05a4949f77cd842b429d4c1a9ee75542a1f678b098bbf24d3a3e3083ce8ea4af

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 18:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe
Size

152KB
MD5

0f265ed761e9bee819556a384bb24fd9
SHA1

a3b0d2cf14cedd462f57054c1733a2d3c6bd4a32
SHA256

05a4949f77cd842b429d4c1a9ee75542a1f678b098bbf24d3a3e3083ce8ea4af
SHA512

14f7dd0d59e64462e0222e81d4c30bfc8c2dce675c7347b797c744c398e458d4883c7867d488040adb5469ea3358af01bbfc11453bcb63772c5efd98d875a448
SSDEEP

3072:uKbgf6chiVZF+zVB5v3kxq5IAmsMlAErPKzhZ9r:u/f6jF+z3IAmTC31

Score

8^/10

persistence

Malware Config

Signatures

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\aec.SYS	rundll32.exe
File created	C:\Windows\SysWOW64\drivers\AsyncMac.sys	rundll32.exe
File created	C:\Windows\SysWOW64\drivers\pcidump.sys	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 64 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IKQQta,gzg\IKQQta,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC3.EXE	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe\mcsysmon.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\`fceglv,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nktgqpt,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.EXE	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OaRpmz{,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qcdg`mzVpc{,gzg	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe\AgentSvr.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe\MPFSrv.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IRDU10,GZG\IRDU10,GZG = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fgducvaj,gzg\fgducvaj,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaqjkgnf,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zamooqtp,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcinsupd.exe	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe\safeboxTray.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\ekrn.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe\RavMon.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctr,gzg\ctr,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaoqaqta,gzg	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KavStart.exe\KavStart.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PctVcqi,gzg\PctVcqi,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OrdQpt,gzg\ORDQpt,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe\Mcshield.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctr,gzg	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qcdg`mzVpc{,gzg\qcdg`mzVpc{,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iocknoml,gzg\iocknoml,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\avp.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PctOml,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PctQvw`,gzg	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pvtqacl,gzg\pvtqacl,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fgducvaj,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PctQvw`,gzg\PctQvw`,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe\Rav.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe\McProxy.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OaRpmz{,gzg\oarpmz{,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Oaqjkgnf,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ITOmlZR,IZR	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tqqgpt,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe\ccapp.exe = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pct,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OaLCQta,gzg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oarpmz{,gzg	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\`fceglv,gzg\`fceglv,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccEvtMgr.exe	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zamooqtp,gzg\zamooqtp,gzg = "C:\\Windows\\system32\\svchost.exe"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe	rundll32.exe

Executes dropped EXE 1 IoCs

pid	Process
2800	~Frm.exe

Loads dropped DLL 7 IoCs

pid	Process
2908	rundll32.exe
2908	rundll32.exe
2908	rundll32.exe
2908	rundll32.exe
1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe
1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe
2672	svchost.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\updater = "C:\\Windows\\system32\\updater.exe"	~Frm.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\killdll.dll	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe
2908	rundll32.exe
2908	rundll32.exe
2908	rundll32.exe
2908	rundll32.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found
480	Process not Found

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2908	rundll32.exe
Token: SeDebugPrivilege	2908	rundll32.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2908	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	28
PID 1948 wrote to memory of 2908	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	28
PID 1948 wrote to memory of 2908	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	28
PID 1948 wrote to memory of 2908	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	28
PID 1948 wrote to memory of 2908	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	28
PID 1948 wrote to memory of 2908	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	28
PID 1948 wrote to memory of 2908	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	28
PID 1948 wrote to memory of 2800	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	29
PID 1948 wrote to memory of 2800	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	29
PID 1948 wrote to memory of 2800	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	29
PID 1948 wrote to memory of 2800	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	29
PID 2800 wrote to memory of 2672	2800	~Frm.exe	30
PID 2800 wrote to memory of 2672	2800	~Frm.exe	30
PID 2800 wrote to memory of 2672	2800	~Frm.exe	30
PID 2800 wrote to memory of 2672	2800	~Frm.exe	30
PID 2800 wrote to memory of 2672	2800	~Frm.exe	30
PID 1948 wrote to memory of 2760	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	33
PID 1948 wrote to memory of 2760	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	33
PID 1948 wrote to memory of 2760	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	33
PID 1948 wrote to memory of 2760	1948	0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe	33

