Overview

overview

7

Static

static

3

383067399d...18.exe

windows7-x64

7

383067399d...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/07/2024, 07:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    383067399d96c0621b64bde900da8bb4_JaffaCakes118.exe

  • Size

    634KB

  • MD5

    383067399d96c0621b64bde900da8bb4

  • SHA1

    64202046abfbc5e611d633e1dc336cb04fa9b564

  • SHA256

    c8ad5b524d352ec44afda6879b481c715da846c0960bc2e0c4c525b0249d1097

  • SHA512

    8fed57555a7025c0f876918a6dc89a195d290cb02569c836aba2e2f74a9c7013eeff6d9d51750ee9c22954e964c8281407882791de0cc0b6f1e431b4e2637f4e

  • SSDEEP

    12288:YzY4ci6+atHyFZoqJOL8NHJF3Z4mxxtSh1pExA/SVxNy6vgl1h8Uf:cYPAbFZo+OL8hJQmXobpYYcNy6AaQ

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\383067399d96c0621b64bde900da8bb4_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\383067399d96c0621b64bde900da8bb4_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\K.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\K.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4168
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
        3⤵
          PID:2200
    • C:\Windows\Hacker.com.cn.exe
      C:\Windows\Hacker.com.cn.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4244
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:5100

      Network

      • flag-us
        DNS
        tse1.mm.bing.net
        Remote address:
        8.8.8.8:53
        Request
        tse1.mm.bing.net
        IN A
        Response
        tse1.mm.bing.net
        IN CNAME
        mm-mm.bing.net.trafficmanager.net
        mm-mm.bing.net.trafficmanager.net
        IN CNAME
        ax-0001.ax-msedge.net
        ax-0001.ax-msedge.net
        IN A
        150.171.27.10
        ax-0001.ax-msedge.net
        IN A
        150.171.28.10
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.27.10:443
        Request
        GET /th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 468734
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 3094BAC5E6884DE0A3F052F953F61C9C Ref B: LON04EDGE1221 Ref C: 2024-07-11T07:19:15Z
        date: Thu, 11 Jul 2024 07:19:14 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
        Remote address:
        150.171.27.10:443
        Request
        GET /th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 431275
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 0C9DDB650A214BC7BB0798C9F6C949B1 Ref B: LON04EDGE1221 Ref C: 2024-07-11T07:19:15Z
        date: Thu, 11 Jul 2024 07:19:14 GMT
      • flag-us
        GET
        https://tse1.mm.bing.net/th?id=OADD2.10239317301732_1XU9VS499YTY2RBMB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        Remote address:
        150.171.27.10:443
        Request
        GET /th?id=OADD2.10239317301732_1XU9VS499YTY2RBMB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
        host: tse1.mm.bing.net
        accept: */*
        accept-encoding: gzip, deflate, br
        user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
        Response
        HTTP/2.0 200
        cache-control: public, max-age=2592000
        content-length: 552873
        content-type: image/jpeg
        x-cache: TCP_HIT
        access-control-allow-origin: *
        access-control-allow-headers: *
        access-control-allow-methods: GET, POST, OPTIONS
        timing-allow-origin: *
        report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
        nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 6BB42940822D439BB535BB6551A401D6 Ref B: LON04EDGE1221 Ref C: 2024-07-11T07:19:15Z
        date: Thu, 11 Jul 2024 07:19:14 GMT
      • flag-us
        DNS
        g.bing.com
        Remote address:
        8.8.8.8:53
        Request
        g.bing.com
        IN A
        Response
        g.bing.com
        IN CNAME
        g-bing-com.dual-a-0034.a-msedge.net
        g-bing-com.dual-a-0034.a-msedge.net
        IN CNAME
        dual-a-0034.a-msedge.net
        dual-a-0034.a-msedge.net
        IN A
        13.107.21.237
        dual-a-0034.a-msedge.net
        IN A
        204.79.197.237
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3816ebe045494a3389f5b80f45336cb0&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3816ebe045494a3389f5b80f45336cb0&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MUID=389812C12292658D1F180678232964F7; domain=.bing.com; expires=Tue, 05-Aug-2025 07:19:15 GMT; path=/; SameSite=None; Secure; Priority=High;
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 5777694DBCED46F6BF8EBE5BE27262D0 Ref B: LON04EDGE0910 Ref C: 2024-07-11T07:19:15Z
        date: Thu, 11 Jul 2024 07:19:15 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3816ebe045494a3389f5b80f45336cb0&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3816ebe045494a3389f5b80f45336cb0&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=389812C12292658D1F180678232964F7
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        set-cookie: MSPTC=ih6SmYJrJc7VvIB3NaXe5yyoLlFj4h-v2VFZrWXiSpI; domain=.bing.com; expires=Tue, 05-Aug-2025 07:19:15 GMT; path=/; Partitioned; secure; SameSite=None
