a4763fd2d0197646192d76abb47609d36e0da2b45c599b28fafbdda12e9ca2ed

Analysis

max time kernel
129s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ab01319837f501afde3f2d1c1c64b73_JaffaCakes118.dll
Size

1.5MB
MD5

0ab01319837f501afde3f2d1c1c64b73
SHA1

5577b53515989429a6e0b2778ab8a1074c535ebc
SHA256

a4763fd2d0197646192d76abb47609d36e0da2b45c599b28fafbdda12e9ca2ed
SHA512

1b7994c12fdec0b5d039a6d0270fa29eaff74c5dbebcaf8bf18bf9ed9a658d2c9ce8723ce4e74ff69893a4e6c2ac521571e396dc3d2188b84b867dc5a19dfd91
SSDEEP

24576:6e9Zd366UnMOJkE/9VYjE4X4IvTYxiftGsmHSDNvlE6+9vffmUqbHh5:6e9zZ6Mm9VuE4IU8xGwsYSDNtE6evff

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
3	2376	rundll32.exe
4	2376	rundll32.exe
5	2376	rundll32.exe
11	2376	rundll32.exe

Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
persistence privilege_escalation

AppInit DLLs
T1546.010

Loads dropped DLL 9 IoCs

pid	Process
2400	rundll32.exe
2400	rundll32.exe
2400	rundll32.exe
2400	rundll32.exe
2304	rundll32.exe
2304	rundll32.exe
2304	rundll32.exe
2304	rundll32.exe
2304	rundll32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\SoftwareLite\SoftwareLite.dll	rundll32.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Modifies data under HKEY_USERS 51 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\1520c6f1 = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\3c09c42b = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\8b9e4cbc = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\c99a5f5c = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\e46c271e = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\f1f24e29 = "Vl/l/C/////%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\00000000\493c7345 = 6d0030003100650030003700380030006d00550031002b0030003700380030006d00550031002b00300036003400300061006c0031004400300036004900300070006c00310054003000300025002500000070006c00310044003000360049003000710078003100590030003600450030007100550031002b0030003600340030006e006c003000530030003600620030006e00550031005a00300030002500250000000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\51d2f2ea = "JlAk/XF/c/A1/XD/bxAu/Dl/HPAh/XJ////%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\c5705860 = "Vx////%%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\c24899a6 = "VP/g/CV/Vl/2/Cx////%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\340d3099 = "/P////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\414bc593 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\587b5709 = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\a0743acc = "N/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\f2c53c49 = "UlAr/XJ/c//k////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\c6c5dd44 = "V/////%%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\00000000\3efeb33e = 00000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\0e93c3f3 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\1c311243 = "GxAp/X2/FPAm/X6/FlAu/XD/ax/j/Xt/axAv/X6////%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\2d71d5ab = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\7f69fa1f = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\a1dcff5b = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\d94388d2 = "GxAp/X2/FPAm/X6/FlAu/XD/ax/j/Xt/axAv/X6////%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\fe94ce1e = "V/////%%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\00000000	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\00000000\a47da861 = 6f00300031004f0030003700780030006d00300030004b003000320045003000610055003100670030003600450030006e006c0031004f0030003600740030006a00300031004f00300036004f0030006d0055003100670030003200490030006f0078003100530030003600710030006e0055003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100670030003600450030006e006c0031004f0030003600740030006a00300031004f00300036004f0030006d0055003100670030003200490030006f007800310053003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100590030003600450030006d006c003100680030003600340030006d006c0031004f0030003700380030007000780031004e0030003600450030006900780031004d0030003600620030007000780031004e0030003200490030006f0078003100530030003600710030006e0055003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100590030003600450030006d006c003100680030003600340030006d006c0031004f0030003700380030007000780031004e0030003600450030006900780031004d0030003600620030007000780031004e0030003200490030006f007800310053003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100680030003600680030006d006c0031002b003000360062003000690030003100550030003600340030006d006c0031004e0030003600740030006d006c003000530030003600680030006e006c003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100680030003600680030006d006c0031002b003000360062003000690030003100550030003600340030006d006c0031004e0030003600740030006d006c003000530030003600680030006e006c00310041003000360045003000610055003100500030003600490030006f007800310053003000370062003000690030003100650030003600550030006e00300030005400300030002500250000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100410030003600680030006e006c0031002b00300036007800300071006c003100440030003700780030006d0030003100540030003700620030006f00780031004f0030003600680030006e0055003100530030003200490030006f007800310053003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100440030003600490030006d00550031004f0030003600340030006e006c003100670030003600740030006900550031004d0030003600340030006d0030003000530030003600490030007000780031004f003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100670030003600450030006e006c0031004f0030003600740030006a00300031004f0030003600550030006f00780031004e00300037007800300061006c0031004400300036004900300070006c00310054003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100670030003600450030006e006c0031004f0030003600740030006a00300031004f0030003600550030006f00780031004e00300037007800300061006c00310053003000360074003000690030003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\0dc3ee96 = "/P////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\27ddcf6f = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\2e22d94e = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\a2e3b941 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\e8f9dcc7 = "UlAr/XJ/c//k////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\48bd1aff = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\6185d035 = "Vx/2/Cx/V//l////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\f6ad6fa6 = "V/////%%"	rundll32.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\iiid = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\7367429f = "///%"	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\00000000\370856c7 = 00000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\060df2cd = "GlAu/YP/c/Au/YZ/GxAp/YZ/GP/j/Xt/axAv/X6////%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\0c230bcb = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\37b7a6d8 = "UlAr/XJ/c//k////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\38583bc3 = "Ml/2/CF/M//g/CZ////%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\65114b36 = "VP/l////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\72758a5d = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\bbf88800 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\d1abcdb6 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_1d57b92d\eae10f9d\f0bf0bde = "///%"	rundll32.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2376	rundll32.exe
2376	rundll32.exe
2376	rundll32.exe
2376	rundll32.exe
2304	rundll32.exe
2304	rundll32.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2376	2548	rundll32.exe	30
PID 2548 wrote to memory of 2376	2548	rundll32.exe	30
PID 2548 wrote to memory of 2376	2548	rundll32.exe	30
PID 2548 wrote to memory of 2376	2548	rundll32.exe	30
PID 2548 wrote to memory of 2376	2548	rundll32.exe	30
PID 2548 wrote to memory of 2376	2548	rundll32.exe	30
PID 2548 wrote to memory of 2376	2548	rundll32.exe	30
PID 2376 wrote to memory of 2400	2376	rundll32.exe	31
PID 2376 wrote to memory of 2400	2376	rundll32.exe	31
PID 2376 wrote to memory of 2400	2376	rundll32.exe	31
PID 2376 wrote to memory of 2400	2376	rundll32.exe	31
PID 2376 wrote to memory of 2400	2376	rundll32.exe	31
PID 2376 wrote to memory of 2400	2376	rundll32.exe	31
PID 2376 wrote to memory of 2400	2376	rundll32.exe	31
PID 2988 wrote to memory of 2304	2988	rundll32.exe	33
PID 2988 wrote to memory of 2304	2988	rundll32.exe	33
PID 2988 wrote to memory of 2304	2988	rundll32.exe	33
PID 2988 wrote to memory of 2304	2988	rundll32.exe	33
PID 2988 wrote to memory of 2304	2988	rundll32.exe	33
PID 2988 wrote to memory of 2304	2988	rundll32.exe	33
PID 2988 wrote to memory of 2304	2988	rundll32.exe	33

