19a7e4977eb457117e12170a888f755c05dfa1e798ce59cece234d4855c61abf

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
Size

308KB
MD5

1c10b9d109c2592ddc7a5de457550ad6
SHA1

96255f918d46f9fe7ffbb887a31af30999260632
SHA256

19a7e4977eb457117e12170a888f755c05dfa1e798ce59cece234d4855c61abf
SHA512

22c35e5574d05d47d0358912788cd1149020f111c388efa62c569c463c4453aeefd481e54a88f3f181f180659a41bec1a84f0eab0e9865e10cc4a064c625b1b6
SSDEEP

6144:gSOf3vF/mCm09bDEtsh3Z+s02bLpf5k7f/0BHbuVD5ob7xPW2p4Gp2bL:kvFen09bwts/miLpPHbuZ5oPxPn4JbL

Score

7^/10

persistence upx vmprotect

Malware Config

Signatures

Executes dropped EXE 6 IoCs

Processes:

A_v_DVD.dllqvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exeservices.exeA_v_AuTo.dllservices.exeA_v_TT.dll

pid process

2364 A_v_DVD.dll
2932 qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2960 services.exe
2600 A_v_AuTo.dll
2536 services.exe
2844 A_v_TT.dll

pid	process
2364	A_v_DVD.dll
2932	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2960	services.exe
2600	A_v_AuTo.dll
2536	services.exe
2844	A_v_TT.dll

Loads dropped DLL 29 IoCs

Processes:

1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exeA_v_DVD.dllqvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exeservices.exeA_v_AuTo.dllservices.exeA_v_TT.dll

pid	process
1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
2364	A_v_DVD.dll
2364	A_v_DVD.dll
2364	A_v_DVD.dll
2364	A_v_DVD.dll
2364	A_v_DVD.dll
2932	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2932	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2932	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
2960	services.exe
2960	services.exe
2960	services.exe
1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
2600	A_v_AuTo.dll
2600	A_v_AuTo.dll
2600	A_v_AuTo.dll
2600	A_v_AuTo.dll
2600	A_v_AuTo.dll
2536	services.exe
2536	services.exe
2536	services.exe
1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
2844	A_v_TT.dll
2844	A_v_TT.dll
2844	A_v_TT.dll

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll	upx
behavioral1/memory/2600-77-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/2600-66-0x0000000000400000-0x0000000000413000-memory.dmp	upx

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll	vmprotect
behavioral1/memory/2844-99-0x0000000000400000-0x0000000000418000-memory.dmp	vmprotect
behavioral1/memory/2844-93-0x0000000000400000-0x0000000000418000-memory.dmp	vmprotect
behavioral1/memory/2844-102-0x0000000000400000-0x0000000000418000-memory.dmp	vmprotect

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

A_v_AuTo.dll

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Internet = "C:\\Program Files\\Common Files\\Microsoft Shared\\services.exe"	A_v_AuTo.dll

Drops file in Program Files directory 14 IoCs

Processes:

1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exeservices.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_Dvd.ocx	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_Dw.ocx	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_bind.au	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_Tj.ocx	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\services.exe	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.ocx	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Au_ing_Code.ini	services.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\services.exe	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File created	C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

A_v_AuTo.dllA_v_TT.dll

pid process

2600 A_v_AuTo.dll
2600 A_v_AuTo.dll
2600 A_v_AuTo.dll
2844 A_v_TT.dll
2844 A_v_TT.dll
2844 A_v_TT.dll
2844 A_v_TT.dll
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

services.exe

description pid process

Token: SeDebugPrivilege 2960 services.exe
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe

pid process

2932 qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2932 qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2932 qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe

pid process

2932 qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2932 qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2932 qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

A_v_TT.dll

pid process

2844 A_v_TT.dll
2844 A_v_TT.dll

pid	process
2600	A_v_AuTo.dll
2600	A_v_AuTo.dll
2600	A_v_AuTo.dll
2844	A_v_TT.dll
2844	A_v_TT.dll
2844	A_v_TT.dll
2844	A_v_TT.dll

description	pid	process
Token: SeDebugPrivilege	2960	services.exe

pid	process
2932	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2932	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2932	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe

pid	process
2932	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2932	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
2932	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe

pid	process
2844	A_v_TT.dll
2844	A_v_TT.dll

Suspicious use of WriteProcessMemory 42 IoCs

Processes:

