a02b015c595ee92aa45ca9e47ca14358a47d36d3ed394408c5b1690daa44aa83

Analysis

max time kernel
7s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
Size

1.1MB
MD5

1b8a7388c57cc01a6a04f4d4b0e1831b
SHA1

2de1b718adae93f11c2df36abacc68a9c8c5d09f
SHA256

a02b015c595ee92aa45ca9e47ca14358a47d36d3ed394408c5b1690daa44aa83
SHA512

38184e169fd2bc2e2e4af777a7b1fbf3f6adc7d391767412f6a7f147d7423f33edc72a6e63311b8d9c9f92fb8c593c8892c20da5301345cffda30a8fd348f86f
SSDEEP

1536:s3iBemo5PK+dTGq5X0u8iQHp1b48weg0GwMzQrzoN7xcncFlFSmm:bsFPVr59HqTM8Fg0GkcNanc/FSmm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
1648	MsSvc32.exe
2620	MsSvc32.exe
2756	MsSvc32.exe
1880	MsSvc32.exe
2644	MsSvc32.exe
2548	MsSvc32.exe

Loads dropped DLL 12 IoCs

pid	Process
1808	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
1808	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
1648	MsSvc32.exe
1648	MsSvc32.exe
2620	MsSvc32.exe
2620	MsSvc32.exe
2756	MsSvc32.exe
2756	MsSvc32.exe
1880	MsSvc32.exe
1880	MsSvc32.exe
2644	MsSvc32.exe
2644	MsSvc32.exe

Drops file in System32 directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WinSvc32	MsSvc32.exe
File created	C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe	MsSvc32.exe
File created	C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe	MsSvc32.exe
File created	C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe	MsSvc32.exe
File opened for modification	C:\Windows\SysWOW64\WinSvc32	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WinSvc32	MsSvc32.exe
File opened for modification	C:\Windows\SysWOW64\WinSvc32	MsSvc32.exe
File opened for modification	C:\Windows\SysWOW64\WinSvc32	MsSvc32.exe
File created	C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe	MsSvc32.exe
File opened for modification	C:\Windows\SysWOW64\WinSvc32	MsSvc32.exe
File created	C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe	MsSvc32.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1808	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
1648	MsSvc32.exe
2620	MsSvc32.exe
2756	MsSvc32.exe
1880	MsSvc32.exe
2644	MsSvc32.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 1648	1808	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe	28
PID 1808 wrote to memory of 1648	1808	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe	28
PID 1808 wrote to memory of 1648	1808	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe	28
PID 1808 wrote to memory of 1648	1808	1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe	28
PID 1648 wrote to memory of 2620	1648	MsSvc32.exe	29
PID 1648 wrote to memory of 2620	1648	MsSvc32.exe	29
PID 1648 wrote to memory of 2620	1648	MsSvc32.exe	29
PID 1648 wrote to memory of 2620	1648	MsSvc32.exe	29
PID 2620 wrote to memory of 2756	2620	MsSvc32.exe	30
PID 2620 wrote to memory of 2756	2620	MsSvc32.exe	30
PID 2620 wrote to memory of 2756	2620	MsSvc32.exe	30
PID 2620 wrote to memory of 2756	2620	MsSvc32.exe	30
PID 2756 wrote to memory of 1880	2756	MsSvc32.exe	31
PID 2756 wrote to memory of 1880	2756	MsSvc32.exe	31
PID 2756 wrote to memory of 1880	2756	MsSvc32.exe	31
PID 2756 wrote to memory of 1880	2756	MsSvc32.exe	31
PID 1880 wrote to memory of 2644	1880	MsSvc32.exe	32
PID 1880 wrote to memory of 2644	1880	MsSvc32.exe	32
PID 1880 wrote to memory of 2644	1880	MsSvc32.exe	32
PID 1880 wrote to memory of 2644	1880	MsSvc32.exe	32
PID 2644 wrote to memory of 2548	2644	MsSvc32.exe	33
PID 2644 wrote to memory of 2548	2644	MsSvc32.exe	33
PID 2644 wrote to memory of 2548	2644	MsSvc32.exe	33
PID 2644 wrote to memory of 2548	2644	MsSvc32.exe	33

C:\Users\Admin\AppData\Local\Temp\1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1b8a7388c57cc01a6a04f4d4b0e1831b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
  C:\Windows\system32\WinSvc32\MsSvc32.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1648
- - C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
    C:\Windows\system32\WinSvc32\MsSvc32.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
      C:\Windows\system32\WinSvc32\MsSvc32.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2756
    - - C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1880
      - C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2644
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        7⤵
        Executes dropped EXE
        
