05a048a74b4f8f2d3310582d34e27a80e28fd54b49f4774666307646257b8fba

Analysis

max time kernel
140s
max time network
130s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

859417420f10bb0c8faf3059c60d2da9_JaffaCakes118.exe
Size

4.8MB
MD5

859417420f10bb0c8faf3059c60d2da9
SHA1

c74976aebaee751437dc61a12050ed34938a76cf
SHA256

05a048a74b4f8f2d3310582d34e27a80e28fd54b49f4774666307646257b8fba
SHA512

b88c9a1e688b91ed039b75436cae69f9f604ecd1d444c18a67f4f9bb5ebf460441bcecedda83568f36fd21452542556450ddd1a3825b6c1de9a8d9865df8f90b
SSDEEP

98304:KJY7rTEbzOfvSVnkijfyQolFy5bSef28aWvPT6dFq2oLNsJrCj:MY7EbzEvS6wfyQ95nfJHT6dFqdGJ+

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	859417420f10bb0c8faf3059c60d2da9_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000d90279190840406630b46b689b0593ee0b75c3fd9f21f103c638e67d97aeed4f000000000e8000000002000020000000ed23ff921358cffdd6d3e42381ede4f2e026e9387de2d4e04cd9e7ae08a98f0d90000000c5192a75e10c5f3888caa49912b1595d8be882da9a84ba10999e6c2d570e6fa6242831db56086dc2cc77054ea4ab8a646fc72d3f9a82a62ab06cab887613f2330d98aa7ae6ba698faf3312cca47a372452b3fc6a29c00cceb43e0c7f1cff3adaeb02d3a680cea2b81f66752cec8e31a218e3a3f924447a9d74ef1505b4e8523e51fa597c8ddfdacf68f9c1a425a3839e4000000040f9ba359ccfd801f8f4878ae5bf739881456fedab99934e4b5d53e6aaa7cba81c21fa715182383c6c92a871cae91da54ec28fd9cab650ce187a6413cc8d1fc8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00e0629307ebda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000009b4922fcb443dd4957aad71cd48fad3543260ddfb9b65fc03c2c37b3dcbdef24000000000e8000000002000020000000b50e799269b07866e11b498d8dd53867d6074dc4d2889fca6ada10a3d1a35337200000002c36fefc09664ae8bef03926238d7cd9f429c65ce6647e5a0488339e15f7581f400000008bebef5286e40b2e0495f2926d4bfce2d9870f14646d0a7fbda720a6daeba7e7d0d557272b090d7152c15f276820794f9f774d1d0eb8ea5e7f93a7ec4753d74e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429443911"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BEBBCC31-56FA-11EF-BD1D-D238DC34531D} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2756	iexplore.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2884	859417420f10bb0c8faf3059c60d2da9_JaffaCakes118.exe
2756	iexplore.exe
2756	iexplore.exe
2888	IEXPLORE.EXE
2888	IEXPLORE.EXE
2888	IEXPLORE.EXE
2888	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2756	2884	859417420f10bb0c8faf3059c60d2da9_JaffaCakes118.exe	30
PID 2884 wrote to memory of 2756	2884	859417420f10bb0c8faf3059c60d2da9_JaffaCakes118.exe	30
PID 2884 wrote to memory of 2756	2884	859417420f10bb0c8faf3059c60d2da9_JaffaCakes118.exe	30
PID 2884 wrote to memory of 2756	2884	859417420f10bb0c8faf3059c60d2da9_JaffaCakes118.exe	30
PID 2756 wrote to memory of 2888	2756	iexplore.exe	31
PID 2756 wrote to memory of 2888	2756	iexplore.exe	31
PID 2756 wrote to memory of 2888	2756	iexplore.exe	31
PID 2756 wrote to memory of 2888	2756	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\859417420f10bb0c8faf3059c60d2da9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\859417420f10bb0c8faf3059c60d2da9_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.exclusivecheats.com.br/forum
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75751ecf7ceda251d3a0dd65148ee416

SHA1
509f6b2e4a5c822315ef38cce2ebfaad4e9365dc

SHA256
9d19c53feabcb85dcbd0a11e28ef82243d61ecceb79aa7d935b91f8adef55b64

SHA512
0996c79c125420067e3dc691b76efa218c488046d10a4c7fa5eb29b0c13b72ba815d8bff54f23a42305c55165876b3bc82fbcdb63b5daaa7a7d97db7b4945931

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96524c16f543926824f72ed41d40613a

SHA1
1374b1f8d8079fd14b1fbc67a0e6e91a0751ed2f

SHA256
ab1e80e893324c0ea3950651f83a44133c004ff9bf08760b85182495d176472f

SHA512
bd86bf08848ce6073874a98b906d60d525b734f6fbbbcbbd1c023f1b3fbf6316a6b72b2f4bf659fa5743e672cd9b19dfd9a0d679014acf91d1ff82c0e17eb686

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffcf16984fef03a6582cf34924349560

SHA1
bb6bbd3d696501bbda9db14a06778bb6292513f4

SHA256
e82785032b138c4351ec7e4fa2730c725caf3aea1958222e743605d3b56a3916

SHA512
5aa58549d71ac7e3d85e117d7da414a885cf0ed13e34232dbcebcebc8ddc563d0d461ef9600856fc1cc398e867f7b09c8910e3b9a5225c9906d79edbfd016a20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f00e2841a4c7c7c475cceb88a08881df

SHA1
1e823ca9e89dfcdffd0fb4277094a8e5d7cde7b0

SHA256
510c581f9c90a9c0c56e68274a2097204f2a8bc775e676e0acaaa0f6f819cf5f

SHA512
3c7838d1e0336ee0cbecfee31b2e5a47af61ed611bb8c0eb3e01a325a08ae134163a4f15f53af238ad3a44729cf740571e87170208727e0dce8fac3295668465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07e1296df3716fb2474d5284040dc289

