ab42d984426449553e8eb9b1cbf0ae09566c8bfd746a551e6bf29f7d8d2cdbb6

Analysis

max time kernel
95s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead3da29f7cd9c0296638ec477309637_JaffaCakes118.exe
Size

308KB
MD5

ead3da29f7cd9c0296638ec477309637
SHA1

b59ec0003287109c95aff4f6bcb431681ab43766
SHA256

ab42d984426449553e8eb9b1cbf0ae09566c8bfd746a551e6bf29f7d8d2cdbb6
SHA512

28da5dde6c2ae41979a6ada4692037afdd89baa87ead9a08876d3c1d0ee46dba3c34e39255c631bc736b5685c82cc223573cec0683af1b3d2163b5f17a275997
SSDEEP

6144:avmkOy/MkykmmqKZ7pSMcEkoRagPbq7qv59EqZ63ZD+qsE:ymkOy/Zytxu7pSiha0bKqgqZ6J3N

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4212	is-SGHKC.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\lvegned\is-1MD25.tmp	is-SGHKC.tmp
File created	C:\Program Files (x86)\lvegned\is-A526P.tmp	is-SGHKC.tmp
File created	C:\Program Files (x86)\lvegned\is-OUJM2.tmp	is-SGHKC.tmp
File created	C:\Program Files (x86)\lvegned\is-KUAMP.tmp	is-SGHKC.tmp
File opened for modification	C:\Program Files (x86)\lvegned\unins000.dat	is-SGHKC.tmp
File created	C:\Program Files (x86)\lvegned\unins000.dat	is-SGHKC.tmp
File created	C:\Program Files (x86)\lvegned\is-O93MM.tmp	is-SGHKC.tmp
File created	C:\Program Files (x86)\lvegned\is-TFPRQ.tmp	is-SGHKC.tmp
File created	C:\Program Files (x86)\lvegned\is-280KP.tmp	is-SGHKC.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ead3da29f7cd9c0296638ec477309637_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	is-SGHKC.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{BED4998A-7656-11EF-9912-5ED96FC588C3} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2478917056"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31132259"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31132259"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ec4194630adb01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000074472bebe7af3a46942426e1e277b42a000000000200000000001066000000010000200000003b920a000846af9dccba2368d280bcee4be2a5ed7507768d906ab5213fd70915000000000e8000000002000020000000ece124bceaeee4c92fcdbddf96a074ba43fe471a3e58145d8ad60883a5197dee20000000dc81a3fb2edafdc0f1056f21d284faf601077b78aebfc074891818e2a9020c1c4000000038e0499e4e171cb994341694a514f001e6ac863f6f361275a400088c1a7e8b1a5ec41c6a45e148f63bdb0df7f1aebcd6642852e35581dcae4836c5c8fdf8231e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31132259"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000074472bebe7af3a46942426e1e277b42a0000000002000000000010660000000100002000000043416015c67382c792701b6aee710c021b6be63b4f807aa9c9827e86c718cf80000000000e80000000020000200000008b5aff83b9ac7dc835da495ee9b63aa81b556bfc9b49355b052d3358c9bd917620000000a860ac956a6a5f8d2caa6d02b351afc0312d5a706261996608fd38e95db9ab92400000002c57cb93e31c016a2836db5004992f331b826f7b6cd649a3446f57163672c46e3f2ecd705c60c7e5ba7b7b186cb63b3345e919f49ae4459598a8cc3ae8169034	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2470479887"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433495016"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90763894630adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2470479887"	iexplore.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ghi\\shell\\open\\command	is-SGHKC.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ghi	is-SGHKC.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ghi\shell	is-SGHKC.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ghi\shell\open	is-SGHKC.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ghi\shell\open\command	is-SGHKC.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ghi\shell\open\command\ = "c:\\program files\\lvegned\\sysinit.exe"	is-SGHKC.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1344	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1344	iexplore.exe
1344	iexplore.exe
4624	IEXPLORE.EXE
4624	IEXPLORE.EXE
4624	IEXPLORE.EXE
4624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 4212	2368	ead3da29f7cd9c0296638ec477309637_JaffaCakes118.exe	82
PID 2368 wrote to memory of 4212	2368	ead3da29f7cd9c0296638ec477309637_JaffaCakes118.exe	82
PID 2368 wrote to memory of 4212	2368	ead3da29f7cd9c0296638ec477309637_JaffaCakes118.exe	82
PID 4212 wrote to memory of 1344	4212	is-SGHKC.tmp	83
PID 4212 wrote to memory of 1344	4212	is-SGHKC.tmp	83
PID 1344 wrote to memory of 4624	1344	iexplore.exe	84
PID 1344 wrote to memory of 4624	1344	iexplore.exe	84
PID 1344 wrote to memory of 4624	1344	iexplore.exe	84

C:\Users\Admin\AppData\Local\Temp\ead3da29f7cd9c0296638ec477309637_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ead3da29f7cd9c0296638ec477309637_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\is-4V97M.tmp\is-SGHKC.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4V97M.tmp\is-SGHKC.tmp" /SL4 $A0022 "C:\Users\Admin\AppData\Local\Temp\ead3da29f7cd9c0296638ec477309637_JaffaCakes118.exe" 81486 52224
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4212
- - \??\c:\program files\internet explorer\iexplore.exe
    "c:\program files\internet explorer\iexplore.exe" www.xiazai189.com/new/dd22/default.html?from=fs0001
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1344
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:17410 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
33bac9325241193616461afd5a0deb0c

SHA1
e78ed72996568bc9616f4d6b20403749252b4859

SHA256
cb0b78d15b774b91ab6f6ef315a14f301b85b40122a72622818753212538f5b7

SHA512
3054cbd1551e36a747fc4c7086d3cc484530ea13d44279b4f5f92d462d91d7e3322bb240edeedd517751c00949a6264b50322464e446290726fde18ac4eb2e2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
88f5e844915754b7cb7b72e43ae9de21

SHA1
d185ce3830071f83824a558b4bdc36934d6709de

SHA256
3365ea919233f89e45c269584c4050ea33fda9489c781673f268bdd59f23db43

SHA512
2b1f474e6c341a36983494660977743ae946fe6e902f8ef4c31dfa42ae96b812e4ee40fadfb711cf1d96cbf4fb9ef20bdee6cc059da4df118fe6beb4604fb1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4329235D\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4V97M.tmp\is-SGHKC.tmp

Filesize
652KB

MD5
581bb44526a65c02b388e1b8a83fe86c

SHA1
dc387f115977b5fb94d9c9084f33a1c231b50acb

SHA256
385a9bb48f5180984867f3bff1d327250d22ab4399137b343be291c370ee3699

SHA512
aab4cb6dd5ad4ebfded18748c5cd1a4361c154459f36a4cb49e32855b6866f92d3f065cd9cafa16e621a4216bb176f1554a8bbea7fd458b317eb1ff4c3c2bea1

Download Submit
memory/1344-64-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-41-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-50-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-49-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-47-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-46-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-44-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-40-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-39-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-38-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-37-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-35-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-55-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-54-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-53-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-51-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-56-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-58-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-63-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-65-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-60-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-62-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-34-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-42-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-73-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-66-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-68-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-67-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-72-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-74-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-75-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-77-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-81-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-87-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-88-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-83-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-85-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-84-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-82-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-94-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-43-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/1344-61-0x00007FF9E30D0000-0x00007FF9E313E000-memory.dmp

Filesize
440KB

Download
memory/2368-2-0x0000000000401000-0x000000000040A000-memory.dmp

Filesize
36KB

Download
memory/2368-33-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2368-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4212-12-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/4212-32-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download