c22472bfe3243d6eff9a1fde7a6beba09fc9f4772f098a6a9c0809a67c1c328a

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-08-2024 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe
Size

604KB
MD5

bac6e19829565602957af9ad05caea1d
SHA1

318771bc62247154a114eea473f21481a434ec04
SHA256

c22472bfe3243d6eff9a1fde7a6beba09fc9f4772f098a6a9c0809a67c1c328a
SHA512

82f4f1a55a55566a3cc6faa2852fcdf1dcac008befb1097f16a8784ea32270508e1155329fa76f51d42a62cdb7104a91377ecee287a08a9077200ea8a66c4a9c
SSDEEP

12288:czjnJWbz1zM5DiintQ0kyfXs0qT6ATQQfkCTkLJI5HVX7frTp/NNY:czjngdWmin4qMT6GQCTk1I5H9frhNy

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2436	setup.exe
2600	Setup.exe
2736	SSEAnimSupport.exe

Loads dropped DLL 12 IoCs

pid	Process
2948	bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe
2436	setup.exe
2436	setup.exe
2436	setup.exe
2436	setup.exe
2436	setup.exe
2600	Setup.exe
2736	SSEAnimSupport.exe
2736	SSEAnimSupport.exe
2736	SSEAnimSupport.exe
2736	SSEAnimSupport.exe
2600	Setup.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2948-0-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral1/files/0x0005000000018fb8-21.dat	upx
behavioral1/memory/2436-23-0x0000000003140000-0x0000000003259000-memory.dmp	upx
behavioral1/memory/2600-39-0x0000000000400000-0x0000000000519000-memory.dmp	upx
behavioral1/memory/2600-61-0x0000000000400000-0x0000000000519000-memory.dmp	upx
behavioral1/memory/2948-64-0x0000000000400000-0x000000000042B000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Gif89.dll	SSEAnimSupport.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SSEAnimSupport.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\1	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\2	Setup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\3	Setup.exe

Modifies registry class 55 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\InprocServer32\ = "C:\\Windows\\SysWow64\\Gif89.dll"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\MiscStatus\1\ = "131473"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\ = "IGif89a"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\InprocServer32	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\ProgID\ = "Gif89.Gif89.1"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\Programmable	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\InprocServer32\ThreadingModel = "Apartment"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\Version\ = "1.0"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Gif89.Gif89.1\CLSID	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\MiscStatus\ = "0"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\TypeLib\ = "{28D47522-CF84-11D1-834C-00A0249F0C28}"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}\1.0\ = "Gif89 1.0"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\TypeLib	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\TypeLib	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Gif89.Gif89.1\CLSID\ = "{28D47530-CF84-11D1-834C-00A0249F0C28}"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Gif89.Gif89\ = "Gif89 Class"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\MiscStatus	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\TypeLib\ = "{28D47522-CF84-11D1-834C-00A0249F0C28}"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}\1.0	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\Insertable	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\Version	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\ProxyStubClsid32	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Gif89.Gif89\CurVer\ = "Gif89.Gif89.1"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\ProxyStubClsid32	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\ProgID	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\VersionIndependentProgID	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}\1.0\0	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}\1.0\HELPDIR	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\ = "IGif89a"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Gif89.Gif89	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Gif89.Gif89\CurVer	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\VersionIndependentProgID\ = "Gif89.Gif89"	SSEAnimSupport.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\Programmable	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}\1.0\FLAGS	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\Control	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\ToolboxBitmap32	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\TypeLib	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\TypeLib\Version = "1.0"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Gif89.Gif89.1	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\ = "Gif89 Class"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}\1.0\FLAGS\ = "0"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}\1.0\HELPDIR\ = "C:\\Windows\\SysWow64\\"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\MiscStatus\1	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\Gif89.dll"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Gif89.Gif89.1\ = "Gif89 Class"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\TypeLib\ = "{28D47522-CF84-11D1-834C-00A0249F0C28}"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28D4752F-CF84-11D1-834C-00A0249F0C28}\TypeLib\Version = "1.0"	SSEAnimSupport.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{28D47530-CF84-11D1-834C-00A0249F0C28}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\Gif89.dll,1"	SSEAnimSupport.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{28D47522-CF84-11D1-834C-00A0249F0C28}\1.0\0\win32	SSEAnimSupport.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2436	setup.exe
2600	Setup.exe
2736	SSEAnimSupport.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2436	2948	bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe	30
PID 2948 wrote to memory of 2436	2948	bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe	30
PID 2948 wrote to memory of 2436	2948	bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe	30
PID 2948 wrote to memory of 2436	2948	bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe	30
PID 2948 wrote to memory of 2436	2948	bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe	30
PID 2948 wrote to memory of 2436	2948	bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe	30
PID 2948 wrote to memory of 2436	2948	bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe	30
PID 2436 wrote to memory of 2600	2436	setup.exe	31
PID 2436 wrote to memory of 2600	2436	setup.exe	31
PID 2436 wrote to memory of 2600	2436	setup.exe	31
PID 2436 wrote to memory of 2600	2436	setup.exe	31
PID 2436 wrote to memory of 2600	2436	setup.exe	31
PID 2436 wrote to memory of 2600	2436	setup.exe	31
PID 2436 wrote to memory of 2600	2436	setup.exe	31
PID 2600 wrote to memory of 2736	2600	Setup.exe	32
PID 2600 wrote to memory of 2736	2600	Setup.exe	32
PID 2600 wrote to memory of 2736	2600	Setup.exe	32
PID 2600 wrote to memory of 2736	2600	Setup.exe	32
PID 2600 wrote to memory of 2736	2600	Setup.exe	32
PID 2600 wrote to memory of 2736	2600	Setup.exe	32
PID 2600 wrote to memory of 2736	2600	Setup.exe	32

