b4b46a291f0ab84aa808dc81089db49feb0c5924cdf963991363e2aa07285c3e

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe
Size

248KB
MD5

accebd98da8d436bdc1f4270044fa178
SHA1

83b975753664c3038e28262ede7d4d993a6c1919
SHA256

b4b46a291f0ab84aa808dc81089db49feb0c5924cdf963991363e2aa07285c3e
SHA512

cedd00b915168f331dc2413e203fa6b9c0e48000abc0c6dbb35219e5471b9a6a5fe82d8baac88f42670a3d150f2f718738e15ebc89761f205e2bfdabc2637d98
SSDEEP

6144:VHBD2YdVZeF7pZWWB2BjLE4qDfLwwaB/iYOwO:VH12YdVZeF7TWWBkLE4q4BZ

Score

8^/10

discovery evasion persistence privilege_escalation spyware stealer

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2744	netsh.exe

Deletes itself 1 IoCs

pid	Process
912	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2828	umgyso.exe

Loads dropped DLL 2 IoCs

pid	Process
2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe
2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\{2F9601A7-F148-3462-1CD5-C4E0B12F4990} = "C:\\Users\\Admin\\AppData\\Roaming\\Suwycos\\umgyso.exe"	umgyso.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2972 set thread context of 912	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	36

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	umgyso.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Privacy	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\57BF1D80-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe
2828	umgyso.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe
Token: SeSecurityPrivilege	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe
Token: SeSecurityPrivilege	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1880	WinMail.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1880	WinMail.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1880	WinMail.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1880	WinMail.exe

Suspicious use of WriteProcessMemory 61 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 896	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	31
PID 2972 wrote to memory of 896	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	31
PID 2972 wrote to memory of 896	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	31
PID 2972 wrote to memory of 896	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	31
PID 2972 wrote to memory of 2828	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	33
PID 2972 wrote to memory of 2828	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	33
PID 2972 wrote to memory of 2828	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	33
PID 2972 wrote to memory of 2828	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	33
PID 896 wrote to memory of 2744	896	cmd.exe	34
PID 896 wrote to memory of 2744	896	cmd.exe	34
PID 896 wrote to memory of 2744	896	cmd.exe	34
PID 896 wrote to memory of 2744	896	cmd.exe	34
PID 2828 wrote to memory of 1080	2828	umgyso.exe	18
PID 2828 wrote to memory of 1080	2828	umgyso.exe	18
PID 2828 wrote to memory of 1080	2828	umgyso.exe	18
PID 2828 wrote to memory of 1080	2828	umgyso.exe	18
PID 2828 wrote to memory of 1080	2828	umgyso.exe	18
PID 2828 wrote to memory of 1140	2828	umgyso.exe	19
PID 2828 wrote to memory of 1140	2828	umgyso.exe	19
PID 2828 wrote to memory of 1140	2828	umgyso.exe	19
PID 2828 wrote to memory of 1140	2828	umgyso.exe	19
PID 2828 wrote to memory of 1140	2828	umgyso.exe	19
PID 2828 wrote to memory of 1204	2828	umgyso.exe	21
PID 2828 wrote to memory of 1204	2828	umgyso.exe	21
PID 2828 wrote to memory of 1204	2828	umgyso.exe	21
PID 2828 wrote to memory of 1204	2828	umgyso.exe	21
PID 2828 wrote to memory of 1204	2828	umgyso.exe	21
PID 2828 wrote to memory of 1220	2828	umgyso.exe	23
PID 2828 wrote to memory of 1220	2828	umgyso.exe	23
PID 2828 wrote to memory of 1220	2828	umgyso.exe	23
PID 2828 wrote to memory of 1220	2828	umgyso.exe	23
PID 2828 wrote to memory of 1220	2828	umgyso.exe	23
PID 2828 wrote to memory of 2972	2828	umgyso.exe	30
PID 2828 wrote to memory of 2972	2828	umgyso.exe	30
PID 2828 wrote to memory of 2972	2828	umgyso.exe	30
PID 2828 wrote to memory of 2972	2828	umgyso.exe	30
PID 2828 wrote to memory of 2972	2828	umgyso.exe	30
PID 2828 wrote to memory of 1880	2828	umgyso.exe	35
PID 2828 wrote to memory of 1880	2828	umgyso.exe	35
PID 2828 wrote to memory of 1880	2828	umgyso.exe	35
PID 2828 wrote to memory of 1880	2828	umgyso.exe	35
PID 2828 wrote to memory of 1880	2828	umgyso.exe	35
PID 2972 wrote to memory of 912	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	36
PID 2972 wrote to memory of 912	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	36
PID 2972 wrote to memory of 912	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	36
PID 2972 wrote to memory of 912	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	36
PID 2972 wrote to memory of 912	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	36
PID 2972 wrote to memory of 912	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	36
PID 2972 wrote to memory of 912	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	36
PID 2972 wrote to memory of 912	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	36
PID 2972 wrote to memory of 912	2972	accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe	36
PID 2828 wrote to memory of 2696	2828	umgyso.exe	38
PID 2828 wrote to memory of 2696	2828	umgyso.exe	38
PID 2828 wrote to memory of 2696	2828	umgyso.exe	38
PID 2828 wrote to memory of 2696	2828	umgyso.exe	38
PID 2828 wrote to memory of 2696	2828	umgyso.exe	38
PID 2828 wrote to memory of 1708	2828	umgyso.exe	39
PID 2828 wrote to memory of 1708	2828	umgyso.exe	39
PID 2828 wrote to memory of 1708	2828	umgyso.exe	39
PID 2828 wrote to memory of 1708	2828	umgyso.exe	39
PID 2828 wrote to memory of 1708	2828	umgyso.exe	39

