8647ce982200ed72ee79f1450ab1aef59d1f5da421e4e59c6b51d10fe6ee31e7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
Size

727KB
MD5

2f46f36fbadfbd00d96fb2304c906aca
SHA1

572f424c378781890a8eb477eeeca733d857276a
SHA256

8647ce982200ed72ee79f1450ab1aef59d1f5da421e4e59c6b51d10fe6ee31e7
SHA512

f1c01bee71249a7de4d9ef876b363c00b974e9aef4042abe18029053fa83805e27e06bfb00a842e639d18598e65788e973ec6bdc86e0eafdbd771515f3e4c86f
SSDEEP

12288:f8CmYnndPONJTTayxTs3TWMk/kap2yNOYsM+k9SFUCTgNIAaKSTqvqDid1TdXMqp:f8PYnndPs/xTVsu2yZlcyCEzaKID61TJ

Score

7^/10

discovery upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe

Executes dropped EXE 1 IoCs

pid	Process
4948	svchost.exe

Loads dropped DLL 3 IoCs

pid	Process
4948	svchost.exe
4948	svchost.exe
4948	svchost.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 30 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\x\close.dll	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\x\svchost.exe	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\_tamp2.dll	svchost.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\_unknown.dll	svchost.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\_tamp.dll	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\x\view.txt	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\mirc.ini	svchost.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\_tamp.dll	svchost.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\_tamp2.dll	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\close.dll	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\x\taskman.txt	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\x\_unknown.dll	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\x\win.dll	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\svchost.exe	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\view.txt	svchost.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\servers.ini	svchost.exe
File created	C:\WINDOWS\SysWOW64\x\_tamp2.dll	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\servers.ini	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\kucha.txt	svchost.exe
File opened for modification	C:\WINDOWS\SysWOW64\x	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\_unknown.dll	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\taskman.txt	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\x\mirc.ini	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\x\_tamp.dll	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\x\kucha.txt	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File created	C:\WINDOWS\SysWOW64\x\servers.ini	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\view.txt	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\win.dll	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\mirc.ini	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
File opened for modification	C:\WINDOWS\SysWOW64\x\kucha.txt	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4592-0-0x0000000000400000-0x0000000000422000-memory.dmp	upx
behavioral2/memory/4592-34-0x0000000000400000-0x0000000000422000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe

Modifies registry class 40 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ = "%1"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application\ = "mIRC"	svchost.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\EditFlags = 02000000	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command\ = "\"C:\\WINDOWS\\SysWOW64\\x\\svchost.exe\" -noconnect"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\ifexec	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ifexec\ = "%1"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\ = "URL:IRC Protocol"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Application	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cha\ = "ChatFile"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\command	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Topic	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.chat\ = "ChatFile"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec\ = "%1"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\DefaultIcon\ = "\"C:\\WINDOWS\\SysWOW64\\x\\svchost.exe\""	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Application\ = "mIRC"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Topic\ = "Connect"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command\ = "\"C:\\WINDOWS\\SysWOW64\\x\\svchost.exe\" -noconnect"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic\ = "Connect"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ = "%1"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\ = "Chat File"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon\ = "\"C:\\WINDOWS\\SysWOW64\\x\\svchost.exe\""	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\URL Protocol	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\irc\DefaultIcon	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon	svchost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4948	svchost.exe
4948	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 4948	4592	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe	86
PID 4592 wrote to memory of 4948	4592	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe	86
PID 4592 wrote to memory of 4948	4592	2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2f46f36fbadfbd00d96fb2304c906aca_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4592
- C:\WINDOWS\SysWOW64\x\svchost.exe
  "C:\WINDOWS\system32\x\svchost.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\WINDOWS\SysWOW64\x\_tamp.dll

Filesize
25B

MD5
b4f3062120416ef17a153a0495f67ad8

SHA1
85fb9db37072945d03e044a0c270b31ac28e6a95

SHA256
75d388ffa26e32023ebad806945b3307ce91abc5594958c74ab17f47f48601f6

SHA512
35c48a3695967b4925a79cb1869f59782b0429e7700cc13767b525f9c83507c499ae49a6c10a2abe90e13e7ef975bfc02c30f2d4ae1a3af2ad61bed42bb96ae4

