89d9737c7ac59672fd6b103d39fc0ba08a1077496758401e88fabc29baee9253

Analysis

max time kernel
150s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 14:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
Size

184KB
MD5

b7f1cc7f4b863115adf96e6d4e8acef1
SHA1

263f6475177fdce713846d732cd225113374ec32
SHA256

89d9737c7ac59672fd6b103d39fc0ba08a1077496758401e88fabc29baee9253
SHA512

d8cd989af8b80ad8d1929fad9a5da1053da9947d219db3b0a3602397cde048825a79ef4d3618e6b3b87270d63745d16621bc82ca85b615fdf4b9ea8629fe2099
SSDEEP

3072:hQ4DTiTdU5+bbIg35hsQubK2izo8iDDGETdp1r0ghriYzkeM6h+AG4A1cByVhHgS:u4DTNWphkDdfHimzQVtgbxDkt

Score

7^/10

credential_access discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\U:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\W:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\X:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\Y:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\Z:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\V:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\I:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\J:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\K:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\M:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\O:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\R:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\S:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\E:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\L:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\N:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\Q:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\H:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\P:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened (read-only)	\??\T:	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\SysWOW64\locator.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File created	\??\c:\windows\SysWOW64\msiexec.vir	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.vir	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\vssvc.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\diagsvcs\diagnosticshub.standardcollector.service.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\openssh\ssh-agent.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\alg.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\vds.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\searchindexer.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\msiexec.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\wbem\wmiApsrv.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\perceptionsimulation\perceptionsimulationservice.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\dllhost.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\msdtc.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\spectrum.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\tieringengineservice.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\Appvclient.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\snmptrap.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\Agentservice.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\sgrmbroker.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\lsass.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\fxssvc.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\perfhost.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\sensordataservice.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\wbengine.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\SysWOW64\svchost.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\program files (x86)\google\update\googleupdate.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.vir	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File created	C:\Program Files\7-Zip\Uninstall.vir	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.vir	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\program files\windows media player\wmpnetwk.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.vir	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\LnkStub.dat	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3464	b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b7f1cc7f4b863115adf96e6d4e8acef1_JaffaCakes118.exe"
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1436,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=3732 /prefetch:8
1⤵
PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Filesize
583KB

MD5
0f8986086ccb72d26c9a8f9d181e4724

SHA1
5be9911971edd685511c29fb1746b121d3568c22

SHA256
7ca52c2e0fa7917422364bdea8cb5301eb5f8898f513d2c56899494569f09834

SHA512
a92c79b4e48a26330bd99176d44b98f936ed592546b691d761ae49e113a4dcc5e00ee5d0054a4da9f3afa9c80207aebc29acaee2046dddff2c25eae5e1c54705

Download Submit
C:\Windows\SysWOW64\msiexec.vir

Filesize
218KB

MD5
8ff93cd24af15a53c1057c90491a089b

SHA1
35e23b01d4350823c4059a0f3d3f645ac3148cfb

SHA256
52e159de047f019b5c21b4471cbb4482679fe94a394fcf7892ac6d9321c1c685

SHA512
a58fa56c09a9cd5bf3ed212867e07a8f5275898c1ce0a2cb9a21a909f9307e8020cbc8126df2d9ad500473e6449e55bfc300800f8793254aa6b6b6a59b786ff6

Download Submit
memory/3464-0-0x0000000001000000-0x0000000001073000-memory.dmp

Filesize
460KB

Download
memory/3464-1-0x0000000001002000-0x0000000001003000-memory.dmp

Filesize
4KB

Download
memory/3464-2-0x0000000001000000-0x0000000001073000-memory.dmp

Filesize
460KB

Download