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1080

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1140

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1204
- C:\Users\Admin\AppData\Local\Temp\accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\accebd98da8d436bdc1f4270044fa178_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp1754f175.bat"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:896
  - - C:\Windows\SysWOW64\netsh.exe
      netsh advfirewall firewall add rule name="explore" dir=in action=allow program="C:\Users\Admin\AppData\Roaming\Suwycos\umgyso.exe"
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      System Location Discovery: System Language Discovery
      PID:2744
- - C:\Users\Admin\AppData\Roaming\Suwycos\umgyso.exe
    "C:\Users\Admin\AppData\Roaming\Suwycos\umgyso.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2828
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp10bb6d6c.bat"
    3⤵
    - Deletes itself
    - System Location Discovery: System Language Discovery
    PID:912

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1220

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2696

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials in Registry

T1552.002

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
f5bd8255a740ee60177599bf016fc911

SHA1
2e79c1abdca85208947f6315d0f23db766882804

SHA256
f5830cf12e03b050e8f1996c2882b61ab882d2e4bf2ee88aa5aea225591cc285

SHA512
7bb39d0af5c62463342214220d82cebdf203251a25a1b084eb8863d9ea627b3fbe4ad5b4b3045283cdee415c57f120735d7518a0a4de6ff0aad6e7ec2861f507

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp10bb6d6c.bat

Filesize
271B

MD5
1d59a952409297a047df23e5d4143b90

SHA1
75e132fd1a91359d766054c5dcec0e4c72993bcb

SHA256
d8721c39dba883ee05b5a42e736b70bfd7c8b0994ea5028b2a5ea9d144b5ddb3

SHA512
1bdbfe0c5369b91eacc2d25ffa61292500fc4e131cc83eecd8d69201356622b7c9f87ee90dcb0d70697ed6bbf7ce241416fb1689333424483a7127fa28f99b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp1754f175.bat

Filesize
203B

MD5
7da23a64d113b420d5fc68d1d3043f03

SHA1
9afd4e2aa5fb142f3860c75a87fd363e619fa16c

SHA256
2a2e129f0dee5d852db4a68b9f63ba69af706ca0163c2cf1ad1c1711c24ba7fa

SHA512
6e3d9c65044d904814c3d1eb5d1e1efd5628b645645eeb8930df4bcafe37708f9254d91f5426f2a7aed8233854049c15de7850d70e3b0de36eecc67cc4da6b4b

