235b802abc965f5387b42260a19f2fec014b0941884965dbbcad5a29b583ab32

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe
Size

188KB
MD5

8c7bc2b50d0f9b69607c61618b2b0a57
SHA1

eda86f69a6942103c2f4fe37ef609cc279d01344
SHA256

235b802abc965f5387b42260a19f2fec014b0941884965dbbcad5a29b583ab32
SHA512

6b43a6eca7a51535af86d4bee643d23692721e0780239488633b3f4ac91c51166eb232a006fd696b6d7eb660392e71756065458d3b38a1355f6f7ec41106927e
SSDEEP

3072:43hbNo9ARyLYO3m0BVnb/tAiwpDxxNDjSbDOckI+6Ja/I63TNbTZ/Atxt:klaVm0Hb/tAiuFxNvAn+D/I63Bq

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1804	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
1628	vaynx.exe

Loads dropped DLL 2 IoCs

pid	Process
1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe
1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Windows\CurrentVersion\Run\{549BD55A-0898-795B-B675-3D9925B69F18} = "C:\\Users\\Admin\\AppData\\Roaming\\Favewy\\vaynx.exe"	vaynx.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1412 set thread context of 1804	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	33

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vaynx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Privacy	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\6D776082-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe
1628	vaynx.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe
Token: SeSecurityPrivilege	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe
Token: SeSecurityPrivilege	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe
Token: SeManageVolumePrivilege	940	WinMail.exe
Token: SeSecurityPrivilege	1804	cmd.exe
Token: SeManageVolumePrivilege	2308	WinMail.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
940	WinMail.exe
2308	WinMail.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
940	WinMail.exe
2308	WinMail.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
940	WinMail.exe
2308	WinMail.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 1628	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	31
PID 1412 wrote to memory of 1628	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	31
PID 1412 wrote to memory of 1628	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	31
PID 1412 wrote to memory of 1628	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	31
PID 1628 wrote to memory of 1188	1628	vaynx.exe	19
PID 1628 wrote to memory of 1188	1628	vaynx.exe	19
PID 1628 wrote to memory of 1188	1628	vaynx.exe	19
PID 1628 wrote to memory of 1188	1628	vaynx.exe	19
PID 1628 wrote to memory of 1188	1628	vaynx.exe	19
PID 1628 wrote to memory of 1300	1628	vaynx.exe	20
PID 1628 wrote to memory of 1300	1628	vaynx.exe	20
PID 1628 wrote to memory of 1300	1628	vaynx.exe	20
PID 1628 wrote to memory of 1300	1628	vaynx.exe	20
PID 1628 wrote to memory of 1300	1628	vaynx.exe	20
PID 1628 wrote to memory of 1360	1628	vaynx.exe	21
PID 1628 wrote to memory of 1360	1628	vaynx.exe	21
PID 1628 wrote to memory of 1360	1628	vaynx.exe	21
PID 1628 wrote to memory of 1360	1628	vaynx.exe	21
PID 1628 wrote to memory of 1360	1628	vaynx.exe	21
PID 1628 wrote to memory of 1160	1628	vaynx.exe	25
PID 1628 wrote to memory of 1160	1628	vaynx.exe	25
PID 1628 wrote to memory of 1160	1628	vaynx.exe	25
PID 1628 wrote to memory of 1160	1628	vaynx.exe	25
PID 1628 wrote to memory of 1160	1628	vaynx.exe	25
PID 1628 wrote to memory of 1412	1628	vaynx.exe	30
PID 1628 wrote to memory of 1412	1628	vaynx.exe	30
PID 1628 wrote to memory of 1412	1628	vaynx.exe	30
PID 1628 wrote to memory of 1412	1628	vaynx.exe	30
PID 1628 wrote to memory of 1412	1628	vaynx.exe	30
PID 1628 wrote to memory of 940	1628	vaynx.exe	32
PID 1628 wrote to memory of 940	1628	vaynx.exe	32
PID 1628 wrote to memory of 940	1628	vaynx.exe	32
PID 1628 wrote to memory of 940	1628	vaynx.exe	32
PID 1628 wrote to memory of 940	1628	vaynx.exe	32
PID 1412 wrote to memory of 1804	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	33
PID 1412 wrote to memory of 1804	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	33
PID 1412 wrote to memory of 1804	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	33
PID 1412 wrote to memory of 1804	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	33
PID 1412 wrote to memory of 1804	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	33
PID 1412 wrote to memory of 1804	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	33
PID 1412 wrote to memory of 1804	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	33
PID 1412 wrote to memory of 1804	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	33
PID 1412 wrote to memory of 1804	1412	8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe	33
PID 1628 wrote to memory of 2524	1628	vaynx.exe	36
PID 1628 wrote to memory of 2524	1628	vaynx.exe	36
PID 1628 wrote to memory of 2524	1628	vaynx.exe	36
PID 1628 wrote to memory of 2524	1628	vaynx.exe	36
PID 1628 wrote to memory of 2524	1628	vaynx.exe	36

