Overview

overview

10

Static

static

3

e08aed27b1...18.exe

windows7-x64

10

e08aed27b1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-09-2024 16:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e08aed27b1e5b0506664aff7a195866a_JaffaCakes118.exe

  • Size

    257KB

  • MD5

    e08aed27b1e5b0506664aff7a195866a

  • SHA1

    370e5d245a9c78fba5c459b983e3e98c72fd6fcd

  • SHA256

    f96525ff562cc924d49640ea5d3739fecabf915e6872bca8166c01a5f5e9a703

  • SHA512

    c0c77dcb230fa0d1b17756caebe4b411ec1d7fa0399653604ced7e3c394e8aea1282a1bb4e864575ea693b2ff30b789e012807f27efaa9e30fa84933d938d5e9

  • SSDEEP

    6144:mUgaFWMtFBeh+OZb5NyL7tfQN5/inEaMadDKNa1aIfJCuXXXXXX:mKFWKBeh+OZWtfQunka1KNaT/XXXXXX

Score
10/10
metasploitbackdoorbootkitdiscoveryevasionpersistencetrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Modifies security service 2 TTPs 22 IoCs
    evasion
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 20 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 11 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 32 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 33 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs .reg file with regedit 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e08aed27b1e5b0506664aff7a195866a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e08aed27b1e5b0506664aff7a195866a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\v.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Windows\SysWOW64\regedit.exe
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        3⤵
        • Modifies security service
        • System Location Discovery: System Language Discovery
        • Runs .reg file with regedit
        PID:2872
    • C:\Windows\SysWOW64\firefoxV2.com
      C:\Windows\system32\firefoxV2.com 532 "C:\Users\Admin\AppData\Local\Temp\e08aed27b1e5b0506664aff7a195866a_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Writes to the Master Boot Record (MBR)
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1804
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\v.bat
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1080
        • C:\Windows\SysWOW64\regedit.exe
          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
          4⤵
          • Modifies security service
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:2504
      • C:\Windows\SysWOW64\firefoxV2.com
        C:\Windows\system32\firefoxV2.com 556 "C:\Windows\SysWOW64\firefoxV2.com"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Writes to the Master Boot Record (MBR)
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1276
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c c:\v.bat
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1952
          • C:\Windows\SysWOW64\regedit.exe
            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
            5⤵
            • Modifies security service
            • System Location Discovery: System Language Discovery
            • Runs .reg file with regedit
            PID:2180
        • C:\Windows\SysWOW64\firefoxV2.com
          C:\Windows\system32\firefoxV2.com 564 "C:\Windows\SysWOW64\firefoxV2.com"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Writes to the Master Boot Record (MBR)
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2012
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c c:\v.bat
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2828
            • C:\Windows\SysWOW64\regedit.exe
              REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
              6⤵
              • Modifies security service
              • System Location Discovery: System Language Discovery
              • Runs .reg file with regedit
              PID:1320
          • C:\Windows\SysWOW64\firefoxV2.com
            C:\Windows\system32\firefoxV2.com 560 "C:\Windows\SysWOW64\firefoxV2.com"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Writes to the Master Boot Record (MBR)
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1332
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c c:\v.bat
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3056
              • C:\Windows\SysWOW64\regedit.exe
                REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                7⤵
                • Modifies security service
                • System Location Discovery: System Language Discovery
                • Runs .reg file with regedit
                PID:2884
            • C:\Windows\SysWOW64\firefoxV2.com
              C:\Windows\system32\firefoxV2.com 568 "C:\Windows\SysWOW64\firefoxV2.com"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Writes to the Master Boot Record (MBR)
              • Drops file in System32 directory
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1564
              • C:\Windows\SysWOW64\cmd.exe
                cmd /c c:\v.bat
                7⤵
                • System Location Discovery: System Language Discovery
                PID:2956
                • C:\Windows\SysWOW64\regedit.exe
                  REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                  8⤵
                  • Modifies security service
                  • System Location Discovery: System Language Discovery
