cbb16aaa6b5a4277dd7077e28412e58981ea6edf784b20f5fb02aa8e57b3ddf2

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe
Size

1.0MB
MD5

2616445b0b58063980d3bc2b0da2feed
SHA1

70165e724e514d649e08a81e0ef1f16030b9daba
SHA256

cbb16aaa6b5a4277dd7077e28412e58981ea6edf784b20f5fb02aa8e57b3ddf2
SHA512

52aed930302344a58d70ae94159b042d9854802e3bdf5239ff73d93492a30deaa4396d11059b075f2aeef98a3c7f2630030faa1c909da320e9b9b104d6620d07
SSDEEP

24576:UXQKznLsKA4bTlV9vwSfeqsxC3oh4Rj5xrYIKsIp1:2FTl7vyYUQ9K3

Score

7^/10

discovery persistence

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000016311-29.dat	acprotect
behavioral1/files/0x00080000000160d5-34.dat	acprotect

Executes dropped EXE 10 IoCs

pid	Process
108	IUB.EXE
2716	ashsvc.exe
2852	COM2.EXE
2684	SVCHOSI.EXE
1688	SVCHOSI.EXE
2112	COM1.EXE
2316	ashsvc.exe
264	IUB.EXE
1740	COM2.EXE
1564	IUB.EXE

Loads dropped DLL 20 IoCs

pid	Process
2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe
2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe
108	IUB.EXE
108	IUB.EXE
2716	ashsvc.exe
2716	ashsvc.exe
108	IUB.EXE
108	IUB.EXE
2852	COM2.EXE
2852	COM2.EXE
108	IUB.EXE
108	IUB.EXE
2852	COM2.EXE
2852	COM2.EXE
2316	ashsvc.exe
2316	ashsvc.exe
2684	SVCHOSI.EXE
2684	SVCHOSI.EXE
2684	SVCHOSI.EXE
2684	SVCHOSI.EXE

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WinSix = "C:\\Windows\\System32\\SVCHOSI.EXE"	REG.exe

Drops file in System32 directory 14 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\2026\desktop.ini	COM2.EXE
File created	C:\Windows\SysWOW64\2026\desktop.ini	COM2.EXE
File opened for modification	C:\Windows\SysWOW64\2026\2045\libeay32.dll	COM2.EXE
File created	C:\Windows\SysWOW64\SVCHOSI.EXE	IUB.EXE
File opened for modification	C:\Windows\SysWOW64\SVCHOSI.EXE	COM2.EXE
File created	C:\Windows\SysWOW64\2026\2045\ashsvc.exe	COM2.EXE
File opened for modification	C:\Windows\SysWOW64\2026\2045\ssleay32.dll	COM2.EXE
File created	C:\Windows\SysWOW64\2026\2045\ssleay32.dll	COM2.EXE
File created	C:\Windows\SysWOW64\2026\2045\libeay32.dll	COM2.EXE
File opened for modification	C:\Windows\SysWOW64\2026\	COM2.EXE
File opened for modification	C:\Windows\SysWOW64\2026\2045\ashsvc.exe	COM2.EXE
File created	C:\Windows\SysWOW64\SVCHOSI.EXE	COM2.EXE
File opened for modification	C:\Windows\SysWOW64\SVCHOSI.EXE	IUB.EXE
File opened for modification	C:\Windows\SysWOW64\SVCHOSI.exe	SVCHOSI.EXE

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ashsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	REG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	REG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	REG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IUB.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	COM2.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOSI.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	REG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	COM1.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ashsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IUB.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IUB.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	COM2.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SVCHOSI.EXE

Modifies registry key 1 TTPs 4 IoCs

Modify Registry

T1112

pid	Process
1004	REG.exe
1360	REG.exe
800	REG.exe
576	REG.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2716	ashsvc.exe
2716	ashsvc.exe
2316	ashsvc.exe
2316	ashsvc.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2716	ashsvc.exe
2316	ashsvc.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe
108	IUB.EXE
2852	COM2.EXE
2684	SVCHOSI.EXE
1688	SVCHOSI.EXE
2112	COM1.EXE
264	IUB.EXE
1740	COM2.EXE
1564	IUB.EXE

