
PID 2700 wrote to memory of 956	2700	enomob.exe	28
PID 2700 wrote to memory of 2960	2700	enomob.exe	31
PID 2700 wrote to memory of 2960	2700	enomob.exe	31
PID 2700 wrote to memory of 2960	2700	enomob.exe	31
PID 2700 wrote to memory of 2960	2700	enomob.exe	31
PID 2700 wrote to memory of 2960	2700	enomob.exe	31
PID 2700 wrote to memory of 2540	2700	enomob.exe	32
PID 2700 wrote to memory of 2540	2700	enomob.exe	32
PID 2700 wrote to memory of 2540	2700	enomob.exe	32
PID 2700 wrote to memory of 2540	2700	enomob.exe	32
PID 2700 wrote to memory of 2540	2700	enomob.exe	32

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1184

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1256

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1304
- C:\Users\Admin\AppData\Local\Temp\09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\09fafe7d7d224818cf63384c4bb414ed_JaffaCakes118.exe"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:956
  - - C:\Users\Admin\AppData\Roaming\Daukuf\enomob.exe
      "C:\Users\Admin\AppData\Roaming\Daukuf\enomob.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious use of WriteProcessMemory
      PID:2924
    - - C:\Users\Admin\AppData\Roaming\Daukuf\enomob.exe
        
        "C:\Users\Admin\AppData\Roaming\Daukuf\enomob.exe"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies system certificate store
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2700
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpf60a704d.bat"
      4⤵
      Deletes itself
      PID:2960

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:936

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "2110728555928607859-569440799-205275541162861697520514861-1057179919-1316304204"
1⤵
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpf60a704d.bat

Filesize
271B

MD5
d0f9e0e058c901df820bb683991409fb

SHA1
dfd30436d79fd6a1b52dec5b280239d7bef94690

SHA256
6c2dc4371582f1992cb0883a7803fd5f6bc0405a436beace914bf58d100a581f

SHA512
72f42ecb596a86135c389be52cc095a593fb860ffb7cc3a83c746456ecc50794ae27189c95cd154ff97292c8e86bb899259653cf37ad41ada57c3ccb7dfc817d

Download Submit
\Users\Admin\AppData\Roaming\Daukuf\enomob.exe

Filesize
316KB

MD5
7a7fef44ddd137459997b78151d6ef46

SHA1
f14f8fddc284c076bf1b5308655cb76d3aa93063

SHA256
af6a57dbae70b5713d37c175e84b94f17d23b45bb8fde881328a942528209d99

SHA512
5141cd87c95cd63282c6ec0b22600c4b3ebb27c478ed5fd9ba8d22260acc7e5abeaf74202860691a01b0b9be4d90a22b960cdeece6e89782f6ee9918ea2f5e6f

Download Submit
memory/936-76-0x0000000000270000-0x00000000002B4000-memory.dmp

Filesize
272KB

Download
memory/936-73-0x0000000000270000-0x00000000002B4000-memory.dmp

Filesize
272KB

Download
memory/936-75-0x0000000000270000-0x00000000002B4000-memory.dmp

Filesize
272KB

Download
memory/936-74-0x0000000000270000-0x00000000002B4000-memory.dmp

Filesize
272KB

Download
memory/956-18-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/956-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/956-16-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/956-81-0x0000000000450000-0x0000000000494000-memory.dmp

Filesize
272KB

Download
memory/956-11-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/956-24-0x0000000001D40000-0x0000000001D94000-memory.dmp

Filesize
336KB

Download
memory/956-23-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/956-80-0x0000000000450000-0x0000000000494000-memory.dmp

Filesize
272KB

Download
memory/956-30-0x0000000001D40000-0x0000000001D94000-memory.dmp

Filesize
336KB

Download
memory/956-79-0x0000000000450000-0x0000000000494000-memory.dmp

Filesize
272KB

Download
memory/956-5-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/956-7-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/956-78-0x0000000000450000-0x0000000000494000-memory.dmp

Filesize
272KB

Download
memory/956-90-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/956-3-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/956-1-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/956-15-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1184-60-0x0000000001F90000-0x0000000001FD4000-memory.dmp

Filesize
272KB

Download
memory/1184-56-0x0000000001F90000-0x0000000001FD4000-memory.dmp

Filesize
272KB

Download
memory/1184-58-0x0000000001F90000-0x0000000001FD4000-memory.dmp

Filesize
272KB

Download
memory/1184-54-0x0000000001F90000-0x0000000001FD4000-memory.dmp

Filesize
272KB

Download
memory/1256-65-0x00000000001F0000-0x0000000000234000-memory.dmp

Filesize
272KB

Download
memory/1256-64-0x00000000001F0000-0x0000000000234000-memory.dmp

Filesize
272KB

Download
memory/1256-63-0x00000000001F0000-0x0000000000234000-memory.dmp

Filesize
272KB

Download
memory/1304-71-0x00000000024D0000-0x0000000002514000-memory.dmp

Filesize
272KB

Download
memory/1304-70-0x00000000024D0000-0x0000000002514000-memory.dmp

Filesize
272KB

Download
memory/2268-0-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2268-13-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2700-51-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2700-108-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2924-48-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2924-31-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2960-86-0x00000000000F0000-0x0000000000134000-memory.dmp

Filesize
272KB

Download
memory/2960-87-0x00000000000F0000-0x0000000000134000-memory.dmp

Filesize
272KB

Download
memory/2960-83-0x00000000000F0000-0x0000000000134000-memory.dmp

Filesize
272KB

Download
memory/2960-85-0x00000000000F0000-0x0000000000134000-memory.dmp

Filesize
272KB

Download
memory/2960-98-0x00000000000F0000-0x0000000000134000-memory.dmp

Filesize
272KB

Download
memory/2960-84-0x00000000000F0000-0x0000000000134000-memory.dmp

Filesize
272KB

Download