1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exeA_v_DVD.dllA_v_AuTo.dll

description	pid	process	target process
PID 1028 wrote to memory of 2364	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_DVD.dll
PID 1028 wrote to memory of 2364	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_DVD.dll
PID 1028 wrote to memory of 2364	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_DVD.dll
PID 1028 wrote to memory of 2364	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_DVD.dll
PID 1028 wrote to memory of 2364	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_DVD.dll
PID 1028 wrote to memory of 2364	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_DVD.dll
PID 1028 wrote to memory of 2364	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_DVD.dll
PID 2364 wrote to memory of 2932	2364	A_v_DVD.dll	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
PID 2364 wrote to memory of 2932	2364	A_v_DVD.dll	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
PID 2364 wrote to memory of 2932	2364	A_v_DVD.dll	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
PID 2364 wrote to memory of 2932	2364	A_v_DVD.dll	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
PID 2364 wrote to memory of 2932	2364	A_v_DVD.dll	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
PID 2364 wrote to memory of 2932	2364	A_v_DVD.dll	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
PID 2364 wrote to memory of 2932	2364	A_v_DVD.dll	qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
PID 1028 wrote to memory of 2960	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	services.exe
PID 1028 wrote to memory of 2960	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	services.exe
PID 1028 wrote to memory of 2960	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	services.exe
PID 1028 wrote to memory of 2960	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	services.exe
PID 1028 wrote to memory of 2960	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	services.exe
PID 1028 wrote to memory of 2960	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	services.exe
PID 1028 wrote to memory of 2960	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	services.exe
PID 1028 wrote to memory of 2600	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_AuTo.dll
PID 1028 wrote to memory of 2600	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_AuTo.dll
PID 1028 wrote to memory of 2600	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_AuTo.dll
PID 1028 wrote to memory of 2600	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_AuTo.dll
PID 1028 wrote to memory of 2600	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_AuTo.dll
PID 1028 wrote to memory of 2600	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_AuTo.dll
PID 1028 wrote to memory of 2600	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_AuTo.dll
PID 2600 wrote to memory of 2536	2600	A_v_AuTo.dll	services.exe
PID 2600 wrote to memory of 2536	2600	A_v_AuTo.dll	services.exe
PID 2600 wrote to memory of 2536	2600	A_v_AuTo.dll	services.exe
PID 2600 wrote to memory of 2536	2600	A_v_AuTo.dll	services.exe
PID 2600 wrote to memory of 2536	2600	A_v_AuTo.dll	services.exe
PID 2600 wrote to memory of 2536	2600	A_v_AuTo.dll	services.exe
PID 2600 wrote to memory of 2536	2600	A_v_AuTo.dll	services.exe
PID 1028 wrote to memory of 2844	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_TT.dll
PID 1028 wrote to memory of 2844	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_TT.dll
PID 1028 wrote to memory of 2844	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_TT.dll
PID 1028 wrote to memory of 2844	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_TT.dll
PID 1028 wrote to memory of 2844	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_TT.dll
PID 1028 wrote to memory of 2844	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_TT.dll
PID 1028 wrote to memory of 2844	1028	1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe	A_v_TT.dll

C:\Users\Admin\AppData\Local\Temp\1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1c10b9d109c2592ddc7a5de457550ad6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1028

C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll
"C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2364

C:\Users\Admin\AppData\Local\Temp\qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
"C:\Users\Admin\AppData\Local\Temp\qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2932

C:\Program Files\Common Files\Microsoft Shared\services.exe
"C:\Program Files\Common Files\Microsoft Shared\services.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:2960

C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll
"C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2600

C:\Program Files\Common Files\Microsoft Shared\services.exe
"C:\Program Files\Common Files\Microsoft Shared\services.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2536

C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll
"C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2844

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll
Filesize
47.7MB

MD5
b0c8b73e3251874e40c873eb47f51dae

SHA1
e38119340c7292e3436032eed27f12051bbe3591

SHA256
cacaf1cf9e41def4cc722218453120a31926bea118524c6c498c8e625ff6e41a

SHA512
0d1fbb040308cd8269f2fce73f21d01bbe3cc108b4e7e8067312fc80b9bac7a233d9ddfb0a3a894e388db1816dc59c501a06b3c111795baea42599d317e3e78f

