e9bad2e28e6a0645454907fea112235509165c1d61ab87a3ef98e6e50a0208b9

Analysis

max time kernel
148s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe
Size

1.3MB
MD5

900e4356754695c525c2cc2b2e059922
SHA1

7e089598a097b575bb2d95398fc83510997c99a0
SHA256

e9bad2e28e6a0645454907fea112235509165c1d61ab87a3ef98e6e50a0208b9
SHA512

617493b20a54ac7389c5c95bd1c05e0cec150e3ea41471793c06bd89e7c4e0092dc807dbfcc05e624c702c62206ff67ec1b7228841f3757a4cc47fcec6c9552c
SSDEEP

24576:zyyUfc3tpPS/J5WKMePALE/IIEj43jaSbmpVqHKYmOE9:WV03t1uUKMPI6Wju7uKl7

Score

7^/10

discovery themida

Malware Config

Signatures

Executes dropped EXE 10 IoCs

Processes:

plscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exe

pid process

2760 plscd.exe
2012 plscd.exe
3052 plscd.exe
1784 plscd.exe
1732 plscd.exe
2160 plscd.exe
2484 plscd.exe
2724 plscd.exe
2804 plscd.exe
576 plscd.exe

pid	process
2760	plscd.exe
2012	plscd.exe
3052	plscd.exe
1784	plscd.exe
1732	plscd.exe
2160	plscd.exe
2484	plscd.exe
2724	plscd.exe
2804	plscd.exe
576	plscd.exe

Loads dropped DLL 20 IoCs

Processes:

900e4356754695c525c2cc2b2e059922_JaffaCakes118.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exe

pid	process
2696	900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe
2696	900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe
2760	plscd.exe
2760	plscd.exe
2012	plscd.exe
2012	plscd.exe
3052	plscd.exe
3052	plscd.exe
1784	plscd.exe
1784	plscd.exe
1732	plscd.exe
1732	plscd.exe
2160	plscd.exe
2160	plscd.exe
2484	plscd.exe
2484	plscd.exe
2724	plscd.exe
2724	plscd.exe
2804	plscd.exe
2804	plscd.exe

Themida packer 37 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/2696-5-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2696-15-0x0000000000400000-0x0000000000720000-memory.dmp	themida
C:\Windows\SysWOW64\plscd.exe	themida
behavioral1/memory/2760-17-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2760-19-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2760-23-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2760-22-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2760-20-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2760-24-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2760-25-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2760-26-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2760-27-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2760-28-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2760-32-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2012-34-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2012-36-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2012-35-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2012-37-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2012-38-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2012-39-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2012-40-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2012-44-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/3052-45-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/3052-49-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/1784-50-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/1784-54-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/1732-55-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/1732-59-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2160-60-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2160-64-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2484-65-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2484-69-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2724-70-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2724-74-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2804-75-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/2804-79-0x0000000000400000-0x0000000000720000-memory.dmp	themida
behavioral1/memory/576-80-0x0000000000400000-0x0000000000720000-memory.dmp	themida

Drops file in System32 directory 22 IoCs

Processes:

plscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exe900e4356754695c525c2cc2b2e059922_JaffaCakes118.exeplscd.exeplscd.exeplscd.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File opened for modification	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File opened for modification	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File opened for modification	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File opened for modification	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File opened for modification	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File opened for modification	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File opened for modification	C:\Windows\SysWOW64\plscd.exe	900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File opened for modification	C:\Windows\SysWOW64\plscd.exe	plscd.exe
File created	C:\Windows\SysWOW64\plscd.exe	plscd.exe

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

plscd.exeplscd.exe900e4356754695c525c2cc2b2e059922_JaffaCakes118.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	plscd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	plscd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	plscd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	plscd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	plscd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	plscd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	plscd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	plscd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	plscd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	plscd.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

900e4356754695c525c2cc2b2e059922_JaffaCakes118.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exe

pid	process
2696	900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe
2760	plscd.exe
2012	plscd.exe
3052	plscd.exe
1784	plscd.exe
1732	plscd.exe
2160	plscd.exe
2484	plscd.exe
2724	plscd.exe
2804	plscd.exe
576	plscd.exe

Suspicious use of WriteProcessMemory 40 IoCs

Processes:

900e4356754695c525c2cc2b2e059922_JaffaCakes118.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exeplscd.exe

