Analysis

  • max time kernel
    145s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 17:02

General

  • Target

    f6760b30fc256e6e923b646c9ddd5909_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    f6760b30fc256e6e923b646c9ddd5909

  • SHA1

    8e1f8f9346dd26911584f78ad6ccf361c24289f9

  • SHA256

    64695ef72a53eee76b6055e025af7fbed11cf9c38a765503d7b8637e416229a2

  • SHA512

    2fedebe7946de24b0b2c6ea24a08e5cec84d9d1758205b5c9b4bb75081b8e5aa3af9d025fb31a7455918214891e3b533c40485944cdd3a997daaa91b1ad88435

  • SSDEEP

    24576:RaIMsNScd/taTkBc2quTRMxtBVrYa4P3g0tY6Sa2jCed51z5m/lru15w17+zh4T8:l3IcDa4c2bTRGBVrv4tM19m9ruIJ+7

Malware Config

Signatures

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

  • ModiLoader Second Stage 3 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 25 IoCs
  • Loads dropped DLL 60 IoCs
  • Modifies system executable filetype association 2 TTPs 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious use of SetThreadContext 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 25 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1244
      • C:\Users\Admin\AppData\Local\Temp\f6760b30fc256e6e923b646c9ddd5909_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\f6760b30fc256e6e923b646c9ddd5909_JaffaCakes118.exe"
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1604
        • C:\Users\Admin\AppData\Local\Temp\1.exe
          "C:\Users\Admin\AppData\Local\Temp\1.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2884
          • C:\Users\Admin\AppData\Local\Temp\1.exe
            C:\Users\Admin\AppData\Local\Temp\1.exe
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1808
            • C:\Users\Admin\AppData\Local\Temp\1.exe
              C:\Users\Admin\AppData\Local\Temp\1.exe
              5⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2908
        • C:\Users\Admin\AppData\Local\Temp\winrar-32Bit-400.exe
          "C:\Users\Admin\AppData\Local\Temp\winrar-32Bit-400.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1756
          • C:\Program Files (x86)\WinRAR\uninstall.exe
            "C:\Program Files (x86)\WinRAR\uninstall.exe" /setup
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies system executable filetype association
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of WriteProcessMemory
            PID:2308
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: GetForegroundWindowSpam
              PID:1300
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:1680
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:948
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:860
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2072
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2176
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2144
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2256
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:1572
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2084
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2056
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2644
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:1972
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2972
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2504
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2068
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:660
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2136
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:1784
            • C:\Program Files (x86)\WinRAR\WinRAR.exe
              "C:\Program Files (x86)\WinRAR\WinRAR.exe"
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              PID:2244

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\WinRAR\Formats\tar.fmt

      Filesize

      63KB

      MD5

      f6c820af62928b959ed8fde39cce325f

      SHA1

      6d297ad5f2768b80e420ca6adafd197c04732432

      SHA256

      0f95203830d6fd7765d07754c4bbf5acc15c7c30a5ace395dd0c33f2ddc9690d

      SHA512

      2d68425f7fa1e037b8f215ec4db3ad7c865e9ad1482df846be02c430dca6b392b465d08e630e367a28c57661581a5c1ef115cd3614c92a7e5c2476678402dfc2

    • C:\Program Files (x86)\WinRAR\Formats\uue.fmt

      Filesize

      65KB

      MD5

      17472ff497ef1abcbdb10ed57f9d4ae7

      SHA1

      8500b8aee45a7de607eeb679663a3a14c95533bb

      SHA256

      7d9bb6839532a8942834f6974c905f19596b17e6d7b9256afa4ae2a709adb837

      SHA512

      c8f4eba82b48ccc6a8e0ab4995ee12db8bfeb9c4154d6c9b06cf1472a3eca6f722450498a49ed8223322e6d913dfeb2c1d0619af2547c25e3eb93062d250368f

