Overview

overview

10

Static

static

3

cea91942b0...18.exe

windows7-x64

10

cea91942b0...18.exe

windows10-2004-x64

Analysis

  • max time kernel
    148s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 04:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cea91942b015b2f94856e18870a22dfc_JaffaCakes118.exe

  • Size

    264KB

  • MD5

    cea91942b015b2f94856e18870a22dfc

  • SHA1

    d8f326ca51837e522feb62e18e665308824979cd

  • SHA256

    c0178f7878f0dfb9c0a9a3db0867e69684b59d4e5203918f42e2b77192e4beca

  • SHA512

    ac1ae882a052dd49287cfd8c8eb176b90051d6d1254b6f84ecb695cab08067d7f2dad6cc6a8b80cc7a9c8a46c65272a3836b4bee2684c483af6d3b587296dfed

  • SSDEEP

    3072:DSFUZ+sa7PgW0CLVI/lRR1zypUfTjBJ1698x8qFgmqH1fEO7G0eDjtoMRo1TWAeA:tWFVI/lRR1WpkGjpEGeXtldA

Score
10/10
ramnitbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 2 IoCs
    evasion
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 6 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cea91942b015b2f94856e18870a22dfc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\cea91942b015b2f94856e18870a22dfc_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Users\Admin\AppData\Local\Temp\cea91942b015b2f94856e18870a22dfc_JaffaCakes118.exe
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Users\Admin\AppData\Local\Temp\cea91942b015b2f94856e18870a22dfc_JaffaCakes118Srv.exe
        C:\Users\Admin\AppData\Local\Temp\cea91942b015b2f94856e18870a22dfc_JaffaCakes118Srv.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2400
        • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
          "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2120
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2080
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2436
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:6632451 /prefetch:2
              6⤵
              • System Location Discovery: System Language Discovery
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2504
      • C:\Users\Admin\AppData\Roaming\moviamaker.exe
        "C:\Users\Admin\AppData\Roaming\moviamaker.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2176
        • C:\Users\Admin\AppData\Roaming\moviamaker.exe
          4⤵
          • Modifies firewall policy service
          • Executes dropped EXE
          • Loads dropped DLL
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2644
          • C:\Users\Admin\AppData\Roaming\moviamakerSrv.exe
            C:\Users\Admin\AppData\Roaming\moviamakerSrv.exe
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2520
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              6⤵
                PID:2652

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e69b164df53cdd6a290641baf0bfeae0

      SHA1

      e539a8df58b275a2f91071aec54f38d0d15743ab

      SHA256

      97ae10a9955c99e20ebcf6a091c1d65c3bb1862f497bb3676fb387bf44255d48

      SHA512

      78c463a8fbe597bcdc7e5b6ec35856908dfdc38f230aa745f72ae3613f2106ffa48f04d00bc8da70904891e9ae2459cb71b54a209dd7b3032e039ce6cebf9fd1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8435e62d8b7b55d828cb629dc91fac3c

      SHA1

      cd5f88b92e2f4dda418d5661df9f09197c00ee6f

      SHA256

      4c1f7ac36e685e47127a36b2b1899df67c383d5d24ddfeb0f7ecd76eb0cf8e37

      SHA512

      08eaf085adf68f902656374b2c8190dddcfe729a64c13fe44b0699836cd649d52a671370f76ab023bfecdb9766124a79b830c10d6b36464be897dc86f5f40fa8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d86da05306d6990bb711eb56ace6dc57

      SHA1

      de7d9cfb3cd9f86473f0838208560021665dc723

      SHA256

      ec19419b40fd40a3a5a1c2208a34a813cfaa4a8cdfb63130b93a6ea79fa7e2b3

      SHA512

      2408998461253f0eae64d0b8a90b795ec13739fec9ac1efdb444284bd51924e4137115d42781c0eeef5f8c72ad60177284159f63050ba56c46020eaa26d160f8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1c3517286bd2d72318079089f7761d08

      SHA1

      466b0e5a8d3a2325b8c10a4394705bf1167137a4

      SHA256

      00f4b80e25cdff2b4b43f7d4105c99712256f3ac0a928ffa86dc7824865eed1d

      SHA512

      e930f3c8484a7edef9465a871817387c195f91c160d938e57e5729a21763f7fd4cd2d03685f973fea7615fd93c91cf3949b75922026832e47ece9b7cc29b8929

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      46c8986c1460af3093e32310bf363dcc

