Overview

overview

10

Static

static

3

65385d169a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65385d169aeb282f21c367cefbc24994_JaffaCakes118.exe

  • Size

    625KB

  • MD5

    65385d169aeb282f21c367cefbc24994

  • SHA1

    621b56959c3cfaa00eba761f9deab5b5b8b1cb1d

  • SHA256

    226581b00075c5f5c16f673b473479ced88884909990896e75feb6f82f353943

  • SHA512

    287315ad3f6a56b8e65b244b0beca9699cf3eb0706606863bed6f66aaae45dae4bb786893f96cd9a713d9b181af68b6d309b6a5631df335bb91177c34075c42b

  • SSDEEP

    12288:IVt+w8wyv/G66WoJMWNuRajX13DguGpyeBpsmOix:2t+w5yWDJF4q138uGz7snu

Score
10/10
expirobackdoordiscoveryevasiontrojan

Malware Config

Signatures

  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

    backdoorexpiro
  • Expiro payload 5 IoCs
    backdoor
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 8 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 42 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 40 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\65385d169aeb282f21c367cefbc24994_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\65385d169aeb282f21c367cefbc24994_JaffaCakes118.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1640
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:3448
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:4640
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3856
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:4516
    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4552
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2976
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      PID:5016
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2640
    • C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\SearchIndexer.exe /Embedding
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2464
      • C:\Windows\system32\SearchProtocolHost.exe
        "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
        2⤵
        • Modifies data under HKEY_USERS
        PID:1648
      • C:\Windows\system32\SearchFilterHost.exe
        "C:\Windows\system32\SearchFilterHost.exe" 0 804 808 816 8192 812 788
        2⤵
        • Modifies data under HKEY_USERS
        PID:1048

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      1.9MB

      MD5

      4ebc90c2ec585b2edf2f474524facb4f

      SHA1

      76cb29eba0b17a4c80f3191ae7a9824a33712cbf

      SHA256

      60b0da0e8a1efaae9b0d23cb666aa7e46f805c133dc260462199e9e6770c6c4a

      SHA512

      94af707b6554718e88120e22b24b893269e5ac6c89c2ff51a8668c15640b4ce1660903b9de5be4b8203dc9f39b4ee885a1b71b0f19d857be2d2fc2a76e82b66c

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\hfphmchd.tmp
      Filesize

      629KB

      MD5

      c1cb08fecfb5a1cf96da2531c1eb6da6

      SHA1

      6578349bf510ca5b7f1652bc97873e31e20653f7

      SHA256

      a614396844ce345745753b17c2a7697cbe09fd7ac5e6b44467798bd26a2ab70a

      SHA512

      12ea1b410d05fc7f9ce88440d69c796e057d983fd5585c629c511282427f158b6851a22e70ee9f93d16a53089a6695f5f0c1160386fcfe033f110efd36317575

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      940KB

      MD5

      2c53072af1b9b9173557e294fd9fc801

      SHA1

      baf0f762c4e1e27ac3915291f8cd3d35718102e5

      SHA256

      c76e4269700e66afc90d38406c84c7851c45be52072751728f76a6273e6a5ada

      SHA512

      05c9a5b6205895bfc7505db1408c09e5bf5cbd6ac0539ec47352d67dbee6fdc6c799df5f6e8b3dfb502d711657729495ae96256d38de4c7e3938e54122494307

      Download Submit

    • C:\Program Files\7-Zip\7zFM.exe
      Filesize

      1.3MB

      MD5

      f6d136e2443014447776c3a3148c43b7

      SHA1

      5bdf9de34d58cb2ba0ef27f76b84e1899277a2e3

      SHA256

      98c42b592d761ac8c15ca4b3eae62fd3f0347b2e53731b1f792cd239bd2ada2c

      SHA512

      60ee19624cd47494bd5105aac85bc2ea25f9b01f08112635712c078151306d3ab18ff496bacab97fc3ad6264c43d386416e382e7ceca975f7c592c9813dcca69

