metasploit | df33462acb9302bae07bb86056d1c577488a77263a09fd1935d2550891c32064

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-12-2024 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe
Size

365KB
MD5

ec1a2d23f6ec819a7632b9d2d6c91362
SHA1

905e747b6d952ee409204539712acd38922aa3d3
SHA256

df33462acb9302bae07bb86056d1c577488a77263a09fd1935d2550891c32064
SHA512

d0ab5310273cc46a82eee0ca9dd6472ba641f041a81e9a160a4d2e796bd3584604d387cc73fb6bb8b6fc211ed7600735a0e71781b0c9643e5fdba634c2c936d8
SSDEEP

6144:xX2GVkaeqSnWxzYDIK/CvtSXQfM/c2BZu7SBJad21waqCkVKXU0F+R38HbqiByqL:xzkzHsK/AsQfM/lXEOad2elKX+tybqpK

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Metasploit family
metasploit

Executes dropped EXE 20 IoCs

pid	Process
4284	pr1nc.exe
4260	pr1nc.exe
2220	pr1nc.exe
2344	pr1nc.exe
4968	pr1nc.exe
1908	pr1nc.exe
3508	pr1nc.exe
4824	pr1nc.exe
4036	pr1nc.exe
4520	pr1nc.exe
228	pr1nc.exe
4496	pr1nc.exe
2424	pr1nc.exe
4284	pr1nc.exe
4544	pr1nc.exe
1448	pr1nc.exe
5040	pr1nc.exe
2236	pr1nc.exe
1488	pr1nc.exe
1344	pr1nc.exe

Drops file in System32 directory 22 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File created	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe
File opened for modification	C:\Windows\SysWOW64\pr1nc.exe	pr1nc.exe

Suspicious use of SetThreadContext 11 IoCs

description	pid	Process	procid_target
PID 1408 set thread context of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 4284 set thread context of 4260	4284	pr1nc.exe	86
PID 2220 set thread context of 2344	2220	pr1nc.exe	89
PID 4968 set thread context of 1908	4968	pr1nc.exe	93
PID 3508 set thread context of 4824	3508	pr1nc.exe	95
PID 4036 set thread context of 4520	4036	pr1nc.exe	97
PID 228 set thread context of 4496	228	pr1nc.exe	99
PID 2424 set thread context of 4284	2424	pr1nc.exe	101
PID 4544 set thread context of 1448	4544	pr1nc.exe	103
PID 5040 set thread context of 2236	5040	pr1nc.exe	105
PID 1488 set thread context of 1344	1488	pr1nc.exe	107

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pr1nc.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe
4284	pr1nc.exe
2220	pr1nc.exe
4968	pr1nc.exe
3508	pr1nc.exe
4036	pr1nc.exe
228	pr1nc.exe
2424	pr1nc.exe
4544	pr1nc.exe
5040	pr1nc.exe
1488	pr1nc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1408 wrote to memory of 1352	1408	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	84
PID 1352 wrote to memory of 4284	1352	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	85
PID 1352 wrote to memory of 4284	1352	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	85
PID 1352 wrote to memory of 4284	1352	ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe	85
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4284 wrote to memory of 4260	4284	pr1nc.exe	86
PID 4260 wrote to memory of 2220	4260	pr1nc.exe	88
PID 4260 wrote to memory of 2220	4260	pr1nc.exe	88
PID 4260 wrote to memory of 2220	4260	pr1nc.exe	88
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2220 wrote to memory of 2344	2220	pr1nc.exe	89
PID 2344 wrote to memory of 4968	2344	pr1nc.exe	92
PID 2344 wrote to memory of 4968	2344	pr1nc.exe	92
PID 2344 wrote to memory of 4968	2344	pr1nc.exe	92
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 4968 wrote to memory of 1908	4968	pr1nc.exe	93
PID 1908 wrote to memory of 3508	1908	pr1nc.exe	94
PID 1908 wrote to memory of 3508	1908	pr1nc.exe	94
PID 1908 wrote to memory of 3508	1908	pr1nc.exe	94
PID 3508 wrote to memory of 4824	3508	pr1nc.exe	95
PID 3508 wrote to memory of 4824	3508	pr1nc.exe	95
PID 3508 wrote to memory of 4824	3508	pr1nc.exe	95
PID 3508 wrote to memory of 4824	3508	pr1nc.exe	95
PID 3508 wrote to memory of 4824	3508	pr1nc.exe	95
PID 3508 wrote to memory of 4824	3508	pr1nc.exe	95
PID 3508 wrote to memory of 4824	3508	pr1nc.exe	95
PID 3508 wrote to memory of 4824	3508	pr1nc.exe	95