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 6ABB43CE20B04F3D9D229DAFF7D0D05C Ref B: LON04EDGE0910 Ref C: 2024-07-11T07:19:15Z
        date: Thu, 11 Jul 2024 07:19:15 GMT
      • flag-us
        GET
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3816ebe045494a3389f5b80f45336cb0&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=
        Remote address:
        13.107.21.237:443
        Request
        GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3816ebe045494a3389f5b80f45336cb0&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid= HTTP/2.0
        host: g.bing.com
        accept-encoding: gzip, deflate
        user-agent: WindowsShellClient/9.0.40929.0 (Windows)
        cookie: MUID=389812C12292658D1F180678232964F7; MSPTC=ih6SmYJrJc7VvIB3NaXe5yyoLlFj4h-v2VFZrWXiSpI
        Response
        HTTP/2.0 204
        cache-control: no-cache, must-revalidate
        pragma: no-cache
        expires: Fri, 01 Jan 1990 00:00:00 GMT
        strict-transport-security: max-age=31536000; includeSubDomains; preload
        access-control-allow-origin: *
        x-cache: CONFIG_NOCACHE
        accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
        x-msedge-ref: Ref A: 0EAAEEE8C6B943BD959DFC6DC36C4035 Ref B: LON04EDGE0910 Ref C: 2024-07-11T07:19:15Z
        date: Thu, 11 Jul 2024 07:19:15 GMT
      • flag-us
        DNS
        8.8.8.8.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.8.8.8.in-addr.arpa
        IN PTR
        Response
        8.8.8.8.in-addr.arpa
        IN PTR
        dnsgoogle
      • flag-us
        DNS
        71.159.190.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        71.159.190.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.214.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.214.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        237.21.107.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        237.21.107.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        llff.oicp.net
        Hacker.com.cn.exe
        Remote address:
        8.8.8.8:53
        Request
        llff.oicp.net
        IN A
        Response
        llff.oicp.net
        IN A
        127.0.0.1
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        18.31.95.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        18.31.95.13.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        73.144.22.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        73.144.22.2.in-addr.arpa
        IN PTR
        Response
        73.144.22.2.in-addr.arpa
        IN PTR
        a2-22-144-73deploystaticakamaitechnologiescom
      • flag-us
        DNS
        llff.oicp.net
        Hacker.com.cn.exe
        Remote address:
        8.8.8.8:53
        Request
        llff.oicp.net
        IN A
        Response
        llff.oicp.net
        IN A
        127.0.0.1
      • flag-us
        DNS
        29.243.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        29.243.111.52.in-addr.arpa
        IN PTR
        Response
      • 150.171.27.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         6.9kB
         15
        13
      • 150.171.27.10:443
        tse1.mm.bing.net
        tls, http2
        1.2kB
         6.9kB
         15
        13
      • 150.171.27.10:443
        https://tse1.mm.bing.net/th?id=OADD2.10239317301732_1XU9VS499YTY2RBMB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
        tls, http2
        52.5kB
         1.5MB
         1096
        1093

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239340418575_1DFGQU5CLQUV7W36O&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317300897_1II1YIPQNQ7MCYUAK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

        HTTP Request

        GET https://tse1.mm.bing.net/th?id=OADD2.10239317301732_1XU9VS499YTY2RBMB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

        HTTP Response

        200

        HTTP Response

        200

        HTTP Response

        200
      • 13.107.21.237:443
        https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3816ebe045494a3389f5b80f45336cb0&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=
        tls, http2
        2.0kB
         9.5kB
         22
        19

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3816ebe045494a3389f5b80f45336cb0&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=3816ebe045494a3389f5b80f45336cb0&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=

        HTTP Response

        204

        HTTP Request

        GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=3816ebe045494a3389f5b80f45336cb0&localId=w:5B67E6EF-EB19-3B8C-6273-F1B27270E62E&deviceId=6896204247044651&anid=

        HTTP Response

        204
      • 127.0.0.1:8000
        Hacker.com.cn.exe
      • 127.0.0.1:8000
        Hacker.com.cn.exe
      • 127.0.0.1:8000
        Hacker.com.cn.exe
      • 127.0.0.1:8000
        Hacker.com.cn.exe
      • 8.8.8.8:53
        tse1.mm.bing.net
        dns
        62 B
         170 B
         1
        1

