1e55dcbbd1df7847f3c9976d253a8f4f1ce41c3360999972a862f2732bc6d7e7

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe
Size

115KB
MD5

aa0702e763cc10f8186a004516e6016a
SHA1

07a6a7f0c8a7600e41d0bf6b600ea19dec3f03ee
SHA256

1e55dcbbd1df7847f3c9976d253a8f4f1ce41c3360999972a862f2732bc6d7e7
SHA512

849fa4a1443789fa52c207b0da1cf8d3e377b58dbcd8c82bdc295453b43b5c5a7e7d6203affc2ea9f94590c6f05905867b01fe5525ac9790431275f105ce5458
SSDEEP

3072:k/c4gMtfcnz2FHIOwWD0Dv73/QhxTo9houtD:k/cwqnz8PwWD0Dz+ohoS

Score

7^/10

discovery upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe

Deletes itself 1 IoCs

pid	Process
3600	conime.exe

Executes dropped EXE 4 IoCs

pid	Process
3600	conime.exe
2944	conime.exe
1116	conime.exe
1804	conime.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4608-0-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/files/0x0003000000022aa5-13.dat	upx
behavioral2/files/0x000700000002343c-20.dat	upx
behavioral2/memory/4608-24-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-29-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-50-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-52-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-51-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-53-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-54-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-55-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-57-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-56-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-58-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-59-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-60-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-61-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-62-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-63-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-64-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-65-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-66-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-67-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-68-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-69-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-70-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-71-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-72-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-73-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-74-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-75-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-76-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-77-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-78-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-79-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-80-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-81-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-82-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-83-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-84-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-85-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-86-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-87-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-88-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-89-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-90-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-91-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-92-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-93-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-94-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-95-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-96-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-97-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-98-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-99-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-100-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-101-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-102-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-103-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-104-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1804-105-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/3600-106-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/2944-107-0x0000000000400000-0x0000000000453000-memory.dmp	upx
behavioral2/memory/1116-108-0x0000000000400000-0x0000000000453000-memory.dmp	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\1.bat	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe
File created	C:\Windows\`.bat	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe
File created	C:\Windows\2.ini	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	conime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	conime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	conime.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	conime.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe
4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe
4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe
4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
2944	conime.exe
2944	conime.exe
2944	conime.exe
2944	conime.exe
2944	conime.exe
2944	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
1116	conime.exe
1116	conime.exe
2944	conime.exe
2944	conime.exe
2944	conime.exe
2944	conime.exe
1116	conime.exe
1116	conime.exe
1116	conime.exe
1116	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
3600	conime.exe
1804	conime.exe
1804	conime.exe
2944	conime.exe
1804	conime.exe
2944	conime.exe
1804	conime.exe
1804	conime.exe
2944	conime.exe
1804	conime.exe
2944	conime.exe
1116	conime.exe
1116	conime.exe
1116	conime.exe
1116	conime.exe
3600	conime.exe
3600	conime.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 3184	4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe	85
PID 4608 wrote to memory of 3184	4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe	85
PID 4608 wrote to memory of 3184	4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe	85
PID 4608 wrote to memory of 3620	4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe	87
PID 4608 wrote to memory of 3620	4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe	87
PID 4608 wrote to memory of 3620	4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe	87
PID 4608 wrote to memory of 3600	4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe	91
PID 4608 wrote to memory of 3600	4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe	91
PID 4608 wrote to memory of 3600	4608	aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe	91
PID 3600 wrote to memory of 2944	3600	conime.exe	94
PID 3600 wrote to memory of 2944	3600	conime.exe	94
PID 3600 wrote to memory of 2944	3600	conime.exe	94
PID 3600 wrote to memory of 1116	3600	conime.exe	95
PID 3600 wrote to memory of 1116	3600	conime.exe	95
PID 3600 wrote to memory of 1116	3600	conime.exe	95
PID 3600 wrote to memory of 1804	3600	conime.exe	98
PID 3600 wrote to memory of 1804	3600	conime.exe	98
PID 3600 wrote to memory of 1804	3600	conime.exe	98

