ea9e2c811d6462fd2350fa37aa03a4630ffcac0ff860be645786118f7e52c8ff

Analysis

max time kernel
120s
max time network
131s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 17:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe
Size

573KB
MD5

3e4d9b3b196f759c2c5d349eebfbe590
SHA1

7ec95e2339f07a8737669e49fcb589b5cc1a0906
SHA256

ea9e2c811d6462fd2350fa37aa03a4630ffcac0ff860be645786118f7e52c8ff
SHA512

8a9b9a9cfadfeee0852f061923bf411bce040246ddb5d55415dc64bd008f3047386830e9c5a6e177f4913639a28fa50b02048008e61dd700143f544081567067
SSDEEP

12288:NaG7IryTkb8LXddt7FM72U6dZDS78oNCZe7sdJko84kCGUh15VRN/FuZrW:kG76yBLXXR29woMY0JdKUFlFuZq

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000017520-5.dat	acprotect

Deletes itself 1 IoCs

pid	Process
2640	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2148	BSClientName.exe

Loads dropped DLL 6 IoCs

pid	Process
1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe
1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe
1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe
1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe
2148	BSClientName.exe
2148	BSClientName.exe

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1244-3-0x0000000000400000-0x00000000004547F9-memory.dmp	upx
behavioral1/files/0x0008000000017520-5.dat	upx
behavioral1/memory/1244-7-0x0000000010000000-0x0000000010128000-memory.dmp	upx
behavioral1/files/0x0006000000018741-13.dat	upx
behavioral1/memory/1244-15-0x0000000001D60000-0x0000000001DB5000-memory.dmp	upx
behavioral1/memory/2148-22-0x0000000000400000-0x00000000004547F9-memory.dmp	upx
behavioral1/memory/1244-21-0x0000000001D60000-0x0000000001DB5000-memory.dmp	upx
behavioral1/memory/2148-28-0x0000000000400000-0x00000000004547F9-memory.dmp	upx
behavioral1/memory/2148-29-0x0000000010000000-0x0000000010128000-memory.dmp	upx
behavioral1/memory/1244-48-0x0000000010000000-0x0000000010128000-memory.dmp	upx
behavioral1/memory/1244-46-0x0000000000400000-0x00000000004547F9-memory.dmp	upx
behavioral1/memory/2148-58-0x0000000000400000-0x00000000004547F9-memory.dmp	upx
behavioral1/memory/2148-57-0x0000000010000000-0x0000000010128000-memory.dmp	upx

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\BSClientName.exe	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\BSClientName.exe	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\BSClientName.dll	BSClientName.exe
File opened for modification	C:\Windows\SysWOW64\BSClientName.dll	BSClientName.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\562a58fcde10384b8d46b5c89eedaf5d.dat	BSClientName.exe
File opened for modification	C:\Windows\Fonts\562a58fcde10384b8d46b5c89eedaf5d.dat	BSClientName.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{77A76E11-4077-11EF-9D58-7EBFE1D0DDB4} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Check_Associations = "NO"	BSClientName.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426968603"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2148	BSClientName.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
480	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe
2148	BSClientName.exe
480	IEXPLORE.EXE
480	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE
2916	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2148	1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe	30
PID 1244 wrote to memory of 2148	1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe	30
PID 1244 wrote to memory of 2148	1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe	30
PID 1244 wrote to memory of 2148	1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe	30
PID 2148 wrote to memory of 480	2148	BSClientName.exe	31
PID 2148 wrote to memory of 480	2148	BSClientName.exe	31
PID 2148 wrote to memory of 480	2148	BSClientName.exe	31
PID 2148 wrote to memory of 480	2148	BSClientName.exe	31
PID 480 wrote to memory of 2916	480	IEXPLORE.EXE	32
PID 480 wrote to memory of 2916	480	IEXPLORE.EXE	32
PID 480 wrote to memory of 2916	480	IEXPLORE.EXE	32
PID 480 wrote to memory of 2916	480	IEXPLORE.EXE	32
PID 1244 wrote to memory of 2640	1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe	33
PID 1244 wrote to memory of 2640	1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe	33
PID 1244 wrote to memory of 2640	1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe	33
PID 1244 wrote to memory of 2640	1244	3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe	33
PID 2148 wrote to memory of 480	2148	BSClientName.exe	31

