66150d655958fc850ee4b3be0a06838c59e9259d50c2eeb7a426204c49496a9c

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Size

83KB
MD5

ea6945d4e5400cafa71bde24df949a85
SHA1

cf1811606a5027d46ce94189df7aa8cdac2578b6
SHA256

66150d655958fc850ee4b3be0a06838c59e9259d50c2eeb7a426204c49496a9c
SHA512

9ed5459e18afda93a64cbd5fe96b3b464028d63bd2a36aa6466cc284025489f5ad7e69314fd9dc95b8b8e2ee8f1f8ac140207e3ace0fe8c9f7b7ec82deed60d5
SSDEEP

1536:U7HRMEQ/dwxtVNi7tBYFZDiMoBhKl0sKcjEErxTWDTMqhGKYIZTET8bDQ:U7HGJ2xUCZDjoBqjBkMqhGKZTbbc

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (614) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Drops file in Program Files directory 37 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_config_window.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\hrbhlxhb.exe	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\rvhrjtnt.exe	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\ResumeConvertTo.htm	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\bkbbtzlb.exe	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\view.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\vpaid.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\chllsvtv.exe	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\vlbvwvhv.exe	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\revhnlhn.exe	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\tsbknceh.exe	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\index.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\kznjrtew.exe	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Java\jre-1.8\hcjzqenb.exe	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\offset_window.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\nxqsxhql.exe	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe

Modifies registry class 44 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\ = "kkcercvsrlljwerc"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\hrbhlxhb.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\chllsvtv.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32\ = "C:\\Program Files\\Java\\jre-1.8\\hcjzqenb.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\bkbbtzlb.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\kznjrtew.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}\ = "rrtxrkzwqwlhelkh"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\nxqsxhql.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}\ = "wtvjjbtszejnnnbt"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{62B77361-C052-178D-5313-7AF2D2475E12}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\ = "lcrqtrbcknbltrrs"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}\LocalServer32\ = "C:\\Program Files\\VideoLAN\\VLC\\lua\\http\\vlbvwvhv.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10A65218-6812-7E3D-210A-8A064277C8F9}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\rvhrjtnt.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}\ = "rqbsnnsexxntkenh"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10A65218-6812-7E3D-210A-8A064277C8F9}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\jre\\revhnlhn.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\ = "qslvtlerqkhrstvt"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10A65218-6812-7E3D-210A-8A064277C8F9}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\ = "elwnlsbrjjnlcjlh"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\ = "rhjeljtttntrnrtl"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{10A65218-6812-7E3D-210A-8A064277C8F9}\ = "njebsttbvechsjqt"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5BFAF607-9DDA-565E-A528-64082B45FA4C}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7A1F8B4D-AC79-4B22-67EA-E30560A5BF1C}\ = "xsqqsnwrkbrthbew"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4DA7BCA8-2512-8FCE-67B5-F36442F4E210}\ = "eknhqbnrnrqehvnj"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8308FF82-554C-D53A-FE36-8DDED83673EF}\LocalServer32	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\Office16\\PersonaSpy\\tsbknceh.exe"	ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ea6945d4e5400cafa71bde24df949a85_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1832-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1832-1-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-2-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-3-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-6-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-8-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-9-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-10-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-11-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-12-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-13-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-14-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-15-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-16-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-17-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-18-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-19-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-20-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-21-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-22-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-23-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-24-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-25-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-26-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-27-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-28-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-29-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-30-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-31-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-32-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-33-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-34-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-35-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-36-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-37-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-38-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-39-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-40-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-41-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-42-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-43-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-44-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-45-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-46-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-47-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-48-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-49-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-50-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-51-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-52-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-53-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-54-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-55-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-56-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-57-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-58-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-59-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-60-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-61-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-62-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-63-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-64-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-65-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download
memory/1832-306-0x00000000001E0000-0x00000000001FE000-memory.dmp

Filesize
120KB

Download