SHA1
1da71cdb090c49e3c06cac166c1d48b3d22e00fa

SHA256
70af0407ee9faf4e8e4fd2f25ddae43a08a836c3158d5a4dea85f8cc08fec80d

SHA512
e8919517c1bab75dd90853ccdf4d62dad8e1eb2e8d2c62c78e23f42cce2b300df874b4122e00c1a28a259866c8b8b7a157a2207b36012705fd9f6fc0d963b052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e3387ba5503420a14dba927d230c3ab

SHA1
4469774de2843b7025910349e85f35d1d036ce78

SHA256
654e3988c35375aa6124f4bd1d120cac857e65046e8f99b96e00b20aa3772608

SHA512
c76e751e324a57ffcb9f2710f483bca37864c78260f15da9f65fa62f6f410da4fced7c2ca1bfa4830e56313723f605b209bfee2d90f2477a18ae41373c0d33ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e0868c78f71fbec6f0bd4a504979f39

SHA1
3d60055f47a0f27b3b495f787f4a575e695a6871

SHA256
47c9e7bcb33450018b20d5331a2cd1163a59a3a24226ab5d2f135f42636d696c

SHA512
862bc349b65b0b5d18c90fed19f1419dcfc1a24c69f146d38545fca3c0b430f208202be04807a5b9f9d9a98ae7ea414c567d07d3ae6352af5c0ca08c582c3d65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d8e443aa5c85e60bb1b51c51d70ed58

SHA1
7025805378d8257d81d0dca3eb735613d846917a

SHA256
13ab62dcac0e16d987590aff12fe35946a823b3611e77f17ecd60f7240534c39

SHA512
857b0217d533f3973dc6db5baf5128d9f5d5d50ec9588602e66866d6dd6245605e5f7ee1abae2ebcaae95a402bbd8433213e4a6ecd351b58bd95b28d82528bd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1dfa3aaff96fd4f22b489f018e44c94

SHA1
f849d29921dda9b6f02f9220179e945870b3d681

SHA256
4f0a983ca17ebea379aab77ff98ef52716f0d25cce69d5005098c6cf88780bac

SHA512
3e7e1cbe83b89e00108bf4fc6f3b07625f535024222fd69330aa0f4cca8177c7d35cbfeebe8f003d3b6457906972d6e84e8b79c0f73d6189e5909ae7c2685c6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10ad61b0a71e16d6b6e403c4630ab67a

SHA1
491a0c0af21fc6f494e3ee246007c2e1f1490857

SHA256
8bcd56fd5793a7d85d2e8ab051d5ffac744068ddaa9d48b8c0feadecd8c394a3

SHA512
e5ffdf7ce6eb02dc8b87f395f075611fa78291ebf190d412944054bad42470f74daad35c516bc7b89c19c75d25c76588b9eeb0de345fc6a03c80debc1b7d394c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4854999999716d87d709a82682487ba

SHA1
e47e1f2008ae874a480033500875aeea52603e57

SHA256
e79d3d519a3a014801310baaec844c61ceea9ac8572bc8f27ac0d48096b73713

SHA512
3d62645198c5bca1884ee150ec860c1b0249aa92e6c5ebeebd50daab2a29890e1bf8bdac235848b1145c3a4ec36a557fdb199e92c02be36a65052a2b6223751f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae2ce391807780b144bbd610207a6d80

SHA1
2e3f4cd726f02e10673fce4bf4a97e813bc66141

SHA256
2888d4e813ec2deb7435e52b4cdb0f4f1117ef5d9aef557673aff52db550960e

SHA512
4644e8df14aa6aff9fc21e5650fb9249e879e17eb9b783168cc2f433f0a743b77bc9ee1adb4a9d5083c8a899197f44ed175865cbdc9bf5846d3a104c1d0b9947

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4a4a77516fe187847b4183553c3724b

SHA1
fc83e5c4d9c7d359d604967c986c2e4e3bddf278

SHA256
e977ab785156b8bb7ae023c7b7cbee23c079ca0c3e47f7a9b6c8d8608c15a5c9

SHA512
fb39a6b4ce83500a96d12a26f63b03493cd8b657a2d333319e30399d819fc3c5105fa4183331d4b45f822c20642642e2307860f04a4c9359bb61c74645b5d06e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0da5accd5ed2a97731598bd60a773a70

SHA1
7ff38e7c3ad5308d7a068aa11a8351beefadfb88

SHA256
53f72b02cc88c1c1387e4b89a7bfcebf63eb09b0b79f3ec03fd42f573bc9223a

SHA512
7ab290467470a9d1388d966b25ed5e15c4d7b0f8e93786441bac37b217f57ade6f9850774952f0c004eb64f8d8656d7bc2b6d4c3d54247ae5086423f01e7d6a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8acfefe9d41c7d58f668d4e6026a270

SHA1
6b7641f9de59bb5829d4719ea59cecb7ae110541

SHA256
e3bdfc05445aa1f512280854bc61cad78e942c932eded9eeafd35aee51c8ce32

SHA512
5b91ad0e147b1eae7ffed3594d6afb1d3f57009112c6379c8cd29a3d31470cee34714eaa8e9c3565149015ec669b3c52b2da6d0e0fa7e964bf5a78717d588546

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7D7C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7E2B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2884-435-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2884-433-0x0000000000400000-0x00000000008D1000-memory.dmp

Filesize
4.8MB

Download
memory/2884-0-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download