Overview

overview

10

Static

static

3

22e3ba427f...18.exe

windows7-x64

10

22e3ba427f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 15:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22e3ba427f72b889c04192665811db26_JaffaCakes118.exe

  • Size

    188KB

  • MD5

    22e3ba427f72b889c04192665811db26

  • SHA1

    dfc3194e1ee99a8709f8a1cecec9859362e38aaa

  • SHA256

    06a7e14ac643090406c115d729ebf9a6749b195eab695f61077f52a6db5b469e

  • SHA512

    fa64ab9f4c19bdfd6eaa91539a1f3a20a7aa30e50e7745b11263c144fb02203f6fac59d8b60b451300ffa0823dc424f63e4dce4ec7c424bc1817e9424c2233f2

  • SSDEEP

    3072:p3s1aEReBKD2SEKPWUDF7Wq6vYcOhbXmgHxguyQDwB/jVmqD+dXipNtzY8Bp0LPI:NsFOBUDF7CgcabXBh3DC/aipNta7xE5L

Score
10/10
salitybackdoorevasionpersistencetrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

  • Modifies firewall policy service 3 TTPs 6 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • UAC bypass 3 TTPs 2 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 12 IoCs
    evasiontrojan
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\22e3ba427f72b889c04192665811db26_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\22e3ba427f72b889c04192665811db26_JaffaCakes118.exe"
    1⤵
    • Modifies firewall policy service
    • UAC bypass
    • Windows security bypass
    • Windows security modification
    • Checks whether UAC is enabled
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2132
    • C:\Users\Admin\AppData\Local\Temp\22e3ba427f72b889c04192665811db26_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\22e3ba427f72b889c04192665811db26_JaffaCakes118.exe
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3004
      • C:\Users\Admin\AppData\Roaming\Cvgagc.exe
        "C:\Users\Admin\AppData\Roaming\Cvgagc.exe"
        3⤵
        • Modifies firewall policy service
        • UAC bypass
        • Windows security bypass
        • Executes dropped EXE
        • Loads dropped DLL
        • Windows security modification
        • Checks whether UAC is enabled
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:2572
        • C:\Users\Admin\AppData\Roaming\Cvgagc.exe
          C:\Users\Admin\AppData\Roaming\Cvgagc.exe
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2672
          • C:\Program Files (x86)\Internet Explorer\iexplore.exe
            "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:2504
            • C:\Program Files\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:2120
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
                7⤵
                • Modifies Internet Explorer settings
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of SetWindowsHookEx
                PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

4
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

3
T1562.001

Modify Registry

7
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db5ffafca7d5bf0a5773e2be71b1e5a8

    SHA1

    b80cbd2df9bca6fde005ad43f6aacbafa2a9d767

    SHA256

    726bc45dac41bfeb2f3f0cd99b78f92f811878125be36f5ae3310b00f0a67fa4

    SHA512

    0b78e9e74f09863bacaf7908de804d5e841f663b67faae916f8a522a462a430cd6d7923f4763091c5cad57624623aca0e9154b4415d2fe3d71f106e75a1d2834

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    260eb53920eab8a0d5eb0acbaa73b3dc

    SHA1

    6e5263f03d1aac5e85594bf20da07db99a585f9e

    SHA256

    69686a469387bd9515c7d921f0e36e4dfea672e1c6e56ae54135c5c0cab9e5b6

    SHA512

    a70d1c5b4403e951cfd6167ab4142f6eca6bc7a9128eb308c5a7cf213a99e53f0413e6b8cd1cc8de746076f79553fe3c5e16ae81ed9bc097c3906e5bf5d6e37a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfdb7bcddfcffb5ad07c8fb9c9686ff4

    SHA1

    03be1992a0c53932f4a387a72dbd6cf778f87582

    SHA256

    a4c06fbeb649befbc5b71a281c1594552bb7c5363cc5c47d6ffd8996e9d08c43

    SHA512

    4351b20183b157d7786b9b2575f28ca7f199fa1ffca2022e1ce1175f27ba3dc763454ceea8e561695a4f23b749adf5f3175a41c4121c7cb3095900b2171706be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ef0bcadf1ab45993e20d6aba5f3f200

    SHA1

    fa511a0c26737badf507908a02a825c1e89af2c7

    SHA256

    d42afb2dbce89280668c3577064c34cb6437e8e8fc7fa051905c024237f438dc

    SHA512

    521cc6599db766817c5621e7643a4738631eb1ae41402017c0f57c0433653afd8a488b4b7789c677eb76f1591c86465957a07e046df2a2f799299f516e58cca5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83e031836e0c1b4350b2432a6f3101e3

    SHA1

    8dbfaa215aabd12f99952064405e5391607aef05

    SHA256

    788930dd2f3bc8feb8970d4cba9ca592fa4a3f904a19ee89c4758fc36198d4c9

    SHA512

    c6fb27116c53594b809ae4e85b4813af1a1a3a91c09835e7a0a1a96959908483caa7e7104e0ebdc6b164825446932becb52127e2a7dedb83405652176a56f6de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80391c761e548ec26ca3fd6d7d134949

    SHA1

    beb20b9e063fb1b05fa2ea7fab06d32327be2b4a

    SHA256

    aa18cbed59054598d48f4209e5e371796141314ab59d1ae25d18d910e88d9131

    SHA512

    c3e85ef751520470d8f053deaeb106817461f01478d8f47ba688d34ae396fed8f2ab0ca44ccf486053474d642283c63c931f50a74ea59958f1c80f598fe37096

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04f0ba8711235723db39a798574100f8

    SHA1

    fa9c3f262a5d0229a047fc92919036ac63a5d342

    SHA256

    3ffddd32dbcf5eb547e0b0de4a8d6af76a97f4821d749096f284297d7de32a26

    SHA512

    20464f6b80d0c971ca54bbaffe68922440e5bd53cd61e10ba801b63dd7f3a9a1afe6351d1ce2c871e5d8493b461fbe3ff38a880409f37b1cd0e847395fa8b891

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f292b59c86806733b442762c4de0891

    SHA1

    42f0f08d733f03e732064ea63b0cfd889fb22e3d

    SHA256

    e39134ff45b181b2b0a920f184ff9b7c79a31d3a4c9fb5069eba3a8a94f4377f

    SHA512

    0707ac498255480c7874d8766bd2d857d2aa3f933fe79c981417c925e3188b1ab0f4a85d1d3db4e1cf7a197119c0b9c23d129208d1f8835807818071a8df95cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bbe585b4b160f55d6234e23add404d3c

    SHA1

    9895347d040bcc1850f390dd45181c3568494f43

    SHA256

    bc0d78533ef214330563973ef6c47748d9b5259b3f7ba8c77d3c86ccaffeda68

    SHA512

    a9846160572c65a680318ebaaa8bde01f89b1fa32745149ef2dc6ba3bbd124c1b93659e80bd4fc695a9cd1a344a794fc25748707054a803df0d5a4d55d8ec1b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb0643583b02329f151291abf602ce51

    SHA1

    f3c806cc3569a8e5d24fcd368959fb4411d16472

    SHA256

    7ad50e782fb30f02065036367bb064e083e7bdc0f82011f32e6cd07c1c3ebdc7

    SHA512

    b07f1f38d01e1e71a4c6b0a564d22fa1cc6c61ddc8934a4d03bbf8ed6b8c704f82b1e7aa57bebf10356451cb54884afea9fbbd661183238698bde5991abbd1b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14aa733b3a74fe3d11370e7678328aee

    SHA1

    8bb2ebbfa97d9a02d21591e3fe266276cb7a7520

    SHA256

    1ea41bb470cc09e07e1b6368e2969b75c93f9a9097722c64b1bed8a471a7c334

    SHA512

    a1b6a6521bf4209e3ee32773ee5f3691060f391535ecc3878a32ac3ce6b9b5aa72e28f871806451faba01c3833d4e8f4b6dd81030a5c1422d5ac9362e6cb091c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e1c50d5856d43ab2768572511d1f262

    SHA1

    e6a3e37d3df52bfddb71e4938e96664025ecba88

    SHA256

    badec3e2c96219f2eedc1dee0edac56485eeada8e121a8be04676d6c9b33980b

    SHA512

    3545d58e2e322371e91316de85b31b36ac1e1f80c53a538d302ab3ca39c440d4acdc14decd5f2e888f7ea86b31adbcad1326b91184da3093655275e36c914dd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c460bf6f3525d9f8fcab6aa4d5ce344

    SHA1

    a620ca01949ac2387aeefdaaaeb3c9d031bfee27

    SHA256

    0d99f3be810881b33fae2f7697e1b3ccd0f81871ff606ab5dee0e398772783bf

    SHA512

    76c069061ba4ba6fb10504279637b4a9a821d5ca8d3bc9c44349f0930dab91812f4828cbbcca94c776bf6df486f92a1b73e996a02a9a40f296c93b46c27dc922

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0170c56a21cb7b3fa8b3c7b925b1b345

    SHA1

    9ff816e39624ec14d32ac066c8209b8bce89e9a9

    SHA256

    eda8269bc4a757ecfc22851d90c892b28050058ad0f1f27d8448bc013dedb51c

    SHA512

    7aea2a2b0696c3b669eab613c8b194d6e035f86ccfbd77705c1dc106cf2ae6079d9e2aa8734e1da3043931c8ee0cf3e1d1398a03e90745974d7d0fc8e546547e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    def3ff979d957b2ee954acd135ec41f2

