Overview

overview

10

Static

static

7

71dee9e425...18.exe

windows7-x64

10

71dee9e425...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 00:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    71dee9e425d3a04511fcdb34e676b6f1_JaffaCakes118.exe

  • Size

    255KB

  • MD5

    71dee9e425d3a04511fcdb34e676b6f1

  • SHA1

    ee997d4c34abcfeb2340f0fa32d555ce5e9583eb

  • SHA256

    3e0a26e69ae4a02cecb0dc520ece422c12aefaf1fc5748fae09ba02ac1616998

  • SHA512

    42bf44be86b41f4b2f443a16d3f57f9c7cfc326f99f618fb99a85a3d383e852529497a058aa75de3a56a15e13772da430112faaf2a8c5cada579dc7882a6c3b3

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJB:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIa

Score
10/10
discoveryevasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 58 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 12 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71dee9e425d3a04511fcdb34e676b6f1_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\71dee9e425d3a04511fcdb34e676b6f1_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Windows\SysWOW64\wgegmhihdm.exe
      wgegmhihdm.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3160
      • C:\Windows\SysWOW64\sbmyzycq.exe
        C:\Windows\system32\sbmyzycq.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1360
    • C:\Windows\SysWOW64\pnplvqgmkuvuxgz.exe
      pnplvqgmkuvuxgz.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2188
    • C:\Windows\SysWOW64\sbmyzycq.exe
      sbmyzycq.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4684
    • C:\Windows\SysWOW64\dgstlyyzwqrjr.exe
      dgstlyyzwqrjr.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4396
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:2560

Network

        MITRE ATT&CK Enterprise v15

        Reconnaissance

        Resource Development

        Initial Access

        Execution

        Persistence

        Boot or Logon Autostart Execution

        2
        T1547

        Registry Run Keys / Startup Folder

        1
        T1547.001

        Winlogon Helper DLL

        1
        T1547.004

        Privilege Escalation

        Boot or Logon Autostart Execution

        2
        T1547

        Registry Run Keys / Startup Folder

        1
        T1547.001

        Winlogon Helper DLL

        1
        T1547.004

        Defense Evasion

        Hide Artifacts

        2
        T1564

        Hidden Files and Directories

        2
        T1564.001

        Impair Defenses

        2
        T1562

        Disable or Modify Tools

        2
        T1562.001

        Modify Registry

        6
        T1112

        Credential Access

        Unsecured Credentials

        1
        T1552

        Credentials In Files

        1
        T1552.001

        Discovery

        Peripheral Device Discovery

        1
        T1120

        Query Registry

        4
        T1012

        System Information Discovery

        5
        T1082

        System Location Discovery

        1
        T1614

        System Language Discovery

        1
        T1614.001

        Lateral Movement

        Collection

        Data from Local System

        1
        T1005

        Command and Control

        Exfiltration

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
          Filesize

          255KB

          MD5

          bb0fe33728266a3e6db7a40da1f2b12c

          SHA1

          912dd4a53d6dacc29f416b3df35030e44c8c553f

          SHA256

          75c86ce6a82e32ed26cdc80e5b484c8111e7b4e861f489038838e89647a76726

          SHA512

          d20b2275057f9a2c89ec50a1d25ded8c9be18bd5c269c92ed984404a61055e2f4d5b7fd6979c78f4b01f31ad436c202a5c02332cd34650b16e57731ef652b4a5

          Download Submit

        • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
          Filesize

          255KB

          MD5

          f6bbf8941808a6cf9f6867df2dc024ed

          SHA1

          253989891a0797e1000065850e7e0a698a19302f

          SHA256

          769c58822e19e7a402298c3b2fa06d638dbc7c5e07be14bb92bd9913e958c9ef

          SHA512

          95d1cbff7c847d51cb1832f1f58a0b0bc1821f65bc2a592a498ea5882827a8567a9009bc1fb58f9771779dd84eccc45a091fc35e2304f7e22bc00e75ddee9be8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TCDFD52.tmp\gb.xsl
          Filesize