C:\Users\Admin\AppData\Local\Temp\0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0f265ed761e9bee819556a384bb24fd9_JaffaCakes118.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Windows\system32\killdll.dll killall
  2⤵
  - Drops file in Drivers directory
  - Event Triggered Execution: Image File Execution Options Injection
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2908
- C:\Users\Admin\AppData\Local\Temp\~Frm.exe
  C:\Users\Admin\AppData\Local\Temp\~Frm.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Windows\SysWOW64\svchost.exe
    "C:\Windows\system32\svchost.exe"
    3⤵
    - Loads dropped DLL
    PID:2672
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\_undelme.bat
  2⤵
  PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_undelme.bat

Filesize
304B

MD5
a87f581d05f37375694bbc5c58549e88

SHA1
bf943a429ef510010360cbd2313d3239a170d162

SHA256
372e0f2322a9bbbbff92883100b3e8351952c0ee371af3a0b1e5cde584b6ccb1

SHA512
aec7b46587c67817ba25ca1e9ff5482b64044be7b10fb6406ef667990b6280b859afef6aafc0b20eba85e3df892f3c6e01ec9a55005c6f54fb0d6ed0ef72e56d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp.tmp

Filesize
2KB

MD5
4af06c38fbccec16d3d778a72bc41db6

SHA1
d29ba8a90778d9fbbc8b3b0f3769eff493f9e7e1

SHA256
db624947a0c52e5dda2a7bb2297758b351ad744aa77ff991eb6dd8c451ce2e66

SHA512
f3a6e1e1ce67b0d66fe81ec85183f9a56ff58b686095286b5037326a105cd2c978abd11616672b5e483cb3f0e86471e81c71ad192c3d75844d65a1d408dc613e

Download Submit
C:\Windows\SysWOW64\killdll.dll

Filesize
60KB

MD5
9bfccf1209fc2783a5fc01daccd00767

SHA1
7acb3faa41b2f765b16417b387e37cd7a18b3d0a

SHA256
a27155927d97fab4da6c74920b3ab3b567d951a16f00daf6fa237dea9e7ff407

SHA512
cb32412937596fc2b7b939238390e1a27d433f30a219136fe134cb3fb4e112ec14445988470853140607642a430ab1e508a0a984ee87d7d48b292497ea681907

Download Submit
\Users\Admin\AppData\Local\Temp\~Frm.exe

Filesize
13KB

MD5
f34061a0f78b3b963b632b481a8f27b0

SHA1
389c56ce168e5147d2394fc907c8bc6bc74522fd

SHA256
3608325eab44f63101e994ab936ee05434658550faea47b48e731ef2e8185cbd

SHA512
d466c5bf5e93409b90e61361b607d140dfa0b77caa0964aef81f08bfb29ecbc0f6dfcdc99fef65b7033c84a3bce264c5b813693a2be38e259560eaac00d5b424

Download Submit
memory/1948-10-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/1948-2-0x0000000000220000-0x0000000000241000-memory.dmp

Filesize
132KB

Download
memory/1948-4-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/1948-3-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/1948-0-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/1948-9-0x0000000000420000-0x0000000000421000-memory.dmp

Filesize
4KB

Download
memory/1948-7-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/1948-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1948-48-0x0000000000220000-0x0000000000241000-memory.dmp

Filesize
132KB

Download
memory/1948-5-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/1948-1-0x0000000000220000-0x0000000000241000-memory.dmp

Filesize
132KB

Download
memory/1948-38-0x0000000000220000-0x0000000000241000-memory.dmp

Filesize
132KB

Download
memory/2672-37-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/2672-34-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2672-51-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download