    • C:\Program Files (x86)\WinRAR\Formats\z.fmt

      Filesize

      67KB

      MD5

      62a7e932bcfae32d6058b5adcaeb3c1b

      SHA1

      d65d8ed3b89c3bf5ef5f7a8320bdacfdb165fbc5

      SHA256

      2f3c744e4a121ea4fae3d67b849c91adc99677801aa64e0f97bbd6ffb90142a3

      SHA512

      36e9d30ec8176b4440265fd9ab5fbcc812b57b69c1935ee1d3de0c3b52ec772dd7fef906559bd2cbd5aa739da7e1e929bab4beb62a910a64c29b37deca1dbef7

    • C:\Program Files (x86)\WinRAR\Order.htm

      Filesize

      3KB

      MD5

      61e5a38df9c011a6b2ff6a1c8128e250

      SHA1

      8b107abce8f96ee4684c81687a87241e489de6b0

      SHA256

      f87e3bb7115718592a56e5699bb5f51bf21db332d3588b7d9f59e8092c2c3556

      SHA512

      3d580f9efe1534d36ceb9ce833ff65b9a1ddb52cfd0b8474e72bd71e7c6605444c3ea5d517c91f940043bcbfc9538e70efa35c28ab1c45f8f66ec55b0f59beba

    • C:\Program Files (x86)\WinRAR\Rar.txt

      Filesize

      76KB

      MD5

      224586396df8a52aaeabb1f653c50ae7

      SHA1

      d81615ad110ed68389e60b10d14e8d3cf07271e2

      SHA256

      3da007605d5098328c23da5bcc50135645ba6a7c90a8565c5497f8a59e8257b8

      SHA512

      c40728bbf4ab3a2badfbc09c7c2d5da88a78250b9e364d3b00c35aef4bc9d6c52b42493d34ef95b8ef419d828b0efe6cc97b87d955073ff5888bdcd9b80570e1

    • C:\Program Files (x86)\WinRAR\WinRAR.chm

      Filesize

      259KB

      MD5

      e10f2ddc395fa3ba7166c28af16db0a2

      SHA1

      6ce8d95b24a1bba51fcdcd5ab25ea7a4ca74243d

      SHA256

      553336429f414066ccd0ece397ecf286f6efe218c1de2e72c71a335a2cb79bd9

      SHA512

      5341ee8b4823b15b1cc0e01ea04e526e5d4d18471d590e71d81512e9e0855659aa493a4cec4af6a375c78b91381694ae84f1c37f017deca136d8356fb79fb3ef

    • C:\Users\Admin\AppData\Local\Temp\winrar-32Bit-400.exe

      Filesize

      1.4MB

      MD5

      bff4de14e81eacd66167c017fe1872b1

      SHA1

      e5084a96cfb7c385f0f5a20beb198619cc7f2894

      SHA256

      bf433776706a19de55651786d1b76869f95d109bf020981c5c34bf4cb20e4a15

      SHA512

      7658b64cc7ce337cc11f4f9791f1a2dce33f2c82816f3fb008a3e2eae5f5f359de1650232d114dd9da5717a0fdfde49010f3b9baa94297e45afe75a16f0a2eb7

    • C:\Users\Admin\AppData\Roaming\WinRAR\version.dat

      Filesize

      12B

      MD5

      055ed100f3374f65a3c8aff71c2efe49

      SHA1

      68376ade277713f7f5e81deeca25c68a9add37a8

      SHA256

      9657ce895b3cf6576c6e2eb00ca18da7914adfb3ed7648dad06ca13813928030

      SHA512

      b55a8d8af8e227ec9925c1bf049fd44de0a6a1c4dd2102eb151df512b9d21c9f8ed72058d261e3713b61a6a007786bc1c4a52a09b3c5bbdd770f00d730caf57c

    • \Program Files (x86)\WinRAR\Formats\7z.fmt

      Filesize

      79KB

      MD5

      d5915f37a3633635ab184185bd31c7c3

      SHA1

      5c0fdcc30d3c5e6564c470dbe1103a130fb07e89

      SHA256

      32a306f55e71cb965b65ae365a4a1b3952721dd7636863a59ba0e8ea1d6830e1

      SHA512

      dbc889af6c911ae2fd0c44997cbd553f2e0644d0017cb3137003384ad83fda683413bec670ce89ffdee92f9b934c75b0bbd991e7a7e21bb51fc271ff572e6460

