2ca65cf0508045ba1ceb342313fb310ca3b2d94a412cab147302399fe82b9ecb

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 09:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
Size

271KB
MD5

89e84d8c1561f27fdfe45d0e0400a922
SHA1

10fa0346c2cd78ff4c87aaa19d4ffac42877d49a
SHA256

2ca65cf0508045ba1ceb342313fb310ca3b2d94a412cab147302399fe82b9ecb
SHA512

57e5f4a736d14766af7b9281d50c01af87314f3ae2776ae231911a85999cf1bde759334460adf644748015c19ba463de842b4eb05aec90cc373db60a914a95b9
SSDEEP

6144:Tf8dyD21oCyWW9mGBoQqe9fhUeU/BqinBrMJ1yj9UPj:r7q5yWW97oHep2e0B7Br21IE

Score

7^/10

discovery persistence upx vmprotect

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
2332	A_v_DVD.dll
2960	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe
2864	services.exe
1076	A_v_AuTo.dll
2992	services.exe
2224	A_v_AuTo.dll
1984	services.exe
1908	A_v_TT.dll

Loads dropped DLL 31 IoCs

pid	Process
2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
2332	A_v_DVD.dll
2332	A_v_DVD.dll
2332	A_v_DVD.dll
2332	A_v_DVD.dll
2332	A_v_DVD.dll
2960	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe
2960	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe
2960	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe
2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
2864	services.exe
2864	services.exe
2864	services.exe
2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
1076	A_v_AuTo.dll
1076	A_v_AuTo.dll
1076	A_v_AuTo.dll
1076	A_v_AuTo.dll
1076	A_v_AuTo.dll
2224	A_v_AuTo.dll
2224	A_v_AuTo.dll
2992	services.exe
2992	services.exe
2992	services.exe
2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
1908	A_v_TT.dll
1908	A_v_TT.dll
1908	A_v_TT.dll

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2164-0-0x0000000000400000-0x0000000000457000-memory.dmp	upx
behavioral1/memory/2164-36-0x0000000000400000-0x0000000000457000-memory.dmp	upx
behavioral1/memory/2164-56-0x0000000000400000-0x0000000000457000-memory.dmp	upx
behavioral1/files/0x0033000000016d82-64.dat	upx
behavioral1/memory/2164-97-0x0000000000400000-0x0000000000457000-memory.dmp	upx
behavioral1/memory/2224-102-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/1076-79-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2164-128-0x0000000000400000-0x0000000000457000-memory.dmp	upx
behavioral1/memory/1076-131-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/1076-147-0x0000000000400000-0x0000000000415000-memory.dmp	upx

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1908-118-0x0000000000400000-0x0000000000417000-memory.dmp	vmprotect
behavioral1/files/0x0007000000017131-115.dat	vmprotect
behavioral1/memory/1908-123-0x0000000000400000-0x0000000000417000-memory.dmp	vmprotect
behavioral1/memory/1908-150-0x0000000000400000-0x0000000000417000-memory.dmp	vmprotect

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet = "C:\\Program Files\\Common Files\\Microsoft Shared\\services.exe"	A_v_AuTo.dll

Drops file in Program Files directory 15 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_Dvd.ocx	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_Dw.ocx	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.ocx	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_bind.au	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_Tj.ocx	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Au_ing_Code.ini	services.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\services.exe	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\services.exe	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Au_ing_Code.ini	services.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	A_v_DVD.dll
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	A_v_AuTo.dll
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	A_v_AuTo.dll
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	services.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	A_v_TT.dll

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1076	A_v_AuTo.dll
1076	A_v_AuTo.dll
1076	A_v_AuTo.dll
2224	A_v_AuTo.dll
2224	A_v_AuTo.dll
2224	A_v_AuTo.dll
1908	A_v_TT.dll
1908	A_v_TT.dll
1908	A_v_TT.dll
1908	A_v_TT.dll

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2864	services.exe
Token: SeDebugPrivilege	1984	services.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2960	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe
2960	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe
2960	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2960	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe
2960	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe
2960	new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1908	A_v_TT.dll
1908	A_v_TT.dll