      Download Submit

    • C:\Program Files\7-Zip\7zG.exe
      Filesize

      1.1MB

      MD5

      105a2c7a38505fb9f201406b721eae3a

      SHA1

      233b68a9027a11803e831e10a8b38577fec6b55e

      SHA256

      9b7636875ae54c15beb14c340a285e640ca12617ae592bbdf3235aaacb17cea3

      SHA512

      ef6cf26ced9217ba53e64723c209a932545744a8f6792097debbf3d34d2e5dced2cc8997f80dae387c270d27e7070dbab810b28075f2465e958c4f8c018542c7

      Download Submit

    • C:\Program Files\7-Zip\Uninstall.exe
      Filesize

      410KB

      MD5

      edc7075f12cc1bb3bd5698fa83c87a63

      SHA1

      9de4efc78e62f19296b258103baee037b4efc9ab

      SHA256

      f41fca4049de2552b558f1fd44c80c370ae324a1e2fd4b618d4b17aa900086e3

      SHA512

      45c4770dcbd5c231a0031bf2b6130d3b5d18476a1a6221a75f87a8c9fcfb806738a952f7fd997eeafe8d5b8c66f77ef059aa268aea4c76c67622bd14ba919e0e

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
      Filesize

      672KB

      MD5

      651ef8eb5cfe64d1a25012e81ce9eb32

      SHA1

      547d45c4a352cda37827b2ebe28e98738d5af6f6

      SHA256

      19cafc0bcb8fb992ffc04f6b490786794945bbec7e55305a50c8181f84a14475

      SHA512

      f50be4268acf7f1c42cd49de3943e1961fedea3fc23c709451152e3adecaba9c1ca59c07075fc20ffdb57ffb595b4769c4f7100088e8e657d140add117b2378c

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
      Filesize

      4.5MB

      MD5

      d74015a87d135c3819ab086c639b26ca

      SHA1

      5c02cb0eb8b125aca67c2b8d30e981c64ec524c6

      SHA256

      c0b590691ee7045083f6cd78e3f415ab91f2b1cdd5f7b4e91dc99e749e0074bf

      SHA512

      5701b7313dd2d5041597f49fb3caab3f3ac96c7f57438644fb23706b9c5c5996a75203c00e7a643a1bfe499862079c771565ace2d0472f960866176a7301bf22

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
      Filesize

      738KB

      MD5

      46b7d2649aaa55c09e2e591b33591af2

      SHA1

      7514543377892e1ac41aaa4650ddfb7075e0a05d

      SHA256

      f5e89cd2a2fa1736caeb6a3be5b17b51c796d99cd96d0f33abac0ada05b128b2

      SHA512

      4ef7c04f53bbcb3e7c2a30f527927e3eeb7d1efdb6a5e6ffe4ea1d37497b73288e44fe2ac9943f442ec0b43f3c1f9ee1f9e9b8ef307bff29ae766b5f676de68e

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
      Filesize

      23.8MB

      MD5

      90d93c18d5a51d441b9602755e81e6fd

      SHA1

      31a25932a3c612e2cbb2740e710de9d86e32b9d4

      SHA256

      f162e4efe905c62b1cdcf294dc087fc8bab4f2fad259cf3865095443f5ea2ada

      SHA512

      738d2d3b32c44ee9e90731e40c49a98d44e5c08a9211437848c21f5e2994ba0a1b187048cf8c474fd722741a6ea5c6034c4b6e08b6426f56e48e40447f9d4989

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
      Filesize

      2.5MB

      MD5

      805edb73d3388333f49c809683a9bafa

      SHA1

      1bf698dbffa74457663f78b6cb59f2739c255616

      SHA256

      aac919990a7b2a2c3f6c23f9555adc0debcf30ff7ef569d4cf53ebf22e4a7831

      SHA512

      b4668d49a5749e1ef4363a61f189aa817a4a0a08b090c1a9703c59db06320d5274cf10733650400137b09256fac02e6404d444c6e3e6ef643f7c4aec953dc27c

      Download Submit

    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
      Filesize

      2.0MB

      MD5

      6e0592a211d225abe91547a62cb5bb66

      SHA1

      17d18fefb79a7cb6d31f6c52b84452031e6c6147

      SHA256

      00b568f9dd9968b66cf5546fbed240bab50b813f47804e36b4de9f3186ddc5eb

      SHA512

      06299af759ffc45ab9a527fa508cd66d93c1902510f1757c1d7b4f1425512314baccde6a35dfa259bc8862784ff751816eadadb94d68953a7e8230c1d42d0016