    • \Program Files (x86)\WinRAR\Formats\ace.fmt

      Filesize

      81KB

      MD5

      fc885f43fe6ffc765ede29260227bd6c

      SHA1

      e827046f109a49a23b9eb32d5dd8b874c60e5a80

      SHA256

      a6d41807c7f57d219d57c7065aaa92ec01aac5e26ec4011beec347593b1e2d05

      SHA512

      0ca57096c47cd7963a8bf3c421d855b0e9a7629df238969ef8a5eec7a39a5e7196ad5483bd009545e35e92a1489e993d6428f100312a3301647bb45fd80dae4d

    • \Program Files (x86)\WinRAR\Formats\arj.fmt

      Filesize

      73KB

      MD5

      550da61de6b674960f2eca14085fc85f

      SHA1

      9dcbc54ee6b6411acaebd61664fe811ff04ce68b

      SHA256

      649513b61cebd8b97fd8873cc9f553e02703e184e7a81b655502d71c53055b92

      SHA512

      2d554eba4bd8f7975ad36205f333d676e711c7404f6f983a1247485073ab25f41ceba317d07f3058946beba02f261cb92a194920c2aa808a74e7ea2839048121

    • \Program Files (x86)\WinRAR\Formats\bz2.fmt

      Filesize

      82KB

      MD5

      27e54fa62745dfee82d2ae99876aa78b

      SHA1

      138d3f42017fa6c9d3105be328ff2e8de2a9ef4f

      SHA256

      87c0e8e9f48a81d01e1334475dfc62698e40a842c3cb5cef4c9a53e83c0e511b

      SHA512

      c629af257602cae99d30500d10063b94bf1333cc1498473e5c2a4f85790a16670a3518005c87119a86637aea40a05faf89ff53c2a720b281dcdb192602ebabe1

    • \Program Files (x86)\WinRAR\Formats\cab.fmt

      Filesize

      63KB

      MD5

      27069b3a97dfbfde75f1bbbe231b17aa

      SHA1

      601d83ce7b895109edf8be38c2fc42ecf838e35f

      SHA256

      bc370858c08a51c055a81752892eed1deff1ff8b7bd854ce4994d0b5169e24fb

      SHA512

      b3e73798e893a1afa538dc75a6c49f0120874e61cdceb2e09b5f1fae4725a2e3192caccc034bc8dbb078484b28290a61c8e952eacc18de7d581fc91ea8c70943

    • \Program Files (x86)\WinRAR\Formats\gz.fmt

      Filesize

      73KB

      MD5

      5fee8033854a5aa284a168f27a59525e

      SHA1

      4240958be9db280bcf99b14b512e050a626c5841

      SHA256

      52f44c4d41ff8eb2f722d9111590966826aeda14311b3d01f1bd0c3a850487cd

      SHA512

      31e543f70b3b034d3d6d2284b20f65011a966d919671936722ffb4eb212905819034d5906e77753896ea872631986a52cf42fab1915bd136677a886543dc6d08

    • \Program Files (x86)\WinRAR\Formats\iso.fmt

      Filesize

      86KB

      MD5

      e6c137502190151323e9cff8e7bd1681

      SHA1

      7f6d796e304513e23df94d5230137ec4eda38d08

      SHA256

      3e234ce90de6aad226d5c057f64106ae984c932e65ae6e8a69279a20e70f0997

      SHA512

      8cc11be61f782158f0df56a38247af39cdba72a3a809c450831d910cdb5b8096550c45c66767c60fe8e1ba4f55926a5532932a950aa413e1470ac2effbdb53cd

    • \Program Files (x86)\WinRAR\Formats\lzh.fmt

      Filesize

      85KB

      MD5

      fd512afc6a7dda9e8a098c54d7a38e36

      SHA1

      301be5f4872c46d941030963aa6444909f90d7a5

      SHA256

      d4461470bd76a0dad0ddcbb1a512b4f1513425dcd0f1f8790471a45cb7978ef5

      SHA512

      694d31e2734161e4b847fecdcc3142e32013f657bc1589c71dd266b636d225a169a8b77454dbb4a1d4a74ea0b021f888b2746fa35548e36cb566f17201f2fbcb