    SHA1

    c57061ec19b496e1099b6ba11b2ecc4ee8b2a35a

    SHA256

    f526d39b8f4d663d8d05c72d309e1f90f151e022685f279e77ff8e615681d14f

    SHA512

    28ca62df1b7b5a35f304fc173b146cb7a1d48a852bb056a7a77b52ae6242f043b44231c48331ebcf9a1ff999af3b44217f1934d637649d23d3790d3267694e36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8514cd1595958f9beaf6d5aa1bcf270a

    SHA1

    0a2c36b1c7d800c333355a0d4a9813af8cb31672

    SHA256

    ce4edbf20edf77f8dd8dda940458767620aef195ebc7d78f0d0164edbcd0628e

    SHA512

    3cdbc2c4a814b6307d2e82fa0375756306d5254d0a1d28269765c9a48dad5852a90841c8b1640f11bf01182380993ffee2606cf3748190a40a942a388b88d59b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c0892b3af54b9b6c9f4fc42c866ce53

    SHA1

    f3f36fe48b22074118167cde11a8cfdab913db4c

    SHA256

    8c9e2574a285b4b814c003c8bf72b89793c9da6df561b07ab5781f7fbe6dc4c2

    SHA512

    9ebafa5478e55c53aca9fdb57809bcd60dec07bbc61ca5374e09cd103b72db9ff84015c411b4d65bafb8fe311973a9b42ea1220b0ede7bc6ffcede649520aeee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8732ec0c18059409db306ca5f39133bc

    SHA1

    94745bfaefa1979de7c615fbd0d569031ec48e71

    SHA256

    63de3750e6090c55d8c0f7aca8090d29b9be2d87925b7a9c8c159fb6940a5654

    SHA512

    a5977553886ee6b8d5821a862f1ab06e87c10b4fd2030797d0dac1c4acc4ec0f73037de72c24b1b31df5e200c78ee88a1daf30a5e21b9f8b78d920295dcc7c61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d14a73d2df80d6a0c3661dcdac04b59

    SHA1

    e1848d8f1a16e1d999545884a582f137542a84df

    SHA256

    71114335c599f4f07ada2ecd7103c8703e6ce38ed4455b706e13d7a906273e9c

    SHA512

    51fdd917cd50ef0427687f27896ff6651a53ae10d883bf1bfb411ef3cbc67b7167876f78f0d987774e011cbc364078f5e8ee58a83d5d7a94511bf886c55b0c22

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6339.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6449.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\SYSTEM.INI
    Filesize

    257B

    MD5

    84fe1725c2235ccc1de62d227fc319e7

    SHA1

    f0fc855846801c933c84a4619d1b8c31d0ba12e4

    SHA256

    937751d79b275e93eb85a965831f805e19c643c0c4b3158eccadf217182ebdb9

    SHA512

    988e946afce368d143f9b1a51aa732818c1a881b4478a4c97996ae0fb12805efe1078c512bc5604d776490cf26399dbd455c9c6d14ba179300406b1376d1b01c

    Download Submit

  • \Users\Admin\AppData\Roaming\Cvgagc.exe
    Filesize

    188KB

    MD5

    22e3ba427f72b889c04192665811db26

    SHA1

    dfc3194e1ee99a8709f8a1cecec9859362e38aaa

    SHA256

    06a7e14ac643090406c115d729ebf9a6749b195eab695f61077f52a6db5b469e

    SHA512

    fa64ab9f4c19bdfd6eaa91539a1f3a20a7aa30e50e7745b11263c144fb02203f6fac59d8b60b451300ffa0823dc424f63e4dce4ec7c424bc1817e9424c2233f2

    Download Submit

  • memory/2132-6-0x0000000001D30000-0x0000000002DBE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2132-13-0x0000000001D30000-0x0000000002DBE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2132-2-0x0000000001D30000-0x0000000002DBE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2132-5-0x0000000001D30000-0x0000000002DBE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2132-9-0x0000000001D30000-0x0000000002DBE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2132-10-0x0000000001D30000-0x0000000002DBE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2132-8-0x0000000001D30000-0x0000000002DBE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2132-7-0x0000000001D30000-0x0000000002DBE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2132-11-0x0000000001D30000-0x0000000002DBE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2132-0-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2132-24-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2132-4-0x0000000001D30000-0x0000000002DBE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2572-45-0x0000000001E60000-0x0000000002EEE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2572-37-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2572-39-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2572-47-0x0000000001E60000-0x0000000002EEE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2572-38-0x0000000001E60000-0x0000000002EEE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2572-55-0x0000000000400000-0x0000000000430000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2572-42-0x0000000000280000-0x00000000002B0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2572-44-0x0000000001E60000-0x0000000002EEE000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/2672-56-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2672-52-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3004-35-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3004-21-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3004-12-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3004-15-0x0000000000400000-0x0000000000429000-memory.dmp

    Filesize

    164KB

    Download