Download Submit
\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll
Filesize
47.7MB

MD5
72675705a3f5e052f8afd49f2182065e

SHA1
f2956a873ae6c113b7e8842522331cb8d316fd79

SHA256
62ed3c273b7b8b4bc29cd4de3decd2b2be377f87613d08b1a67b1e9bf49b3482

SHA512
307c0af4eea0ab7d53ddbe7aa73f3f54648f9cf1b4fc11978db180d857c1799453040bd1572807916d7e09b5a6cac6337a0ccfb0bb696883c5c7fc402c6f4fbd

Download Submit
\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll
Filesize
606KB

MD5
510756b1792fa53f4799423ae40fb601

SHA1
7a6a3895c0e8a51c132fabafe988381a11745ccf

SHA256
5687f836b5a4b4978d94eb660077dec4b82cfdd1e031e529f0b6188393fdd3cd

SHA512
03d0324c5293f35fcc66128f7e95b450492ed91ddafb13da466ca297f62f2dbb3703bb7b77837276ea8451082d8c3f8709a270f166c904eade1e0c12a7144e53

Download Submit
\Program Files\Common Files\Microsoft Shared\services.exe
Filesize
47.7MB

MD5
61a9cc8450c20af35786d14ff729405b

SHA1
07041ca44793c57d8a72a8d27dd25ffba0b5b74c

SHA256
7c8bf2e036edbb1f1940632f41f5ccce2a88cb2b6786464b5c98b60db8d7f188

SHA512
2887f2ee7fd955455989ac452663bf38f4634083a534ec421ce55dbb1aa9e16401ff9d99a3ed038589ca261a5a4af581f36671d6dfbadb3b9cbb80ab70131b41

Download Submit
\Users\Admin\AppData\Local\Temp\qvod.exe_C2E9D99D7D1CB2645FE9DBB3DEB4F842BA8BE184.exe
Filesize
252KB

MD5
bdbc9ab4a7b8a53d126e128820b1fc6b

SHA1
32aa5f3e6398ab3f6b8268a28aa245cf7f1d696e

SHA256
8f18d52b0b69c8dc7ee811897e49421ea418fff0f1db693f8055f279a37ca9cc

SHA512
0fc8eb9479a5876c7401931bb3ee834d3288ca0adf852d35079160af04c7edd8096aab19f012b940185e94168d9a98b39439251b63c05f319b616ed481bdb5a6

Download Submit
memory/1028-6-0x0000000000250000-0x000000000029E000-memory.dmp

Filesize
312KB

Download
memory/1028-64-0x0000000000250000-0x0000000000263000-memory.dmp

Filesize
76KB

Download
memory/1028-65-0x0000000000250000-0x0000000000263000-memory.dmp

Filesize
76KB

Download
memory/1028-91-0x0000000000250000-0x0000000000268000-memory.dmp

Filesize
96KB

Download
memory/1028-92-0x0000000000250000-0x0000000000268000-memory.dmp

Filesize
96KB

Download
memory/2364-15-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2364-49-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2364-14-0x00000000003E0000-0x00000000003E2000-memory.dmp

Filesize
8KB

Download
memory/2364-69-0x00000000003E0000-0x00000000003E2000-memory.dmp

Filesize
8KB

Download
memory/2364-13-0x00000000002B0000-0x00000000002FE000-memory.dmp

Filesize
312KB

Download
memory/2364-8-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2600-77-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2600-68-0x0000000000020000-0x0000000000033000-memory.dmp

Filesize
76KB

Download
memory/2600-67-0x0000000000020000-0x0000000000033000-memory.dmp

Filesize
76KB

Download
memory/2600-66-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2844-99-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2844-98-0x0000000000020000-0x0000000000038000-memory.dmp

Filesize
96KB

Download
memory/2844-93-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2844-102-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2844-104-0x0000000000020000-0x0000000000038000-memory.dmp

Filesize
96KB

Download
memory/2932-32-0x0000000003350000-0x0000000003554000-memory.dmp

Filesize
2.0MB

Download
memory/2932-31-0x0000000003350000-0x0000000003554000-memory.dmp

Filesize
2.0MB

Download
memory/2932-26-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download