467296a0c7ac3c46a243c0865ae8f659ffccd9f1c74276850d5bf7e14223bf2b

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe
Size

15.9MB
MD5

b05e514dfe5075704deed467e1e11c94
SHA1

3f925d727befb5b20a44f3ca4e73ff1f7f4a6d3d
SHA256

467296a0c7ac3c46a243c0865ae8f659ffccd9f1c74276850d5bf7e14223bf2b
SHA512

bbe65414657e8ee962d1212c486b46b90a39b9b4dea179658c800a70a3c4bb95bc5a273f74456ed2a39c60284e006dbdeea033e491e2b33e1e0952f4e89b57f2
SSDEEP

393216:zSlVoRDP9phPTJwI7Ox1XMLGRo+2s2DIcdi:EmRDP7hbJB7Ox18LGRo+Sa

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2988	Setup.exe
1656	ISAdmin.exe
592	ISBEW64.exe

Loads dropped DLL 11 IoCs

pid	Process
2112	b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe
2988	Setup.exe
1656	ISAdmin.exe
1656	ISAdmin.exe
1656	ISAdmin.exe
1656	ISAdmin.exe
1656	ISAdmin.exe
1656	ISAdmin.exe
1656	ISAdmin.exe
1656	ISAdmin.exe
1656	ISAdmin.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ISAdmin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2988	2112	b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe	30
PID 2112 wrote to memory of 2988	2112	b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe	30
PID 2112 wrote to memory of 2988	2112	b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe	30
PID 2112 wrote to memory of 2988	2112	b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe	30
PID 2112 wrote to memory of 2988	2112	b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe	30
PID 2112 wrote to memory of 2988	2112	b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe	30
PID 2112 wrote to memory of 2988	2112	b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe	30
PID 2988 wrote to memory of 1656	2988	Setup.exe	31
PID 2988 wrote to memory of 1656	2988	Setup.exe	31
PID 2988 wrote to memory of 1656	2988	Setup.exe	31
PID 2988 wrote to memory of 1656	2988	Setup.exe	31
PID 2988 wrote to memory of 1656	2988	Setup.exe	31
PID 2988 wrote to memory of 1656	2988	Setup.exe	31
PID 2988 wrote to memory of 1656	2988	Setup.exe	31
PID 1656 wrote to memory of 592	1656	ISAdmin.exe	32
PID 1656 wrote to memory of 592	1656	ISAdmin.exe	32
PID 1656 wrote to memory of 592	1656	ISAdmin.exe	32
PID 1656 wrote to memory of 592	1656	ISAdmin.exe	32

C:\Users\Admin\AppData\Local\Temp\b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b05e514dfe5075704deed467e1e11c94_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\Setup.exe" /z:FRA
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2988
- - C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\ISAdmin.exe
    "C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\ISAdmin.exe" /clone_wait /SETUPAQ:459212 /z:FRA
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\ISBEW64.exe
      C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{388CC93B-DF78-47EB-A736-9AF41767F3B4}
      4⤵
      Executes dropped EXE
      PID:592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\ISAdmin.exe

Filesize
367KB

MD5
e9bd9c39da9dcafdbf86fa1e47ccc100

SHA1
3dc7726994e84f71f92ce66b343634db4120a397

SHA256
537abe5437c3e997651a1f404381df96a98607cf500449d9b9bc2c6fef2496bf

SHA512
5909dfcd9a7e8421d1537d3b5f5048056883b3bc123132e5b130bea82fa5d90d9ca2bc923276e8204fc03bdcd17b44b31e0ca1c3c8b78fc7aa0e4d7b91a7ea29

Download Submit
C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\ISSetup.dll

