e884aa8d06807cbe7eadab2489ad4af0d0b86b7b51ef508642fc5865e94354af

Analysis

max time kernel
121s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/10/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe
Size

723KB
MD5

367177a2c74df8fa6b662ebad2013446
SHA1

b44778d66813707e80401a4acb483cdd25cf8085
SHA256

e884aa8d06807cbe7eadab2489ad4af0d0b86b7b51ef508642fc5865e94354af
SHA512

cf32bd96fd9e0dd83eb595626450947bbd29f9f190fc6fddf033b8426a9e670f25cd46aea20ef705c6d9bb3c4ca86f0ca3ffb05dbe3741a6dd1d04444ab551b5
SSDEEP

12288:n4WIJJoOCYzh9XvrkIa+lnL4R8//y94dmI9aSgIMUhMtJ+1satUD7sBVD51AaCPn:4vJJoN2hal+1ERiH9S3ztJ+eatUwR51u

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000015d41-4.dat	acprotect

Deletes itself 1 IoCs

pid	Process
2864	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
536	syctim.exe

Loads dropped DLL 6 IoCs

pid	Process
1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe
1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe
1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe
1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe
536	syctim.exe
536	syctim.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\syctim.exe	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\syctim.exe	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\syctim.dll	syctim.exe
File opened for modification	C:\Windows\SysWOW64\syctim.dll	syctim.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000015d41-4.dat	upx
behavioral1/memory/1704-6-0x0000000010000000-0x0000000010128000-memory.dmp	upx
behavioral1/memory/536-27-0x0000000010000000-0x0000000010128000-memory.dmp	upx
behavioral1/memory/1704-43-0x0000000010000000-0x0000000010128000-memory.dmp	upx
behavioral1/memory/536-53-0x0000000010000000-0x0000000010128000-memory.dmp	upx

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\d2fce76d2086a8c6b01424411b5e91d0.dat	syctim.exe
File opened for modification	C:\Windows\Fonts\d2fce76d2086a8c6b01424411b5e91d0.dat	syctim.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	syctim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434836783"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00ED48D1-8807-11EF-9C49-4E0B11BE40FD} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Check_Associations = "NO"	syctim.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
536	syctim.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2728	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe
536	syctim.exe
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE
2724	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 536	1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe	30
PID 1704 wrote to memory of 536	1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe	30
PID 1704 wrote to memory of 536	1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe	30
PID 1704 wrote to memory of 536	1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe	30
PID 536 wrote to memory of 2728	536	syctim.exe	31
PID 536 wrote to memory of 2728	536	syctim.exe	31
PID 536 wrote to memory of 2728	536	syctim.exe	31
PID 536 wrote to memory of 2728	536	syctim.exe	31
PID 2728 wrote to memory of 2724	2728	IEXPLORE.EXE	32
PID 2728 wrote to memory of 2724	2728	IEXPLORE.EXE	32
PID 2728 wrote to memory of 2724	2728	IEXPLORE.EXE	32
PID 2728 wrote to memory of 2724	2728	IEXPLORE.EXE	32
PID 1704 wrote to memory of 2864	1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe	33
PID 1704 wrote to memory of 2864	1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe	33
PID 1704 wrote to memory of 2864	1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe	33
PID 1704 wrote to memory of 2864	1704	367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe	33
PID 536 wrote to memory of 2728	536	syctim.exe	31

C:\Users\Admin\AppData\Local\Temp\367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\367177a2c74df8fa6b662ebad2013446_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\syctim.exe
  C:\Windows\system32\syctim.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:536
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2724
- C:\Windows\SysWOW64\cmd.exe
  cmd /c c:\duxjpee.bat
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05d75f28e5aed3b8d16e2133a418c8c7