      Download Submit

    • C:\Users\Admin\AppData\Local\clmpkcaf\oolnclbn.tmp
      Filesize

      625KB

      MD5

      aaf8f95c5811445c4335bd35ffa30113

      SHA1

      c9dcdf298d8b4f54f648ddfeccf6cd7ea11c4c94

      SHA256

      b6da7d65774adb7e97e555b8e77021c562db128819bfb7c8bccefcce62882ead

      SHA512

      7d718986e3951ed9caf7206661a874ff452ce390ad060a025babb7403ed8cd7ee25054bd1a33859b83242b6dfaf54fbc496f6eefffb8ff8695b1b7fb2b54d029

      Download Submit

    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      Filesize

      818KB

      MD5

      1acd2898c9a030a08e6b95ff3972cde8

      SHA1

      953e5c1fa9cb9ee353e9dd60992dc6dce36390aa

      SHA256

      a235cf6cb8115f2e0022e4ccd254cdc99e247145fd255c1b860777528baf46a7

      SHA512

      5f2038d3bde9a834f3133a0770f4e3425696ddbf1e93082fd9a139e5a8cfe053b7f38e4d1f2efe3c5322255a4eac74c210fe29cd6b1d67660d73898d6b3a2060

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      487KB

      MD5

      731507bf7abcb423bf59ba133226d60f

      SHA1

      4b4dbe21aaaf180897f0182fe5bab43630e0d5ed

      SHA256

      ac017d50c19f6aa7557e4df6432a89363e6304e5118f06821fb6859ccd39d656

      SHA512

      a318b9ba122f9c4780c489a34cbfb424b505eed6ee39f1b149f63ba3b161e8bae9a7fbdd4d3034cf9bf8e13dce2d19a860a870729ad93f875df959c01e8aae3e

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.0MB

      MD5

      511510448bcf1780793626c1ddbbefaa

      SHA1

      5473438b8a91f6745af0185a4bed7a455c708560

      SHA256

      13e4cec2726fbec99a9252769e5b415631ab7e992a10fa05e3da3b265402cbda

      SHA512

      d0e59da34c745b70d1898c5465da38743c8caa69fcc7ce68259c87727cc796fe65b9f37acd9eba1ca2fd4d696454c81fa79fd58276155f0294021f25bc572ab2

      Download Submit

    • C:\Windows\System32\SearchIndexer.exe
      Filesize

      1.3MB

      MD5

      486c5793f9e257a03228813e7b8621a4

      SHA1

      0656dc4990b71501f6ea3bc4a5916a617ba964b7

      SHA256

      b231be1c27c323fae29b25118da8e1d22245aeddafff26bbc5afda268b97cf3f

      SHA512

      4b5cc13d22ad7a40ec74f247a716a1359d4a7e6ff01d5dfd683964645a294828108f8d7419c472a8b1fa81c593ae687325527bd98236407302009309ac7e1b1f

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      489KB

      MD5

      685795ed5933151ce0cbac8b1238283e

      SHA1

      8cc68b249f738ea92432255632b2ea29c1705777

      SHA256

      b05da003eb749e16498f01012bb75ef0438fb0e5712f1d3fa371af06ad38b427

      SHA512

      b8defb4bcf393b3c1670c4daa1f359e37b6c156c213ce0dfeaad9aff6378a09b23fc6db7764a9696119cfbecf62b2e52f95a56b1cce304996f79da08f75dd05c

      Download Submit

    • C:\Windows\System32\msdtc.exe
      Filesize

      540KB

      MD5

      158756e6f750526e59f617264983f57f

      SHA1

      2d1419e867d660210561cbc99bd66f2951dc4037

      SHA256

      df494ac97fd5d8c00e22158bd82c051c71dcac3a131b4961fe4687fda6f93442

      SHA512

      59268d1fc8c4d3a759677739cabef496c19187e7a2fd4767f9f2217a5d004fa78c34a08b17ad5375e46b6d781abb85e505c171eaefaef2e40dc842f5b4b19f79

