90e870524183aae7e86bc56c6d090700f861fd299fb8637e47812d55f0d568a3

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Size

182KB
MD5

0084a9756b9a421ab2eda5dad31c8f87
SHA1

ec6e5e17a4d567a78e5c50265dcb9b30d8c0f1cd
SHA256

90e870524183aae7e86bc56c6d090700f861fd299fb8637e47812d55f0d568a3
SHA512

0176f2228f2d0e601d073197b068a636135ec1c784b4f366db897cd3a7ff56506f765721c800e46127120b50a7f824ff54adf0118683e7f1f6aecbae85102d6e
SSDEEP

3072:MffcX5/qoRiHRUPdqFjCTvySC6AAVhiItFkslmMYfqXdAFBFevcfOLG9DHknnipE:ucQoQKk6AA2SksM9fecF0L8DH4

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2072	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
1736	iqity.exe

Loads dropped DLL 2 IoCs

pid	Process
2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\Izhap = "C:\\Users\\Admin\\AppData\\Roaming\\Ytnis\\iqity.exe"	iqity.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2412 set thread context of 2072	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	33

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iqity.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Privacy	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\23A02E84-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 51 IoCs

pid	Process
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe
1736	iqity.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Token: SeSecurityPrivilege	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Token: SeSecurityPrivilege	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Token: SeSecurityPrivilege	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Token: SeSecurityPrivilege	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Token: SeSecurityPrivilege	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Token: SeSecurityPrivilege	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Token: SeSecurityPrivilege	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1764	WinMail.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1764	WinMail.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1764	WinMail.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1764	WinMail.exe

Suspicious use of WriteProcessMemory 55 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 1736	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	31
PID 2412 wrote to memory of 1736	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	31
PID 2412 wrote to memory of 1736	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	31
PID 2412 wrote to memory of 1736	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	31
PID 1736 wrote to memory of 1104	1736	iqity.exe	19
PID 1736 wrote to memory of 1104	1736	iqity.exe	19
PID 1736 wrote to memory of 1104	1736	iqity.exe	19
PID 1736 wrote to memory of 1104	1736	iqity.exe	19
PID 1736 wrote to memory of 1104	1736	iqity.exe	19
PID 1736 wrote to memory of 1152	1736	iqity.exe	20
PID 1736 wrote to memory of 1152	1736	iqity.exe	20
PID 1736 wrote to memory of 1152	1736	iqity.exe	20
PID 1736 wrote to memory of 1152	1736	iqity.exe	20
PID 1736 wrote to memory of 1152	1736	iqity.exe	20
PID 1736 wrote to memory of 1184	1736	iqity.exe	21
PID 1736 wrote to memory of 1184	1736	iqity.exe	21
PID 1736 wrote to memory of 1184	1736	iqity.exe	21
PID 1736 wrote to memory of 1184	1736	iqity.exe	21
PID 1736 wrote to memory of 1184	1736	iqity.exe	21
PID 1736 wrote to memory of 1352	1736	iqity.exe	23
PID 1736 wrote to memory of 1352	1736	iqity.exe	23
PID 1736 wrote to memory of 1352	1736	iqity.exe	23
PID 1736 wrote to memory of 1352	1736	iqity.exe	23
PID 1736 wrote to memory of 1352	1736	iqity.exe	23
PID 1736 wrote to memory of 2412	1736	iqity.exe	30
PID 1736 wrote to memory of 2412	1736	iqity.exe	30
PID 1736 wrote to memory of 2412	1736	iqity.exe	30
PID 1736 wrote to memory of 2412	1736	iqity.exe	30
PID 1736 wrote to memory of 2412	1736	iqity.exe	30
PID 1736 wrote to memory of 1764	1736	iqity.exe	32
PID 1736 wrote to memory of 1764	1736	iqity.exe	32
PID 2412 wrote to memory of 2072	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	33
PID 2412 wrote to memory of 2072	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	33
PID 2412 wrote to memory of 2072	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	33
PID 2412 wrote to memory of 2072	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	33
PID 2412 wrote to memory of 2072	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	33
PID 2412 wrote to memory of 2072	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	33
PID 2412 wrote to memory of 2072	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	33
PID 2412 wrote to memory of 2072	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	33
PID 2412 wrote to memory of 2072	2412	0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe	33
PID 1736 wrote to memory of 1140	1736	iqity.exe	35
PID 1736 wrote to memory of 1140	1736	iqity.exe	35
PID 1736 wrote to memory of 1140	1736	iqity.exe	35
PID 1736 wrote to memory of 1140	1736	iqity.exe	35
PID 1736 wrote to memory of 1140	1736	iqity.exe	35
PID 1736 wrote to memory of 2468	1736	iqity.exe	36
PID 1736 wrote to memory of 2468	1736	iqity.exe	36
PID 1736 wrote to memory of 2468	1736	iqity.exe	36
PID 1736 wrote to memory of 2468	1736	iqity.exe	36
PID 1736 wrote to memory of 2468	1736	iqity.exe	36
PID 1736 wrote to memory of 2876	1736	iqity.exe	37
PID 1736 wrote to memory of 2876	1736	iqity.exe	37
PID 1736 wrote to memory of 2876	1736	iqity.exe	37
PID 1736 wrote to memory of 2876	1736	iqity.exe	37
PID 1736 wrote to memory of 2876	1736	iqity.exe	37