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1188

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1300

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1360
- C:\Users\Admin\AppData\Local\Temp\8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\8c7bc2b50d0f9b69607c61618b2b0a57_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1412
- - C:\Users\Admin\AppData\Roaming\Favewy\vaynx.exe
    "C:\Users\Admin\AppData\Roaming\Favewy\vaynx.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1628
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp70cafe38.bat"
    3⤵
    - Deletes itself
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:1804

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1160

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:940

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials in Registry

T1552.002

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735

Filesize
558B

MD5
3cc0012f96f8f44164c18d7de05023d9

SHA1
c8feb560d751fe720c8bdb53f5e78aa92abb9a9e

SHA256
2654c273c211ae1afc60a7736153a853142e3db028417206948576d1d57bf5d5

SHA512
626746176663e2460b18f1eb245306107060c172c4e65ad710dd75ec0b348d8f000342c0dd2f7ea3bb2e0796f61e1ddd2cd77c312d6a177ff2e70a10b68cc6af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735

Filesize
232B

MD5
fafc16593486b679587a68ea3b815033

SHA1
c7cdd55038e84cdd33184edff93bf67a33d5e161

SHA256
1b3ef4c7aa14455cbf3beeb65211b99ead4cd772a3432d3c1418295348eb04d1

SHA512
2e5ebd4b0b96c3ac1f139b7685918a746243889b5b071239d7d50b1d93f155e7b09d9ca9fb9903abbdd0f954dcef6a3270cb08260037b64c32474eaa1ff54313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore

Filesize
2.0MB

MD5
0256da10bf7c5440bc780e6f5ea81f3f

SHA1
5bd8db904ac879517271158dc8f004157264913b

SHA256
f48c79d506993a96502304804e29bf1a922230d57b18df40c3e8fa118052f730

SHA512
3fed37c215543933abe500061cd5658e90da35e36c0cf07417389796a92daa5fb4e472243379ebc6cabd0126b3db98b58b2b1bbdc118fdc4e31764d4d91439a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.chk

Filesize
8KB

MD5
87c5411884ee727cb9bffcf102f732b3

SHA1
0c0c84261cfad9776a48f8648d6ca03aa3086eed

SHA256
78e85aea2a48d9475c8eb9cc79665e0181a68aa89ce69261c7145b7e42296cb3

SHA512
61a118a4738d658901ff5faa08f1bc89534176bc747127d8de2b373ee9b378409f2df82f916586e5d16f126d42eca972df38bd1d847fc284869848c657dafaf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
3e319c03ef9690fca7d5891441ced55c

SHA1
311b44c277e14aa7839142e539eba98119e844af

SHA256
307f3699d68aa520b8b4882b425a875f1c902262f1cc54fd380dc6a5e149d6ce

SHA512
e96b442566aef6c51c1c3c7a8eecb2dca9d0d7ffe7d58d896b4d5feb445008918d473074eb09c86e83e1514907ce3016fe2c92209c2dff6949b32cb98088c3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
45eef7e6fab4d9f7fe97397188d3e596

SHA1
2e76fc617fa54e0d635d22b3ebbee1fd9e049d97

SHA256
3e07271ed30b0ae6d6bb1207bcddce3bb491d2aeae91709b15bd6ed0ac344ee0

SHA512
70a82afaa3f19429e2b178e547f2d7689222fc7b9247a05c71ffc41d5dc6538ec58adff49c5a8e840e8333a7d48cda7e5e9e64d6e9ed02a74905983ce4c3278c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
54be6ef69b601aa24e4a15ba28fb8381