Filesize
523KB

MD5
6c48e05107eb494620ab0dc96d3c5b80

SHA1
e6ced277de082bd8e2ccbfad7a1d5cd1e9db85ab

SHA256
13223e7fbeb3dac968de77e6be974a36f86dc07884cc0e80eabf8b817ccb4a04

SHA512
983e3d3012114af3da009c5d46ce467c7a9c6023766b54afe58137654bb5a1c1eda2fd1ff4b1902102e8315b80557efa58dbcf01641dde07924285bd015a196a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\Setup.cfg

Filesize
23B

MD5
38854e4223f91b544d46a842a784ec93

SHA1
6cf488952d4ec60d7266b0e5990720d3c5bb0f02

SHA256
b0c85e0f94dba840f277c80c32b0c8178934baddc9d18c674cd2f7764f8593e3

SHA512
cddc6c06183220e0e80e13d402668dbdd947fbac91036ac5a611b3bcfb20f2a575867d580f1eac68a49e4240d7b795b5808646e04e34af506109d006053ceaa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\_Setup.dll

Filesize
168KB

MD5
c8aec40e1a06d7870abe2b16a00b1856

SHA1
2a0908abe4d6ab7fe0efa1aa894df93fd0e8b1a6

SHA256
3f7b1fa7a636e799552a4953ed3aa6b7f9860aa46e7b01ee8af437ab5dc49f76

SHA512
098b0b79653265f717c528f43a5d95beccf27b392e0486f3f7652956426dd017a944405b8b6ba40425dee45247620cdb1d80e57ec9cfac6e4acfb73d7f8710ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\custom.ini

Filesize
554B

MD5
0c3f822b0f71a70a832dfb1a5b38d1dc

SHA1
69ab6cac11e3222117b13343103175594c875b63

SHA256
9f2cf99f443cd268faa8095e4d2bb467b6363d23526ecfdf634e972a4635e079

SHA512
ca28dce567367b83d285344a58df780c06b2369a4ad6b607335e182c3d720efd944ff02e30d5438241f3c6cdcd353a33ecbe4952c61b8613e0cbbf656bfad8ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\data1.cab

Filesize
1.2MB

MD5
f038d3315fa947c7876a86c45e103333

SHA1
e24383210d2a8c5e330c4d4200676f7fb8f9c483

SHA256
0fb525babd7a7760e3cd51ce9e02a7802532a38273653dc522c7a710f1c9250a

SHA512
388da9dc73b14a0e8c12c57441c1744660a273c85bfbe709ce68a3bf81809461b665d4ffcc1d554b06aaf5aba1aad1ee33f7baaa53fe38fca9ab098754cb293e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\data1.hdr

Filesize
41KB

MD5
7ce06bb06bf52540ed4f83394afe5a5f

SHA1
db92abeb47529776c520138c44e928933b31803e

SHA256
f3e4a894e8437daeab528f6e35c7ba905de1344042af60749150b07d0f6af9c4

SHA512
8b72009bc35ab1a775e4b545ca542dabb57d8b9edde068ab415ca8cd7e7eeca4034c456861defa1ad090599dfad20c6b634333a056072c30cff457ea4ad30d87

Download Submit
C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\layout.bin

Filesize
455B

MD5
0731a50135f2656a246892ea6b12ffdb

SHA1
be43629b9848f8fb400ad603672674822e22e0a3

SHA256
3706d5890bcb19b477a3cbc84dc85d7f80dd1423658390ad52a583260924fbbf

SHA512
0be8ce1d8204c2239ea70dcff8408c03e6dfadbfb045e2e72731410e5b7f42a1f6b79edb35402f896ed2665e58babf51c539145c2cfb1ffaa3840c251c7d6793

Download Submit
C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\pftw1.pkg

Filesize
15.1MB

MD5
fc7ee811d61f0b6f4f01fae997d7bb5e

SHA1
4a080ffb436b43a81e203a4a37fb3bab097fc7cf

SHA256
ef0f65e0f10df42cbbd68b45216777db7abb8513e18bc7e0f927bb6e40762a0b

SHA512
b630c61617b35bb85034026fba1bed4bd91d39ceaffb5ab2601ac411990ea99b538f8f3a2bcc08a376d533cb108f9c90e052bffb74563837234e58c1d74c44b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pftB06D.tmp\setup.inx

