7357782def8e77eaec0587ad94baf9046aa9cc0b0a309e5b9623cd4ed20cb8df

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 04:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Size

154KB
MD5

771087e1b7709f93bd6892c78b1cda4c
SHA1

e8ec2ae6a145a8c2962eeec6cf20ada751ceb3a3
SHA256

7357782def8e77eaec0587ad94baf9046aa9cc0b0a309e5b9623cd4ed20cb8df
SHA512

9aea014e0f0cc69812a30c0de818dddf1daab25d900a90a511fb47854f1724a5b25465530e3e9d394ebeb62af174369faa4d858b7a2c5e6d8db2367e0e119c9b
SSDEEP

3072:TTJ8HeA1WteqT1VFC+oiwJoYzLXJS1K6ndGsBCsnetsCf:TV8HeA4W+pY/EL+sneZ

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2532	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2804	peas.exe

Loads dropped DLL 2 IoCs

pid	Process
2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\Syikolocu = "C:\\Users\\Admin\\AppData\\Roaming\\Cauqa\\peas.exe"	peas.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2856 set thread context of 2532	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	32

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	peas.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Privacy	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\16A173A3-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe
2804	peas.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Token: SeSecurityPrivilege	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Token: SeSecurityPrivilege	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Token: SeSecurityPrivilege	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Token: SeSecurityPrivilege	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Token: SeSecurityPrivilege	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Token: SeSecurityPrivilege	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Token: SeSecurityPrivilege	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Token: SeSecurityPrivilege	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Token: SeSecurityPrivilege	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
Token: SeManageVolumePrivilege	2524	WinMail.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2524	WinMail.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2524	WinMail.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2524	WinMail.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2804	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	30
PID 2856 wrote to memory of 2804	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	30
PID 2856 wrote to memory of 2804	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	30
PID 2856 wrote to memory of 2804	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	30
PID 2804 wrote to memory of 1084	2804	peas.exe	19
PID 2804 wrote to memory of 1084	2804	peas.exe	19
PID 2804 wrote to memory of 1084	2804	peas.exe	19
PID 2804 wrote to memory of 1084	2804	peas.exe	19
PID 2804 wrote to memory of 1084	2804	peas.exe	19
PID 2804 wrote to memory of 1156	2804	peas.exe	20
PID 2804 wrote to memory of 1156	2804	peas.exe	20
PID 2804 wrote to memory of 1156	2804	peas.exe	20
PID 2804 wrote to memory of 1156	2804	peas.exe	20
PID 2804 wrote to memory of 1156	2804	peas.exe	20
PID 2804 wrote to memory of 1200	2804	peas.exe	21
PID 2804 wrote to memory of 1200	2804	peas.exe	21
PID 2804 wrote to memory of 1200	2804	peas.exe	21
PID 2804 wrote to memory of 1200	2804	peas.exe	21
PID 2804 wrote to memory of 1200	2804	peas.exe	21
PID 2804 wrote to memory of 1564	2804	peas.exe	25
PID 2804 wrote to memory of 1564	2804	peas.exe	25
PID 2804 wrote to memory of 1564	2804	peas.exe	25
PID 2804 wrote to memory of 1564	2804	peas.exe	25
PID 2804 wrote to memory of 1564	2804	peas.exe	25
PID 2804 wrote to memory of 2856	2804	peas.exe	29
PID 2804 wrote to memory of 2856	2804	peas.exe	29
PID 2804 wrote to memory of 2856	2804	peas.exe	29
PID 2804 wrote to memory of 2856	2804	peas.exe	29
PID 2804 wrote to memory of 2856	2804	peas.exe	29
PID 2856 wrote to memory of 2532	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	32
PID 2856 wrote to memory of 2532	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	32
PID 2856 wrote to memory of 2532	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	32
PID 2856 wrote to memory of 2532	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	32
PID 2856 wrote to memory of 2532	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	32
PID 2856 wrote to memory of 2532	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	32
PID 2856 wrote to memory of 2532	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	32
PID 2856 wrote to memory of 2532	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	32
PID 2856 wrote to memory of 2532	2856	771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe	32
PID 2804 wrote to memory of 900	2804	peas.exe	34
PID 2804 wrote to memory of 900	2804	peas.exe	34
PID 2804 wrote to memory of 900	2804	peas.exe	34
PID 2804 wrote to memory of 900	2804	peas.exe	34
PID 2804 wrote to memory of 900	2804	peas.exe	34
PID 2804 wrote to memory of 1488	2804	peas.exe	35
PID 2804 wrote to memory of 1488	2804	peas.exe	35
PID 2804 wrote to memory of 1488	2804	peas.exe	35
PID 2804 wrote to memory of 1488	2804	peas.exe	35
PID 2804 wrote to memory of 1488	2804	peas.exe	35
PID 2804 wrote to memory of 2656	2804	peas.exe	37
PID 2804 wrote to memory of 2656	2804	peas.exe	37
PID 2804 wrote to memory of 2656	2804	peas.exe	37
PID 2804 wrote to memory of 2656	2804	peas.exe	37
PID 2804 wrote to memory of 2656	2804	peas.exe	37
PID 2804 wrote to memory of 2232	2804	peas.exe	38
PID 2804 wrote to memory of 2232	2804	peas.exe	38
PID 2804 wrote to memory of 2232	2804	peas.exe	38
PID 2804 wrote to memory of 2232	2804	peas.exe	38
PID 2804 wrote to memory of 2232	2804	peas.exe	38
PID 2804 wrote to memory of 2276	2804	peas.exe	39
PID 2804 wrote to memory of 2276	2804	peas.exe	39
PID 2804 wrote to memory of 2276	2804	peas.exe	39
PID 2804 wrote to memory of 2276	2804	peas.exe	39
PID 2804 wrote to memory of 2276	2804	peas.exe	39
PID 2804 wrote to memory of 2236	2804	peas.exe	40