Suspicious use of WriteProcessMemory 56 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 108	2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe	30
PID 2400 wrote to memory of 108	2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe	30
PID 2400 wrote to memory of 108	2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe	30
PID 2400 wrote to memory of 108	2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe	30
PID 108 wrote to memory of 2716	108	IUB.EXE	31
PID 108 wrote to memory of 2716	108	IUB.EXE	31
PID 108 wrote to memory of 2716	108	IUB.EXE	31
PID 108 wrote to memory of 2716	108	IUB.EXE	31
PID 2400 wrote to memory of 2852	2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe	32
PID 2400 wrote to memory of 2852	2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe	32
PID 2400 wrote to memory of 2852	2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe	32
PID 2400 wrote to memory of 2852	2400	2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe	32
PID 108 wrote to memory of 2684	108	IUB.EXE	33
PID 108 wrote to memory of 2684	108	IUB.EXE	33
PID 108 wrote to memory of 2684	108	IUB.EXE	33
PID 108 wrote to memory of 2684	108	IUB.EXE	33
PID 2852 wrote to memory of 1360	2852	COM2.EXE	34
PID 2852 wrote to memory of 1360	2852	COM2.EXE	34
PID 2852 wrote to memory of 1360	2852	COM2.EXE	34
PID 2852 wrote to memory of 1360	2852	COM2.EXE	34
PID 2852 wrote to memory of 800	2852	COM2.EXE	36
PID 2852 wrote to memory of 800	2852	COM2.EXE	36
PID 2852 wrote to memory of 800	2852	COM2.EXE	36
PID 2852 wrote to memory of 800	2852	COM2.EXE	36
PID 2852 wrote to memory of 1688	2852	COM2.EXE	37
PID 2852 wrote to memory of 1688	2852	COM2.EXE	37
PID 2852 wrote to memory of 1688	2852	COM2.EXE	37
PID 2852 wrote to memory of 1688	2852	COM2.EXE	37
PID 2852 wrote to memory of 576	2852	COM2.EXE	39
PID 2852 wrote to memory of 576	2852	COM2.EXE	39
PID 2852 wrote to memory of 576	2852	COM2.EXE	39
PID 2852 wrote to memory of 576	2852	COM2.EXE	39
PID 2852 wrote to memory of 1004	2852	COM2.EXE	40
PID 2852 wrote to memory of 1004	2852	COM2.EXE	40
PID 2852 wrote to memory of 1004	2852	COM2.EXE	40
PID 2852 wrote to memory of 1004	2852	COM2.EXE	40
PID 108 wrote to memory of 2112	108	IUB.EXE	43
PID 108 wrote to memory of 2112	108	IUB.EXE	43
PID 108 wrote to memory of 2112	108	IUB.EXE	43
PID 108 wrote to memory of 2112	108	IUB.EXE	43
PID 2852 wrote to memory of 2316	2852	COM2.EXE	44
PID 2852 wrote to memory of 2316	2852	COM2.EXE	44
PID 2852 wrote to memory of 2316	2852	COM2.EXE	44
PID 2852 wrote to memory of 2316	2852	COM2.EXE	44
PID 2684 wrote to memory of 264	2684	SVCHOSI.EXE	46
PID 2684 wrote to memory of 264	2684	SVCHOSI.EXE	46
PID 2684 wrote to memory of 264	2684	SVCHOSI.EXE	46
PID 2684 wrote to memory of 264	2684	SVCHOSI.EXE	46
PID 2684 wrote to memory of 1740	2684	SVCHOSI.EXE	47
PID 2684 wrote to memory of 1740	2684	SVCHOSI.EXE	47
PID 2684 wrote to memory of 1740	2684	SVCHOSI.EXE	47
PID 2684 wrote to memory of 1740	2684	SVCHOSI.EXE	47
PID 2684 wrote to memory of 1564	2684	SVCHOSI.EXE	48
PID 2684 wrote to memory of 1564	2684	SVCHOSI.EXE	48
PID 2684 wrote to memory of 1564	2684	SVCHOSI.EXE	48
PID 2684 wrote to memory of 1564	2684	SVCHOSI.EXE	48

C:\Users\Admin\AppData\Local\Temp\2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2616445b0b58063980d3bc2b0da2feed_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\IUB.EXE
  C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\IUB.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:108
- - C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\ashsvc.exe
    C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\ashsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    PID:2716
- - C:\Windows\SysWOW64\SVCHOSI.EXE
    C:\Windows\System32\SVCHOSI.EXE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\IUB.EXE
      C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\IUB.EXE
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:264
  - - C:\COM2.EXE
      \\.\C:\COM2.EXE
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\IUB.EXE
      C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\IUB.EXE
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1564
- - C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\COM1.EXE
    \\.\C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\COM1.EXE
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2112
- C:\COM2.EXE
  \\.\C:\COM2.EXE
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Windows\SysWOW64\REG.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v NTLOADER REG_SZ /d "C:\COM2.EXE"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:1360
- - C:\Windows\SysWOW64\REG.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /f /v WinSix /t REG_SZ /d "C:\Windows\System32\SVCHOSI.EXE"
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:800
- - C:\Windows\SysWOW64\SVCHOSI.EXE
    C:\Windows\System32\SVCHOSI.EXE
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1688
- - C:\Windows\SysWOW64\REG.exe
    REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState /f /v FullPath /t REG_DWORD /d 1
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:576
- - C:\Windows\SysWOW64\REG.exe
    REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState /f /v FullPath /t REG_DWORD /d 1
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:1004
- - C:\Windows\SysWOW64\2026\2045\ashsvc.exe
    C:\Windows\System32\2026\2045\ashsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\COM2.EXE