C:\Users\Admin\AppData\Local\Temp\ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Users\Admin\AppData\Local\Temp\ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe
  2⤵
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1352
- - C:\Windows\SysWOW64\pr1nc.exe
    C:\Windows\system32\pr1nc.exe 1120 "C:\Users\Admin\AppData\Local\Temp\ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4284
  - - C:\Windows\SysWOW64\pr1nc.exe
      C:\Windows\SysWOW64\pr1nc.exe 1120 "C:\Users\Admin\AppData\Local\Temp\ec1a2d23f6ec819a7632b9d2d6c91362_JaffaCakes118.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4260
    - - C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\system32\pr1nc.exe 1148 "C:\Windows\SysWOW64\pr1nc.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2220
      - C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\SysWOW64\pr1nc.exe 1148 "C:\Windows\SysWOW64\pr1nc.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2344
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\system32\pr1nc.exe 1120 "C:\Windows\SysWOW64\pr1nc.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4968
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\SysWOW64\pr1nc.exe 1120 "C:\Windows\SysWOW64\pr1nc.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1908
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\system32\pr1nc.exe 1124 "C:\Windows\SysWOW64\pr1nc.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3508
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\SysWOW64\pr1nc.exe 1124 "C:\Windows\SysWOW64\pr1nc.exe"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:4824
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\system32\pr1nc.exe 1120 "C:\Windows\SysWOW64\pr1nc.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4036
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\SysWOW64\pr1nc.exe 1120 "C:\Windows\SysWOW64\pr1nc.exe"
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:4520
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\system32\pr1nc.exe 1120 "C:\Windows\SysWOW64\pr1nc.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:228
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\SysWOW64\pr1nc.exe 1120 "C:\Windows\SysWOW64\pr1nc.exe"
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:4496
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\system32\pr1nc.exe 1120 "C:\Windows\SysWOW64\pr1nc.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\SysWOW64\pr1nc.exe 1120 "C:\Windows\SysWOW64\pr1nc.exe"
        16⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:4284
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\system32\pr1nc.exe 1120 "C:\Windows\SysWOW64\pr1nc.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4544
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\SysWOW64\pr1nc.exe 1120 "C:\Windows\SysWOW64\pr1nc.exe"
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:1448
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\system32\pr1nc.exe 1116 "C:\Windows\SysWOW64\pr1nc.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:5040
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\SysWOW64\pr1nc.exe 1116 "C:\Windows\SysWOW64\pr1nc.exe"
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\system32\pr1nc.exe 1124 "C:\Windows\SysWOW64\pr1nc.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Windows\SysWOW64\pr1nc.exe
        
        C:\Windows\SysWOW64\pr1nc.exe 1124 "C:\Windows\SysWOW64\pr1nc.exe"
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        System Location Discovery: System Language Discovery
        
        PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\pr1nc.exe

Filesize
365KB

MD5
ec1a2d23f6ec819a7632b9d2d6c91362

SHA1
905e747b6d952ee409204539712acd38922aa3d3

SHA256
df33462acb9302bae07bb86056d1c577488a77263a09fd1935d2550891c32064

SHA512
d0ab5310273cc46a82eee0ca9dd6472ba641f041a81e9a160a4d2e796bd3584604d387cc73fb6bb8b6fc211ed7600735a0e71781b0c9643e5fdba634c2c936d8

Download Submit
memory/1352-9-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/1352-11-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/1352-6-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/1352-8-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/1352-7-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/1352-10-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/1352-14-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/1352-37-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/1908-79-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2344-58-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/2344-59-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/4260-39-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download
memory/4824-99-0x0000000000400000-0x00000000004FA000-memory.dmp

Filesize
1000KB

Download