C:\Users\Admin\AppData\Local\Temp\aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\aa0702e763cc10f8186a004516e6016a_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Windows\1.bat" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3184
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Windows\`.bat" -in"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3620
- C:\ccc\conime.exe
  C:\ccc\conime.exe -self
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3600
- - C:\ccc\conime.exe
    C:\ccc\conime.exe -self
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2944
- - C:\ccc\conime.exe
    C:\ccc\conime.exe -self
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1116
- - C:\ccc\conime.exe
    C:\ccc\conime.exe -self
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\1.bat

Filesize
482B

MD5
e1dbc0180f475190337e74446cbdac58

SHA1
53bcc5e6c2cf35a2b03f6d37d1b05686d296a064

SHA256
d4d08750e0c22fe69c50da8488af87ce7add0ef8d28a56cfd0753c87a37f7432

SHA512
d71eaf2358c52bb4b288b4a1a52d88b29cdbb610f1219deb452b362b9da1093d7f0ce64bbb07fb5920768133497abb4663eabfab73c56484c64ee124689960c2

Download Submit
C:\Windows\2.ini

Filesize
86B

MD5
7904bc67515b047ec5690d467758783e

SHA1
4a3a2324883c444f77b7b223d60d62847bf02742

SHA256
3bdc362cacba7a69a266f902b450c03d8e0d6a37eabc0e7915978686e3671ae3

SHA512
e5d2d5db300df6a177080cba41da713312337832df135c93a4a5e3b6f329e74b88fe4da67d0b4547bee8b0f92fc73232370d836d680e793b397b9930fc67b83f

Download Submit
C:\Windows\Temp\dfcent

Filesize
28B

MD5
843e4a701b75ca0aefae98fbec2e4aee

SHA1
206fa2cc2eecf06acec296526035dbb45767f041

SHA256
22b071d2a7b34d5132012b1885bf990164cecfbebcc7f9243cbea2395282a671

SHA512
755ed24aba29c7df9aeebe0dfcac1387fd05d6a9bcd00ee54c231afb41571dc609071c93f1a9a7c97ee3599d4a5e39948db4217f005abcfa2cb752d3feed00ae

Download Submit
C:\Windows\Temp\dfcent

Filesize
28B

MD5
49c5855eafbe09bc89a4b7803f296f0f

SHA1
390e3464253d991cfcfd45a14b52e0f8fc7ab824

SHA256
c74de58df17d7457a458dd7571d311d931f8148d22832a8dd3dc95b35a079bc6

SHA512
16bdc576c3c8355ef67d1e17cae61621bcee0b1a41b86ae523f85ac6075ee526b0d29c428ad4a0735ae26accc0cdb21f921aca2f68faf6792895f81e956cc800

Download Submit
C:\Windows\Temp\dfcent

Filesize
28B

MD5
9e262cd755a307583abf7fec133242ac

SHA1
b47dc4569a8a0b290f59a9178c9362257b2da1bc

SHA256
b901d75a2dc8954db0b70608e5b8568b6b3b0713a46a9eb343ebcd78e60a79e0

SHA512
209a228368f6ee5731b3db87e7bd0c0a95b7bf0dcc2c8d95d1a02a142b7ad8fd65774e2bd6e1699ff600aeac0608ed58ad35395fecb01d3ae3bf355c5d8c6da1

Download Submit
C:\Windows\Temp\tmp\df\ipp.000.tmp

Filesize
24KB

MD5
d1b6da1f8eae4c884c149942f9315d71

SHA1
9c5eff8ea47a21e9380ff3719840a88e2ba5b3bc

SHA256
0faca447933f751466e7a8321af3b4d23e9e51a26677d7c196cb52c4f7d7001c

SHA512
2ab515533fff21587c1fea432e52e18a6addb3dbefdc06bac05b710d5506744171ba13bf45ae93357fc6e398929cd57441402725be0eb9c2a3a676c0beb4eae3

