fa7059596ae2d973ceb94c161a1d781dbff61907f48e227bfb47dd4bbcf4c759

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe
Size

167KB
MD5

527815185e0a77f67985e4ad34a3aca6
SHA1

c67957d87d9291ee58c31d33c939965fc3cfc7ef
SHA256

fa7059596ae2d973ceb94c161a1d781dbff61907f48e227bfb47dd4bbcf4c759
SHA512

130884d8268359681e16322647c1a363fcadeddf145c922f8f701bc5ceb6024a52a6154fc0051be489e6be3e06e62d97f15a33e4a195cb45f6174c02e1a6de53
SSDEEP

3072:+xY9O7jUpFUMMnMMMMMX7I7D6KGKdKTQO15+HCcoZsjh64uFuN0Cjmj36z0Nwaad:fOfUoMMnMMMMMaNGKmxFZw64+6s6z0Hw

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
944	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2764	hory.exe

Loads dropped DLL 1 IoCs

pid	Process
2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Windows\CurrentVersion\Run\{D553EB57-3288-6D1C-6BEC-64AE4CE41D8B} = "C:\\Users\\Admin\\AppData\\Roaming\\Holoni\\hory.exe"	hory.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2268 set thread context of 944	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	33

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hory.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Privacy	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\002773BA-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

pid	Process
2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe
2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe
2764	hory.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe
Token: SeSecurityPrivilege	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe
Token: SeSecurityPrivilege	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe
Token: SeManageVolumePrivilege	484	WinMail.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
484	WinMail.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
484	WinMail.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
484	WinMail.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2764	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2764	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2764	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2764	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	31
PID 2764 wrote to memory of 1072	2764	hory.exe	18
PID 2764 wrote to memory of 1072	2764	hory.exe	18
PID 2764 wrote to memory of 1072	2764	hory.exe	18
PID 2764 wrote to memory of 1072	2764	hory.exe	18
PID 2764 wrote to memory of 1072	2764	hory.exe	18
PID 2764 wrote to memory of 1132	2764	hory.exe	19
PID 2764 wrote to memory of 1132	2764	hory.exe	19
PID 2764 wrote to memory of 1132	2764	hory.exe	19
PID 2764 wrote to memory of 1132	2764	hory.exe	19
PID 2764 wrote to memory of 1132	2764	hory.exe	19
PID 2764 wrote to memory of 1196	2764	hory.exe	21
PID 2764 wrote to memory of 1196	2764	hory.exe	21
PID 2764 wrote to memory of 1196	2764	hory.exe	21
PID 2764 wrote to memory of 1196	2764	hory.exe	21
PID 2764 wrote to memory of 1196	2764	hory.exe	21
PID 2764 wrote to memory of 280	2764	hory.exe	25
PID 2764 wrote to memory of 280	2764	hory.exe	25
PID 2764 wrote to memory of 280	2764	hory.exe	25
PID 2764 wrote to memory of 280	2764	hory.exe	25
PID 2764 wrote to memory of 280	2764	hory.exe	25
PID 2764 wrote to memory of 2268	2764	hory.exe	30
PID 2764 wrote to memory of 2268	2764	hory.exe	30
PID 2764 wrote to memory of 2268	2764	hory.exe	30
PID 2764 wrote to memory of 2268	2764	hory.exe	30
PID 2764 wrote to memory of 2268	2764	hory.exe	30
PID 2268 wrote to memory of 944	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	33
PID 2268 wrote to memory of 944	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	33
PID 2268 wrote to memory of 944	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	33
PID 2268 wrote to memory of 944	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	33
PID 2268 wrote to memory of 944	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	33
PID 2268 wrote to memory of 944	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	33
PID 2268 wrote to memory of 944	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	33
PID 2268 wrote to memory of 944	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	33
PID 2268 wrote to memory of 944	2268	527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe	33
PID 2764 wrote to memory of 2876	2764	hory.exe	35
PID 2764 wrote to memory of 2876	2764	hory.exe	35
PID 2764 wrote to memory of 2876	2764	hory.exe	35
PID 2764 wrote to memory of 2876	2764	hory.exe	35
PID 2764 wrote to memory of 2876	2764	hory.exe	35
PID 2764 wrote to memory of 1188	2764	hory.exe	36
PID 2764 wrote to memory of 1188	2764	hory.exe	36
PID 2764 wrote to memory of 1188	2764	hory.exe	36
PID 2764 wrote to memory of 1188	2764	hory.exe	36
PID 2764 wrote to memory of 1188	2764	hory.exe	36
PID 2764 wrote to memory of 2576	2764	hory.exe	37
PID 2764 wrote to memory of 2576	2764	hory.exe	37
PID 2764 wrote to memory of 2576	2764	hory.exe	37
PID 2764 wrote to memory of 2576	2764	hory.exe	37
PID 2764 wrote to memory of 2576	2764	hory.exe	37
PID 2764 wrote to memory of 1784	2764	hory.exe	38
PID 2764 wrote to memory of 1784	2764	hory.exe	38
PID 2764 wrote to memory of 1784	2764	hory.exe	38
PID 2764 wrote to memory of 1784	2764	hory.exe	38
PID 2764 wrote to memory of 1784	2764	hory.exe	38
PID 2764 wrote to memory of 2104	2764	hory.exe	39
PID 2764 wrote to memory of 2104	2764	hory.exe	39
PID 2764 wrote to memory of 2104	2764	hory.exe	39
PID 2764 wrote to memory of 2104	2764	hory.exe	39
PID 2764 wrote to memory of 2104	2764	hory.exe	39
PID 2764 wrote to memory of 264	2764	hory.exe	40