C:\Users\Admin\AppData\Local\Temp\3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3e4d9b3b196f759c2c5d349eebfbe590_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Windows\SysWOW64\BSClientName.exe
  C:\Windows\system32\BSClientName.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:480
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:480 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2916
- C:\Windows\SysWOW64\cmd.exe
  cmd /c c:\duxjpee.bat
  2⤵
  - Deletes itself
  PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8c71f61a8009e43c7c46f1bba559435

SHA1
ef91106dfd943d134ac05fe0563bf24a8d470481

SHA256
00dbea3d6e2676c51701d9f36f3462f9caae6442a26607d905c0cee1390f94d1

SHA512
b7f686c5a531553a8aaa7a131c30dac9e084f821dc0c25ae40ceb5104729be9bbc6e99fd803ca15b1aff893c400f1d919353cee669ae7147f1af1bf965dc8357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66ff336cdebe7d46d975d3db7584c0cb

SHA1
323102f0f0ea19d89097bddf3b3bb234dbc143d0

SHA256
9e89db98260e61d3686319177f6002c15654c5ee3061ad044e03fbc9f02e3b74

SHA512
b432a815b7ae203908cff89758bcea364341ec64e132cb0fa0ef0336ddf6a6e544a21d64183b162a901e6566c51ac0a869e0eea442c3f812e74f760d3b5edb5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
899523d1431bdfb3d306f19695ee6db8

SHA1
9aa59150291daf19c8a77e2fac3dcb10d13516e3

SHA256
77ca21d31e3cd689aeace020e863d512abd7da696bf5e204b01db29bb3ac1464

SHA512
6e6e5c855c72dff07fee60e3e96fe67628f11aecbf0395ad9cff58ec3b674fabc885f6688b0e025cab51927c9ef93d7f95fe7b1fa07d93735f920f2dbb06b1e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e822c6cf5d9a7776d2193e3142f9988f

SHA1
7db58fca76244822e2f48dabc5a68bafa5c36b4a

SHA256
70557f10b36fc543fd851d7d3efb82ecec213740db1935fe8941450387323936

SHA512
35c8dd40749a06446ebdc034ae43351498600835b146e8795c61449cf50d41a9577110d0ae24e6e033ce85520dab513c5d1365a6798ef0bc90137b94a380f91b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
553f5a51fcea60a5cdce0026936bca96

SHA1
b50c310caea9addf5bd98ef93003e0c1b39d73eb

SHA256
7f0382d9311dec249c84a15775bd1be728f438485a2fa7bccf6855e2d8e5e9f8

SHA512
547d82f785f80898d9f1d148e466ae3a4e93c2c0c96e3b6e206322e88143110bde63ee7b570ab79943c8c6e7b11824be66ca7b48111946e8a1e7f85c4e64a3ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed8a41c5c781019af9e24ee26d651cf6

SHA1
4acb622f6c59308ff1c822a43c1bf34c42db1766

SHA256
a14cc592b2c3642cf28b5b5032f644613768e110a8366b3da0f11f4016f6251e

SHA512
8f61189d51a3d105bbb6c2cb1df60c48ae793f8e7a5d1332a4343cfd1639224ff7171c914150d2a0171e9836a9e29c28f5db71cca531f8781bacda294ccf638d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b5b6c0b50de749fc478a0db5c169f1d

SHA1
87221b5648a3fa119eba06a686f3939f7199a5e0

SHA256
f777346abe49bbe46c11e09b45d83297eed808845f4bc2c653b441a0fd1cccf9

SHA512
d580907a8d1244cdf24f6cbd96eef85cce8432eba76a6fb09d5a81f0478225c5d61523d28991a8182ed402dcefe08647fab253c6b6a19c578a587c86cfeab133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6029c9d12cac242ec13e7d49f68e2ed0

SHA1
3e2b7a3da2487c14d973f88b93a8e33edd763e1c

SHA256
7c6ba18cf2f0da98ff4699de200f3145213429577f8d7d5ce1e599c1957211fa

SHA512
4b8e7998527124462e8729452170332704085900ea3e60c6c566972a47f64bcf3b4d74d5df6c67d879846fddccd01f590f430a43810ce35db1292e6009257ab3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b97f27f7732281e28142ca99c0d1855a

SHA1
cb595ee80a1b1d07afd0e0212f65c0ff352e4904

SHA256
2f5683321ff2c69974c8576be9677d44bff6a7272511f5d553c9ec2cdba53ad0

SHA512
5720ba5885eb2a9f3daba3d2c06d18e1a528b9c522c8e8b56b6ad075d535ac004055cab88116af11932749523d0ebea92710203811fe093eac09d8c75093d9e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC4F5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\Exmlrpc.fne