Download Submit
C:\Users\Admin\AppData\Roaming\Ohbeet\byasefy.hat

Filesize
380B

MD5
eebf853638bee24b74befeb10bf58866

SHA1
e0045bafee9be6b3841cf55f579800772c6e3b77

SHA256
b7abee47a279b584bf43bbdc090fc6c500d0670911f13c996ce13bb050ab070b

SHA512
0a299a03f1117c9ced6863d091263eadbd1d85381b23eb652bda04fe1e695721893876cff786963f7e0965d29faf8dec7f1eceb11c443be23861aa3b259e6ab9

Download Submit
\Users\Admin\AppData\Roaming\Suwycos\umgyso.exe

Filesize
248KB

MD5
9d87df09ccacab2406586c6b09af2981

SHA1
987e03a2b46ca1913a881aba01209dd08d590249

SHA256
bba1a2948623a27af2d9fa2f1e2d42327f2c8b11647aafd5da19bb1390fe20c8

SHA512
90302b5bd55be094fb256280988a1daaaf254be5b975d8a8c1d4a9594e315e6529aa459e355f7ab42866abba5797a404f0e3d506f9d19a52d37bc9f68f4b15fd

Download Submit
memory/1080-23-0x0000000002140000-0x0000000002167000-memory.dmp

Filesize
156KB

Download
memory/1080-27-0x0000000002140000-0x0000000002167000-memory.dmp

Filesize
156KB

Download
memory/1080-19-0x0000000002140000-0x0000000002167000-memory.dmp

Filesize
156KB

Download
memory/1080-21-0x0000000002140000-0x0000000002167000-memory.dmp

Filesize
156KB

Download
memory/1080-25-0x0000000002140000-0x0000000002167000-memory.dmp

Filesize
156KB

Download
memory/1140-33-0x0000000001ED0000-0x0000000001EF7000-memory.dmp

Filesize
156KB

Download
memory/1140-32-0x0000000001ED0000-0x0000000001EF7000-memory.dmp

Filesize
156KB

Download
memory/1140-31-0x0000000001ED0000-0x0000000001EF7000-memory.dmp

Filesize
156KB

Download
memory/1140-30-0x0000000001ED0000-0x0000000001EF7000-memory.dmp

Filesize
156KB

Download
memory/1204-35-0x0000000002CE0000-0x0000000002D07000-memory.dmp

Filesize
156KB

Download
memory/1204-36-0x0000000002CE0000-0x0000000002D07000-memory.dmp

Filesize
156KB

Download
memory/1204-37-0x0000000002CE0000-0x0000000002D07000-memory.dmp

Filesize
156KB

Download
memory/1204-38-0x0000000002CE0000-0x0000000002D07000-memory.dmp

Filesize
156KB

Download
memory/1220-43-0x0000000001C10000-0x0000000001C37000-memory.dmp

Filesize
156KB

Download
memory/1220-40-0x0000000001C10000-0x0000000001C37000-memory.dmp

Filesize
156KB

Download
memory/1220-41-0x0000000001C10000-0x0000000001C37000-memory.dmp

Filesize
156KB

Download
memory/1220-42-0x0000000001C10000-0x0000000001C37000-memory.dmp

Filesize
156KB

Download
memory/2828-15-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2828-16-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2828-170-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2828-17-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2972-65-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-67-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-61-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-60-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2972-58-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-56-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-54-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-52-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-50-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-49-0x0000000000450000-0x0000000000477000-memory.dmp

Filesize
156KB

Download
memory/2972-48-0x0000000000450000-0x0000000000477000-memory.dmp

Filesize
156KB

Download
memory/2972-47-0x0000000000450000-0x0000000000477000-memory.dmp

Filesize
156KB

Download
memory/2972-46-0x0000000000450000-0x0000000000477000-memory.dmp

Filesize
156KB

Download
memory/2972-45-0x0000000000450000-0x0000000000477000-memory.dmp

Filesize
156KB

Download
memory/2972-0-0x0000000000429000-0x000000000042A000-memory.dmp

Filesize
4KB

Download
memory/2972-63-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-69-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-71-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-73-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-75-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-77-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-79-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-81-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-83-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2972-130-0x0000000000429000-0x000000000042A000-memory.dmp

Filesize
4KB

Download
memory/2972-3-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2972-229-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2972-2-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2972-1-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download