Overview

overview

10

Static

static

7

894043d3b9...18.exe

windows7-x64

10

894043d3b9...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/08/2024, 05:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    894043d3b9948a49c0231f0ad7f779dc_JaffaCakes118.exe

  • Size

    255KB

  • MD5

    894043d3b9948a49c0231f0ad7f779dc

  • SHA1

    7aad0c6f33c70d5e4ea7445356c805da9bf7e7e8

  • SHA256

    64cc7746dd1107d86b9bd80864694b6423af26cc3b0e3b45438a793965e704ee

  • SHA512

    58f65c7e6b9350a723a21bcaf4d7ab11e1414a6256bb7b19d8cee1aae4bb2ae9aeb315607f95cd443ef57735192c5632303d8787bad13f26a1bb0aededf7e208

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJ7:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIu

Score
10/10
discoveryevasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 57 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 12 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\894043d3b9948a49c0231f0ad7f779dc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\894043d3b9948a49c0231f0ad7f779dc_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4784
    • C:\Windows\SysWOW64\uxiidtmrhe.exe
      uxiidtmrhe.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:856
      • C:\Windows\SysWOW64\aqrkupxw.exe
        C:\Windows\system32\aqrkupxw.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1288
    • C:\Windows\SysWOW64\freqeacddwoijpq.exe
      freqeacddwoijpq.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4592
    • C:\Windows\SysWOW64\aqrkupxw.exe
      aqrkupxw.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:864
    • C:\Windows\SysWOW64\lozqrrpvxdpko.exe
      lozqrrpvxdpko.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:688
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

6
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
    Filesize

    255KB

    MD5

    814c3b8cfc45ea2773217db16632893a

    SHA1

    55720f176ecdecd1c911431ea73e9b2f87ecd456

    SHA256

    6e59209f5a2826699fef99953484ca60444172d21d4803bcfbebfeaeb0eb5394

    SHA512

    2760d63276eb81a19b9cf670bec04b8221c9708358277688cca43046e8d2140de170bc6a68d3f966b999a5e92a9b48ac7430a404b3a8695c8fcb3c6c1ac4cd91

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TCDBCDC.tmp\iso690.xsl
    Filesize

    263KB

    MD5

    ff0e07eff1333cdf9fc2523d323dd654

    SHA1

    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

    SHA256

    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

    SHA512

    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    218B

    MD5

    4f2e7922841ff40cc678f45286d4c225

    SHA1

    48c6b550022f018e95f194829809676d1b89ce08

    SHA256

    29cd04ded1a9d53acdd93edc4cc8086994ae1caae0ed649f605779d5fff30994

    SHA512

    90e969f7201704b0f81483a06213e5ecdb8e4ae9935a81cf31b6a296a92f08a6d3eb1c70b163153ca3880bacd48fcb90d6bb4aa28b03b43c99517d9f58e2ced8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
    Filesize

    16B

    MD5

    d29962abc88624befc0135579ae485ec

    SHA1

    e40a6458296ec6a2427bcb280572d023a9862b31

    SHA256

    a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

    SHA512

    4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    1KB

    MD5

    b74ed5f44579d1acec24d3f272de5d7c

    SHA1

    92b34f2605efc28407d7a3622c95c170470f8b8e

    SHA256

    190b61bbfd9906afd0d165f5e7ecfea1ff9378d1fb2e1118bb3278a96f2cd8ca

    SHA512

    f13835e91ba593c133a363572f20b13d9267d41e302809182ab11e56862e9aaaa90dbb96259d3fc480fac4318884ed4af7881ea04197128777a0dbcff35559ee

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    665B

    MD5

    5ecac47615fd43e664d9bdcb70b2813a

    SHA1

    87ce290195060c2e12d786c6240287e28e757145

    SHA256

    e3495a59e6b2c870def1e4e18b65b2eded877743516d0c75a8a416e37f20a5cd

    SHA512

    39e84758afe311d15bf46d13fe2e2049aec2d2d73cee57e71e5a9bd1dde3ca0b3604a25126b4a9f070d7de3061db7d11a4d8a1c9ba02e8122c8bb8f64eb9c243

