2249da86ba12abbefa9c98d0a14e6cf3404a7da5854c62399b92681420459170

Analysis

max time kernel
95s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d8f31390657feafdceee1acbffde190_JaffaCakes118.exe
Size

242KB
MD5

0d8f31390657feafdceee1acbffde190
SHA1

b21fbee6a30d4c44b60228e1a0e4cec4605a9040
SHA256

2249da86ba12abbefa9c98d0a14e6cf3404a7da5854c62399b92681420459170
SHA512

929bbb361e374379b16a1df205f862f583a85c02c942cb747815a48acdc58dd65aaa0808b52cbc8ee2baa3d5b80761a049d8c0517c7794cba2e9b5b9d7e221d8
SSDEEP

6144:MsaocyLCk5xf1QrVcEUp16Mj3elepybnoWSgBjt0Fisj:Mtobz5xf12qEUp1DOlhbnXt8Vj

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	inst.exe

Executes dropped EXE 2 IoCs

pid	Process
1036	inst.exe
2616	4fd99101-fa18-4898-bfd9-098a5bc06f2f.exe

Loads dropped DLL 2 IoCs

pid	Process
3144	0d8f31390657feafdceee1acbffde190_JaffaCakes118.exe
3144	0d8f31390657feafdceee1acbffde190_JaffaCakes118.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	inst.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	inst.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	inst.exe
File created	C:\Windows\assembly\Desktop.ini	inst.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	inst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0d8f31390657feafdceee1acbffde190_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4fd99101-fa18-4898-bfd9-098a5bc06f2f.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81	inst.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 0400000001000000100000008ccadc0b22cef5be72ac411a11a8d8120f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce7f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c06200000001000000200000008d722f81a9c113c0791df136a2966db26c950a971db46b4199f4ea54b78bfb9f1400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb5748501d00000001000000100000005b3b67000eeb80022e42605b6b3b72400b000000010000000e00000074006800610077007400650000007e000000010000000800000000c0032f2df8d60168000000010000000000000003000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b81190000000100000010000000dc73f9b71e16d51d26527d32b11a6a3d2000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	inst.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 5c000000010000000400000000080000190000000100000010000000dc73f9b71e16d51d26527d32b11a6a3d03000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b816800000001000000000000007e000000010000000800000000c0032f2df8d6010b000000010000000e00000074006800610077007400650000001d00000001000000100000005b3b67000eeb80022e42605b6b3b72401400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb5748506200000001000000200000008d722f81a9c113c0791df136a2966db26c950a971db46b4199f4ea54b78bfb9f53000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703010f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce0400000001000000100000008ccadc0b22cef5be72ac411a11a8d8122000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	inst.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2616	4fd99101-fa18-4898-bfd9-098a5bc06f2f.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2616	4fd99101-fa18-4898-bfd9-098a5bc06f2f.exe
2616	4fd99101-fa18-4898-bfd9-098a5bc06f2f.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 1036	3144	0d8f31390657feafdceee1acbffde190_JaffaCakes118.exe	83
PID 3144 wrote to memory of 1036	3144	0d8f31390657feafdceee1acbffde190_JaffaCakes118.exe	83
PID 1036 wrote to memory of 2616	1036	inst.exe	85
PID 1036 wrote to memory of 2616	1036	inst.exe	85
PID 1036 wrote to memory of 2616	1036	inst.exe	85

C:\Users\Admin\AppData\Local\Temp\0d8f31390657feafdceee1acbffde190_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0d8f31390657feafdceee1acbffde190_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Users\Admin\AppData\Local\Temp\nsk79B6.tmp\inst.exe
  C:\Users\Admin\AppData\Local\Temp\nsk79B6.tmp\inst.exe 4fd99101-fa18-4898-bfd9-098a5bc06f2f.exe /u4fd99101-fa18-4898-bfd9-098a5bc06f2f /e4560044 /dT131851014S /t
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops desktop.ini file(s)
  - Drops file in Windows directory
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:1036
- - C:\Users\Admin\AppData\Local\Temp\nsk79B6.tmp\4fd99101-fa18-4898-bfd9-098a5bc06f2f.exe
    "C:\Users\Admin\AppData\Local\Temp\nsk79B6.tmp\4fd99101-fa18-4898-bfd9-098a5bc06f2f.exe" /u4fd99101-fa18-4898-bfd9-098a5bc06f2f /e4560044 /dT131851014S /t
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821