      SHA1

      dcf03b80fcfd9b47dce55c04d6aea2be58f9daf5

      SHA256

      dff14c547474d93cad949859664bbaffec0107e4e9c2170766380d6850334d6d

      SHA512

      c2b917e9eefec1aa3d8a12edd675d21f9ca5cad769bf110d1acbc14492427084c7ebd40172b3a2b44adfc27e37d7925ea452024b330f135b5f218dc985d31409

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d97dfcdd21d67af58245b0bbf33920b

      SHA1

      0a4e61f2c90adde8796a508dbe6354ead3c8fe18

      SHA256

      03c886985cddaef73e9e9af07ce3a8d9b8cc581a070426ff34be366966cc8797

      SHA512

      16ee435765858487c4d8ca9cc35d6ae1a32e263e956b565c399f277f4892d675a2dcb9ad5d6dbaa09bb25c73967a20b79cc30db03d216adc71e931aae73a2b7c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      90ebe2fb36d613c2a24cbe53bb4c81db

      SHA1

      c46abe83af80b9917567df8fbd688316b2e19dd4

      SHA256

      3a93d03173ce3be1e2e86364b4d5ac245c9cd310612246be576805ae4fa0c018

      SHA512

      19a765fdb1b45b7b0f40ae3a3a28bfa170acf5b4c9c47e36b6471b90c8dc07ec6a2514651dacfa3655c010f8dbb43e51047b2689b47354fb194d88f21f86efa3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ba32e49507cd4d8f72078a7b5861a8d8

      SHA1

      08af40141ad30e66caed382845113219166755b6

      SHA256

      fb4104fe05b88adb29cdd79924863c06016ca7d0c84fb7f18bcb974739851250

      SHA512

      729c3e525eb99ac0e38bd6aed05eed2958a5647a3aac034302a3caaf4cfe79fc059201cc2cdf28fcbd73939b30567d3d83e7d5c2352a64501d78203d5a32e50b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      60dde40d7670be7f986b7dcbc989e3fa

      SHA1

      1ca744cd4e255be674f88e0600155af5cea89400

      SHA256

      cf00977c97e76c9a814b6cd6164d482593a8800116244f9bdfc85d797f3892db

      SHA512

      02893dbf10afdc714e73ba5e0eb592111ea97efae0a31ee2692c8d624a22758f576456c463fc1db259798325da208311c440b1748c4d0f186f57d60cc8c7682d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e7d8f29e5cbebe743f72c9e46ca76c68

      SHA1

      d69c5fd67c6c128ca3c135c9acbf8a589098e635

      SHA256

      0d6e2663f41717a9c2cdd280d3f04b3b0c0518292a8177e2616d6d958231fa7e

      SHA512

      45bad4d92011a0651acdcd424a5ed477c700fcfcafb2257d8361e1de71dba6e75e6892cf789135cacbd193250b14e18e3b08ae67d202882120de18470863d538

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2a55df720457fe085639c21cbc39631d

      SHA1

      06d22be3bcb13535b02a408167ae064b6a67d6a3

      SHA256

      79fdd133230d5370edeba745fdc850192d689c14d8e4edcb943b576ab8aa07ef

      SHA512

      2eb305687eeb65f6011277c6de4c8992a9a01c949bb13abe9e4f7eadb796d280e77582a3edf5dba0d718aa0e96f43539aa991e90fca6d3c555f319f223db3b2e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2e59b6389b83e199bf0be5f1f719c80a

      SHA1

      0c3705c64435b9633dda02e53d16b5de35eddef4

      SHA256

      8a0a0b87023fd9ac12eaa781fe7a51547fb5f7b65086e741e87e145829a48327

      SHA512

      d2a8272b8d69ea9344eca26acc35b72fdf33063eba590df68645c7b4782f968b0d12b7548fd5bedbc2b9fc1504aa4b57ddbe9542109f5172f4ef69cac53e6c60

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a06578cef372d5fe48e66b7fc2ea9bc1

      SHA1

      57a90fa1317aa0f801a553139228c55b7e5ee8b8

      SHA256

      6c4d0c26b0cb70ce6f64a1f85833fc0405f37d0917a2ee14cd2fa2bf19ce124b

      SHA512

      8729b3e0a9eb44deaa5e108340897b4ef9c3f7778e6d7e924c94910f09e7b8830f6892a6bd6ccf2914817ebf18fa4baff4b84eb19a181e3fc8b1a49be07e1ee4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      47e3718905be521f671c60949c57f009