    Download Submit

  • C:\Users\Admin\Documents\CompareEnter.doc.exe
    Filesize

    255KB

    MD5

    a5f585d42cd473b4b08f76c888bf7c1a

    SHA1

    27a6cb76fdae2eb89354f841fa16c8032806821e

    SHA256

    549a0b2e92648bc5c266cfef8ffe3bae1eea979df9b46ab2d1b23679ad9eae09

    SHA512

    3453bd93ac9b03c73147e24898c54d8a28d01269911fe6d5b22061402374ffab234baea4fc950ccdfccdf520c15e244d0dcf80f7a606ac85cef33d94c548c19c

    Download Submit

  • C:\Users\Admin\Documents\FormatBlock.doc.exe
    Filesize

    255KB

    MD5

    6db2ed867532ee711a8da6716acf602a

    SHA1

    947a4d4f559f8b9943b09ad6e5bdf84f67f49598

    SHA256

    cbf2c42f3082d985b9df568e384b2c1c6da12dfa2b1a697afaf92a8a4d3b5338

    SHA512

    d789db7c6602a998f62b2564cad2b84d83fd4d25d5737f684ac6f913c6900705e2ce0b5f17a9fb02e6af279be26aede79c55fe037e8a92df7902f81b32a5603e

    Download Submit

  • C:\Users\Admin\Downloads\WatchNew.doc.exe
    Filesize

    255KB

    MD5

    a31d4f4d290e870182ff36e5130390b4

    SHA1

    89bd0b44f76c1c399d4ddd492bd27285e17e8b43

    SHA256

    4dd9fdc51f3485dd29f0a000c72a56d4c9ed760361abcfffb131a2c1aeff2856

    SHA512

    3bc44dba12dcc436d03bd884be5707a60578b712cdd6991f7da63767b3837a609d4f090bd518c6daa1a9ebad8d330890a4a78cad94285aeef075dc48b0d3b758

    Download Submit

  • C:\Windows\SysWOW64\aqrkupxw.exe
    Filesize

    255KB

    MD5

    5309c4c805bd8b51b639e4fb95c2aa29

    SHA1

    fa4edceef1999dde74e03564169de7efc2c56edc

    SHA256

    5ef1090a970505393cec785f8c7d59ac712a56c3293a3978ba274d147b89b978

    SHA512

    cc6c68714bdc42f5afa34534a4c655b9fbef642c2e74f29167a5492c3784f831d8ea72dfab915fe8d98f05b79d30e01a5371ae4af27160787827c83851218a9f

    Download Submit

  • C:\Windows\SysWOW64\freqeacddwoijpq.exe
    Filesize

    255KB

    MD5

    d609f87526c90b34c57227d80246fd85

    SHA1

    cae4eb805892e80ac894dd9a79b99a9121b71b6f

    SHA256

    b457e6386863ceb5f1bf3fa99b6bba67573b837c9cddec64f136d702841e42ef

    SHA512

    6ae80e77dc9edc8c5052eb67fc7a88096d1c6bd7d14e8b7c8c8492e3eb52c51d1e8a9c1487f5a3f297812e7cb5743e7581f788d9b059ccca51e5ff97a858452a

    Download Submit

  • C:\Windows\SysWOW64\lozqrrpvxdpko.exe
    Filesize

    255KB

    MD5

    ae69286b89fb85f6db5e81f2ac6aebd6

    SHA1

    c0d12f9b561444dc0732c89064b041c9b15bbaa5

    SHA256

    7947656ab57179c7a5622b62ce4f62a40a984035b62c2180a656ab1350c51cb8

    SHA512

    68bdf38e110f316d2d8f0ab8c58f2392d6cd44ce47408776169a494e7e31f24170981df39c76e004c5a38bad21af467e5b4b26c9740c5587423dc8eb5daf18ef