Filesize
76KB

MD5
814ec2095f3f6ac00177f839cc996cf2

SHA1
77863c4fa7b495ed96351602190ab3d7b50cc6a7

SHA256
47af1a17cb0723895141985b657882d1d0db6679ccedca7ae508b9dcd39e0d62

SHA512
4097999594c16045dbd1bffc1efbe615a4828e879e508e9eddb6bc97ed732aa0606fc8a6183ae9ef94563521283b3aa1901eef513bf8f8c06e1e1742e8cf1a4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_D73FEE3C4E574541538B35CF985ADB66

Filesize
5B

MD5
4842e206e4cfff2954901467ad54169e

SHA1
80c9820ff2efe8aa3d361df7011ae6eee35ec4f0

SHA256
2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e

SHA512
ff537b1808fcb03cfb52f768fbd7e7bd66baf6a8558ee5b8f2a02f629e021aa88a1df7a8750bae1f04f3b9d86da56f0bdcba2fdbc81d366da6c97eb76ecb6cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EDCF682921FE94F4A02A43CD1A28E6B

Filesize
604B

MD5
3a0e39c53630ecfc2720aee27fe32557

SHA1
ce9b2fbd4efce495b07ac98b4cb54b12dd3cf3c0

SHA256
18da8779683e3e688ac75a896d738eb4e958763e153e56cb06432bafd3d6ef38

SHA512
3598a8fa245b68d4ea236355c00c80710105704efb08e889edea0afd79e079224083c0d034e6b2454189bb8057ea9037ae48e0791bc5b6c54a4af90541fda166

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821

Filesize
202B

MD5
658d717c9eb55e81ade982040b817367

SHA1
82a4c07d62bd372b982a28939928910bbf5a9d9f

SHA256
74e1b4145820a30df8783df0420a7068a694eaa3a4fa80bcb95f1d3dcc3b4506

SHA512
0dab5bf7e5ed080daa983ba1d40a7526ff635a008eb3639e2d12958d39f3f8919d3d6325cd8a20bb991618c669ddf9b4ee25dd0a2de99df46dd7c11fce45d4c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_D73FEE3C4E574541538B35CF985ADB66

Filesize
490B

MD5
8643fcc4540bdbdbb65aee5b28b7446f

SHA1
07b4d221cfbe972de0da006dc3e73368296c9272

SHA256
098210b89631f3a93600c1a9a9cd7ad979f22d8518d3312a9e92c816db88e4e1

SHA512
84105a1260113b84e90be4d5cd8e1e9b87de4987bf8e0f79dd966e882e7aebc93e1e9ceb17d364bb05a17691d7c4c1d6c1105ba32e356f557903b404b7396757

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_F0E2901B5CB9DFCB03318B8D06C40A30

Filesize
412B

MD5
beb95a922f99b2398219d086b8f5d4dc

SHA1
78c9948ddfd4d67410f9fa59ffa21ecb3357f487

SHA256
ec2254c56ffd5f9debf500b81411644618332e663c2c4a38a4e7fe3a79bc229f

SHA512
3cb8d0147af6c18b74faef957443efab242e001325a0b5d8d9bfd010fbcaead44164d17cd58bb9391f7eb2eb27a372ed512ff2dab94a794a65f6cb90117f877a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EDCF682921FE94F4A02A43CD1A28E6B

Filesize
188B

MD5
497e3653cbc31b27f0980a9ffac9b790

SHA1
3f144565de219d011d6fbdc026f5668f514d111e

SHA256
9b8a33925e94f6c4b3e3d6f457d814f59d0fb0068aa8ca336b3a86f3e4c9deb0

SHA512
69c6c7ada91b0aa5ad0e620efe14f50466471a0c4b463b252d9307fe37c32cbe859625cf17db65e8668c017b565b11d4f02e34aa86b3e71b7ea324236a031746

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9

Filesize
404B

MD5
09391ca83deb4ac928da8916b7129300

SHA1
8f997411495ff46a15b20f65f063fad89400b3af

SHA256
944ca231b60791d9a00f135b47c817814882555d788a13643c34387da7505e0d

SHA512
abe8488c49846cea2277bb33fb4cf031073814edae9ffaf19435a763d43a846900d973505ea33d48fdb29810d96c04854b2b33f1d91e92c3db72a1d0a151ca73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_CC1689C2A9A5CB35265F3C2516751959

