Overview

overview

10

Static

static

3

af418f4b55...18.exe

windows7-x64

10

af418f4b55...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 12:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af418f4b5539878900750f8de9751413_JaffaCakes118.exe

  • Size

    132KB

  • MD5

    af418f4b5539878900750f8de9751413

  • SHA1

    5cccb0409f8aa1a15ac6ef70f4c71f81059144ee

  • SHA256

    afedb875319524d0e60de4d91e23f0b5510d18d6996298d1a7fdf01e0df58af1

  • SHA512

    e47b84036c4d946d9eda635aa477d9cf467f944506312f1af396fe88554d6ee52ffd642a4186fdda1e3453f43e0be52378771bef004ace376b22ba3fc7489f9d

  • SSDEEP

    768:t/raHM782f9rvs2Zg5nicskQzTGfxgzh3emu4v/eB4z7VP7LdGSu2HyTAzfMgTA1:t/roM7ZJfUQWgY54v

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 7 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\af418f4b5539878900750f8de9751413_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\af418f4b5539878900750f8de9751413_JaffaCakes118.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4884
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe" C:\Users\Admin\AppData\Local\Temp\af418f4b5539878900750f8de9751413_JaffaCakes118
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3064
    • C:\Windows\SysWOW64\msng.exe
      "C:\Windows\system32\msng.exe" fuckystart
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Enumerates connected drives
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1148
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe http://www.OpenClose.ir
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2612
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1096
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:468
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.openclose.ir/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1572
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8929846f8,0x7ff892984708,0x7ff892984718
        3⤵
          PID:4648
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
          3⤵
            PID:404
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2256
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
            3⤵
              PID:1580
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              3⤵
                PID:4676
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                3⤵
                  PID:4248
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
                  3⤵
                    PID:4632
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
                    3⤵
                      PID:1820
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
                      3⤵
                        PID:1968
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2408
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                        3⤵
                          PID:3328
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
                          3⤵
                            PID:3808
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
                            3⤵
                              PID:2884
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
                              3⤵
                                PID:2500
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
                                3⤵
                                  PID:5756
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                                  3⤵
                                    PID:4928
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11915194701406462763,10387169215153427503,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 /prefetch:2
                                    3⤵
                                      PID:3016
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4340
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3476

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      847d47008dbea51cb1732d54861ba9c9

                                      SHA1

                                      f2099242027dccb88d6f05760b57f7c89d926c0d

                                      SHA256

                                      10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

                                      SHA512

                                      bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      f9664c896e19205022c094d725f820b6

                                      SHA1

                                      f8f1baf648df755ba64b412d512446baf88c0184

                                      SHA256

                                      7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

                                      SHA512

                                      3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      9ce99732060dfafecd8ed264d270fd62

                                      SHA1

                                      64127e6b3077fff9fbd893f7389808201f80e713

                                      SHA256

                                      8026da642f3d3607ba69714eede9f8680ac24fbdb5e0969b46a3d71ad9387c23

                                      SHA512

                                      11b3b78772dc4325881e49f9398e7e4a89e1c2906b673660bc2a3612d41b2743d44fe7beee0d70eedcdb903d7fc746eb539f982a1d7aede0d3437590b9d3f52e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      b9a454d7b6e96039eb4d4e89af574eb8

                                      SHA1

                                      217db189831592f5206eb391b83dd4f69205521a

                                      SHA256

                                      4be0f516adeb11fe5adbd6b67d7dd127cbbec44be36d546e492579c95d5c0456

                                      SHA512

                                      fb6885c7a9910824e9f1f9b6e66673733e232120b5c1d482bd1fef8958d1afaa4caaf4609a6e03f5bcd932bb1dcbee52811c60269af5f7ef2af9b018de3d16a7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      13f1d14c1546d617c8836d12871e2242

                                      SHA1

                                      7ae66760822049608f72a4252ba571e67e8a63cc

                                      SHA256

                                      bbb129eb28607ec32ce868b5aece3e4acd511efb6156e19066496dbf5accc097

                                      SHA512

                                      21169fb2edd5f57131e5b513e2478d84e3ffe3b229111b887d467961b012295120a8da613118b944ceeeee839972f316627021184e04fc3033b50fb480b3a48f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      3aabb325ba4d425ad0fd0a71d4fff1ce

                                      SHA1

                                      bdf595b19c2affbfdcf3b6ea0ee3f8566ea7755c

                                      SHA256

                                      2667fbb7c1537014ce422e102092eafc224a1dd98f20ef94ce399d2efce72a1b

                                      SHA512

                                      142e03182450d19c8bf7a15f181a162a44b5e70b2f09a655c2418e82f29575f215c0a6ea7a872d1a0c5143db5168d5f410754b7a12d3d4775230269b0e301187

                                      Download Submit

                                    • C:\Windows\SysWOW64\msng.exe
                                      Filesize

                                      132KB

                                      MD5

                                      af418f4b5539878900750f8de9751413

                                      SHA1

                                      5cccb0409f8aa1a15ac6ef70f4c71f81059144ee

                                      SHA256

                                      afedb875319524d0e60de4d91e23f0b5510d18d6996298d1a7fdf01e0df58af1

                                      SHA512

                                      e47b84036c4d946d9eda635aa477d9cf467f944506312f1af396fe88554d6ee52ffd642a4186fdda1e3453f43e0be52378771bef004ace376b22ba3fc7489f9d

                                      Download Submit

                                    • C:\Windows\SysWOW64\rundII32.exe
                                      Filesize

                                      60KB

                                      MD5

                                      889b99c52a60dd49227c5e485a016679

                                      SHA1

                                      8fa889e456aa646a4d0a4349977430ce5fa5e2d7

                                      SHA256

                                      6cbe0e1f046b13b29bfa26f8b368281d2dda7eb9b718651d5856f22cc3e02910

                                      SHA512

                                      08933106eaf338dd119c45cbf1f83e723aff77cc0f8d3fc84e36253b1eb31557a54211d1d5d1cb58958188e32064d451f6c66a24b3963cccd3de07299ab90641

                                      Download Submit

                                    • C:\~0002ftd.tmp
                                      Filesize

                                      82B

                                      MD5

                                      af8efdf07e1790512cb3fc53f19866ac

                                      SHA1

                                      13531d128815042ca04c289652b2f1076bd68178

                                      SHA256

                                      18e5d646ae9611aef1e01d000f7808d62c7796439638f21e2c457e0e8ce33976

                                      SHA512

                                      f237b3914733651b7be64ab6ac11f6d36b4a0f607757cf996494c446729d1148df7b8ac15b7b10c486b72df9d31b0f48c602946077e29330d378e9c9039b2904

                                      Download Submit

                                    • memory/1148-465-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-883-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-1454-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-259-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-564-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-372-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-667-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-1253-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-150-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-770-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-147-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/1148-1071-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/4884-14-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download

                                    • memory/4884-0-0x0000000000400000-0x00000000004B6000-memory.dmp

                                      Filesize

                                      728KB

                                      Download