        PID:2548
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        8⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        9⤵
        
        PID:736
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        10⤵
        
        PID:812
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        11⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        12⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        13⤵
        
        PID:384
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        14⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        15⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        16⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        17⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        18⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        19⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        20⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        21⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        22⤵
        
        PID:824
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        23⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        24⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        25⤵
        
        PID:888
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        26⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        27⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        28⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        29⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        30⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        31⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        32⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        33⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        34⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        35⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        36⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        37⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        38⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        39⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        40⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        41⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        42⤵
        
        PID:812
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        43⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        44⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        45⤵
        
        PID:592
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        46⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        47⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        48⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        49⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        50⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        51⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        52⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        53⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        54⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        55⤵
        
        PID:292
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        56⤵
        
        PID:340
        
        C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe
        
        C:\Windows\system32\WinSvc32\MsSvc32.exe
        57⤵
        
        PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\WinSvc32\MsSvc32.exe

Filesize
1.1MB

MD5
1b8a7388c57cc01a6a04f4d4b0e1831b

SHA1
2de1b718adae93f11c2df36abacc68a9c8c5d09f

SHA256
a02b015c595ee92aa45ca9e47ca14358a47d36d3ed394408c5b1690daa44aa83

SHA512
38184e169fd2bc2e2e4af777a7b1fbf3f6adc7d391767412f6a7f147d7423f33edc72a6e63311b8d9c9f92fb8c593c8892c20da5301345cffda30a8fd348f86f

Download Submit
memory/292-201-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/292-207-0x0000000000550000-0x0000000000597000-memory.dmp

Filesize
284KB

Download
memory/292-202-0x0000000000550000-0x0000000000597000-memory.dmp

Filesize
284KB

Download
memory/340-203-0x0000000000550000-0x0000000000597000-memory.dmp

Filesize
284KB

Download
memory/340-204-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/384-77-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/592-177-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/736-56-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/736-52-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/812-168-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/812-62-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/824-120-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/888-125-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/888-127-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1112-137-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1112-139-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1216-157-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1216-160-0x0000000002650000-0x0000000002697000-memory.dmp

Filesize
284KB

Download
memory/1216-159-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1216-175-0x0000000002650000-0x0000000002697000-memory.dmp

Filesize
284KB

Download
memory/1220-82-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1256-129-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1332-122-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1428-164-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1492-162-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1572-150-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1596-136-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1596-134-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1648-15-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1648-17-0x0000000000490000-0x00000000004D7000-memory.dmp

Filesize
284KB

Download
memory/1736-188-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1740-183-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1808-9-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1808-0-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1864-51-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1880-31-0x00000000023F0000-0x0000000002437000-memory.dmp

Filesize
284KB

Download
memory/1880-32-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1980-89-0x0000000001E50000-0x0000000001E97000-memory.dmp

Filesize
284KB

Download
memory/1980-93-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1984-205-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1984-206-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2016-117-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2028-190-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2076-199-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2076-198-0x0000000002640000-0x0000000002687000-memory.dmp

Filesize
284KB

Download
memory/2084-113-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2084-96-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2180-124-0x0000000002540000-0x0000000002587000-memory.dmp

Filesize
284KB

Download
memory/2180-123-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2204-193-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2204-191-0x0000000002400000-0x0000000002447000-memory.dmp

Filesize
284KB

Download
memory/2204-101-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2348-141-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2392-179-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2496-155-0x0000000001ED0000-0x0000000001F17000-memory.dmp

Filesize
284KB

Download
memory/2496-156-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2496-154-0x0000000001ED0000-0x0000000001F17000-memory.dmp

Filesize
284KB

Download
memory/2548-40-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2548-44-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2612-152-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2616-146-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2616-144-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2620-21-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2644-39-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2644-37-0x0000000000490000-0x00000000004D7000-memory.dmp

Filesize
284KB

Download
memory/2680-143-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2712-186-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2712-184-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2720-133-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2724-73-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2756-48-0x0000000000490000-0x00000000004D7000-memory.dmp

Filesize
284KB

Download
memory/2756-26-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2756-27-0x0000000000490000-0x00000000004D7000-memory.dmp

Filesize
284KB

Download
memory/2792-181-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2840-131-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2848-166-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2856-174-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2860-86-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2868-67-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2868-63-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2872-169-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2872-170-0x00000000023F0000-0x0000000002437000-memory.dmp

Filesize
284KB

Download
memory/2872-172-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2932-148-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2964-194-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2964-196-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2964-106-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/3052-112-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download