Filesize
352KB

MD5
a0b0d390f37326b1f275f4289e45f16d

SHA1
f0765587d3f3c034c59ca1411dbd94dc20313435

SHA256
3f4603d5854addd028599df887f46fa2722f7a94ade27efed1ee5c389d259500

SHA512
39fd376d1a90d99f8fd3d47132b8aec661fe2fd4104b497db9a6e8e3cd036e35b295f3e79bbb51f0b8dac79911e9f4b7c0a923144ccbe11c3d51e973f6513a03

Download Submit
C:\Users\Admin\AppData\Local\Temp\plfB04C.tmp

Filesize
5KB

MD5
c8729e58c1ae0c9cc272b23c0b94d38f

SHA1
cbde236c0f4fe3aa2a2aa373245dda7b5938e0fd

SHA256
b54154bfcb1418d7347f55b8b2fa05f4bad01fe525a7f974c4c5f5a584d6206b

SHA512
342042614d071b82382fddd1916130a1182e075e689e04edd61d5cdfd82e8b8290ce942ad9586db872d6ea53b59f0d22172e8d5895ba54fe8a0b5d36068c2e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\ISBEW64.exe

Filesize
117KB

MD5
8407fc98ee367ccb196894f7cd218792

SHA1
6f280cf374fba172426b8912170b5cbafe3d88cd

SHA256
e1890e4ef7fe9c2242e1fa65da8162687c893d1a025fef254b827940d03a0d5a

SHA512
5850b48b374cb243d6eacf011f11e31050ff04118939424804a62e52da335cea6a7ea8dc363d49895ea29929b518c69dccc8320074693e7b50540580d477956c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Button.png

Filesize
1KB

MD5
059a0c3f2ca0ef22d3262e605e3e0645

SHA1
9cfd9f957148a58ffbb016f155cb4422ba0853a1

SHA256
6d0a4f6c4cbcc08a21ac01bce77e0ce1e352c13bbff1b2c2fd31a0df62bf321d

SHA512
ca10023726eeafe96978a4c8f5ee80203182e8136cbd39bd83e683f0ace25f47122346a154b94508e28da06fa3591d652c918d597a19fbcaeba1cc7e4686ec67

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\DIFxData.ini

Filesize
86B

MD5
10baa5b67536f4433f37534b9c8bb828

SHA1
82e5c34b1279afda223b639b49078d03c52875f5

SHA256
1b9fd5c1f18357bd459be20bfcbf47ee18fa0c5d5cc42f6aed2705d5868b65f4

SHA512
49c6798ebb3b6137cafb78b88350d02094367523dcf8f9e580de1941e514b8b3df786d1d817090e5dab80ac4d0d015796b2ce28b296db31d111e0d0bbaeebb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Dialog.png

Filesize
3KB

MD5
f2fc89ef8a2b5a2963915c77e08cabdd

SHA1
2b114ad5a371ab98e6b10c895734dfd62612ca3a

SHA256
60c61f84055d5a88072c2f963e411e8d4b94057d7df09687409c775a4e271418

SHA512
494220ac9be5f0835d28824fec8d934c8b3229a136c1f29297a1060f900fb1e9b862bde5a923a7054845515f2e037bdb4d6452415a17b8a55b3d880349ebdff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\FontData.ini

Filesize
39B

MD5
00f313e3e007599349a0c4d81c7807c4

SHA1
f0171f15aab836a1979d3833e46b5e59e4ea32e0

SHA256
766ee687d90b0217eb41cb85aca04375bdc24db986a33536631f864b7ce1a08a

SHA512
8bb25a62c0b1640dec36403a493ed54c05f7cde7b7357c8faea785a79c4b76bbe6a3d6fe78db52b558a37abac90c2b2e8b13868a76294554d51670e9fa8764ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Language.ini