          262KB

          MD5

          51d32ee5bc7ab811041f799652d26e04

          SHA1

          412193006aa3ef19e0a57e16acf86b830993024a

          SHA256

          6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

          SHA512

          5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
          Filesize

          418B

          MD5

          cf1762b0ada9d19012f3a7885a5ad37e

          SHA1

          45ec4d0b1498cc297d5bea6874d18844c8710fa4

          SHA256

          a1c7486a181fa1ebf1e3ccb546ba3a84965afe15e94bcce045b7494976465142

          SHA512

          f300569e16b4a87ad3e81b0c6c2f5d0ae693abb9436fb49b663870b1a1e71c9f80362606800096a50d362d15396ef68e3674419ff466fefeaa90de08fa4ed37e

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
          Filesize

          5KB

          MD5

          c9ad72dbdc9e5a739bcb0b5f6d815ddc

          SHA1

          8754f46c08feb9bfa4e975bd8881f1aee994fda3

          SHA256

          38c66b75d675acc931ecd1912bf51ff9927dc8ffc5549f5638a0a5ebb827bb3b

          SHA512

          f6dc1c8c37c1f94941b3a6a1d8c6e119f9be5b83f09a53423b2ed2ef3e3e0da4af9c32f51c913d4fe1d90e85ccb495d7aaf733c2841362a05538a921f41ee977

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
          Filesize

          4KB

          MD5

          a635e140a15324ed0c6c98c289f1b6fb

          SHA1

          df9ec2a2b49b7952f99789123687740b6c403b23

          SHA256

          999bca85bbaa0f7f6f92162d1481570c3e399918d14fbff88d01cf7227e6bb6a

          SHA512

          3a516f714d27ae535242528ab0523e2f9276fdb26de3385fd05b9db764118d14e4675b790eff06fc23ee98bf48ca4a6ad12ff1368c0bd966caff55c709bd755c

          Download Submit

        • C:\Users\Admin\Documents\ProtectWrite.doc.exe
          Filesize

          255KB

          MD5

          657704e5e5bb076542410b0b312ab39d

          SHA1

          cec737087f286c5f477b9f8c5a7ad580892670d7

          SHA256

          598c206a3099f075b27f1a42de858612d77cc1d06c6ff29d5089425e49fe3ca5

          SHA512

          7b1fd00e18b4a797c6ecd150dcdcc4d48dcecacf40c68b75e247ef0126c77c298ccc98ef067bd9f1f108a7f601e1d8fe93dae3d8884d5d3faaab19d4b0f36f07

          Download Submit

        • C:\Windows\SysWOW64\dgstlyyzwqrjr.exe
          Filesize

          255KB

          MD5

          bfefda46da74116dc6980960ced013c3

          SHA1

          21ae905dcb283beeeb4313e0991b9ee2a1b56eb5

          SHA256

          81ff67ae0eb666aff8153a6f5ff7cacf31e109758b6df6f34d0e8bc0580b2723

          SHA512

          62268a152d377f28305de950f5de63e3a089189e6510e75abb81a909664da18a5fff150bfc5410fd6fcff585df9722f7040e4dee9ea4b6ba480f65a3f63766ca

          Download Submit

        • C:\Windows\SysWOW64\pnplvqgmkuvuxgz.exe
          Filesize

          255KB

          MD5

          9d1a4bb7cc3ea47f41b88bf7224e173c

          SHA1

          572e888c37adafaa43eb22cc8ddcfa90ffe73601

          SHA256

          b993565a894bf2879ededec61109892c027fd6502d8d2424ed9dd00182c5a7dc

          SHA512

          230ad5456a4ed56004332925d703e24d80cbe5609e26fda0b3754e24b279665ba9b7b9d96c4dfb9df96f3303b438ee6d9c052b4bae26ba65a37b01c7998beadc

