87d014f2780e0342b4ddaf22422127b3297bf3c23578f9e4fd8d00128eb88da6

Analysis

max time kernel
140s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe
Size

424KB
MD5

4c0828c3c43f2a9c87f3803658f16420
SHA1

0225f262945be581f9c936cd460949b984c63bd2
SHA256

87d014f2780e0342b4ddaf22422127b3297bf3c23578f9e4fd8d00128eb88da6
SHA512

f662aeb8b1bf91c8f743418a7da0a804a183a6d25ed455d37c321e8b6ba9040a316106066f9383edb72433e4ab799eeea55c23f0a5bb886876e152ace403aee5
SSDEEP

6144:xpQa2phpYr2ZFMfC12BXMRGjJMiSXaXPsdoxaI4I4M56fdKp4Sf1n6go/Zodp4Uj:shpYrcr1YMkjJlfaoQFK54dCpfBKU0Ds

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 20 IoCs

pid	Process
2768	is109212.exe
2748	is109212.exe
2664	is109212.exe
656	is109212.exe
1960	is109212.exe
2964	is109212.exe
1204	is109212.exe
2248	is109212.exe
1348	is109212.exe
1044	is109212.exe
2228	is109212.exe
672	is109212.exe
908	is109212.exe
1564	is109212.exe
1032	is109212.exe
1708	is109212.exe
2628	is109212.exe
2940	is109212.exe
2648	is109212.exe
2920	is109212.exe

Loads dropped DLL 21 IoCs

pid	Process
3056	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe
3056	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe
2768	is109212.exe
2748	is109212.exe
2748	is109212.exe
656	is109212.exe
656	is109212.exe
2964	is109212.exe
2964	is109212.exe
2248	is109212.exe
2248	is109212.exe
1044	is109212.exe
1044	is109212.exe
672	is109212.exe
672	is109212.exe
1564	is109212.exe
1564	is109212.exe
1708	is109212.exe
1708	is109212.exe
2940	is109212.exe
2940	is109212.exe

Maps connected drives based on registry 3 TTPs 22 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	is109212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	is109212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	is109212.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	is109212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	is109212.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	is109212.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	is109212.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	is109212.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	is109212.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	is109212.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	is109212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	is109212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	is109212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	is109212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	is109212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	is109212.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	is109212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	is109212.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	is109212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	is109212.exe

Drops file in System32 directory 32 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File created	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File created	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File created	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File created	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File created	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File created	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File created	C:\Windows\SysWOW64\is109212.exe	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File created	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File created	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File created	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe
File opened for modification	C:\Windows\SysWOW64\is109212.exe	is109212.exe

Suspicious use of SetThreadContext 11 IoCs

description	pid	Process	procid_target
PID 2224 set thread context of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2768 set thread context of 2748	2768	is109212.exe	31
PID 2664 set thread context of 656	2664	is109212.exe	33
PID 1960 set thread context of 2964	1960	is109212.exe	35
PID 1204 set thread context of 2248	1204	is109212.exe	37
PID 1348 set thread context of 1044	1348	is109212.exe	39
PID 2228 set thread context of 672	2228	is109212.exe	41
PID 908 set thread context of 1564	908	is109212.exe	43
PID 1032 set thread context of 1708	1032	is109212.exe	45
PID 2628 set thread context of 2940	2628	is109212.exe	47
PID 2648 set thread context of 2920	2648	is109212.exe	49

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe
2768	is109212.exe
2664	is109212.exe
1960	is109212.exe
1204	is109212.exe
1348	is109212.exe
2228	is109212.exe
908	is109212.exe
1032	is109212.exe
2628	is109212.exe
2648	is109212.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 2224 wrote to memory of 3056	2224	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	29
PID 3056 wrote to memory of 2768	3056	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2768	3056	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2768	3056	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	30
PID 3056 wrote to memory of 2768	3056	4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe	30
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2768 wrote to memory of 2748	2768	is109212.exe	31
PID 2748 wrote to memory of 2664	2748	is109212.exe	32
PID 2748 wrote to memory of 2664	2748	is109212.exe	32
PID 2748 wrote to memory of 2664	2748	is109212.exe	32
PID 2748 wrote to memory of 2664	2748	is109212.exe	32
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 2664 wrote to memory of 656	2664	is109212.exe	33
PID 656 wrote to memory of 1960	656	is109212.exe	34
PID 656 wrote to memory of 1960	656	is109212.exe	34
PID 656 wrote to memory of 1960	656	is109212.exe	34
PID 656 wrote to memory of 1960	656	is109212.exe	34
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 1960 wrote to memory of 2964	1960	is109212.exe	35
PID 2964 wrote to memory of 1204	2964	is109212.exe	36
PID 2964 wrote to memory of 1204	2964	is109212.exe	36
PID 2964 wrote to memory of 1204	2964	is109212.exe	36
PID 2964 wrote to memory of 1204	2964	is109212.exe	36
PID 1204 wrote to memory of 2248	1204	is109212.exe	37
PID 1204 wrote to memory of 2248	1204	is109212.exe	37
PID 1204 wrote to memory of 2248	1204	is109212.exe	37
PID 1204 wrote to memory of 2248	1204	is109212.exe	37