Filesize
4KB

MD5
db52a1b94edc989636bfbf6dc1717d18

SHA1
9da9f95b9aa64427ed43d79b73006f92a9847dc5

SHA256
65a0eccd7732d8b7a34c7ccd79eb1743ba8d103620fe781728339787c1069e69

SHA512
756b4018f0a74c3eb380ce7e439fb6d016bc3e414d004c2ae5c6235f42f5de01b2c4a5cd9817454e84c17881f98ccc63f9f31609b6874d5deaa8e11dca86e476

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\NewUI.dll

Filesize
412KB

MD5
0a6209cab201999f1722aa22d374e5d2

SHA1
d871e05c2b0b102ad8614aedb3856005677ab177

SHA256
3a405bc4f2a0a9969e6a50f8c7c581cb485085ea7a8bd33c92bd9fe35c1a2be0

SHA512
41bed9abc0345a2cb530de74ba16a2fd6d00ccdfa3fe51708272f8bb182eca5bad58473ab7fac5d32c0454fffc30c36a7c45d9a17391ee2d186dd8696e146ca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\NewUI.thm

Filesize
750B

MD5
5e1f04294a19fae1c3159e21adc521ed

SHA1
e993d7127f92527bdbef532f317c79932f1761e5

SHA256
9e3304b3d0f2caa5434cebef1bc05795ca69929e0fb0561c90338c099754f4d2

SHA512
46c1d0e36c62fe8ccd240891ed268f320be7256d13d5f7aefa9578cba2fd8115eb17f5aa1547def3c2809a07d5e8bb7cd849e2fdb6f4770ea72ab621d6e5356f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\StringTable_CHT.ini

Filesize
11KB

MD5
f9f08a23ad8b3840db6dd6bf5380a70c

SHA1
ff278117dac27d9482744958f8b142435a1713a4

SHA256
aa47ee358466cf60793ccfa7c40a70ab530bec792ef4c6f015ffef45878bf882

SHA512
66cfc4e2e86049ec36a29cb84e8e85f657829373a4a1a60bbb0dfe9cf109a9c4f728088677761b62a37a6a4eed8311fabb45ed887332b129718b051524401398

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\StringTable_FRA.ini

Filesize
11KB

MD5
145a99293d108557287c4d3255250192

SHA1
7d548099e941c9d912aa996babb52e6c37f53a32

SHA256
bf2b29e652be47f9824a2fb8bd45d4be34f2f0d4e571dacb116d3961b7a3e3a4

SHA512
6d577e70fcbcae06f96724a32274a8da6c88d8dcb6d04e83cdb364e5d0df738eac8b3e350cfd23104aaa1344fb2b4bc9dc5461153345c8530eceb35ece7363a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\_IsRes.dll

Filesize
123KB

MD5
898515a4ae2fb9d74ae2a905cf82b074

SHA1
ed751342f4bbd131de393975e08019ea56355107

SHA256
ed38584275b7248ce51254bc34fbe247af641c416660342689d19e6559623b13

SHA512
35ab0a7082cbfd90324748b539b521791ea644eeddb6042f3a47e4d98eb22721d133442acb1b33a4c90fd72a560892ab2978c29edebe94e443a13c6116f17ebd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\_IsUser.dll

Filesize
408KB

MD5
b798aba63c62601d7951ff56593edf92

SHA1
d77267ece8b6be72b7856e78a890019ed1dcfa7b

SHA256
8902ab1cd749cb033ce446facc50760c6176b59b7b7a90aa0630f5c2228f3042

SHA512
b8883356339e8b4caea69a06252cfc8b4e7d326adab785770b9492e832995c8e758d860c8498fe2ada23da9c8f7e3bc50f5f3112f2ced1eb3f97925676c239c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\isrt.dll