          Download Submit

        • C:\Windows\SysWOW64\sbmyzycq.exe
          Filesize

          255KB

          MD5

          defd99aa94b8ca64990acee086fea2c1

          SHA1

          c66fec964ab0b945cf57ec3766a56e9517b45f92

          SHA256

          0306d76e5fa9eccbe7029e4deb038df73b23ad80ea76d37a14e5bf767a5a2c7c

          SHA512

          ae897e1acfa38c51953f445a15cbc8f909e243b072cd855a38d4fa39e62f2304f9c65622f9a92796d9bc043042e0048ac1541e224d54ee7d4a04b9616fbbeb3b

          Download Submit

        • C:\Windows\SysWOW64\wgegmhihdm.exe
          Filesize

          255KB

          MD5

          ef6d9388819bebebd8cf1f549e2176e5

          SHA1

          bdf6f3b8537ed60151286123326c97352e3b93d6

          SHA256

          c32b4beee65d292f80e0732126b09f101f27f7d5a7251ae0bc54c7d81a8b8311

          SHA512

          b7ac3bc1f6a125bd6f7202fd2ca1ea7194e3b660b4d6adef96db6f9f3628a79fd5e0a97ef6ec00afd5ec1c6d1c1f6715e2c61955dbb3aeb4f22f68bc84ffdb0e

          Download Submit

        • C:\Windows\mydoc.rtf
          Filesize

          223B

          MD5

          06604e5941c126e2e7be02c5cd9f62ec

          SHA1

          4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

          SHA256

          85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

          SHA512

          803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

          Download Submit

        • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
          Filesize

          255KB

          MD5

          b8cfdb7a95abf412f090d9be4a0d3d1a

          SHA1

          cc4d075e3fcbcb6aba82a1d585bd396a254237f5

          SHA256

          26336bf2d39e4c91bf2a8c997c5bb4328d1bdb7bcb5ea5cb40874fe2db7c5088

          SHA512

          083609618849e7d53207dd6dd6bbec4e85053059e8203c9433fed7c4d642c618bc742f8b99f121e2e5ec5364937bd29ff1a09806683604edb87ca7283d4f88af

          Download Submit

        • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
          Filesize

          255KB

          MD5

          472d3f7e4200b72273fed911f0489542

          SHA1

          3ffc6f6dcdf4ee160ce008a52f94499fd839305a

          SHA256

          be428ed5842efbe468be587dc9861d599256497f0399e4b36ff689b20f4bd01f

          SHA512

          f6959b2478a81f5264eae40e2d3feabdd5bd7e8f12447bd78962508626b639ffb15dccc254a53c5a11e8e93cc207e415ae1b5dd5a1fbcf4c567abcd115dc9e45

          Download Submit

        • memory/1360-241-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1360-82-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1360-43-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1360-236-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1360-246-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1360-249-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-293-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-255-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-79-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-299-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-296-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-263-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-243-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-269-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-28-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-252-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-234-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-302-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-266-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-238-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-231-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2188-305-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2268-0-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2268-35-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2560-39-0x00007FFBFDA70000-0x00007FFBFDA80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2560-288-0x00007FFBFDA70000-0x00007FFBFDA80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2560-291-0x00007FFBFDA70000-0x00007FFBFDA80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2560-290-0x00007FFBFDA70000-0x00007FFBFDA80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2560-289-0x00007FFBFDA70000-0x00007FFBFDA80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2560-44-0x00007FFBFB8B0000-0x00007FFBFB8C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2560-41-0x00007FFBFB8B0000-0x00007FFBFB8C0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2560-40-0x00007FFBFDA70000-0x00007FFBFDA80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2560-36-0x00007FFBFDA70000-0x00007FFBFDA80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2560-37-0x00007FFBFDA70000-0x00007FFBFDA80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2560-38-0x00007FFBFDA70000-0x00007FFBFDA80000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3160-268-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-237-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-304-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-251-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-301-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-298-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-254-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-242-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-295-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-78-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-292-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-262-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-229-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-230-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3160-265-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-270-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-81-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-32-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-303-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-233-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-267-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-240-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-264-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-253-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-294-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-259-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-300-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-297-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4396-245-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4684-80-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4684-232-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4684-239-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4684-29-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4684-235-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4684-244-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4684-250-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download