Download Submit
C:\WINDOWS\SysWOW64\x\_tamp2.dll

Filesize
238B

MD5
a7b971b0748b73735d3bd694dc9b092c

SHA1
b6cc92157262b350de2fba8e82f0db9d5c3ff471

SHA256
21210cb899ea9fc46a761ce76552e22d95848014614f0f4ec0b313be2e5aa53c

SHA512
5026bf87bd7feb179584f2c1dd876e35c3fd7617d789cd3aba5b3bfb813c4dde88435e4ded307978dda3781402cb80f9770214a4c16c95a993182e4ce85d147a

Download Submit
C:\WINDOWS\SysWOW64\x\_unknown.dll

Filesize
985B

MD5
4f8a3178ceea12ec0532953d6b7324d8

SHA1
4b4555b876702be947f98207f51cd01768ab2e16

SHA256
2d7fae046622b08d2da24f86135d4133ab5c8e667ecad0e29ca08558bb8ec44f

SHA512
55fc460448084d6fbe4cf9c1b45624266b994fd0e6650e1e5c2027db94f0a97bafed2bd250962567616ab9578e256a93d98797832530dab643ed8573c4ee625a

Download Submit
C:\WINDOWS\SysWOW64\x\close.dll

Filesize
62KB

MD5
eca90c31ce89cc5540741b7cd7db3265

SHA1
a29d501c504dc519e1c233fbf38c6a9fe3dd49eb

SHA256
00ae3ccc9dbc4f297f5669e81fb41acf02e4000dc5d74d84d6f9721899062bd4

SHA512
55d8fae32a998029f74574dfcb5f57ed3f9fcbf8fd61d150137a189ce8c125b898210b8d9ef501706d875cd7a0ecc1308ba8d218e8e06084f575e5019edf3dae

Download Submit
C:\WINDOWS\SysWOW64\x\kucha.txt

Filesize
337B

MD5
01d1a001ea637762d5ff44bb5e045657

SHA1
113115276602bb8cc34fa46ac1a00b4efa37370f

SHA256
e24d67cfd441f57fbc8a5b2ef96b39bfc1bc78643068de604a62c3215d053ab9

SHA512
c2db771e9ce24b620699355e9d6bc2c41232eb78a72e66c45e6a4eb6023148f97926291080fac145912a98da68675805b36ab03d3213a0c769707b6ce1ff3943

Download Submit
C:\WINDOWS\SysWOW64\x\mirc.ini

Filesize
2KB

MD5
9990dce375b945b713079ab39f5df791

SHA1
57088a84c81bb2fcdab9fe840840c83676502175

SHA256
7910d254c8efa17effba032c23a8073f057e0877bd77630c95d9cb2b15d04992

SHA512
db2f6a6e4311f29d465c39e45a509d899757b1b781230a5ea50223daf063b25ed8de3bd9215dd7b606fd52ae5675282deee0cd866d0465899c8bbe626d735995

Download Submit
C:\WINDOWS\SysWOW64\x\servers.ini

Filesize
187B

MD5
8dcf46508038e41a8a3f39720b84e3d9

SHA1
5b07c427c842fcc549ced05d843defff1a1e3e8d

SHA256
659bde5e54db72cbd3c842eb3d69960de0c00fe590e04e76331953c987194980

SHA512
c29e2b6977cd129e989db8e7c320d3a7cac04df6ef2c6229a34a5874c9eedb4986ec73fc697f6e39369161cb358efa236c632af8232f9c881ffce38a8390c29e

Download Submit
C:\WINDOWS\SysWOW64\x\taskman.txt

Filesize
62KB

MD5
d5d2ea8e0d6dff65b853218fb735b38a

SHA1
3a2c48db384dbdf22131d9a4333bd8080a07a65e

SHA256
78e74107a1839aff8c493d17b2ab2854fce71f84092d15146d8c66e734323b0e

SHA512
bc085c7125cabf72dc14ab5f03801adfb28bdf59673e842530a5b0a2f7dd63c1375d489d4ddd30880dea4e06915c70cc44f503c87bd88630445b31bcafb7ac1b