Filesize
482B

MD5
75018a3e675f91cea94c1abbe1e39e21

SHA1
7ca24487ee6ed967600c9fb4b969b85925cc6385

SHA256
6820ca149519ccb6a9d78af27c0211e48710c8fd3f5bc9a0b3b899c5cd0c29d6

SHA512
620795af9baca524ce394f06d723cefd542a4f1b8e4682163ecd171691ef7c939c5950071b9621d2675d6b97011ce139f0d3a077334216f6bdfb9e4fb2159730

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk79B6.tmp\4fd99101-fa18-4898-bfd9-098a5bc06f2f.exe

Filesize
248KB

MD5
22be5edcbe2fd71af6d4a98529a58d88

SHA1
974d22883901d75a407c46282ef75acb0187cb21

SHA256
c4cfe2563b9681d78283c124f49d0a627be62bd040cabeb94bfeaab2b6733e35

SHA512
3d3e9ba2aa4f0b67faa052d304b4186bafe539f6ae88efa38a745246e47a351607a968f8af96fc8b8d78e4cc85dcfd28f009aad47608f855588fd7530910a624

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk79B6.tmp\VPatch.dll

Filesize
10KB

MD5
e7de13c3dd744f2a754553687219d39a

SHA1
96c5f7e23a5a49e8fe6cb7830002aad607d003e3

SHA256
2168f690bb1e751690a8d6922550cd86adc0762c63e9276f319116a9df910383

SHA512
0cd5e5343b6d893e4772c470442d8ea081d61ce38b546421a1e323cf2a0d1e2b042e009e7a14a8acb27c9d97186dd9358f5f9083dd30e9f6f41764f228febb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk79B6.tmp\inst.exe

Filesize
181KB

MD5
055027a390bd4d4d12dc222f50ef7886

SHA1
6b1777b991791ee11ce6accf8c1bdfc2342c7b55

SHA256
aa30d730c4608053ed0fe41ab7743d072b3afb78a710c1b5213ae7288133d3ff

SHA512
b307c25569d1d09341f027eb0e9e973486b8bf2ab63dfcfd36d54fdb94882393b85b395ee3d3f440197d9d821bdafda9b719d650c9b9cb658dce8b2c2750b00e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk79B6.tmp\nsExec.dll

Filesize
8KB

MD5
249ae678f0dac4c625c6de6aca53823a

SHA1
6ac2b9e90e8445fed4c45c5dbf2d0227cd3b5201

SHA256
7298024a36310b7c4c112be87b61b62a0b1be493e2d5252a19e5e976daf674ce

SHA512
66e4081a40f3191bf28b810cf8411cb3c8c3e3ec5943e18d6672414fb5e7b4364f862cba44c9115c599ac90890ef02a773e254e7c979e930946bc52b0693aad7

Download Submit
memory/1036-38-0x000000001C890000-0x000000001C8BA000-memory.dmp

Filesize
168KB

Download
memory/1036-19-0x00007FF955B90000-0x00007FF956531000-memory.dmp

Filesize
9.6MB

Download
memory/1036-18-0x00007FF955E45000-0x00007FF955E46000-memory.dmp

Filesize
4KB

Download
memory/1036-42-0x00007FF955B90000-0x00007FF956531000-memory.dmp

Filesize
9.6MB

Download
memory/1036-68-0x00007FF955B90000-0x00007FF956531000-memory.dmp

Filesize
9.6MB

Download
memory/1036-69-0x00007FF955E45000-0x00007FF955E46000-memory.dmp

Filesize
4KB

Download
memory/1036-74-0x00007FF955B90000-0x00007FF956531000-memory.dmp

Filesize
9.6MB

Download
memory/1036-73-0x00007FF955B90000-0x00007FF956531000-memory.dmp

Filesize
9.6MB

Download
memory/2616-54-0x0000000074180000-0x0000000074731000-memory.dmp

Filesize
5.7MB

Download
memory/2616-53-0x0000000074182000-0x0000000074183000-memory.dmp

Filesize
4KB

Download
memory/2616-55-0x0000000074180000-0x0000000074731000-memory.dmp

Filesize
5.7MB

Download
memory/2616-71-0x0000000074180000-0x0000000074731000-memory.dmp

Filesize
5.7MB

Download
memory/3144-84-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download