74b136c13e57c3fd39eab420a6d8c1e5424ee1b534268fadf0d4991d2c42f8be

Analysis

max time kernel
78s
max time network
142s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe
Size

234KB
MD5

abe86e5f1407db9ae1fcd46ce4094a29
SHA1

b3eeb4f86dabb6f2150209f9e85aa49053156bba
SHA256

74b136c13e57c3fd39eab420a6d8c1e5424ee1b534268fadf0d4991d2c42f8be
SHA512

9f4e0f946b2c273dcce81e8015ba2a0c9cbb55ad6e0cd766da21f637aeab3d8bbdc0a2eb62c8419fed4a8f288e83e9a0f74650349f55e074fb755f12d31267f8
SSDEEP

6144:wnabPsHctnUV3IAeuL5kV3Ix56Q8QOr0Lpbv+:wn8FUtGaOr0Lpbv+

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2712 set thread context of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430250253"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{25D88C31-5E50-11EF-81BB-526249468C57} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2968	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe
2968	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2968	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe
Token: SeDebugPrivilege	2504	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2052	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe
2052	IEXPLORE.EXE
2052	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29
PID 2712 wrote to memory of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29
PID 2712 wrote to memory of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29
PID 2712 wrote to memory of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29
PID 2712 wrote to memory of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29
PID 2712 wrote to memory of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29
PID 2712 wrote to memory of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29
PID 2712 wrote to memory of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29
PID 2712 wrote to memory of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29
PID 2712 wrote to memory of 2968	2712	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	29
PID 2968 wrote to memory of 664	2968	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	30
PID 2968 wrote to memory of 664	2968	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	30
PID 2968 wrote to memory of 664	2968	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	30
PID 2968 wrote to memory of 664	2968	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	30
PID 664 wrote to memory of 2052	664	iexplore.exe	31
PID 664 wrote to memory of 2052	664	iexplore.exe	31
PID 664 wrote to memory of 2052	664	iexplore.exe	31
PID 664 wrote to memory of 2052	664	iexplore.exe	31
PID 2052 wrote to memory of 2504	2052	IEXPLORE.EXE	32
PID 2052 wrote to memory of 2504	2052	IEXPLORE.EXE	32
PID 2052 wrote to memory of 2504	2052	IEXPLORE.EXE	32
PID 2052 wrote to memory of 2504	2052	IEXPLORE.EXE	32
PID 2968 wrote to memory of 2504	2968	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	32
PID 2968 wrote to memory of 2504	2968	abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe	32

C:\Users\Admin\AppData\Local\Temp\abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Users\Admin\AppData\Local\Temp\abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\abe86e5f1407db9ae1fcd46ce4094a29_JaffaCakes118.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:664
  - - C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2052
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5385a897201a51566df72a0ed4b69ab2

SHA1
e87ed177e0ae4d25230c807e8f3066f457fb9cfa

SHA256
eb0037721bfe397dda1ce05db90b167971c2d6361d2f3f539da2197b4086e91c

SHA512
7d6a684e20938d8a99bf6b17a6ca2a8870de52c4532aa71601e816b96877ec503b46f6387eb2d614a8b0bfa3ed342192938ccd880e6a5b0ee1f2bb63be115e01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2a0c471df45361744fac4e1aa2d0e98

SHA1
7f66e54e782a8b39edce989475a9321dcd7c2051

SHA256
50b2099dc9a64cb48120d6e1dd83abc483b8acbac59a58b3d4b9764cf7895666

SHA512
58c3b33c4be062b435d57204f6ba2e54647bc24300da8348891a63da1be7738408d0c6589f1863639c76e24a37dc3fd556bd85d5ee9795534951d2b441ec25b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2365fdb70ab9f7669a0700a7968ed10

SHA1
6ee816009bdf46d9039aca2ddcdd2479587055f8

SHA256
edcf9f89d3d738fff5557dec3d9a6ee2c0fb731ca8b154335e37f628f7ba7884

SHA512
de3fc61a508c59ed8c0ad42b418f3dae382a9429e374f9c218001882deeb3c11b73bcdeea5e7f9d34eba7f6facbc8ca934f56a17bf8eb2839b13aa73d869e370

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b9fcb840db07e9b270a1f0128c8cdf3

SHA1
042367168d32bed8d75622bf175280b0aac22279

SHA256
5f38ba0624f743727637096bf0c80f1da93e41115dc0db397259f18534983ecc

SHA512
7aeb071c8053f4e553d57af57c5c8bb6d3a11992bba85a2704ff18dde9731fa8866af90179ee9b9b7f2e11b612578535273a82599bba56efc288574dda88edc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d9694f9a744cbac35467fca5af0b955