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1084

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1156

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1200
- C:\Users\Admin\AppData\Local\Temp\771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\771087e1b7709f93bd6892c78b1cda4c_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Roaming\Cauqa\peas.exe
    "C:\Users\Admin\AppData\Roaming\Cauqa\peas.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2804
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpfafed1d6.bat"
    3⤵
    - Deletes itself
    - System Location Discovery: System Language Discovery
    PID:2532

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1564

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:900

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1488

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2656

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2232

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2276

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2236

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2896

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:880

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1712

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2088

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
54859c9c2973920e9289e0d73e8d9cfd

SHA1
3af5e7d5a6683b097ed966b97380256125818aee

SHA256
548725e891620cb894e0a3c687350e217b5043d52dbf57497b3cf19a7208ac97

SHA512
58c892f1d4e826522560aaf6c89b9890bb8ea4d264d0d2511f22cddb16d1bda68f5b5938bca9084a6b733232fb89f579332a5ee5cfe06f0d6f73734132d87e7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpfafed1d6.bat

Filesize
271B

MD5
8283b72b617d50bc327c63e1543aa3d7

SHA1
09459bfc0536657d969da63819fc6a442dba80fe

SHA256
93edfe9251b592fac5abaf55cbf0368422e22f3e2e3b5191e87e40503fc3fdf9

SHA512
5e2ac3157873d5dacbf08dbfb2cb9da2310107331df662d790828eb47514fde6e74190d662b06627d82f18fe5548840bfe05eb3d45081141f6e2b729b9bc47dd

Download Submit
C:\Users\Admin\AppData\Roaming\Ukax\ekykw.eds

Filesize
4KB

MD5
c229f9243e41f65f13d0cbd07929a42c

SHA1
2daab5db8cf89e13f4195036b74674cbd9f576e6

SHA256
89524b479f5eccde64311ebdf335cd1684eb8dbdb4796018ac4c0c9ee31f72fa

SHA512
4102a277020b86a4f105764819d9bc28ebb86bb208492319e9de988d9ebba664f3b6238d8c918c78d444c2824f92682d165daeb34b09dc2266154542b0b53380

Download Submit
C:\Users\Admin\AppData\Roaming\Ukax\ekykw.eds

Filesize
4KB

MD5
0034f6d7ec6f8a21d163c1cf223a5736

SHA1
917948745472cf1d9a0759d1d43effb6f1d79ffd

SHA256
7bd28b424883706ee71f4165ee0c171698746312f1df990ff427c1edc69eb0e3

SHA512
aa0a443e8354c0229685fc8328f178c6e4ed684196cc648f16239e8af442eabd550a8b5cc746a96abf58f68c4f64a3c3c1fc898c0b8cf69c791a4e610094198d