    • \Program Files (x86)\WinRAR\Rar.exe

      Filesize

      387KB

      MD5

      fd1effd45bd615a741227f84fd1ae915

      SHA1

      1e254610fd5d60b4ab377cd1796a2781f60b134e

      SHA256

      52ae84051c5038d19d2d72dfd10739b50f4b78e0936d1cb45d7dabb2eff19810

      SHA512

      2917b1b0dc738a7406620b3af465c4f57c8bd7d9834c76f7b277c634fa0672dba5407a2298a4cdd4729f80c502df4887d7eea23b568b6d49ab26cc5602365cc0

    • \Program Files (x86)\WinRAR\Uninstall.exe

      Filesize

      119KB

      MD5

      07fb6fbaa38521c859c6e2c9d3508560

      SHA1

      bdbbac36111f7526a386a3b2440ad6c88af275b7

      SHA256

      a24e71f60a22b99cabfc2bd9c04f5477e23a33e880442d60ff84191cc55055e6

      SHA512

      33feee5c6b35bfc389fe3f536512c17cd8a5f2f151e4aee951b521620e0c543506d5130bfdb39006b5640c6f8c79cf429d8c5a92d0f932b10ca9b06b05539eb9

    • \Program Files (x86)\WinRAR\WinRAR.exe

      Filesize

      1.0MB

      MD5

      c464ce70a57da04861a29015814e0dd1

      SHA1

      7cb84bc701d14ae10d415da168c7c64ce62a44ab

      SHA256

      9529a0892a46b0653e8214b9b6d717bbed1bf02c1d02f5d7253ee940aaf6c6f4

      SHA512

      ea31ff0fc8e5505b4b6ef10ed509893835b329ecce429a0d3b88b8c40683ac6a51fedeae33f695915decab03d019ac866371895599106762f8397026579803fd

    • \Users\Admin\AppData\Local\Temp\1.exe

      Filesize

      286KB

      MD5

      f2c7bcc4b9096a5eb57ed5d1aad3e85d

      SHA1

      bf047b8d9df03689eaa83015bb343e379583b8ba

      SHA256

      d91ecfecbfde91c6646e4bc7783a2df0e77794d36622923973a9f679a77d9e7e

      SHA512

      c5a547d89b23f9b269fbf82548676024c0a24cc9b82669788c8ac1a94d12cda17fdc62e0bba813a9ce631247331f02f64ef17ded7b532c16d8333f925350f8d7

    • memory/1244-56-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

    • memory/1244-59-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

      Filesize

      4KB

    • memory/1604-19-0x00000000023F0000-0x000000000241B000-memory.dmp

      Filesize

      172KB

    • memory/1604-2-0x0000000000401000-0x0000000000403000-memory.dmp

      Filesize

      8KB

    • memory/1604-26-0x0000000000400000-0x00000000005CE110-memory.dmp

      Filesize

      1.8MB

    • memory/1604-0-0x0000000000400000-0x00000000005CE110-memory.dmp

      Filesize

      1.8MB

    • memory/1604-6-0x0000000002C30000-0x0000000002CFA000-memory.dmp

      Filesize

      808KB

    • memory/1604-11-0x0000000002C30000-0x0000000002CFA000-memory.dmp

      Filesize

      808KB

    • memory/1756-142-0x0000000000400000-0x000000000042B000-memory.dmp

      Filesize

      172KB

    • memory/1756-21-0x0000000000400000-0x000000000042B000-memory.dmp

      Filesize

      172KB

    • memory/1808-32-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

    • memory/1808-45-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

    • memory/1808-35-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

    • memory/1808-29-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

    • memory/2884-37-0x0000000000400000-0x00000000004CA000-memory.dmp

      Filesize

      808KB

    • memory/2884-15-0x0000000000400000-0x00000000004CA000-memory.dmp

      Filesize

      808KB

    • memory/2884-34-0x00000000025D0000-0x000000000269A000-memory.dmp

      Filesize

      808KB

    • memory/2908-43-0x0000000000400000-0x00000000004083A0-memory.dmp

      Filesize

      32KB

    • memory/2908-48-0x0000000000400000-0x00000000004083A0-memory.dmp

      Filesize

      32KB

    • memory/2908-47-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

    • memory/2908-41-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB