d2ae29a60c66d02e145d45a394233baeb925dde82057e6e4da405314372837bc

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe
Size

63KB
MD5

0796df6cf7b6f2f8f834c21d8cb52c68
SHA1

5975bc8ed948478f765e53573cded48cb7e4768c
SHA256

d2ae29a60c66d02e145d45a394233baeb925dde82057e6e4da405314372837bc
SHA512

75447bb5bb752cd5e1f7a8a02ac4ee32a1250a8dd757923a2ee50aaea357c8cff3ace01f3df5e82b68381e587b01e0a802af032f7cf112f38e1eed44f0a9a4be
SSDEEP

1536:gLWjsfAMXn8yryGLS+4jeXoEjkKRhxhfb3LvL17:gLW4F8yrlLJseXsIjhz3Lj17

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1252	urdvxc.exe

Executes dropped EXE 6 IoCs

pid	Process
2772	urdvxc.exe
2672	urdvxc.exe
1468	urdvxc.exe
1252	urdvxc.exe
4764	urdvxc.exe
1996	urdvxc.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\urdvxc.exe	urdvxc.exe
File created	C:\Windows\SysWOW64\urdvxc.exe	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\urdvxc.exe	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe
File created	C:\Windows\SysWOW64\urdvxc.exe	urdvxc.exe
File created	C:\Windows\SysWOW64\urdvxc.exe	urdvxc.exe

Drops file in Program Files directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jre-1.8\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\rvhrjtnt.exe	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\revhnlhn.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\chllsvtv.exe	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\tsbknceh.exe	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	urdvxc.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\create_stream.html	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\error_window.html	urdvxc.exe
File opened for modification	C:\Program Files\Java\jre-1.8\hcjzqenb.exe	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\browse_window.html	urdvxc.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html	urdvxc.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html	urdvxc.exe

Modifies registry class 48 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\ = "ebbkxnjtetxcnwjr"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\vfs\\ProgramFilesCommonX64\\Microsoft Shared\\Smart Tag\\1033\\rvhrjtnt.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "tzxhwrjshjbvrtcb"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95C4DCC-0F09-E3EC-0A4E-73D1416F937E}	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\ = "lrbzkrlebbsbchjh"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\chllsvtv.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\LocalServer32\ = "C:\\Program Files\\Microsoft Office\\root\\Office16\\PersonaSpy\\tsbknceh.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "stwjxkrlvlwevbcn"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "jkkbeltlhtrxstes"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5DA7E191-3518-8C5E-DAD0-E316016B7509}\LocalServer32\ = "C:\\Program Files\\Java\\jdk-1.8\\jre\\revhnlhn.exe"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95C4DCC-0F09-E3EC-0A4E-73D1416F937E}\LocalServer32	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "rcbtxscrcrbkbvvb"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32\ = "C:\\Program Files\\Java\\jre-1.8\\hcjzqenb.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D9E5B2A0-6DA4-8211-3F09-7196AABBE564}\ = "hhbsjzjksbhesvet"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "evrsrslrstthtcwc"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95C4DCC-0F09-E3EC-0A4E-73D1416F937E}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe"	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\ = "rrkejwhsksjwwhkz"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D72C442F-6EA9-BFAF-2703-0F262F8765FD}\ = "bkntllejzjlxbtts"	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC84F518-2B78-BCFB-E876-EDAE640549C3}\LocalServer32	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB4470BE-3A35-A218-C7F6-4398C8694892}\ = "wkhbvnntevjqhhtr"	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A95C4DCC-0F09-E3EC-0A4E-73D1416F937E}\ = "hlwrclexbzkzwrjc"	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32	urdvxc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}	urdvxc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66E9A00C-64D1-4956-05AE-619DF5D22A84}\LocalServer32\ = "C:\\Windows\\SysWOW64\\urdvxc.exe"	urdvxc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2772	urdvxc.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2772	2660	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe	81
PID 2660 wrote to memory of 2772	2660	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe	81
PID 2660 wrote to memory of 2772	2660	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe	81
PID 2660 wrote to memory of 2672	2660	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe	82
PID 2660 wrote to memory of 2672	2660	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe	82
PID 2660 wrote to memory of 2672	2660	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe	82
PID 2660 wrote to memory of 1252	2660	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe	86
PID 2660 wrote to memory of 1252	2660	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe	86
PID 2660 wrote to memory of 1252	2660	0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe	86

C:\Users\Admin\AppData\Local\Temp\0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe"
1⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /installservice
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:2772
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /start
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:2672
- C:\Windows\SysWOW64\urdvxc.exe
  C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\0796df6cf7b6f2f8f834c21d8cb52c68_JaffaCakes118.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Modifies registry class
  PID:1252

C:\Windows\SysWOW64\urdvxc.exe
"C:\Windows\SysWOW64\urdvxc.exe" /service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:1468

C:\Windows\SysWOW64\urdvxc.exe
"C:\Windows\SysWOW64\urdvxc.exe" /service
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
PID:4764

C:\Windows\SysWOW64\urdvxc.exe
C:\Windows\SysWOW64\urdvxc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk-1.8\README.html

Filesize
263B

MD5
8e0789ff750b413c70a9b109432cf0ba

SHA1
84c429f3b741a44bced2a137ee62254348e89da6

SHA256
f37026c18146ffd616868fc2b6b18bd1d4d35d701a99d1eb1e3b0974c01079b1

SHA512
36b4cd6cb7854ed594ab3e1918731e2ad76fc3dab376f691518a2fb19fc8d1edd6f512846fbb171123dac0f661444a84c112dad014477fb7f6420dc03700a899

Download Submit
C:\Program Files\Java\jdk-1.8\jre\Welcome.html

Filesize
1KB

MD5
2fe21944034eb6b2b24f4bed8b1bee2c

SHA1
b53bb2babe0c2fe682a2e1c05d79dcf4fedf15a1

SHA256
6ffa2002e97816536eb55bef0ba11402fda791a3c4e7fa42f15f64967cdf1e9e

SHA512
4ac42b5d64d2f98e652a269a78bc012caf340fe43e7ef97fae58a1437b7360b05b949637c061d1ce818a2ca789c6db09d9c432efbe5dd8f7ee938f81976725eb

Download Submit
C:\Program Files\Java\jre-1.8\Welcome.html

Filesize
1KB

MD5
8e5c98d3d0f3cf3363774f184f1b4b7f

SHA1
5544dc3bf942d604a97b553d1debf43581a72805

SHA256
111c6773048fd325e3e93ce312a085575fff0fa211618b79854aee6b758dadcf

SHA512
f8861683a53f76fdc699ac7fdfcda95ca460c6c5df625a6ea9ac17a0b2efafd06b5b8f5b16d45422cd4f3772b8ed8e6be15e3f29931a56e642551908c79ebbc4

Download Submit
C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\PersonaSpy.html

Filesize
1KB

MD5
75887f366667b2254dfd35014d4eb318

SHA1
03127bc21514e315f8c370a9ac5dbd1cd9e766e7

SHA256
fcd66e8e56164804b031e01cf09f3da3338eb9d92b9bf4eb23097ce32018b9a9

SHA512
953e558d01d43f252870db5ecce7e347f69b3e553ecfadb106be203745492636d95dbcfc7446d31b138691e5e833b8f1a77d08995b7fb8ade5ae44af7fe48979

Download Submit
C:\Windows\SysWOW64\urdvxc.exe

Filesize
63KB

MD5
0796df6cf7b6f2f8f834c21d8cb52c68

SHA1
5975bc8ed948478f765e53573cded48cb7e4768c

SHA256
d2ae29a60c66d02e145d45a394233baeb925dde82057e6e4da405314372837bc

SHA512
75447bb5bb752cd5e1f7a8a02ac4ee32a1250a8dd757923a2ee50aaea357c8cff3ace01f3df5e82b68381e587b01e0a802af032f7cf112f38e1eed44f0a9a4be

Download Submit
memory/1252-40-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/1252-58-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/1468-53-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-69-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-21-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-22-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-23-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-24-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-25-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-26-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-27-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-28-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-29-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-30-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-31-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-32-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-33-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-56-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-35-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-36-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-13-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-39-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-19-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-41-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-42-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-43-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-44-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-45-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-46-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-47-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-48-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-49-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-50-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-51-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-52-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-18-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-54-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-55-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-34-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-14-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-20-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-59-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-60-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-61-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-62-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-63-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-64-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-65-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-66-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-67-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-68-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-57-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-70-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-71-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-72-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-73-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-74-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-75-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-76-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-77-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-78-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-79-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-80-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-81-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-1124-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/1468-5963-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/2660-1-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/2660-0-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2660-38-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/2672-12-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/2672-10-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/2772-6-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2772-7-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/2772-8-0x00000000001E0000-0x00000000001FF000-memory.dmp

Filesize
124KB

Download
memory/4764-5965-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/4764-7226-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download
memory/4764-7943-0x00000000001C0000-0x00000000001DF000-memory.dmp

Filesize
124KB

Download