SHA1
dd76e774d0d6001fc5e9be4617f8c8afdc428e0f

SHA256
670cf767151845e1a0f22590102d59884f7c21568eb227459ca6ae597207fa95

SHA512
b5a4051422e1d41c4bd6ae8cfecc06b8c37400dbf908c7c6e2939355db0ea39639e6748693abcf5d3614a9a6bb2219118770bfb929b865e2b501ac5fbaa9738e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db23590e6de18f1bd643d8bb135794e9

SHA1
529ea3680c0bb97edb24531ed33440391d4bdcf9

SHA256
aaece813e1f30e6fbc789641a4bea7657f97012cf5c55b88c6681ff2f4493aa0

SHA512
c566c88a9e072c2e673bed3d795f1fb5d939d9a50f5f92ef8666927dde2922433f771bb92a30f02fb26d4daf3fb1cb2ed1c2df99e4286e27bfcb6faa5624dfb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99a4cf4ddfe23257859e99ff72e4dc57

SHA1
c03cece525a178005ab3d9b4580af4c0d500d85c

SHA256
4ddf297d34c8c65b99f9e32cffda14e5fe34e1c6adb41f1ac11f97b586a36a71

SHA512
4c31e32674b721c92d1d5969417bcb3656a1972d7689c75c4462118e255921dae758f06a6024e32eb6a87c5192d6668285dd87655db078663976157e8094e6b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23dd687f7f67f7697a8f3f60456bb5f2

SHA1
35bc2ba878363c12aa741e7fdb03c3c5d01a6f9b

SHA256
6545c4f6fe94ab4993e7c59ecff83cc4150dc323b7e21fd13aaf406da7057add

SHA512
38f1e0bc392751336b38374a72b414662e117faaab4c258f5041c73a37428df467a581eca3fb4c3fa219d130880b5063e828c97413b56076552eecefe901f0b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
829d1ee3d9c4dcf298b1d3309842d3cb

SHA1
293f860088e6cfb8548f064fb9aad712289dd9e7

SHA256
fa1bde992e731cd5b3d6ccdfb12ac688fcbe035624b049b891ac0e415ce3a640

SHA512
b85f0fafb946bc0138647332d15c2c358648a7d3877cbda34264c874a4329b33c92d2304e6e160abaec26636c0c98686bca568386e29546f7540bc09389ddd0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
321ebcec36991d720742b67352483490

SHA1
bf0ca919c92cbecce5863744257002f125df089a

SHA256
9c600d5f1368151c7ee18383ad9c564fec5e39bd25c86b05fb6d003d407494c1

SHA512
fb311cfd4d077dc47ab834c43b553cd523f22c280dcad87306d21df3299fe8fa136c8c107f07e1f13ee9ae6dc6d300872231ebaa4ff7851d78fc2c8646cc0dd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e34a5c17f0b784b887895a9c30b480e5

SHA1
9ba87bd8a834f41a76f9070364363e089cbd00c9

SHA256
b1b55e6ae653f9fdf859b6ebbb6f23cde828f1aaced2490b16c2ef6fac47b1df

SHA512
8450350f9460b19a9aebb18c999a70f15d462288d1effeed6bec31359c734b8a297238b7a43ac2e62600f6a6776ef6deea6f8f28e49a956c50cb6ea2946c2f2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3060cc4cfb43a905fd3bd643a6b5dc9

SHA1
c57c19802d59918175bec0128c6bca78f190c858

SHA256
caac83f024339c648c2685cd3d69544869c26d9144dda96e0f4f3e7e9a5505fc

SHA512
1cd342cba8e49c2b122a79c2ff7af7073564194a0e1cfe89f4ec6e63cce4e5d8ba367e61d548d28b20afd489838a866860b645ae8b4f737388a681816e2c40b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7874dacbaba8675be62908cb367d58f

SHA1
12247a75f2ec2575717b50b26a1c9a89a3e0db2a

SHA256
93b815bf536dd397070d074e547cf2f34d2823fffc1486f8251386b13dfe143b

SHA512
16c93297d964ff35531520c4fa718564093d17703e64331da9a4032479bd182e0a0f1aa63bcb01c7b29692381718cb3f0e790b21099a9146eeb584499a704ec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC783.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\E_4\Exmlrpc.fne