SHA1
789011d34fc01492453d05bac4e59934aa00cbd6

SHA256
3884cfd8dbdcb6553e90056afc4b02c8b4885d9493394d172ecd5e62c342f5eb

SHA512
eb5b944e1a11e03d2d7ebe0b576d280d5ee4473dc2fc071da191014425aa3b09e3677e613e28d1b1184876c6db2898a3a925910276f225053b44707ffa670027

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1260cbe12e9081781cfe73a8f2d0213c

SHA1
baffdd60ecb669f9f5f55b4796540c93dc75bfcb

SHA256
574824a8a3a85f51b8a1a924ebdf88b9cdf88b16b0e2f194ee161324c1152037

SHA512
43afc0f578d810ea7fae9de102cf8813e68dc31635b713a218d378a832963f625cba96891b813cd50ec2bc3025a08b7b303213f893b8c0b532970b3a71b14fdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bc5caf95f6b5e2a840cd726ce2fb2ab

SHA1
ae58bd5e277e546634411eae06bbce139e8876cd

SHA256
874cc0bddee4bc15bf1978299a15e1ef081f40b89db017fa3d0a7d83a4c91059

SHA512
5e75bb31992ce200acd94bdbc44228181d71ca655ef8e9da470b45c075f7cfdd53c8323d24fc66615ef4c655eb6fc92c5eff2d78d79a5cb563a49b2d2f931010

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f42b71b81efb29f9272ace9a4d8f679d

SHA1
c2337df3b815358fff3832c63b4e1425c9d97bb1

SHA256
6f62239304872922dd1d1dff556c08e84790cff834c59bea045c6f6f61138b6f

SHA512
9fbd76ebafdf3ebc68d7aaaca72664e1e1aebf28f5a04d8a68d0b1623a7856c6dc5a67c2e0ac294ca02e9b7eef184fdb3f3593ae5190d1f708628f0fbad13e57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
270a0f1515a12c45249a1ff186d6a9ef

SHA1
2c4248a32232f791abd596a9bd0fda55bf08731d

SHA256
fd1b1fc176da25d0a45b301a28efaff127a7217b36ad6c836d1d9f8a7b92483d

SHA512
8c5f2f790d659368e08bfc67c2a741572e6d59f68a147dc31c4a2bf2790549228cd69e888a12fcdd95a2384c71d8aff3b192fccbf442e786de596b87a16c455b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
917f5a68b3e01806e794d2542dc6acbe

SHA1
6235b27640e687128733fe429463be3d4267a1c6

SHA256
340c8a21d6af7493831daf19deed19367edf053d4d00ddd4b5be1bfe38d9de36

SHA512
df31a6e0d7ce8da3707e037c14da09bca3ebeb296507693fdd417f4eb5a23bb17cbc7339a68ba9e763801e6bab4d4d722d4d2108c15230b71efb53dd7b60970c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a77589fcc71a3fab4998c972102b3cda

SHA1
5a4203a904e7768e92602a31b4f5a2609c915e3f

SHA256
f4ec0c7e5d91b1be0cbae2844d1214448f7b964415a431ca830ebcd554897bc5

SHA512
3266fb81194720e512d1336533af31e2926092d2c64266d71a94636aa278938c6208aa04ba0e8788d2a02b8f8a3eceaf06aded065ed8e36fa27e827ead22f8f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
483499f3efefbe281fa18206cc7d4729

SHA1
c1f917e38f32bb39b2ac12afb024af8cd6eb67e0

SHA256
b8b93cf688387ea6a9ffa2c3fc5ded647d69c290acc8a152f9d325e838947993

SHA512
b9fe11898a081e6bae56ddf0383c3f8f7382d471503ebdd179896c9853371b47804c1a3551fed3948df666d42ab61c99f9d7c8615c9557a44ef7e5be814e7e3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e70f93e0712dd1e6b4ba0cc9defda6d9

SHA1
480de43c276e6c1e44b2765f64d7438b2e70addf

SHA256
7ead7939d9a1a68ef2f2d20770f838c708feced71b3aa002d5a0c598ce971d21

SHA512
d788b1f974d388b2ece3ea3ffe79001d85775ce1fa486b493e91bf8775874e7f8954c299d45f91b56ed793cf6288454d2044d6644dbdf173427da991b2478eb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F56.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2024.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2968-11-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2968-2-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2968-4-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2968-5-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2968-6-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2968-8-0x0000000000280000-0x00000000002CE000-memory.dmp

Filesize
312KB

Download
memory/2968-10-0x0000000000280000-0x00000000002CE000-memory.dmp

Filesize
312KB

Download