C:\Users\Admin\AppData\Local\Temp\4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe"
1⤵
- Maps connected drives based on registry
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Windows\SysWOW64\is109212.exe
    C:\Windows\system32\is109212.exe 504 "C:\Users\Admin\AppData\Local\Temp\4c0828c3c43f2a9c87f3803658f16420_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Maps connected drives based on registry
    - Drops file in System32 directory
    - Suspicious use of SetThreadContext
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Windows\SysWOW64\is109212.exe
      "C:\Windows\SysWOW64\is109212.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2748
    - - C:\Windows\SysWOW64\is109212.exe
        
        C:\Windows\system32\is109212.exe 528 "C:\Windows\SysWOW64\is109212.exe"
        5⤵
        Executes dropped EXE
        Maps connected drives based on registry
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2664
      - C:\Windows\SysWOW64\is109212.exe
        
        "C:\Windows\SysWOW64\is109212.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:656
        
        C:\Windows\SysWOW64\is109212.exe
        
        C:\Windows\system32\is109212.exe 524 "C:\Windows\SysWOW64\is109212.exe"
        7⤵
        Executes dropped EXE
        Maps connected drives based on registry
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1960
        
        C:\Windows\SysWOW64\is109212.exe
        
        "C:\Windows\SysWOW64\is109212.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2964
        
        C:\Windows\SysWOW64\is109212.exe
        
        C:\Windows\system32\is109212.exe 524 "C:\Windows\SysWOW64\is109212.exe"
        9⤵
        Executes dropped EXE
        Maps connected drives based on registry
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1204
        
        C:\Windows\SysWOW64\is109212.exe
        
        "C:\Windows\SysWOW64\is109212.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2248
        
        C:\Windows\SysWOW64\is109212.exe
        
        C:\Windows\system32\is109212.exe 524 "C:\Windows\SysWOW64\is109212.exe"
        11⤵
        Executes dropped EXE
        Maps connected drives based on registry
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Windows\SysWOW64\is109212.exe
        
        "C:\Windows\SysWOW64\is109212.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1044
        
        C:\Windows\SysWOW64\is109212.exe
        
        C:\Windows\system32\is109212.exe 524 "C:\Windows\SysWOW64\is109212.exe"
        13⤵
        Executes dropped EXE
        Maps connected drives based on registry
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Windows\SysWOW64\is109212.exe
        
        "C:\Windows\SysWOW64\is109212.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:672
        
        C:\Windows\SysWOW64\is109212.exe
        
        C:\Windows\system32\is109212.exe 524 "C:\Windows\SysWOW64\is109212.exe"
        15⤵
        Executes dropped EXE
        Maps connected drives based on registry
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Windows\SysWOW64\is109212.exe
        
        "C:\Windows\SysWOW64\is109212.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1564
        
        C:\Windows\SysWOW64\is109212.exe
        
        C:\Windows\system32\is109212.exe 524 "C:\Windows\SysWOW64\is109212.exe"
        17⤵
        Executes dropped EXE
        Maps connected drives based on registry
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Windows\SysWOW64\is109212.exe
        
        "C:\Windows\SysWOW64\is109212.exe"
        18⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1708
        
        C:\Windows\SysWOW64\is109212.exe
        
        C:\Windows\system32\is109212.exe 524 "C:\Windows\SysWOW64\is109212.exe"
        19⤵
        Executes dropped EXE
        Maps connected drives based on registry
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Windows\SysWOW64\is109212.exe
        
        "C:\Windows\SysWOW64\is109212.exe"
        20⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2940
        
        C:\Windows\SysWOW64\is109212.exe
        
        C:\Windows\system32\is109212.exe 524 "C:\Windows\SysWOW64\is109212.exe"
        21⤵
        Executes dropped EXE
        Maps connected drives based on registry
        Drops file in System32 directory
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Windows\SysWOW64\is109212.exe
        
        "C:\Windows\SysWOW64\is109212.exe"
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2212144002-1172735686-1556890956-1000\699c4b9cdebca7aaea5193cae8a50098_5349ca0f-aec5-405f-83e0-aa034653cb76

Filesize
50B

MD5
5b63d4dd8c04c88c0e30e494ec6a609a

SHA1
884d5a8bdc25fe794dc22ef9518009dcf0069d09

SHA256
4d93c22555b3169e5c13716ca59b8b22892c69b3025aea841afe5259698102fd

SHA512
15ff8551ac6b9de978050569bcdc26f44dfc06a0eaf445ac70fd45453a21bdafa3e4c8b4857d6a1c3226f4102a639682bdfb71d7b255062fb81a51c9126896cb

Download Submit
C:\Windows\SysWOW64\is109212.exe

Filesize
424KB

MD5
4c0828c3c43f2a9c87f3803658f16420

SHA1
0225f262945be581f9c936cd460949b984c63bd2

SHA256
87d014f2780e0342b4ddaf22422127b3297bf3c23578f9e4fd8d00128eb88da6

SHA512
f662aeb8b1bf91c8f743418a7da0a804a183a6d25ed455d37c321e8b6ba9040a316106066f9383edb72433e4ab799eeea55c23f0a5bb886876e152ace403aee5

Download Submit
memory/656-78-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/656-77-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2748-52-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2748-50-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/2748-51-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3056-5-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3056-3-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3056-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3056-8-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3056-7-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3056-33-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3056-9-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3056-10-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3056-16-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3056-17-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3056-15-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download