description	pid	process	target process
PID 2696 wrote to memory of 2760	2696	900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe	plscd.exe
PID 2696 wrote to memory of 2760	2696	900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe	plscd.exe
PID 2696 wrote to memory of 2760	2696	900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe	plscd.exe
PID 2696 wrote to memory of 2760	2696	900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe	plscd.exe
PID 2760 wrote to memory of 2012	2760	plscd.exe	plscd.exe
PID 2760 wrote to memory of 2012	2760	plscd.exe	plscd.exe
PID 2760 wrote to memory of 2012	2760	plscd.exe	plscd.exe
PID 2760 wrote to memory of 2012	2760	plscd.exe	plscd.exe
PID 2012 wrote to memory of 3052	2012	plscd.exe	plscd.exe
PID 2012 wrote to memory of 3052	2012	plscd.exe	plscd.exe
PID 2012 wrote to memory of 3052	2012	plscd.exe	plscd.exe
PID 2012 wrote to memory of 3052	2012	plscd.exe	plscd.exe
PID 3052 wrote to memory of 1784	3052	plscd.exe	plscd.exe
PID 3052 wrote to memory of 1784	3052	plscd.exe	plscd.exe
PID 3052 wrote to memory of 1784	3052	plscd.exe	plscd.exe
PID 3052 wrote to memory of 1784	3052	plscd.exe	plscd.exe
PID 1784 wrote to memory of 1732	1784	plscd.exe	plscd.exe
PID 1784 wrote to memory of 1732	1784	plscd.exe	plscd.exe
PID 1784 wrote to memory of 1732	1784	plscd.exe	plscd.exe
PID 1784 wrote to memory of 1732	1784	plscd.exe	plscd.exe
PID 1732 wrote to memory of 2160	1732	plscd.exe	plscd.exe
PID 1732 wrote to memory of 2160	1732	plscd.exe	plscd.exe
PID 1732 wrote to memory of 2160	1732	plscd.exe	plscd.exe
PID 1732 wrote to memory of 2160	1732	plscd.exe	plscd.exe
PID 2160 wrote to memory of 2484	2160	plscd.exe	plscd.exe
PID 2160 wrote to memory of 2484	2160	plscd.exe	plscd.exe
PID 2160 wrote to memory of 2484	2160	plscd.exe	plscd.exe
PID 2160 wrote to memory of 2484	2160	plscd.exe	plscd.exe
PID 2484 wrote to memory of 2724	2484	plscd.exe	plscd.exe
PID 2484 wrote to memory of 2724	2484	plscd.exe	plscd.exe
PID 2484 wrote to memory of 2724	2484	plscd.exe	plscd.exe
PID 2484 wrote to memory of 2724	2484	plscd.exe	plscd.exe
PID 2724 wrote to memory of 2804	2724	plscd.exe	plscd.exe
PID 2724 wrote to memory of 2804	2724	plscd.exe	plscd.exe
PID 2724 wrote to memory of 2804	2724	plscd.exe	plscd.exe
PID 2724 wrote to memory of 2804	2724	plscd.exe	plscd.exe
PID 2804 wrote to memory of 576	2804	plscd.exe	plscd.exe
PID 2804 wrote to memory of 576	2804	plscd.exe	plscd.exe
PID 2804 wrote to memory of 576	2804	plscd.exe	plscd.exe
PID 2804 wrote to memory of 576	2804	plscd.exe	plscd.exe

C:\Users\Admin\AppData\Local\Temp\900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\plscd.exe
  C:\Windows\system32\plscd.exe 636 "C:\Users\Admin\AppData\Local\Temp\900e4356754695c525c2cc2b2e059922_JaffaCakes118.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Windows\SysWOW64\plscd.exe
    C:\Windows\system32\plscd.exe 712 "C:\Windows\SysWOW64\plscd.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Windows\SysWOW64\plscd.exe
      C:\Windows\system32\plscd.exe 708 "C:\Windows\SysWOW64\plscd.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3052
    - - C:\Windows\SysWOW64\plscd.exe
        
        C:\Windows\system32\plscd.exe 720 "C:\Windows\SysWOW64\plscd.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1784
      - C:\Windows\SysWOW64\plscd.exe
        
        C:\Windows\system32\plscd.exe 724 "C:\Windows\SysWOW64\plscd.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1732
        
        C:\Windows\SysWOW64\plscd.exe
        
        C:\Windows\system32\plscd.exe 728 "C:\Windows\SysWOW64\plscd.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2160
        
        C:\Windows\SysWOW64\plscd.exe
        
        C:\Windows\system32\plscd.exe 732 "C:\Windows\SysWOW64\plscd.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2484
        
        C:\Windows\SysWOW64\plscd.exe
        
        C:\Windows\system32\plscd.exe 716 "C:\Windows\SysWOW64\plscd.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2724
        
        C:\Windows\SysWOW64\plscd.exe
        
        C:\Windows\system32\plscd.exe 740 "C:\Windows\SysWOW64\plscd.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2804
        
        C:\Windows\SysWOW64\plscd.exe
        
        C:\Windows\system32\plscd.exe 748 "C:\Windows\SysWOW64\plscd.exe"
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\plscd.exe

Filesize
1.3MB

MD5
900e4356754695c525c2cc2b2e059922

SHA1
7e089598a097b575bb2d95398fc83510997c99a0

SHA256
e9bad2e28e6a0645454907fea112235509165c1d61ab87a3ef98e6e50a0208b9

SHA512
617493b20a54ac7389c5c95bd1c05e0cec150e3ea41471793c06bd89e7c4e0092dc807dbfcc05e624c702c62206ff67ec1b7228841f3757a4cc47fcec6c9552c

Download Submit
memory/576-80-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1732-59-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1732-55-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1784-54-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1784-50-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2012-36-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2012-34-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2012-44-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2012-40-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2012-39-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2012-38-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2012-37-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2012-35-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2160-64-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2160-60-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2484-69-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2484-65-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2696-3-0x0000000004490000-0x0000000004491000-memory.dmp

Filesize
4KB

Download
memory/2696-5-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2696-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2696-1-0x0000000000720000-0x000000000080A000-memory.dmp

Filesize
936KB

Download
memory/2696-4-0x0000000000401000-0x000000000042A000-memory.dmp

Filesize
164KB

Download
memory/2696-15-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2696-2-0x0000000004480000-0x0000000004482000-memory.dmp

Filesize
8KB

Download
memory/2724-74-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2724-70-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-25-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-23-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-28-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-20-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-24-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-32-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-22-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-27-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-19-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-17-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2760-26-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2804-75-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/2804-79-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/3052-49-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/3052-45-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download