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1072

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1132

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1196
- C:\Users\Admin\AppData\Local\Temp\527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\527815185e0a77f67985e4ad34a3aca6_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Roaming\Holoni\hory.exe
    "C:\Users\Admin\AppData\Roaming\Holoni\hory.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2764
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpc3671f1e.bat"
    3⤵
    - Deletes itself
    - System Location Discovery: System Language Discovery
    PID:944

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:280

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:484

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2876

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1188

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2576

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1784

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2104

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:264

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1000

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2344

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2472

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2872

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2500

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2128

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials in Registry

T1552.002

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
832348e5dd44eb7133629cbc881cff61

SHA1
bc1231b87994af69f8acb6e1c3c1cdf0c429bf03

SHA256
fabc2e33c3f3c31e1f7ab75162af53225236ac3aa3421e217787dbe6ce26fae3

SHA512
197c45091d5fb720b971e076d57f2d7541ce0d5dcd2e7eb4ae8290ea6da82ac6dee9b7ce415b7ad287346f3557d13d1fe3b557a0282ee9eb7ae0b5ca0d0f34ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log

Filesize
2.0MB

MD5
7dfd3e9fbfdf3892f579dd4bddd976da

SHA1
50fe3ab4a14f252a85dfe76a05abd2bd92dc6921

SHA256
06b3efe47953c2b41a57c79cc0f9a93dfef12bd8ac18e233e6b978ecd45f4e61

SHA512
09015c39840148ea538d8fbe95eebed2cae6fcf85b37c809540d2ce4c645b1f34100575930f0cd09e28716a73d67e8933fc65fc6ed3d5d4ecfdcaf7a14505355

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9B1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpc3671f1e.bat

Filesize
271B

MD5
5e0bae81d9c322af4109cf4ff0e5602e

SHA1
1ccba979513a09aadefd2f18751e7a45bd85ba66

SHA256
4ec9ae6b72869da9235d65f81b09827bd093b73cdf6a2b028fe808d8a0cb1696

SHA512
068c99509898b15b565e2fb5aae55f8d2f1b71dfd13515c72a0b73d1d0dfbc2a28b250d39d009a8a7ce88878811a3d8b984688869715aff86797be1040c64582