Filesize
216KB

MD5
77a3125a2059f39a9bef961953a8db8d

SHA1
2ffb52f60c570d1d73caab095f3784dc8454e5e6

SHA256
d6cd68fa4468878d8bc045ea518235f7c6cbebbd525486ddcec7d1069d83f119

SHA512
00863cb19420f4764ab0f71ae0d788e22ad340d9f7aa074bda2f8fd8317012567e46335802fdfc800f671c22c1e74618819613c4adb6adeeaa2e74cd66401605

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E896BE7F-D13A-4962-816D-41FCB163FDE4}\setup.ini

Filesize
1KB

MD5
e1e9ba9a971be112a853e6c752033d8b

SHA1
a40067712457e29f818a0ab62ad611e10d5ce809

SHA256
f7277c9c6b6e6702a09a0f649c295ccc3936977be617e7f68698841591adaf8f

SHA512
4f7a49244d18a5ad2b992116b4aaee3aa0db0534ca64821381c16f65186723c08827527000f4d811c6a66a797507eebbdfec65119f6fe4e5833f4abca5468125

Download Submit
\Users\Admin\AppData\Local\Temp\pftB06D.tmp\setup.exe

Filesize
71KB

MD5
380db7159c61a3a2546b57889db37b26

SHA1
4ce32c9ccedf3f4ab1163d2425a4650992534052

SHA256
0ec9d5bb704218b959d24d55bf4a5046fb517183d0d653b657f7e9f7e75fb937

SHA512
8319dfe275d830ccb1fc32ccd2a096bb3ee55b748f92369e721b2f71bd8e1dcc8580e32f551b4ffc97cb47d38b58960e0a615d5443289a20d16a60a8221db93c

Download Submit
\Users\Admin\AppData\Local\Temp\{4E36DBF8-8FD7-4A19-B134-275ED82585B4}\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Tools.dll

Filesize
208KB

MD5
c30c5a024c51a7c8d5964fcc690595aa

SHA1
5e9b12b204ff4e45e84caea628af93bf9eadad38

SHA256
36c9b64c81ba72613f04db5722eba7ab363c1860e7329d1784e9d7e24e581307

SHA512
20a47ba7252a13257b1cf2e93546562d76b40be70e1cb8202d612fabf8662564ce8ff7802593bb1b9143abd6bc6191e1e635f97202ac57659c2ebe681b3c3147

Download Submit
memory/1656-1124-0x00000000003F0000-0x00000000003F2000-memory.dmp

Filesize
8KB

Download
memory/1656-1132-0x0000000004970000-0x00000000049FF000-memory.dmp

Filesize
572KB

Download
memory/1656-1184-0x0000000004D90000-0x0000000004DCA000-memory.dmp

Filesize
232KB

Download
memory/1656-864-0x0000000001FF0000-0x0000000002181000-memory.dmp

Filesize
1.6MB

Download
memory/1656-1189-0x0000000004E00000-0x0000000004E68000-memory.dmp

Filesize
416KB

Download
memory/1656-866-0x0000000000240000-0x0000000000242000-memory.dmp

Filesize
8KB

Download
memory/1656-1123-0x0000000004610000-0x0000000004697000-memory.dmp

Filesize
540KB

Download
memory/1656-1133-0x0000000001FA0000-0x0000000001FA2000-memory.dmp

Filesize
8KB

Download
memory/1656-1212-0x00000000003F0000-0x00000000003F2000-memory.dmp

Filesize
8KB

Download
memory/1656-1215-0x0000000004970000-0x00000000049FF000-memory.dmp

Filesize
572KB

Download
memory/1656-1214-0x0000000004610000-0x0000000004697000-memory.dmp

Filesize
540KB

Download
memory/1656-1213-0x0000000001FF0000-0x0000000002181000-memory.dmp

Filesize
1.6MB

Download