        DNS Request

        tse1.mm.bing.net

        DNS Response

        150.171.27.10
        150.171.28.10

      • 8.8.8.8:53
        g.bing.com
        dns
        56 B
         151 B
         1
        1

        DNS Request

        g.bing.com

        DNS Response

        13.107.21.237
        204.79.197.237

      • 8.8.8.8:53
        8.8.8.8.in-addr.arpa
        dns
        66 B
         90 B
         1
        1

        DNS Request

        8.8.8.8.in-addr.arpa

      • 8.8.8.8:53
        71.159.190.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        71.159.190.20.in-addr.arpa

      • 8.8.8.8:53
        172.214.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.214.232.199.in-addr.arpa

      • 8.8.8.8:53
        237.21.107.13.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        237.21.107.13.in-addr.arpa

      • 8.8.8.8:53
        llff.oicp.net
        dns
        Hacker.com.cn.exe
        59 B
         75 B
         1
        1

        DNS Request

        llff.oicp.net

        DNS Response

        127.0.0.1

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        18.31.95.13.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        18.31.95.13.in-addr.arpa

      • 8.8.8.8:53
        73.144.22.2.in-addr.arpa
        dns
        70 B
         133 B
         1
        1

        DNS Request

        73.144.22.2.in-addr.arpa

      • 8.8.8.8:53
        llff.oicp.net
        dns
        Hacker.com.cn.exe
        59 B
         75 B
         1
        1

        DNS Request

        llff.oicp.net

        DNS Response

        127.0.0.1

      • 8.8.8.8:53
        29.243.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        29.243.111.52.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\K.exe
        Filesize

        270KB

        MD5

        77727be6685645be39f45fc1446f24f6

        SHA1

        7f3e360a36279ccda159386eafe3e33b9ad4c8f6

        SHA256

        2d9b9ceb31ad93541ccda4671afff85b86fd9ad2faabc782cd535f8a7d732b4a

        SHA512

        70ee5b98db2f023f2afc106ddd3d7329a281e6c9004049540917b7c67b684e5359761b04915a2b3a141f3e5aef2ff25d14e21bbc191a3d8c72ed140943ba4558

        Download Submit

      • C:\Windows\uninstal.bat
        Filesize

        150B

        MD5

        12b2a195cba5d16c1a79111b3e47f15a

        SHA1

        057c15cc2ec1dad5980cf70eba3bdba612f4d6b0

        SHA256

        4ac8a319b86125f36db5fdb447d04f41114a527ec30945f7a7758ff8eeb46275

        SHA512

        38c243dd813c8924f2146e03a4ab943c957b0e4aac798c0579d9493fd4baf3fd754e16692afe7b1f0e01fe24909548fdf88b1a49dbbb007ce3fb43233925ab98

        Download Submit

      • memory/2524-5-0x0000000001000000-0x00000000010AC000-memory.dmp

        Filesize

        688KB

        Download

      • memory/2524-4-0x0000000001000000-0x00000000010AC000-memory.dmp

        Filesize

        688KB

        Download

      • memory/2524-10-0x0000000001000000-0x00000000010AC000-memory.dmp

        Filesize

        688KB

        Download

      • memory/2524-2-0x0000000001000000-0x00000000010AC000-memory.dmp

        Filesize

        688KB

        Download

      • memory/2524-7-0x0000000001000000-0x00000000010AC000-memory.dmp

        Filesize

        688KB

        Download

      • memory/2524-6-0x0000000001000000-0x00000000010AC000-memory.dmp

        Filesize

        688KB

        Download

      • memory/2524-0-0x0000000001000000-0x00000000010AC000-memory.dmp

        Filesize

        688KB

        Download

      • memory/2524-11-0x0000000001000000-0x00000000010AC000-memory.dmp

        Filesize

        688KB

        Download

      • memory/2524-3-0x0000000001000000-0x00000000010AC000-memory.dmp

        Filesize

        688KB

        Download

      • memory/2524-1-0x0000000001057000-0x0000000001058000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2524-24-0x0000000001000000-0x00000000010AC000-memory.dmp

        Filesize

        688KB

        Download

      • memory/4168-17-0x0000000000400000-0x000000000050E000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4244-20-0x0000000000400000-0x000000000050E000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4244-26-0x0000000000400000-0x000000000050E000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/4244-38-0x0000000000400000-0x000000000050E000-memory.dmp

        Filesize

        1.1MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.