Overview

overview

10

Static

static

7

8d858c85a1...18.exe

windows7-x64

10

8d858c85a1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-08-2024 05:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d858c85a16a087c0f35a90d191299c6_JaffaCakes118.exe

  • Size

    255KB

  • MD5

    8d858c85a16a087c0f35a90d191299c6

  • SHA1

    62e3eb8a010750c12c7ab12c71b0c7b853acda12

  • SHA256

    af59b1f04419954dc52889849884bd738862a42494ec353a6564a4ba56e616fe

  • SHA512

    fb9c1bb139d93bb0a185497e02f81633278b6b184d934e5e596efa05fcdc1e0ea124febe3d2cc6a82e22eb570b94f40311c29bce983fa38a999295f405e83864

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJV:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIg

Score
10/10
discoveryevasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 59 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 13 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d858c85a16a087c0f35a90d191299c6_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\8d858c85a16a087c0f35a90d191299c6_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3236
    • C:\Windows\SysWOW64\zqdkakmsuv.exe
      zqdkakmsuv.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3896
      • C:\Windows\SysWOW64\xxxldevg.exe
        C:\Windows\system32\xxxldevg.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3548
    • C:\Windows\SysWOW64\meykntzpktnamtr.exe
      meykntzpktnamtr.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3456
    • C:\Windows\SysWOW64\xxxldevg.exe
      xxxldevg.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3100
    • C:\Windows\SysWOW64\mdvycknplxxkm.exe
      mdvycknplxxkm.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2276
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:1448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

6
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
    Filesize

    255KB

    MD5

    46fa4c361e386a8a043fc21faa88edaa

    SHA1

    959c525014233571cd66afda242e967c98ca6f35

    SHA256

    9a29a2cb1714018cc8ccd150f5d7d37494590d02892054cb59701ef947765635

    SHA512

    09da41aa4e37526bf57934ebb8f08d98fbbf9da0033750a5712947064cc0b4c440f8ecf9bc35c3781e23673d46fd18d345a66f933fae2c8e279b7742220a7a42

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
    Filesize

    255KB

    MD5

    8350e455283c4d87d8888e116ca26726

    SHA1

    1249d8ad1eecd0b1f291565375d0b5a5dc5198b7

    SHA256

    aff74028af7be8c00693246247fe1fd7c4937a62fbd3bc799cbdc756e54a07db

    SHA512

    4317c66ccaf1d6d50f0aff36798a2a12ac46cd0ea31446ec5acf0ec03d848fe7c166eba3199851f8701f4757476b9f3f8c5968e23d04163b094d6b7803daf406

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TCDB8CD.tmp\iso690.xsl
    Filesize

    263KB

    MD5

    ff0e07eff1333cdf9fc2523d323dd654

    SHA1

    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

    SHA256

    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

    SHA512

    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    235B

    MD5

    8968662306276ff1c671ca542d2f7570

    SHA1

    e74b2e3893ba9fcd5c059e25453a16353cf6730f

    SHA256

    c128a2780168f5b6208f5fc30d368800356ef571199ccfd67507574d98196893

    SHA512

    1772d685c8f4f1fff01162edd16263d8c3346a3a8d27fc92971ce72f7e0055aaa09870e97483480acae93d28eda39a4664f79d6ac95e20c8bf54c1ab6fdc97c5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    1KB

    MD5

    e4b72cb7337839927a344e8747cf1d8f

    SHA1

    3fd8c8f031a76a116cc4f321b6ef0bb999a8e2d7

    SHA256

    3ec6902acd95e63e38eed0d16eb2874079697669f64ae1d163aff689d4eff98f

    SHA512

    2bcec872d407c184be617599f4f65456b51fa7626f05cd71fe0b25f03ef209c76e445200e895ea25cb4d3cd8f8338045ed01d07f174cc001d3ffa3b82dbbbded

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    1KB

    MD5

    09c004f54118c322d1b2c8be554cf768

    SHA1

    e37452b6d8dc7046f6d8ebbfb14ad8c14f92627e

    SHA256

    fff92eade835ae0dafb75ddcabf30dafa44e9d447da511a2a54efda4d39fb9cf

    SHA512

    f9b373a3984039f69320e29cb3b6a33bca59b0e4a878d48b177800b15571436e3376d46dcf454c6e6fedb55b86a0713b458c4d5ae85f4be7dd0f89f36ed34aea

    Download Submit

  • C:\Users\Admin\Downloads\SearchGrant.doc.exe
    Filesize

    255KB

    MD5

    ffe7a76287e4d1a44c21adb9a6a58490

    SHA1

    d1d90b9cd32a7b82e03be764c4abfaa68e39ed84

    SHA256

    0c32eeeca4e2a6122c5d06ff4afa7673c10bd5995f148f10a1d8a85c4a51bc71

    SHA512

    eb526cedec9bdfc059d9d60f1682a2290b1fbb67b1d2a9b1b66638b78c9e663f03131127201aa21144fdb3b6fdd760dbd5bb9701613f212968507394445b984d