Download Submit
C:\WINDOWS\SysWOW64\x\view.txt

Filesize
1KB

MD5
6596d930b01c2ab481cc111d94f57055

SHA1
87b3338eebd7ee041ded0516e59e3e7f701a4b5e

SHA256
e236676d0f246ae3cdad6b7161e7eff8f37c8ba84684d073f89d00d1eeac11f5

SHA512
aa6526a409c0d7ed307d8ff957ad850eec4b4f32cc3e3b5f16e83492a06c164d3d566f2a999899646b4e971a4ed7db85d92fb14638dc3844826dd5eb766053ce

Download Submit
C:\WINDOWS\SysWOW64\x\win.dll

Filesize
14KB

MD5
84e765c435ed85915db4e54540d4f636

SHA1
f1e0f84e2f07381e7847bacf8291c06c380899f0

SHA256
6015066c4a005d129c6ccda4601dfdcfead2037083762a61488266f20820ada7

SHA512
de5313891ca186502e66cb69146c4c15d73d463d7200ef3690bb4961399eec005aaa696166c4becd65f2e9ee778c3dc0cf8ed93f9a9b29ddd2dd92a191bcf332

Download Submit
C:\Windows\SysWOW64\x\mirc.ini

Filesize
2KB

MD5
e5ccf23b0afcae5ff7f3ef337e81394f

SHA1
027ee376e8e57ff67522747d1b6efde502feb17f

SHA256
8aac9b36ede162eb97869eefcbbe455065e2d266e90f3b4c2f23ae5ed4aa5a40

SHA512
45e2c39f7b6b48bf22f7dc4fc7c1839a38282396f28c9e52142ca1ef1631342d058b8eb6b070a77feb7773f685341007c79fca7962c0e4832dd6e23ae91d10ae

Download Submit
C:\Windows\SysWOW64\x\mirc.ini

Filesize
2KB

MD5
b4c5bb941e728c4cd3c66dbecc047392

SHA1
035b48741103fa29c3d3231ff1edc99a719de257

SHA256
02e108ca4a0a30f368825623f4959fed375b339322e08a80cc8d305ed5ea13e9

SHA512
aa980992c5e2557d818b4bf062cf7916089d8e5ad9303840a5f6d3569337e9af81e569d37ecd3c2de09f758c7c45ca0a41262630ce896e61d2b8ccd00358f7eb

Download Submit
C:\Windows\SysWOW64\x\mirc.ini

Filesize
2KB

MD5
e264ca31fea71995f8f1944c287022dd

SHA1
14d7aa423a2cd304d73809fb4cd1355ccc49a392

SHA256
29c700d58d1daf4a4cfab8db4f286cac137ca98243fe3d821cc77dec5fc5391c

SHA512
567dbbbdf96f6867d15a654b3a11e84600adbeca764328830edb289e8734ef1c8fa841fc20c06371ed5b6e00c959e9ae248a05218f00636a24499648942bdd88

Download Submit
C:\Windows\SysWOW64\x\mirc.ini

Filesize
2KB

MD5
2d6d0dea135f4a28cb920330d257e8bc

SHA1
da800db1171ee442242e317c0bb866b60d61cbde

SHA256
b0dd14d478cd4a7e400793b1f685f5b64e7c3aadb620392ef239b7607cdb4a1c

SHA512
53f0b069d82a5eaed80661fa020e5f759e0a52cc913a98e34e2814a6f9537eb8f82271a58708afba6d0cea6b3181b8ba2cb0de724840c8707af16b551c5115b5

Download Submit
C:\Windows\SysWOW64\x\svchost.exe

Filesize
1.7MB

MD5
1a9c7f5b57bbffa420675379de161448

SHA1
a65bb4aa36447a5c66f38259d3ccd28cb24f75e5

SHA256
c7431c0c80424c909c35d4d64f37db1c4eaa0a64f8258c14a2018546db668a89

SHA512
ca35a0af0c7fcc9fa8d28b0e8b732a2262ee762f462aeb31975fab7cad59525010cc088f4557a94ed206047f657ea832a10aba11cffcba6fc8f43003ae3e3c50

Download Submit
memory/4592-34-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/4592-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/4948-221-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-222-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-256-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-265-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-266-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-271-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-272-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-273-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-282-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-283-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-288-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-200-0x0000000003DB0000-0x0000000003DC5000-memory.dmp

Filesize
84KB

Download
memory/4948-293-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-294-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download
memory/4948-295-0x0000000000400000-0x00000000005CF000-memory.dmp

Filesize
1.8MB

Download