Filesize
72KB

MD5
f79ee77a4f30401507e6f54a61598f58

SHA1
7f3ef4945f621ed2880ff5a10a126957b2011a17

SHA256
cf8e29720823eb114fbc3018569a7296ed3e6fcd6c4897f50c5c6e0e98d0b3f8

SHA512
26ccde784b06c46f60fb5a105c806c4d9dc1497fd79d39728fbcfa869d470ca2ba018b0665f3cbc05019fb0766dac2eb1084a6fdce2f9aaaae881beb09dd3739

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC824.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\SysWOW64\syctim.exe

Filesize
723KB

MD5
367177a2c74df8fa6b662ebad2013446

SHA1
b44778d66813707e80401a4acb483cdd25cf8085

SHA256
e884aa8d06807cbe7eadab2489ad4af0d0b86b7b51ef508642fc5865e94354af

SHA512
cf32bd96fd9e0dd83eb595626450947bbd29f9f190fc6fddf033b8426a9e670f25cd46aea20ef705c6d9bb3c4ca86f0ca3ffb05dbe3741a6dd1d04444ab551b5

Download Submit
C:\duxjpee.bat

Filesize
232B

MD5
45750a48e404dabf9ffeecb3045d84b8

SHA1
bc6ccd4c7a65db56f3ec71bac050d1568a325d27

SHA256
7a7d9a1733a60f036f98f5478542f03214db194b0b556401ac8ec1d6b11ba537

SHA512
6121a6b1340767592e340cb5db8fe47419e84a1f144be3291b87689d934f4b1589d8a002e64c5776e779a60d7847c2f0cd4d0d18ffaf1bfaa39c143ddac9324d

Download Submit
\Users\Admin\AppData\Local\Temp\E_4\dp1.fne

Filesize
112KB

MD5
6d4b2e73f6f8ecff02f19f7e8ef9a8c7

SHA1
09c32ca167136a17fd69df8c525ea5ffeca6c534

SHA256
fe5783e64aa70fac10c2e42d460732d9770534357329d8bc78576557c165f040

SHA512
2fd7a95cb632e9c4ac6b34e5b6b875aae94e73cd4b1f213e78f46dadab4846227a030776461bca08f9d75a1d61a0d45427f7b0c8b71406b7debc14db04b2ce04

Download Submit
\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
407KB

MD5
783a2f0cc9d2c13f2cb980b5bd198005

SHA1
a1bafe779952f61946fe9003e48dddc65184c6da

SHA256
e21bf808a0f4c0d6e971267bb61cb00bd9acf45ddabd6db90f906ba064a3489f

SHA512
c35d6a39658722dc603e372c92ef18fe7700bfda435230cf5fc39c61c3044481a581cfe797c88fd131e6ecb5940ac31423b33b86b2d52e57df2a1c5669e2bbdc

Download Submit
memory/536-34-0x0000000000540000-0x000000000055E000-memory.dmp

Filesize
120KB

Download
memory/536-27-0x0000000010000000-0x0000000010128000-memory.dmp

Filesize
1.2MB

Download
memory/536-54-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/536-53-0x0000000010000000-0x0000000010128000-memory.dmp

Filesize
1.2MB

Download
memory/536-21-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1704-8-0x0000000000220000-0x000000000023E000-memory.dmp

Filesize
120KB

Download
memory/1704-44-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1704-43-0x0000000010000000-0x0000000010128000-memory.dmp

Filesize
1.2MB

Download
memory/1704-3-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1704-19-0x0000000000330000-0x000000000036B000-memory.dmp

Filesize
236KB

Download
memory/1704-20-0x0000000000330000-0x000000000036B000-memory.dmp

Filesize
236KB

Download
memory/1704-6-0x0000000010000000-0x0000000010128000-memory.dmp

Filesize
1.2MB

Download