    Download Submit

  • C:\Windows\SysWOW64\uxiidtmrhe.exe
    Filesize

    255KB

    MD5

    49298f7aaab0f9b0dcc0d20f6f874c4f

    SHA1

    58ac864c31ef7572665d4ef1d44c88cf6b447a95

    SHA256

    d8f9361d40730048d3a2718ebcfa1d0df17dd548ff277ac7b36d3207f13b8d7c

    SHA512

    23ed954b3a372d442d722e4194a8c107a2224750c43f95553f1e88cd195d39fe774889446c20b959b2c85d59e5ffe1b1a38b429fd198d2e8f2d967990e6d58e5

    Download Submit

  • C:\Windows\mydoc.rtf
    Filesize

    223B

    MD5

    06604e5941c126e2e7be02c5cd9f62ec

    SHA1

    4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

    SHA256

    85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

    SHA512

    803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

    Download Submit

  • \??\c:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
    Filesize

    255KB

    MD5

    7bea085af6344f021af32b5616527928

    SHA1

    ce90deb9549301c34646b7605f6390b17d5373e8

    SHA256

    c734ce75cc1dd802c369753b990e2059e1c5edf0c587318c7d93e3fcee76a478

    SHA512

    650a022679e592a71f9e53d7924f80dd5483893a05a4537e6dbde274df0a53c1560c2f7d890264e7841ec6ad5540ac23afc4a2d02a7415b37f067b581aec9ff8

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    255KB

    MD5

    10e972b125c62583ab5156a3faf990e8

    SHA1

    8a383e11407bd94aeefde9ff937d8d9bd5bdac7b

    SHA256

    cebab24c2affa5b3883fa011cec440473647a100b58a55d750f7e68621b203f2

    SHA512

    8d718229258ecb5dbae5f13623f073d74dd9898a23740d253beb1eb37f4cbd894423a4a6efdfdee3155f6fb575061849311ca5a11d5ef188f28c93740758da37

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    255KB

    MD5

    820229ae8bba0908b7aaf5008dbfb481

    SHA1

    7197a1fced96f7e965adae66173d7e032937ccba

    SHA256

    887d69aa85b5bb24c73a30fdaaafc3db3a23641cf55f7e5637e54152ff485f35

    SHA512

    48c99839bc2e451830e71c4f30785deea1de3c0469adcf289c32935affda981bbe0f6f66ce0fa7002aaab7d1d284eedf16829c2a6adcd266d3a45a5e8f4ac4f4

    Download Submit

  • memory/688-668-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-621-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-627-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-632-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-635-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-638-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-662-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-618-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-102-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-610-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-602-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-665-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-671-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-32-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/688-674-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-633-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-663-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-599-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-672-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-625-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-616-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-669-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-604-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-99-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-666-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-607-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-619-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-630-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-636-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/856-660-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/864-609-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/864-615-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/864-101-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/864-605-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/864-601-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/864-31-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1240-38-0x00007FFDD5D90000-0x00007FFDD5DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1240-658-0x00007FFDD5D90000-0x00007FFDD5DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1240-36-0x00007FFDD5D90000-0x00007FFDD5DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1240-41-0x00007FFDD3D30000-0x00007FFDD3D40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1240-42-0x00007FFDD3D30000-0x00007FFDD3D40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1240-659-0x00007FFDD5D90000-0x00007FFDD5DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1240-657-0x00007FFDD5D90000-0x00007FFDD5DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1240-40-0x00007FFDD5D90000-0x00007FFDD5DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1240-656-0x00007FFDD5D90000-0x00007FFDD5DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1240-39-0x00007FFDD5D90000-0x00007FFDD5DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1240-37-0x00007FFDD5D90000-0x00007FFDD5DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1288-115-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1288-603-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1288-614-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1288-606-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1288-611-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-664-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-30-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-608-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-661-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-617-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-637-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-631-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-626-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-634-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-100-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-667-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-670-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-600-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-620-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4592-673-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4784-35-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4784-0-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download