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1104

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1152

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1184
- C:\Users\Admin\AppData\Local\Temp\0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\0084a9756b9a421ab2eda5dad31c8f87_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Roaming\Ytnis\iqity.exe
    "C:\Users\Admin\AppData\Roaming\Ytnis\iqity.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1736
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp0014c708.bat"
    3⤵
    - Deletes itself
    - System Location Discovery: System Language Discovery
    PID:2072

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1352

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1140

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2468

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials in Registry

T1552.002

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
27f0fb91c5c38d1690859b4300864149

SHA1
9002eb62d99e95a6e3dc2c79939943e942e5f593

SHA256
95f629aadc93c6aa0ca3f37331070c2e28d97937be09faf48333269bcb276246

SHA512
9f217090708894f0fa06752e038b1d0aae85a1f6c73328149d153e1d3916ad88bbf05616eab321726d4d12daf338508b98e1a229dbeed0274e4b5974b5cd1e4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp0014c708.bat

Filesize
271B

MD5
eb8b966e8b5f78de26a22cd2f6c34f9f

SHA1
5be318543ff7071aa34a52580e9315a204197974

SHA256
66673586aa61e60209de9f283a026ad64bf4712ebc56e17cf47a0c82298a0c0b

SHA512
4bfa52b08376cd0a2a8f5ab39db07e0d8c1ad6ec1f04735bc672563462d846c60eba3459df2a09d3cca213e7a4f623b9a28d67f7abb81c2f8ff0f349361a4f94

Download Submit
C:\Users\Admin\AppData\Roaming\Zyhye\olge.vis

Filesize
4KB

MD5
7fc32692b620a687ff1b8935aed5c5d4

SHA1
2c07b7cd930665dc5e9414d31f665e9892bf7725

SHA256
fbce6fb0f5ae6a438ab2fe01fb099fe70dc92d1c432289f86537e3d047b2a6d4

SHA512
18c4626369667c58b9807d9434f1f34ee1a54f4a5a5979b55c7964f0bbcd53b82ae79e6b40ed5bb92bd71088c80e832b25c82e576b19f19a439e7f591083d8a5

Download Submit
\Users\Admin\AppData\Roaming\Ytnis\iqity.exe

Filesize
182KB

MD5
89d2a510b384f2457c743cc38b1706e3

SHA1
987932e75c225c6222935467ea07b8de7345505d

SHA256
d4064c4192c168f9978a312c9d0033a7775768ba3b0548ca9b3624808e66ab5b

SHA512
0e4e55433523d0dfaf384666bd07587f79f2bcefc0e78d03185073f93a549c1d02d416ad413f57e5959676a91529402eb33852ad1a5c5e2f87166dbba5f901fc