Filesize
72KB

MD5
f79ee77a4f30401507e6f54a61598f58

SHA1
7f3ef4945f621ed2880ff5a10a126957b2011a17

SHA256
cf8e29720823eb114fbc3018569a7296ed3e6fcd6c4897f50c5c6e0e98d0b3f8

SHA512
26ccde784b06c46f60fb5a105c806c4d9dc1497fd79d39728fbcfa869d470ca2ba018b0665f3cbc05019fb0766dac2eb1084a6fdce2f9aaaae881beb09dd3739

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC5A7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\duxjpee.bat

Filesize
232B

MD5
45995c76109bdb22a8a6e4792fda5a98

SHA1
fcce384d782175a43b3d1154e58af4d631b77180

SHA256
9c5f927d13d86d2423e2c1bf8ef88e51ef9b668af0aeb6a5c1053af457045f0e

SHA512
4c4a47f1bed5cf88b87eaba321f23e3fbcfccf2675861cdec9127ad023094dc1acc615e088726b99141dd19ac402b541a499c495da1f051345e849c301547cd9

Download Submit
\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

Filesize
112KB

MD5
6d4b2e73f6f8ecff02f19f7e8ef9a8c7

SHA1
09c32ca167136a17fd69df8c525ea5ffeca6c534

SHA256
fe5783e64aa70fac10c2e42d460732d9770534357329d8bc78576557c165f040

SHA512
2fd7a95cb632e9c4ac6b34e5b6b875aae94e73cd4b1f213e78f46dadab4846227a030776461bca08f9d75a1d61a0d45427f7b0c8b71406b7debc14db04b2ce04

Download Submit
\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
407KB

MD5
783a2f0cc9d2c13f2cb980b5bd198005

SHA1
a1bafe779952f61946fe9003e48dddc65184c6da

SHA256
e21bf808a0f4c0d6e971267bb61cb00bd9acf45ddabd6db90f906ba064a3489f

SHA512
c35d6a39658722dc603e372c92ef18fe7700bfda435230cf5fc39c61c3044481a581cfe797c88fd131e6ecb5940ac31423b33b86b2d52e57df2a1c5669e2bbdc

Download Submit
\Windows\SysWOW64\BSClientName.exe

Filesize
573KB

MD5
3e4d9b3b196f759c2c5d349eebfbe590

SHA1
7ec95e2339f07a8737669e49fcb589b5cc1a0906

SHA256
ea9e2c811d6462fd2350fa37aa03a4630ffcac0ff860be645786118f7e52c8ff

SHA512
8a9b9a9cfadfeee0852f061923bf411bce040246ddb5d55415dc64bd008f3047386830e9c5a6e177f4913639a28fa50b02048008e61dd700143f544081567067

Download Submit
memory/1244-46-0x0000000000400000-0x00000000004547F9-memory.dmp

Filesize
337KB

Download
memory/1244-48-0x0000000010000000-0x0000000010128000-memory.dmp

Filesize
1.2MB

Download
memory/1244-4-0x0000000000401000-0x000000000043B000-memory.dmp

Filesize
232KB

Download
memory/1244-3-0x0000000000400000-0x00000000004547F9-memory.dmp

Filesize
337KB

Download
memory/1244-7-0x0000000010000000-0x0000000010128000-memory.dmp

Filesize
1.2MB

Download
memory/1244-9-0x0000000000220000-0x000000000023E000-memory.dmp

Filesize
120KB

Download
memory/1244-21-0x0000000001D60000-0x0000000001DB5000-memory.dmp

Filesize
340KB

Download
memory/1244-47-0x0000000000401000-0x000000000043B000-memory.dmp

Filesize
232KB

Download
memory/1244-15-0x0000000001D60000-0x0000000001DB5000-memory.dmp

Filesize
340KB

Download
memory/2148-29-0x0000000010000000-0x0000000010128000-memory.dmp

Filesize
1.2MB

Download
memory/2148-22-0x0000000000400000-0x00000000004547F9-memory.dmp

Filesize
337KB

Download
memory/2148-28-0x0000000000400000-0x00000000004547F9-memory.dmp

Filesize
337KB

Download
memory/2148-36-0x00000000006B0000-0x00000000006CE000-memory.dmp

Filesize
120KB

Download
memory/2148-57-0x0000000010000000-0x0000000010128000-memory.dmp

Filesize
1.2MB

Download
memory/2148-58-0x0000000000400000-0x00000000004547F9-memory.dmp

Filesize
337KB

Download