Filesize
1.0MB

MD5
e259df06cc1053979e1b93cd58946e29

SHA1
c332bbb7d40d3f9072acb7d97695a8851f59d815

SHA256
31362e1e3cbc91951bb7b76e524dee5bf2dff92a675b6c9c30873a0792a5f80e

SHA512
9b216d1c590107fa5b2acdc375c6e80e29a4c663b7bd81683c301399850749e914fbfb0ee19a9353bcb9e819e3071664c574be3c1e8f5c4efd32783f265fcc25

Download Submit
C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\LIBEAY32.dll

Filesize
494KB

MD5
198d065bd0714482011917307c9ebf46

SHA1
b834c8a5396e59b0fd051dda8849cf9b999aa625

SHA256
acee024120921b1f406d6d7f6d5facf054083ab55993ce4c1ba5ebd6595c7e43

SHA512
489d38aee5d95a9611aff4b170113250d1608e9dc3f496f73018e9980de91f30e58edec0e37d4468f093867d5848044136b0934ee35345daa5a63c73b3e96120

Download Submit
C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\SSLEAY32.dll

Filesize
117KB

MD5
c1afdf88451258af208c2eaf90a3e074

SHA1
cc3473b7949e631c4ca0bec21d9430e34e310f2f

SHA256
295331b60026555ea5f27f0e87d5b9d90a5c5fedb656c945d80a3470d4851cc8

SHA512
768330c2bc3ec9ac6803532d833200569442fc5d95193562d8811695b649400eba2ea8166d4f7806a7d9bf6ffbd80c74983f5d05d6698b8f877796f542913609

Download Submit
C:\Users\Admin\AppData\Local\Temp\$Tmp~12026\ashsvc.exe

Filesize
125KB

MD5
b33db6ac948c4b6e8d0e5c082b9a303a

SHA1
261fd70fb578503c770d0aaccc4fb861cf9ce7fe

SHA256
b50406caf4b61ca379c6408631d4916f33b87efd3d5f23fb9a7433dd4ff78121

SHA512
24123ecb50205122dbaf595822a5165e2eb370c78bea45122ef1af95c128ced2f1834a5e3d301047bf62bf104cf7038e8e47fa5b926c28f4b29406cdfac17045

Download Submit
\Users\Admin\AppData\Local\Temp\$Tmp~12026\COM1.EXE

Filesize
1.0MB

MD5
3c274fb1f2773f5a7217efbba78ac1c0

SHA1
820bfaf67ec2d1fb59b1167a9bb67a267ba20af2

SHA256
08755f5595598df408e2e87108ba19ebc68bad84adc3ce5985069f4d5cb2aba0

SHA512
27b18eb6aa41e1cfec6bc268223fd75b24f631a07a782884b6704bf80c99e92e6d5275f2c3d733b1e9f86a14e9ff19ae6efa8a926745233437e3b4831d6be1e4

Download Submit
\Users\Admin\AppData\Local\Temp\$Tmp~12026\IUB.EXE

Filesize
1.0MB

MD5
682b0139d0f179721fd85f2aa329ec02

SHA1
50fbaaaec8c40aa8f741f2e0b5224a51dabca83b

SHA256
c7f90c701733c6327238528c64a41588aac3c9b4c6cffb616e32a8d786621159

SHA512
6b836d1b6167b770ab0cbbcae6c14841a738705bcda9596a0dd6508c7d3f8a146270559abe964176f62a8013b840627d3ad9d4488326a467b3e1667d28247e32

Download Submit
\Windows\SysWOW64\SVCHOSI.EXE

Filesize
1.0MB

MD5
7f23a60d0dddde39528c59daf1a22df8

SHA1
2982827a4ead1675b6be5006d941099cc648944c

SHA256
13f61dad642cdbe310b322df52ae100cc56196470bc987a3cbc274ecba006ecb

SHA512
2049c9a16d7d91d7b057fae19d36831c1853a1e8f4bfd89ce72529ea26cbe802e382f10a0ff0742dcf3a94923146651dd4ecc8f19a508e0f23817defdd7046d2