C:\Users\Admin\AppData\Local\Temp\bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bac6e19829565602957af9ad05caea1d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\7zS229E.tmp\setup.exe
  .\setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2436
- - C:\Users\Admin\AppData\Local\Temp\SSESTART\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\SSESTART\Setup.exe" C:\Users\Admin\AppData\Local\Temp\7zS229E.tmp\SSEset.dat /BS
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\SSEAnimSupport.exe
      C:\Users\Admin\AppData\Local\Temp\SSEAnimSupport.exe C:\Windows\System32
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS229E.tmp\_GUI\DMINTERCEPTING1680X1050.JPG

Filesize
197KB

MD5
1976dfd5a2c3c9bc025d461dcb25a924

SHA1
069bd0641610aff3c7759eca8f65fb2e277d232f

SHA256
d7ba5dc819c4d8a440fd4dd971071badf14c0e95cca4cdb3b35b553f0371be73

SHA512
8d1351292c442667b36955b7b6d6cac81f3d9224484599504c22980d152a47bd2fd147b86f3922adb6319d3f5c93b0b4debed3ff6c1c77c489be9e733ff88f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\SSETEMP.GIF

Filesize
7KB

MD5
efcc6674f49e6cb07933cda8b3ba2afa

SHA1
64b7384a89d1a22cceb80a2010abd65766bd486b

SHA256
59140cddbd5724469cdd2c729f054c1eeeddd0e5d0cc634ef687362f241c7f81

SHA512
171c2c8f6e87e70dfd2187588c224a198d337dafe9e7389f4d23c4067054f869936fc4c62cbaf9978247c1cd5f63ad2dad1997cd1de47472d44c524d302937cc

Download Submit
\Users\Admin\AppData\Local\Temp\7zS229E.tmp\Setup.exe

Filesize
356KB

MD5
d7573a4f9421963e3c0dee610e90ac26

SHA1
9938c4c56dde9d7b8f459eccc54882ae81d9e9c5

SHA256
934efb60472a741c4d3d0e632e3c40fc872e77d8add7c7a764a839c95f4a892b

SHA512
9e5409b8f5125490c0761e7aa16df77fd6aba6f0958af82829fb0e5a7ff1446533f4a6b6f379cbc81e8ca7b876010c497fdb13445fd21a490cc4b7fb69ec4289

Download Submit
\Users\Admin\AppData\Local\Temp\SSEAnimSupport.exe

Filesize
68KB

MD5
2b0ae23dbad1e46c174418c08c2c8e85

SHA1
d96c7be5abddcb0e957548f7f0fc99d3d9c229ee

SHA256
0ba07c3db681f9c948a90926bceb6677cf6086fa885581625433df387a40c7cf

SHA512
70f74c3b320a8b8f4d6e8ea3abd9f7f080955bcb63dbcd09db864f160d7bbcce6ddddfb904073cc4b74f1045dd9a8e289ae239c29097888aff0533012f518b59

Download Submit
\Users\Admin\AppData\Local\Temp\SSESTART\Setup.exe

Filesize
324KB

MD5
819f8e80e1642a6c7a32ec90e7b03a52

SHA1
eeb2c812023b41f9716f2e836578be0e7b86bdcf

SHA256
47b7252a6dad7e4f69b9e9d22ab0b17dad21cbf239476c3702409fc8aea8d773

SHA512
359d2e5f78ab95f25ad82b095c24b08fc379663fc3f9e279bc38974a8912a5dfca753105ac6d87872d7c13aea0c2228de4f3ae155c9eaca3e23ed2b000755a3a

Download Submit
\Windows\SysWOW64\Gif89.dll

Filesize
43KB

MD5
fb00273cf7ce639c136853f3fc04b10c

SHA1
16e612d7a4f210e78426577cd77f349306ab018a

SHA256
d4916f5c35a94e87cef46a63b4f19fb842252e0e2857b7804c808c94926156e0

SHA512
5e4bc9ce74bf81171e4a7fc6168b0dfc50268ff0069549bbf7cd0d480df9882911f4a31183d8d6c0222bede39d7d3216ad4e8c553501c376eeb0abe454fce6a8

Download Submit
memory/2436-23-0x0000000003140000-0x0000000003259000-memory.dmp

Filesize
1.1MB

Download
memory/2436-33-0x0000000003140000-0x0000000003259000-memory.dmp

Filesize
1.1MB

Download
memory/2436-34-0x0000000003140000-0x0000000003259000-memory.dmp

Filesize
1.1MB

Download
memory/2600-39-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/2600-61-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/2948-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2948-64-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download