Download Submit
C:\Users\Admin\AppData\Roaming\Hyxi\ekvi.oda

Filesize
380B

MD5
59feb56fd0351742c52d932152c0ad60

SHA1
1ab58ac6571948eb17cb23d427b61c2c56bf149b

SHA256
53714750bba9eb01abdf6f534d892793d68ae1e239dec261850b0960999aa4d3

SHA512
542dd1725e39938ee9ae5fe43ac6e331f082ed450cd4834d2aa9626a6abc94e6a5434e881ad5daf8b6168e27de5ee1659b719d160268c47d04a3f8ded3ce0f67

Download Submit
\Users\Admin\AppData\Roaming\Holoni\hory.exe

Filesize
167KB

MD5
3fa24363faf122710cef4c767b87ae2f

SHA1
82f7b9d4af105719b90e0a07081f5f1631d2facd

SHA256
d0cad2a4810291ee73721a3dc087805b0719f902fcad0a45ce42b682f5ffa8ca

SHA512
1088a0db8197f8987be7ec394f96bdbd49dfab9a4e02741f2944a148b98cca1d2ab94a884ac04c509fa582192c6e2f8a3f1d79463df431218dd9fd4d970c457f

Download Submit
memory/280-34-0x0000000001D90000-0x0000000001DBC000-memory.dmp

Filesize
176KB

Download
memory/280-36-0x0000000001D90000-0x0000000001DBC000-memory.dmp

Filesize
176KB

Download
memory/280-35-0x0000000001D90000-0x0000000001DBC000-memory.dmp

Filesize
176KB

Download
memory/280-33-0x0000000001D90000-0x0000000001DBC000-memory.dmp

Filesize
176KB

Download
memory/1072-18-0x0000000002100000-0x000000000212C000-memory.dmp

Filesize
176KB

Download
memory/1072-20-0x0000000002100000-0x000000000212C000-memory.dmp

Filesize
176KB

Download
memory/1072-16-0x0000000002100000-0x000000000212C000-memory.dmp

Filesize
176KB

Download
memory/1072-14-0x0000000002100000-0x000000000212C000-memory.dmp

Filesize
176KB

Download
memory/1072-12-0x0000000002100000-0x000000000212C000-memory.dmp

Filesize
176KB

Download
memory/1132-26-0x00000000002B0000-0x00000000002DC000-memory.dmp

Filesize
176KB

Download
memory/1132-25-0x00000000002B0000-0x00000000002DC000-memory.dmp

Filesize
176KB

Download
memory/1132-24-0x00000000002B0000-0x00000000002DC000-memory.dmp

Filesize
176KB

Download
memory/1132-23-0x00000000002B0000-0x00000000002DC000-memory.dmp

Filesize
176KB

Download
memory/1196-31-0x0000000002E70000-0x0000000002E9C000-memory.dmp

Filesize
176KB

Download
memory/1196-30-0x0000000002E70000-0x0000000002E9C000-memory.dmp

Filesize
176KB

Download
memory/1196-29-0x0000000002E70000-0x0000000002E9C000-memory.dmp

Filesize
176KB

Download
memory/1196-28-0x0000000002E70000-0x0000000002E9C000-memory.dmp

Filesize
176KB

Download
memory/2268-67-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-53-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-73-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-71-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-69-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-0-0x0000000000230000-0x0000000000254000-memory.dmp

Filesize
144KB

Download
memory/2268-65-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-63-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-61-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-59-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-41-0x00000000003C0000-0x00000000003EC000-memory.dmp

Filesize
176KB

Download
memory/2268-40-0x00000000003C0000-0x00000000003EC000-memory.dmp

Filesize
176KB

Download
memory/2268-39-0x00000000003C0000-0x00000000003EC000-memory.dmp

Filesize
176KB

Download
memory/2268-38-0x00000000003C0000-0x00000000003EC000-memory.dmp

Filesize
176KB

Download
memory/2268-57-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-55-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-75-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-128-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2268-51-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-49-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-47-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-45-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-43-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2268-42-0x00000000003C0000-0x00000000003EC000-memory.dmp

Filesize
176KB

Download
memory/2268-164-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2268-216-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2268-215-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2268-1-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2268-2-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2764-340-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2764-9-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2764-10-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2764-356-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download