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ab01319837f501afde3f2d1c1c64b73_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ab01319837f501afde3f2d1c1c64b73_JaffaCakes118.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SoftwareLite\SoftwareLite.dll",serv -install
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2400

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SoftwareLite\SoftwareLite.dll",serv
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SoftwareLite\SoftwareLite.dll",serv
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Privilege Escalation

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\Program Files (x86)\SoftwareLite\SoftwareLite.dll

Filesize
1.5MB

MD5
0ab01319837f501afde3f2d1c1c64b73

SHA1
5577b53515989429a6e0b2778ab8a1074c535ebc

SHA256
a4763fd2d0197646192d76abb47609d36e0da2b45c599b28fafbdda12e9ca2ed

SHA512
1b7994c12fdec0b5d039a6d0270fa29eaff74c5dbebcaf8bf18bf9ed9a658d2c9ce8723ce4e74ff69893a4e6c2ac521571e396dc3d2188b84b867dc5a19dfd91

Download Submit
memory/2304-22-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2304-23-0x000000007EC50000-0x000000007EFA8000-memory.dmp

Filesize
3.3MB

Download
memory/2304-28-0x000000007EC50000-0x000000007EFA8000-memory.dmp

Filesize
3.3MB

Download
memory/2304-30-0x000000007EC50000-0x000000007EFA8000-memory.dmp

Filesize
3.3MB

Download
memory/2376-0-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2376-1-0x000000007EC50000-0x000000007EFA8000-memory.dmp

Filesize
3.3MB

Download
memory/2400-12-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2400-13-0x000000007EC50000-0x000000007EFA8000-memory.dmp

Filesize
3.3MB

Download