Download Submit
memory/108-16-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/108-30-0x0000000003D00000-0x0000000003D63000-memory.dmp

Filesize
396KB

Download
memory/108-32-0x0000000003D00000-0x0000000003D63000-memory.dmp

Filesize
396KB

Download
memory/108-104-0x0000000003D00000-0x0000000004033000-memory.dmp

Filesize
3.2MB

Download
memory/108-68-0x0000000003D00000-0x0000000004033000-memory.dmp

Filesize
3.2MB

Download
memory/108-36-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/108-69-0x0000000003D00000-0x0000000004033000-memory.dmp

Filesize
3.2MB

Download
memory/108-86-0x0000000003D00000-0x0000000004033000-memory.dmp

Filesize
3.2MB

Download
memory/108-154-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/264-183-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/264-180-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/1564-259-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/1688-90-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/1740-201-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2112-106-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2112-139-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2112-140-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2316-189-0x0000000010000000-0x0000000010135000-memory.dmp

Filesize
1.2MB

Download
memory/2316-190-0x0000000000320000-0x000000000036B000-memory.dmp

Filesize
300KB

Download
memory/2316-133-0x0000000000320000-0x000000000036B000-memory.dmp

Filesize
300KB

Download
memory/2316-145-0x0000000010000000-0x0000000010135000-memory.dmp

Filesize
1.2MB

Download
memory/2316-132-0x0000000010000000-0x0000000010135000-memory.dmp

Filesize
1.2MB

Download
memory/2316-131-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2316-149-0x0000000000320000-0x000000000036B000-memory.dmp

Filesize
300KB

Download
memory/2316-144-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2400-67-0x0000000004050000-0x0000000004383000-memory.dmp

Filesize
3.2MB

Download
memory/2400-2-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2400-10-0x0000000004050000-0x0000000004383000-memory.dmp

Filesize
3.2MB

Download
memory/2400-13-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2400-71-0x0000000004050000-0x0000000004383000-memory.dmp

Filesize
3.2MB

Download
memory/2400-11-0x0000000004050000-0x0000000004383000-memory.dmp

Filesize
3.2MB

Download
memory/2400-51-0x0000000004050000-0x0000000004383000-memory.dmp

Filesize
3.2MB

Download
memory/2400-78-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2400-49-0x0000000004050000-0x0000000004383000-memory.dmp

Filesize
3.2MB

Download
memory/2684-197-0x00000000037A0000-0x0000000003AD3000-memory.dmp

Filesize
3.2MB

Download
memory/2684-177-0x00000000037A0000-0x0000000003AD3000-memory.dmp

Filesize
3.2MB

Download
memory/2684-200-0x00000000037A0000-0x0000000003AD3000-memory.dmp

Filesize
3.2MB

Download
memory/2684-254-0x00000000037A0000-0x0000000003AD3000-memory.dmp

Filesize
3.2MB

Download
memory/2684-73-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2684-92-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2684-91-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2716-41-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2716-55-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2716-31-0x0000000000400000-0x0000000000463000-memory.dmp

Filesize
396KB

Download
memory/2716-136-0x0000000000320000-0x000000000036B000-memory.dmp

Filesize
300KB

Download
memory/2716-135-0x0000000010000000-0x0000000010135000-memory.dmp

Filesize
1.2MB

Download
memory/2716-38-0x0000000000320000-0x000000000036B000-memory.dmp

Filesize
300KB

Download
memory/2716-37-0x0000000010000000-0x0000000010135000-memory.dmp

Filesize
1.2MB

Download
memory/2716-42-0x0000000010000000-0x0000000010135000-memory.dmp

Filesize
1.2MB

Download
memory/2716-47-0x0000000000320000-0x000000000036B000-memory.dmp

Filesize
300KB

Download
memory/2852-153-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2852-72-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2852-52-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2852-77-0x0000000000400000-0x0000000000733000-memory.dmp

Filesize
3.2MB

Download
memory/2852-126-0x0000000000240000-0x00000000002A3000-memory.dmp

Filesize
396KB

Download
memory/2852-128-0x0000000000240000-0x00000000002A3000-memory.dmp

Filesize
396KB

Download
memory/2852-142-0x0000000000240000-0x00000000002A3000-memory.dmp

Filesize
396KB

Download
memory/2852-141-0x0000000000240000-0x00000000002A3000-memory.dmp

Filesize
396KB

Download