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2332	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2332	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2332	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2332	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2332	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2332	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2332	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	30
PID 2332 wrote to memory of 2960	2332	A_v_DVD.dll	31
PID 2332 wrote to memory of 2960	2332	A_v_DVD.dll	31
PID 2332 wrote to memory of 2960	2332	A_v_DVD.dll	31
PID 2332 wrote to memory of 2960	2332	A_v_DVD.dll	31
PID 2332 wrote to memory of 2960	2332	A_v_DVD.dll	31
PID 2332 wrote to memory of 2960	2332	A_v_DVD.dll	31
PID 2332 wrote to memory of 2960	2332	A_v_DVD.dll	31
PID 2164 wrote to memory of 2864	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2864	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2864	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2864	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2864	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2864	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2864	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	32
PID 2164 wrote to memory of 1076	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	33
PID 2164 wrote to memory of 1076	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	33
PID 2164 wrote to memory of 1076	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	33
PID 2164 wrote to memory of 1076	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	33
PID 2164 wrote to memory of 1076	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	33
PID 2164 wrote to memory of 1076	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	33
PID 2164 wrote to memory of 1076	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	33
PID 1076 wrote to memory of 2992	1076	A_v_AuTo.dll	34
PID 1076 wrote to memory of 2992	1076	A_v_AuTo.dll	34
PID 1076 wrote to memory of 2992	1076	A_v_AuTo.dll	34
PID 1076 wrote to memory of 2992	1076	A_v_AuTo.dll	34
PID 1076 wrote to memory of 2992	1076	A_v_AuTo.dll	34
PID 1076 wrote to memory of 2992	1076	A_v_AuTo.dll	34
PID 1076 wrote to memory of 2992	1076	A_v_AuTo.dll	34
PID 2224 wrote to memory of 1984	2224	A_v_AuTo.dll	36
PID 2224 wrote to memory of 1984	2224	A_v_AuTo.dll	36
PID 2224 wrote to memory of 1984	2224	A_v_AuTo.dll	36
PID 2224 wrote to memory of 1984	2224	A_v_AuTo.dll	36
PID 2164 wrote to memory of 1908	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	37
PID 2164 wrote to memory of 1908	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	37
PID 2164 wrote to memory of 1908	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	37
PID 2164 wrote to memory of 1908	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	37
PID 2164 wrote to memory of 1908	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	37
PID 2164 wrote to memory of 1908	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	37
PID 2164 wrote to memory of 1908	2164	89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe	37

C:\Users\Admin\AppData\Local\Temp\89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\89e84d8c1561f27fdfe45d0e0400a922_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll
  "C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\AppData\Local\Temp\new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe
    "C:\Users\Admin\AppData\Local\Temp\new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2960
- C:\Program Files\Common Files\Microsoft Shared\services.exe
  "C:\Program Files\Common Files\Microsoft Shared\services.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2864
- C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll
  "C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1076
- - C:\Program Files\Common Files\Microsoft Shared\services.exe
    "C:\Program Files\Common Files\Microsoft Shared\services.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2992
- C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll
  "C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1908

C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll
"C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files\Common Files\Microsoft Shared\services.exe
  "C:\Program Files\Common Files\Microsoft Shared\services.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll

Filesize
47.7MB

MD5
224cbb038aca1d6afac95304a86306ce

SHA1
026fae8cced0746a4eae59c1bc61c7c1239e6338

SHA256
b90cfeac658e3b6bc4d740e9cbfa52d86c424b5a7cd86157064f82c9ac640953

SHA512
da43c9abef8d42184869ef058e89ae697393a28aff4eeffac05d788e421f1d5c871185ccdd8f08e9aa3ac244fc93f760db222bec8926930553648e92e750e8b5

Download Submit
\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll

Filesize
47.7MB

MD5
8b7e8fe6c875f74fe5d48aabbe45ed3d

SHA1
fa816267b7ea28b1ef3e2c05a9371de160548e7b

SHA256
39e20031073685d4a0dceca03ec8da53caad73bcb92c5764a20f233b2dba0ece

SHA512
ec00b144a60558479c439078c8910437eb9f78d61f594845d22bdc564407100c7693da2a3c7dec48408246f48b14aa0870c61768934458c0680765addd110bfe

Download Submit
\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll

Filesize
606KB

MD5
8e0ab3f78bea26a8790a45d631a34937

SHA1
3e235fd16527744b8a8a10af161ac94693725155

SHA256
efdaad7ec88bdf55d86af76973059166f297b39e0eae51eb73651a3b4aff5cae

SHA512
eb474ee96d441552dd76106cb048b8439af13fb511241f12c8f2cff7fbde2aeb9929bd381209d295f7469be99cfe34ca5a4841412a01cfdfe97335c98c8792aa

Download Submit
\Program Files\Common Files\Microsoft Shared\services.exe

Filesize
47.7MB

MD5
e267af715ccdc98bfc97347260fab341

SHA1
0cd975d4aac9d169cb0cacb21b140804366de534

SHA256
d609fbed2e9c94a53aa40de59eb1feb89f71e15800961f67c41dc59133eec61c

SHA512
fcf757c1d0957315ee19c9d862643a38d1b4cf04d2963a981bdb79f6a508bf8e2bb2d58f20c1a73ff20d1967559044c0f44deb222f2e7be746b1140eb54539b6

Download Submit
\Users\Admin\AppData\Local\Temp\new_84aaa.exe_C53458B13F644A16A92364FF28674E810693B94F.exe

Filesize
252KB

MD5
98a47a067a396d52c8f33cd82d1df5e4

SHA1
2c8e3743283615f6f54afd60806f5476d3e52f06

SHA256
cc6e0f9ea16b535ab144868ca0b0b0d41a4953326a3b2bb3bb68a263bb3da83c

SHA512
380b32900159deb9a3caad5522414a8d77613fe4b832a63717809efaba65606a4526a4e5e32309c2168e22ce231b1294ee8cb95e633f60f3733f642510ea1f15

Download Submit
memory/1076-147-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1076-77-0x0000000000020000-0x0000000000035000-memory.dmp

Filesize
84KB

Download
memory/1076-137-0x0000000000250000-0x0000000000268000-memory.dmp

Filesize
96KB

Download
memory/1076-100-0x0000000000250000-0x0000000000268000-memory.dmp

Filesize
96KB

Download
memory/1076-136-0x0000000000250000-0x0000000000268000-memory.dmp

Filesize
96KB

Download
memory/1076-134-0x0000000000020000-0x0000000000035000-memory.dmp

Filesize
84KB

Download
memory/1076-135-0x0000000000020000-0x0000000000035000-memory.dmp

Filesize
84KB

Download
memory/1076-131-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1076-80-0x0000000000020000-0x0000000000035000-memory.dmp

Filesize
84KB

Download
memory/1076-79-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1076-101-0x0000000000250000-0x0000000000268000-memory.dmp

Filesize
96KB

Download
memory/1076-76-0x0000000000020000-0x0000000000035000-memory.dmp

Filesize
84KB

Download
memory/1908-124-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1908-152-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1908-118-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1908-126-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1908-125-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1908-151-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1908-123-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1908-153-0x0000000000020000-0x0000000000037000-memory.dmp

Filesize
92KB

Download
memory/1908-150-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1984-104-0x0000000000400000-0x0000000000417AAD-memory.dmp

Filesize
94KB

Download
memory/1984-88-0x0000000000400000-0x0000000000417AAD-memory.dmp

Filesize
94KB

Download
memory/2164-105-0x0000000000270000-0x0000000000288000-memory.dmp

Filesize
96KB

Download
memory/2164-128-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2164-56-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2164-2-0x0000000000230000-0x0000000000287000-memory.dmp

Filesize
348KB

Download
memory/2164-8-0x0000000000380000-0x00000000003CE000-memory.dmp

Filesize
312KB

Download
memory/2164-97-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2164-75-0x0000000000270000-0x0000000000285000-memory.dmp

Filesize
84KB

Download
memory/2164-116-0x0000000000270000-0x0000000000287000-memory.dmp

Filesize
92KB

Download
memory/2164-36-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2164-48-0x0000000000270000-0x0000000000288000-memory.dmp

Filesize
96KB

Download
memory/2164-0-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/2164-41-0x0000000000270000-0x0000000000288000-memory.dmp

Filesize
96KB

Download
memory/2164-78-0x0000000000270000-0x0000000000285000-memory.dmp

Filesize
84KB

Download
memory/2164-117-0x0000000000270000-0x0000000000287000-memory.dmp

Filesize
92KB

Download
memory/2224-138-0x0000000000390000-0x00000000003A8000-memory.dmp

Filesize
96KB

Download
memory/2224-103-0x0000000000390000-0x00000000003A8000-memory.dmp

Filesize
96KB

Download
memory/2224-102-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2332-10-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2332-15-0x0000000000270000-0x00000000002BE000-memory.dmp

Filesize
312KB

Download
memory/2332-60-0x0000000000250000-0x0000000000252000-memory.dmp

Filesize
8KB

Download
memory/2332-16-0x0000000000250000-0x0000000000252000-memory.dmp

Filesize
8KB

Download
memory/2332-17-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2332-57-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2864-58-0x0000000000020000-0x0000000000038000-memory.dmp

Filesize
96KB

Download
memory/2864-49-0x0000000000400000-0x0000000000417AAD-memory.dmp

Filesize
94KB

Download
memory/2864-59-0x0000000000400000-0x0000000000417AAD-memory.dmp

Filesize
94KB

Download
memory/2864-99-0x0000000000400000-0x0000000000417AAD-memory.dmp

Filesize
94KB

Download
memory/2960-27-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2960-33-0x00000000034A0000-0x00000000036A4000-memory.dmp

Filesize
2.0MB

Download
memory/2960-34-0x00000000034A0000-0x00000000036A4000-memory.dmp

Filesize
2.0MB

Download
memory/2992-96-0x0000000000400000-0x0000000000417AAD-memory.dmp

Filesize
94KB

Download
memory/2992-94-0x0000000000400000-0x0000000000417AAD-memory.dmp

Filesize
94KB

Download