    Download Submit

  • C:\Users\Admin\Music\ConnectRename.doc.exe
    Filesize

    255KB

    MD5

    8eb81dbf9bc854ca93802051be02a6aa

    SHA1

    06e739d789ec6220df6cadc9a1604fba514c99b8

    SHA256

    3f2d4bfdf0e067dcb18ed7b14194efe7aa17107101871f35ace15ef34c98aec0

    SHA512

    193cce5752782a7d69f8548465e21e4c3b86a4e9f3df5921caa230b5b49bf1a90975f55d09142a3d956c76338604e486efb9428f779f4f287e2d39a1c834ba8f

    Download Submit

  • C:\Windows\SysWOW64\mdvycknplxxkm.exe
    Filesize

    255KB

    MD5

    849a51bf605e0e10af60b64dbfbd749c

    SHA1

    514a3f2570e130d2cec678a472c79900b74acf63

    SHA256

    a529eb948bb010aa16360cf6f22fb3aa7aa155230f83431b8913007496f0be89

    SHA512

    4094671ec3992c6f58c41dcb4f580a5aec3c0256bb3614beebf024ab9980230d77a186fec0f39cd033ece3c8c06e052342ee2a34d97684356039014487b1378e

    Download Submit

  • C:\Windows\SysWOW64\meykntzpktnamtr.exe
    Filesize

    255KB

    MD5

    18983b40b05fd654eec40be29e1a0ef4

    SHA1

    13140b792b433863ffac058944418b045ad8bcc7

    SHA256

    7a9d10c85e4fe0618664fdcd8c60a182d698424f9c2c3c9fddf92b99eee4b6d7

    SHA512

    058205e4886f1de3914789d180a778549bcc63022cde600f8363f65352043e4c04769f957c640b68a6ce55b6566ad7b10692e805ecf54e748b3cb534d0a87707

    Download Submit

  • C:\Windows\SysWOW64\xxxldevg.exe
    Filesize

    255KB

    MD5

    f663288bb3b792e53eaf5fd42425bccc

    SHA1

    3f77658a54ec622c24392909fec3ad885bb8b000

    SHA256

    30a483ca602afe9793e3e7fae3d562034ca483d36ccd59d3fe9fddf3cc253990

    SHA512

    d621f2cbd2d714190a73ce2c1ac7d13fe959e2da9d756bf4380175122d881561710b924b6d2aaa235bf52e631b7872f53228d81a0cccdcc095a16cba81e47680

    Download Submit

  • C:\Windows\SysWOW64\zqdkakmsuv.exe
    Filesize

    255KB

    MD5

    52285a04f2f8e8c28f686529a7cc5f47

    SHA1

    6946b584e99f0bbf18757c2fb1f9e5aaba1a6050

    SHA256

    7f3858486c4ef7fbc02ae0ae83d2311f84adb5eda27892b207adb0837d0f8396

    SHA512

    733b895dea1ce01e682f015d25f905366a4b75d249438a9bda8c7beb4bc2f0781590e215a8e8906771eee68c0c024bb628431fc727aa3b1ed8c4361270a0730c

    Download Submit

  • C:\Windows\mydoc.rtf
    Filesize

    223B

    MD5

    06604e5941c126e2e7be02c5cd9f62ec

    SHA1

    4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

    SHA256

    85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

    SHA512

    803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    255KB

    MD5

    729f4fc801ba9f11c361ea0283aa10f4

    SHA1

    93ecc6bc673e1200d2bae7a3429a0b49309ca288

    SHA256

    74aa039bf53a6d8fd5b6d556056af09382ffbf18a66b64acf7cb3da9c2ab3de7

    SHA512

    34b832f6466f214dceb608227fde983c6ca1e20ef12f4d13ff6d95e1fce5cf46b472ed4a1d71e30b0cd61a88488047a78804ac90804d72f080dce967d91d25d3

    Download Submit

  • memory/1448-519-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-521-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-42-0x00007FFCCC170000-0x00007FFCCC180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-41-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-40-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-39-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-38-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-37-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-520-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-43-0x00007FFCCC170000-0x00007FFCCC180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1448-518-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2276-475-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-527-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-460-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-524-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-31-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-470-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-513-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-96-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-530-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-465-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-497-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-457-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-494-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-483-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2276-491-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3100-95-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3100-459-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3100-480-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3100-456-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3100-464-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3100-474-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3100-469-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3236-0-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3236-36-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-493-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-523-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-529-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-526-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-468-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-123-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-463-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-473-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-496-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-455-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-28-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-512-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-482-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-94-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3456-490-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3548-461-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3548-97-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3548-35-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3548-479-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3548-471-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3548-466-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3548-458-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3548-476-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-495-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-124-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-511-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-454-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-492-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-93-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-522-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-489-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-462-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-525-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-481-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-472-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-528-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-467-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3896-26-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download