      Download Submit

    • C:\Windows\system32\msiexec.exe
      Filesize

      463KB

      MD5

      6252a004e389cdf25a8154c0a0ee28d5

      SHA1

      3e0935a8fae25498e9635051fc262d53fe453780

      SHA256

      56f9f241bb12e46ce0f47edd93106f45de86413854e98e7b236d9c870e4c65d4

      SHA512

      bc8f791ee892a2b9e5f9714d7c6a2c143fcfc078ccc48690fff7cba64a209dcceba33d370c58c7f64e38d1b75bf9734e09d0b3c4908597bf08b04d75f08188db

      Download Submit

    • C:\Windows\system32\windowspowershell\v1.0\powershell.exe
      Filesize

      839KB

      MD5

      7defd6bc234f8417ddfbe3e97807daa0

      SHA1

      dde38582374cc1b376fdde99b3d9661ac1211a2f

      SHA256

      c507cea47e58179fab401f512645e31db11afcac687804343fa586572ed0cbc0

      SHA512

      b672b307fcc9c6db695c2366184561b0cda7d5f484f3dca50b9b9fe165c863209c834ef50028d8f0131b22f164c55d133ad53de20abd8f6bc71ba2f0110dc807

      Download Submit

    • \??\c:\program files\common files\microsoft shared\source engine\ose.exe
      Filesize

      637KB

      MD5

      f7b886deee48d82ee23ed90058792d75

      SHA1

      d98aeb2e39c054d0249e51a017d6fe156e2eb532

      SHA256

      d41cd5d8ea07c60deebd7a58ffbee38376d7b135dd319088b528d72a612e5258

      SHA512

      8953be1658e16fc3eca5be7efc0e8e7cd15ff873a69a367d444280ae00e122ba6bf95a70bb15f700d5220985b38d6d2d129aaec6a355419b42ea880ff9ebca03

      Download Submit

    • \??\c:\windows\system32\Appvclient.exe
      Filesize

      1.1MB

      MD5

      bf2b485a26ac535ffb20305d82ba210b

      SHA1

      2d2af97e8738756b200b9a4a49b48678c00fdd79

      SHA256

      9441278e11f24d464fb3849bfd91ab28a6b7c81fdf3cb87664daf2a2f626f0d0

      SHA512

      2cf10e58cc2d0e886e7e2b78cb92f21ef498275d22bf982c6a1c53effe544622d8bb4f5efa0c9dbb7cb8972085a4706c6c098eb71d86426241b9eab67260a29f

      Download Submit

    • memory/1048-316-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-327-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-338-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-343-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-340-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-341-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-342-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-339-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-337-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-315-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-336-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-317-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-318-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-319-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-320-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-321-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-322-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-323-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-324-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-325-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-326-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-335-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-328-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-329-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-330-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-331-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-332-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-333-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1048-334-0x000001E76AA70000-0x000001E76AA80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1640-164-0x00000000004BC000-0x000000000054F000-memory.dmp

      Filesize

      588KB

      Download

    • memory/1640-0-0x00000000004BC000-0x000000000054F000-memory.dmp

      Filesize

      588KB

      Download

    • memory/1640-1-0x0000000000400000-0x000000000054F000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1640-3-0x0000000000400000-0x000000000054F000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1640-180-0x0000000000400000-0x000000000054F000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2464-269-0x0000000002380000-0x0000000002390000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2464-285-0x0000000002600000-0x0000000002610000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2464-301-0x0000000006C70000-0x0000000006C78000-memory.dmp

      Filesize

      32KB

      Download

    • memory/3448-55-0x0000000140000000-0x0000000140136000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3448-202-0x000000014000D000-0x000000014001C000-memory.dmp

      Filesize

      60KB

      Download

    • memory/3448-23-0x000000014000D000-0x000000014001C000-memory.dmp

      Filesize

      60KB

      Download

    • memory/4516-48-0x0000000140000000-0x00000001401C2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4516-47-0x0000000140000000-0x00000001401C2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4640-40-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4640-208-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download