Download Submit
\Users\Admin\AppData\Roaming\Cauqa\peas.exe

Filesize
154KB

MD5
1fee0e17226d7ec3370fc615801a3740

SHA1
fbdc3b93e1617056c15043fa635b363dea9c2006

SHA256
7ebc483db63cebd3a4efb0a0e1404dc5ea7001158e66b2c16e6f19e9670261b0

SHA512
bc2ea0b32c2108c167df78cd0b20e085c6a2d0a67c89db9bce1cb7be04849fa835f413c884ff54bb2b32b8cdc6a028e75afeb567170bee3517b139995fa88947

Download Submit
memory/1084-26-0x0000000000210000-0x0000000000249000-memory.dmp

Filesize
228KB

Download
memory/1084-22-0x0000000000210000-0x0000000000249000-memory.dmp

Filesize
228KB

Download
memory/1084-24-0x0000000000210000-0x0000000000249000-memory.dmp

Filesize
228KB

Download
memory/1084-27-0x0000000000210000-0x0000000000249000-memory.dmp

Filesize
228KB

Download
memory/1084-25-0x0000000000210000-0x0000000000249000-memory.dmp

Filesize
228KB

Download
memory/1156-29-0x0000000001EA0000-0x0000000001ED9000-memory.dmp

Filesize
228KB

Download
memory/1156-32-0x0000000001EA0000-0x0000000001ED9000-memory.dmp

Filesize
228KB

Download
memory/1156-31-0x0000000001EA0000-0x0000000001ED9000-memory.dmp

Filesize
228KB

Download
memory/1156-30-0x0000000001EA0000-0x0000000001ED9000-memory.dmp

Filesize
228KB

Download
memory/1200-35-0x00000000024F0000-0x0000000002529000-memory.dmp

Filesize
228KB

Download
memory/1200-37-0x00000000024F0000-0x0000000002529000-memory.dmp

Filesize
228KB

Download
memory/1200-39-0x00000000024F0000-0x0000000002529000-memory.dmp

Filesize
228KB

Download
memory/1200-41-0x00000000024F0000-0x0000000002529000-memory.dmp

Filesize
228KB

Download
memory/1564-47-0x0000000002290000-0x00000000022C9000-memory.dmp

Filesize
228KB

Download
memory/1564-45-0x0000000002290000-0x00000000022C9000-memory.dmp

Filesize
228KB

Download
memory/1564-51-0x0000000002290000-0x00000000022C9000-memory.dmp

Filesize
228KB

Download
memory/1564-49-0x0000000002290000-0x00000000022C9000-memory.dmp

Filesize
228KB

Download
memory/2804-590-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2804-16-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2856-74-0x00000000002B0000-0x00000000002E9000-memory.dmp

Filesize
228KB

Download
memory/2856-54-0x00000000002B0000-0x00000000002E9000-memory.dmp

Filesize
228KB

Download
memory/2856-56-0x00000000002B0000-0x00000000002E9000-memory.dmp

Filesize
228KB

Download
memory/2856-57-0x00000000002B0000-0x00000000002E9000-memory.dmp

Filesize
228KB

Download
memory/2856-58-0x00000000002B0000-0x00000000002E9000-memory.dmp

Filesize
228KB

Download
memory/2856-61-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2856-63-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2856-65-0x00000000002B0000-0x00000000002E9000-memory.dmp

Filesize
228KB

Download
memory/2856-67-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2856-55-0x00000000002B0000-0x00000000002E9000-memory.dmp

Filesize
228KB

Download
memory/2856-71-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2856-72-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2856-0-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download
memory/2856-76-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2856-78-0x00000000002B0000-0x00000000002E9000-memory.dmp

Filesize
228KB

Download
memory/2856-69-0x00000000002B0000-0x00000000002E9000-memory.dmp

Filesize
228KB

Download
memory/2856-6-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2856-2-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2856-323-0x0000000000020000-0x0000000000040000-memory.dmp

Filesize
128KB

Download
memory/2856-324-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2856-325-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2856-4-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2856-1-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download