      SHA1

      3c5e0b84966fe37530f0a09dc64fe86d4daa7662

      SHA256

      0bdf9237d97db10d9a8b46907eb291df151d7a115e3e969c353e7614dbdc2289

      SHA512

      fc54d13ad03ec8a9cf21c4ea7f585c7dc0a9025e26a88593b2a7a1e1f52fbe8cad30c65fee954b778507357f7c7cb49b3e0289d877f39f3dc3d3a38edcb8e9c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8729cbeea8a439e77fad42b27d790273

      SHA1

      f5a93fd31fbe73a54fd16ca2459152b890e48818

      SHA256

      b043fcd6b890ff947df5ab32f295906d84851bc34bc9c911d740610df6122186

      SHA512

      3947f73291241d1fd6812a7a462a9f46e4c68ce49d791703f72b1860fe015625fe3a692630ab76ad0390538f28b0d3a0d7c0a711bdf56b88e42ff7763662f6bb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a47eb5d296da7b5335a5dbe175c4852d

      SHA1

      9bbd9b9e9fc3d31c9ff5500e3f8a04ca05d38e5f

      SHA256

      dd2463a26365f38234b95450de50d1ea44cac99508d8e46dba3770c5ce71fb81

      SHA512

      d9ed8e831de307b29a0adebae497d8243d76462571eb236217e9a11c5136fdbff78ede3015768feb5eb49464983be77bca84a7323a5dd20faf6d6a2ad981c45d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e7c6010908d42e83094d393ba35d2a0f

      SHA1

      ca56facd81359ed31b4cc563c6bae067046db43a

      SHA256

      29734637ee6136f276a9b6766c535f40fcfefe8db763cde7f914d80f1dbc82f8

      SHA512

      997adfe50fdb31c49db7d7ff70b2502539a6340ca8c1b1c7492949c3351f004db5991d113bf1ac618610bfada7790f55a675ac51d119295df2634b26294d7b61

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      935c236180623efc9a67ef31a054475d

      SHA1

      d0fb343e511e716e8f0a48a30a5ed4108432fab2

      SHA256

      86d6e53b445dae182e132c7e148791a0e02abdc71726cd3dfe27be9b16041c45

      SHA512

      7619b072a6252e301300a5b7098548adb661e924c8f58192408c22b24c48256d6a3616a022db614b75ef1d4cd1c3d4bbab71bd8a66cf1e9d3e195f837527b1e5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7df6a6b8d514c42921bd2882a4913dae

      SHA1

      0ca4b8ea7d7364367a27fdcb74cfacb21f58a769

      SHA256

      fe08a0fc9eb3507ae6f2bace3a976a1269c2d7a42cd0bc9bc43f6303e9bf25cb

      SHA512

      9573bb4b23c012507241b4714df78dc145ffa88156b75de61b97c5e35228559c46bfd633d5029d3ee410ff1c6f0f8cb4c88f6c4c5cf74ad919cdbb363472cd7c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCCB3.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarCD63.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\cea91942b015b2f94856e18870a22dfc_JaffaCakes118Srv.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • \Users\Admin\AppData\Roaming\moviamaker.exe
      Filesize

      264KB

      MD5

      cea91942b015b2f94856e18870a22dfc

      SHA1

      d8f326ca51837e522feb62e18e665308824979cd

      SHA256

      c0178f7878f0dfb9c0a9a3db0867e69684b59d4e5203918f42e2b77192e4beca

      SHA512

      ac1ae882a052dd49287cfd8c8eb176b90051d6d1254b6f84ecb695cab08067d7f2dad6cc6a8b80cc7a9c8a46c65272a3836b4bee2684c483af6d3b587296dfed

      Download Submit

    • memory/2120-42-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2120-40-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2120-38-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2120-39-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2400-30-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2400-28-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2520-84-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2644-80-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-963-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-970-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-969-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-968-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-967-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-966-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-424-0x0000000000220000-0x000000000024E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2644-423-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-525-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-526-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-527-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-528-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-529-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-530-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-965-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-964-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2644-81-0x0000000000220000-0x000000000024E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2644-90-0x0000000000240000-0x000000000025A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-6-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-21-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-85-0x0000000000220000-0x000000000024E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3064-4-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-27-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-24-0x0000000000220000-0x000000000024E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3064-2-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3064-18-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-19-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-16-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-12-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-10-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3064-8-0x0000000000400000-0x000000000041A000-memory.dmp

      Filesize

      104KB

      Download