Download Submit
C:\Windows\Temp\tmp\df\ipp.001.tmp

Filesize
24KB

MD5
e7f6df975986d22e0e119ee726c9c402

SHA1
c78c91844543cba2f075ead4578c01f8b18c01a1

SHA256
24df67f4ff7168dde53c785c86b9759f66fdb31bad3619ac16f59cf10bd32e14

SHA512
17bfcb15dbbc794b3774f19f7bcd3ec2ef9db3f6910ec3bb1b4bc663dbc1ce0108471c5fd3d8b2b1ff6e2e9a3c9df03f6584f364adc91d1c7894d7164ebb5177

Download Submit
C:\Windows\Temp\tmp\df\ipp.002.tmp

Filesize
24KB

MD5
2f9514c1d0d745d98fba43fa207f91c4

SHA1
e7998a1b5249375f212eb0b7b97eb706e49dde8b

SHA256
0dd06ce059f8c9d519ce2cbb39aee44f779fe7797239725d4e3641435b37c731

SHA512
f03e904a651eadc7bb5f6f5cd39c146421df668bb0c87086eaef1628306da44c3941854eae450ed8383532a951f4795505cc5f650daeb11361f2447c038a92ee

Download Submit
C:\Windows\Temp\tmp\df\ipp.003.tmp

Filesize
24KB

MD5
5b3ddedfa834a7135cefaf4c3e990070

SHA1
2274fa4758b62a2de51758173327706a44666abd

SHA256
94ef9b3e5e3c080a8702ac5a0ab3ecc45c0fa6372f177d56d3b881ee7b6366cf

SHA512
c71f67a477be00a04f44dc29188648aea178605dde0b9adfaa127ef5bf1cf93a8ecf5cadc1bcac05fe7c36637ffa385857f5dc1bbf801d7a032f0e894fbb44c7

Download Submit
C:\Windows\Temp\tmp\df\ipp.004.tmp

Filesize
16KB

MD5
18ce07b6c01cc8c45c1f51bf33aa5c55

SHA1
932d095ae2089f0fc0cd185934defec210508f78

SHA256
8353e91da560fee5e6216f1d170b9be35be1bf264355f2759cf14f78b9728e86

SHA512
edfb077c7bf5f05e4143026e5742438dd70f0bec39653dc7460bc85f43e0c6bf9e9b117b24e9694e7345800d616a76319af4f7ef4ac4a1e4c1557f8b3c6f79ca

Download Submit
C:\Windows\`.bat

Filesize
60B

MD5
83d1e52896023419d72ee8f91da2cffb

SHA1
e770fb1d5f3db57de0b3e6139f7d80a16a983113

SHA256
29366d1af05aa97500c233d21ec866c25f4ac346896cfd031db70dcf74d1be2c

SHA512
284f12d24d781b25e7c1afef29910d8e5120974c5c7ca8d44482bc8dc588c8673d276f31fd30cee691730dfed8ab059c05891539e8d91f9477513259a0b3679c

Download Submit
C:\ccc\conime.exe

Filesize
115KB

MD5
aa0702e763cc10f8186a004516e6016a

SHA1
07a6a7f0c8a7600e41d0bf6b600ea19dec3f03ee

SHA256
1e55dcbbd1df7847f3c9976d253a8f4f1ce41c3360999972a862f2732bc6d7e7

SHA512
849fa4a1443789fa52c207b0da1cf8d3e377b58dbcd8c82bdc295453b43b5c5a7e7d6203affc2ea9f94590c6f05905867b01fe5525ac9790431275f105ce5458

Download Submit
memory/1116-54-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-108-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-76-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-80-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-104-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-72-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-100-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-84-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-55-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-68-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-88-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-64-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-96-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-60-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1116-92-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-93-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-69-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-97-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-65-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-89-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-56-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-57-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-61-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-85-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-77-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-101-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-73-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-81-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-105-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/1804-109-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-53-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-95-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-79-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-75-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-29-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-107-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-83-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-71-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-52-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-103-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-87-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-67-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-99-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-59-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-91-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/2944-63-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-94-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-102-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-62-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-90-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-58-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-98-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-66-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-74-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-51-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-78-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-86-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-70-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-50-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-106-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/3600-82-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/4608-0-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/4608-24-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download