SHA1
d74e768a607b3402bf05188ff96bee0bea4db473

SHA256
2968ce7c7769cfc113250c31a6b7053ebb3d10e8812e2170a4c7b2dec15d545e

SHA512
04d0ef5050dd28d32dcaa26dfa74a08e4fce3b8a003486c5b28671830b02d46bcd6539fa65e342405deb8ceb99c29111091f3cec7b49e039fb0d90a998a73e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab34E6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp70cafe38.bat

Filesize
271B

MD5
34e7a864f6a76b3754064fad7ad78bc0

SHA1
650bce54c4fbaeaff3722b2411247d9138050729

SHA256
86a16a9808d209b0bddb588318de5e4e98d1c36c7a12afac4fc96b748996d219

SHA512
e1d86adbb92d74be56b2ba4a135afdb692a8ab99238334a38302ee85a462897ae2e1fca280c45d458a457ab823b82cb58b8d65b1444774cfc77aebb1725a72a6

Download Submit
C:\Users\Admin\AppData\Roaming\Qaendy\akru.ict

Filesize
380B

MD5
259ae0d113b2da5ebe64ff16d17472ed

SHA1
b6ac23d2a5faa02f604a21519ddf3baeb64437b7

SHA256
9364f1a862a08313139256ff68b459b1c8c8f2119404b16bff3f02dad3c9fd0d

SHA512
6015a90fd9f237494f82161409e70416fe75847ac7fd36523bc67a7c965144d8d1032d5b7961887b1f4be866c843ebba3cdfecb975b24f6cba779a01f9c69bc8

Download Submit
\Users\Admin\AppData\Roaming\Favewy\vaynx.exe

Filesize
188KB

MD5
1f69b5bdb6636362c92525b420cb29ba

SHA1
5ed6452e94fb6c2e0aed600573ece1a1485b4a3c

SHA256
ffff3a487881a456203f495b573e41bfdfe48ce2276b5c9aa3e9b9b48cb996b4

SHA512
6b837a01ccd11f0ea1ce5e6fb79820bd2d568e5204a5b5268774c307dcafc0a96532b31f4e6c6f2e5f5d12df3fd654db931568007f44d1103f20e3160eb6e995

Download Submit
memory/1160-39-0x0000000001FC0000-0x0000000001FE7000-memory.dmp

Filesize
156KB

Download
memory/1160-37-0x0000000001FC0000-0x0000000001FE7000-memory.dmp

Filesize
156KB

Download
memory/1160-35-0x0000000001FC0000-0x0000000001FE7000-memory.dmp

Filesize
156KB

Download
memory/1160-33-0x0000000001FC0000-0x0000000001FE7000-memory.dmp

Filesize
156KB

Download
memory/1188-17-0x0000000001C40000-0x0000000001C67000-memory.dmp

Filesize
156KB

Download
memory/1188-15-0x0000000001C40000-0x0000000001C67000-memory.dmp

Filesize
156KB

Download
memory/1188-16-0x0000000001C40000-0x0000000001C67000-memory.dmp

Filesize
156KB

Download
memory/1188-18-0x0000000001C40000-0x0000000001C67000-memory.dmp

Filesize
156KB

Download
memory/1188-19-0x0000000001C40000-0x0000000001C67000-memory.dmp

Filesize
156KB

Download
memory/1300-22-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1300-23-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1300-24-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1300-25-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1360-28-0x00000000025A0000-0x00000000025C7000-memory.dmp

Filesize
156KB

Download
memory/1360-27-0x00000000025A0000-0x00000000025C7000-memory.dmp

Filesize
156KB

Download
memory/1360-29-0x00000000025A0000-0x00000000025C7000-memory.dmp

Filesize
156KB

Download
memory/1360-30-0x00000000025A0000-0x00000000025C7000-memory.dmp

Filesize
156KB

Download
memory/1412-79-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-75-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-48-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-52-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-54-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-56-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-58-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1412-59-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-61-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-63-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-65-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-67-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-69-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-71-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-73-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-50-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-1-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1412-77-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1412-0-0x0000000001DF0000-0x0000000001ED0000-memory.dmp

Filesize
896KB

Download
memory/1412-202-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1412-43-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/1412-45-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/1412-46-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/1412-47-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/1412-44-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/1412-2-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1628-12-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1628-14-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1628-434-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download