Download Submit
memory/1104-30-0x0000000001FA0000-0x0000000001FD9000-memory.dmp

Filesize
228KB

Download
memory/1104-36-0x0000000001FA0000-0x0000000001FD9000-memory.dmp

Filesize
228KB

Download
memory/1104-38-0x0000000001FA0000-0x0000000001FD9000-memory.dmp

Filesize
228KB

Download
memory/1104-34-0x0000000001FA0000-0x0000000001FD9000-memory.dmp

Filesize
228KB

Download
memory/1104-32-0x0000000001FA0000-0x0000000001FD9000-memory.dmp

Filesize
228KB

Download
memory/1152-42-0x0000000002120000-0x0000000002159000-memory.dmp

Filesize
228KB

Download
memory/1152-44-0x0000000002120000-0x0000000002159000-memory.dmp

Filesize
228KB

Download
memory/1152-43-0x0000000002120000-0x0000000002159000-memory.dmp

Filesize
228KB

Download
memory/1152-41-0x0000000002120000-0x0000000002159000-memory.dmp

Filesize
228KB

Download
memory/1184-46-0x0000000002A90000-0x0000000002AC9000-memory.dmp

Filesize
228KB

Download
memory/1184-47-0x0000000002A90000-0x0000000002AC9000-memory.dmp

Filesize
228KB

Download
memory/1184-48-0x0000000002A90000-0x0000000002AC9000-memory.dmp

Filesize
228KB

Download
memory/1184-49-0x0000000002A90000-0x0000000002AC9000-memory.dmp

Filesize
228KB

Download
memory/1352-53-0x0000000001DA0000-0x0000000001DD9000-memory.dmp

Filesize
228KB

Download
memory/1352-55-0x0000000001DA0000-0x0000000001DD9000-memory.dmp

Filesize
228KB

Download
memory/1352-51-0x0000000001DA0000-0x0000000001DD9000-memory.dmp

Filesize
228KB

Download
memory/1352-57-0x0000000001DA0000-0x0000000001DD9000-memory.dmp

Filesize
228KB

Download
memory/1736-606-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-330-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-607-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-271-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1736-605-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-604-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-603-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-602-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-601-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-336-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-609-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-608-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-331-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-610-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-332-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-611-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-24-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1736-23-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1736-333-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-22-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/1736-335-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-327-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-328-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/1736-329-0x0000000003410000-0x0000000003473000-memory.dmp

Filesize
396KB

Download
memory/2412-65-0x0000000002050000-0x0000000002089000-memory.dmp

Filesize
228KB

Download
memory/2412-61-0x0000000002050000-0x0000000002089000-memory.dmp

Filesize
228KB

Download
memory/2412-3-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2412-2-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2412-6-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2412-325-0x0000000002050000-0x0000000002089000-memory.dmp

Filesize
228KB

Download
memory/2412-324-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2412-8-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2412-17-0x0000000002050000-0x00000000020B3000-memory.dmp

Filesize
396KB

Download
memory/2412-20-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2412-18-0x0000000002050000-0x00000000020B3000-memory.dmp

Filesize
396KB

Download
memory/2412-21-0x0000000000421000-0x0000000000426000-memory.dmp

Filesize
20KB

Download
memory/2412-0-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2412-4-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2412-63-0x0000000002050000-0x0000000002089000-memory.dmp

Filesize
228KB

Download
memory/2412-67-0x0000000002050000-0x0000000002089000-memory.dmp

Filesize
228KB

Download
memory/2412-1-0x0000000000421000-0x0000000000426000-memory.dmp

Filesize
20KB

Download
memory/2412-72-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2412-74-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2412-76-0x0000000002050000-0x0000000002089000-memory.dmp

Filesize
228KB

Download
memory/2412-78-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2412-80-0x0000000002050000-0x0000000002089000-memory.dmp

Filesize
228KB

Download
memory/2412-82-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2412-84-0x0000000002050000-0x0000000002089000-memory.dmp

Filesize
228KB

Download
memory/2412-226-0x0000000002050000-0x00000000020B3000-memory.dmp

Filesize
396KB

Download
memory/2412-86-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2412-91-0x0000000002050000-0x00000000020B3000-memory.dmp

Filesize
396KB

Download
memory/2412-69-0x0000000002050000-0x0000000002089000-memory.dmp

Filesize
228KB

Download