92398d0e504e5f715f69b20014a9cdb200463c9bfef2b5fb3820386a5b921c1f

Analysis

max time kernel
81s
max time network
145s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 14:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe
Size

192KB
MD5

9662cf1f8041715e183b7e7eeab2ad05
SHA1

d7a13101e847e23c3598367f7cf3bea304190990
SHA256

92398d0e504e5f715f69b20014a9cdb200463c9bfef2b5fb3820386a5b921c1f
SHA512

dde04cea7778072689c892434dc780c52c1795e91fa755948857e27369310341f5131e86290109cf4f8a44a717163e7c4b2aa7dc2a56fbf61fea99d8d69f1420
SSDEEP

3072:MHL3Vt1foRcj36UZJGI5CJwxh7OYkq5P7/rruDfqND:MHL9foR436UuIoHWrrumND

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3048 set thread context of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B3F584F1-5A45-11EF-A1CF-525C7857EE89} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429805963"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1252	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe
1252	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1252	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe
Token: SeDebugPrivilege	2768	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2744	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29
PID 3048 wrote to memory of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29
PID 3048 wrote to memory of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29
PID 3048 wrote to memory of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29
PID 3048 wrote to memory of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29
PID 3048 wrote to memory of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29
PID 3048 wrote to memory of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29
PID 3048 wrote to memory of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29
PID 3048 wrote to memory of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29
PID 3048 wrote to memory of 1252	3048	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	29
PID 1252 wrote to memory of 2256	1252	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	30
PID 1252 wrote to memory of 2256	1252	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	30
PID 1252 wrote to memory of 2256	1252	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	30
PID 1252 wrote to memory of 2256	1252	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	30
PID 2256 wrote to memory of 2744	2256	iexplore.exe	31
PID 2256 wrote to memory of 2744	2256	iexplore.exe	31
PID 2256 wrote to memory of 2744	2256	iexplore.exe	31
PID 2256 wrote to memory of 2744	2256	iexplore.exe	31
PID 2744 wrote to memory of 2768	2744	IEXPLORE.EXE	32
PID 2744 wrote to memory of 2768	2744	IEXPLORE.EXE	32
PID 2744 wrote to memory of 2768	2744	IEXPLORE.EXE	32
PID 2744 wrote to memory of 2768	2744	IEXPLORE.EXE	32
PID 1252 wrote to memory of 2768	1252	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	32
PID 1252 wrote to memory of 2768	1252	9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Users\Admin\AppData\Local\Temp\9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\9662cf1f8041715e183b7e7eeab2ad05_JaffaCakes118.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1252
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2256
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8a3c85b8d079b570be851209ab827fa

SHA1
f427eb4801d9aa971f079b9630dbff3beda4671e

SHA256
1efff96119b2ef44fe81e32b92f43f7b87c05948da5ef10baf929ea557db50c7

SHA512
a1070c8b8cdeb8ca03e2ebec7d55cd955e564b2dabb90786e5a52a99af0b658f5bd445807a97a94d1ceae2bd3f143b7a22da184f23c692c0017f0cbf6ea579d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50fe01097449b0e357b13809ba0ec181

SHA1
6d0629d206af69dc6427d95ef4455f5b78f1f6b1

SHA256
b77ba2fa3113a4f6f04d8379082b4cb495ff16f790c03920b4676cc9e691648f

SHA512
64fcef0962015485044ec0903f3392b6ed177c87d2ec6b54902c583452fb6e9c5b365322b8b5d8fdc2edbd987d6e5908ac95bead5735de11fc5337352655b7ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ade5e71933432759ebf7d6c13f2f9391

SHA1
6cb611d0a24359e648d410380a1ed9caf27cbae3

SHA256
bc08cca125b100b3804d89ad0886d2888ef52e39c59fb860aa2b0f915a01db3b

SHA512
75f1b42745099c946c7fcff1aea9980274cd842f373003ac45f14dc96234bd2c2f0bf45e83fcd1ff4f592cc0b2f6ad25d0fe6204cd6289c0b4666c929b53723d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38358fd0eb0b9b3872b6626660ec10e6

SHA1
21d7823aed09963f3e158468a259f691cc78b292

SHA256
518e9dbd358633dfcff676e637480102c6083154f0ee879854b8ab717928efed

SHA512
0f7ffb652ad0734a802cd1ac5ba8751b6313f563145d2b824f12f0f9845604c7ede246e9871ca81c58669994167fbe57eee61b5dba3e28d5e9a00883b9c0bece

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c07d9990ccedcb838243957a4de739c3

SHA1
2cb9d744c80c637a4496163381d5e225271791da

SHA256
3fdf548d58c803adda12791458a6e51c458506c6c495ef7da72cd6d6dfcd8611

SHA512
754491c2de357345fddd672649d6723d5df31446728f87e60dec9c18bcd18882a8ec107b3c5e9540b5464a0f947db62819d2161e815366875aadeaf6db2df34c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31b0f2ff37ddd2c41f9cf8591a526be6

SHA1
4fd9e10041fc150ec4eba5bcc4f8fe5883442bbf

SHA256
2a033dc4caa54d29ff200f204351c67dafa7401064c10a194d7f85102afb6bfe

SHA512
8fbb3eb1059c6649983767febb6f0b40cbe0a1c7373ac88ab1c701906af518ef2a34c61624500112676ae672cffae0409a8b984ab4d22c81ac10e9cd4c1edfa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a54d0266840e6e999ccea4a82425367

SHA1
2c7afd83240dffe1c4afca48278842130b5ed7e5

SHA256
771bd85cbcec88b473990d0e5452b8c4c65b933f6e36d0d4bdfa559aec27588b

SHA512
a415897121a2c1b4ea0507ffddd3329cd471d6b143038d5c5814975a8476121bdcc36986899d7afb0c5d1d3cccb42195863a42dcace5bffadb0dd17d1fa34c29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a59219abce7cff27b09aac1055cc87a

SHA1
b360e23883f1cca57feefcccf28f8a955ebe1356

SHA256
85ecc938e9b4cdb2f8bf89abfb8be6663e3fab7b99fee3ba192cccbe69ff1a4e

SHA512
21bf741b65f0d9aca143f356f1a9c9217f28114ce587d1e2526c979405965d0f7fdb2930ba2d17437558f6773889c5a371af09c1588685ae60d2d74307b17b3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a924f333913167df22ede2d0394c8657

SHA1
1b68b552a35e717e553dc9a39caaa7ab23668840

SHA256
3238009a8f5ce332efc3e9c128c1f868ba993b323e904500c8f5e13346583b4f

SHA512
0f53cc05138496a7e115196aaaa03ea5258765e0c5227bc8eaf1e86a0ccc3ba6d2e811b5a6316711754b51d103338bb383167c971d69ce43a88143957f9e4824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5232db83980c4f7efbad04d3cb0cf57d

SHA1
2ac57e53f6ac0fbb000eeb8e43078a59ebc1b3d5

SHA256
204d0f1ef07653b4d13262e6905308aebc33d1b6a138a343c6e091483e6795e3

SHA512
a9f98bd391432f4a0ed9d47bb1873982ff99f0bcdc87684fdfbc4e6f302df7d520bd1885db2eda2ad278bb55c35470e8f9917023f06c5e7304935fdb2126dc7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d12edc4905581f4321b61f73b98d2f38

SHA1
81f0a91981a98af70cd65be7a4b22b67cfac8cf6

SHA256
9192f07f691e79f3b4a638c2937dc46f88e92106b515be4dfb85b2799618abf4

SHA512
d96efb86943d1be3472daa293daf4d96c1a799b5f522ac4d2e34f8b7c5c1219972b17dfdf27c5e37bb3216f937bd39cebb266ce72847ed409fc76d9c9efc0340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2242e877284487123e71acb385ccf05

SHA1
769b244bf02a067acec780eaefdc3cc2ce04c44c

SHA256
d5ea8c7ad0c7e8fedb95710baf8de3afe08494311f927d2867000ffed2a2bb26

SHA512
915e163e0f6d6dcd3e4c58e40210df75142f05e1f89ad79d9f664248904f2d1a1e96fa9e9a9d2b4f8da9614f8420747282847531e2c0a580783142a53bbac388

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3aa60bfb287bdf31828557e470fa6a1f

SHA1
2d1c6e90a9f60dec57071c0b823fcc656c08e758

SHA256
4104a944108a4f637d2ecef4b7012b626229cd261549264d413b1b669205e5b1

SHA512
1201926872c845af451f79634b944bdb31d022ec014da2cf58436710eab33868572609ad4362066c97acfd47ce489f2a25f071eff95782399eccf5492e2633c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6F88.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7008.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1252-7-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1252-3-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1252-23-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1252-18-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1252-1-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1252-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1252-5-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1252-22-0x0000000000330000-0x000000000037F000-memory.dmp

Filesize
316KB

Download
memory/1252-12-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1252-9-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1252-16-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1252-17-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3048-13-0x0000000000260000-0x0000000000298000-memory.dmp

Filesize
224KB

Download
memory/3048-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/3048-15-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download