                  • Runs .reg file with regedit
                  PID:3052
              • C:\Windows\SysWOW64\firefoxV2.com
                C:\Windows\system32\firefoxV2.com 576 "C:\Windows\SysWOW64\firefoxV2.com"
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Writes to the Master Boot Record (MBR)
                • Drops file in System32 directory
                • System Location Discovery: System Language Discovery
                PID:2060
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c c:\v.bat
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:2976
                  • C:\Windows\SysWOW64\regedit.exe
                    REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                    9⤵
                    • Modifies security service
                    • System Location Discovery: System Language Discovery
                    • Runs .reg file with regedit
                    PID:1000
                • C:\Windows\SysWOW64\firefoxV2.com
                  C:\Windows\system32\firefoxV2.com 572 "C:\Windows\SysWOW64\firefoxV2.com"
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Writes to the Master Boot Record (MBR)
                  • Drops file in System32 directory
                  • System Location Discovery: System Language Discovery
                  PID:1292
                  • C:\Windows\SysWOW64\cmd.exe
                    cmd /c c:\v.bat
                    9⤵
                    • System Location Discovery: System Language Discovery
                    PID:2808
                    • C:\Windows\SysWOW64\regedit.exe
                      REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                      10⤵
                      • Modifies security service
                      • System Location Discovery: System Language Discovery
                      • Runs .reg file with regedit
                      PID:1908
                  • C:\Windows\SysWOW64\firefoxV2.com
                    C:\Windows\system32\firefoxV2.com 580 "C:\Windows\SysWOW64\firefoxV2.com"
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Writes to the Master Boot Record (MBR)
                    • Drops file in System32 directory
                    • System Location Discovery: System Language Discovery
                    PID:1648
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd /c c:\v.bat
                      10⤵
                      • System Location Discovery: System Language Discovery
                      PID:2524
                      • C:\Windows\SysWOW64\regedit.exe
                        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                        11⤵
                        • Modifies security service
                        • System Location Discovery: System Language Discovery
                        • Runs .reg file with regedit
                        PID:2676
                    • C:\Windows\SysWOW64\firefoxV2.com
                      C:\Windows\system32\firefoxV2.com 584 "C:\Windows\SysWOW64\firefoxV2.com"
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Writes to the Master Boot Record (MBR)
                      • Drops file in System32 directory
                      • System Location Discovery: System Language Discovery
                      PID:1760
                      • C:\Windows\SysWOW64\cmd.exe
                        cmd /c c:\v.bat
                        11⤵
                        • System Location Discovery: System Language Discovery
                        PID:2392
                        • C:\Windows\SysWOW64\regedit.exe
                          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                          12⤵
                          • Modifies security service
                          • System Location Discovery: System Language Discovery
                          • Runs .reg file with regedit
                          PID:1780
                      • C:\Windows\SysWOW64\firefoxV2.com
                        C:\Windows\system32\firefoxV2.com 588 "C:\Windows\SysWOW64\firefoxV2.com"
                        11⤵
                        • Executes dropped EXE
                        • Writes to the Master Boot Record (MBR)
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        PID:2980
                        • C:\Windows\SysWOW64\cmd.exe
                          cmd /c c:\v.bat
                          12⤵
                          • System Location Discovery: System Language Discovery
                          PID:1716
                          • C:\Windows\SysWOW64\regedit.exe
                            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                            13⤵
                            • Modifies security service
                            • System Location Discovery: System Language Discovery
                            • Runs .reg file with regedit
                            PID:2196

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    d085cde42c14e8ee2a5e8870d08aee42

    SHA1

    c8e967f1d301f97dbcf252d7e1677e590126f994

    SHA256

    a15d5dfd655de1214e0aae2292ead17eef1f1b211d39fac03276bbd6325b0d9f

    SHA512

    de2cebd45d3cf053df17ae43466db6a8b2d816bf4b9a8deb5b577cfedf765b5dcdc5904145809ad3ca03ccff308f8893ec1faa309dd34afcab7cc1836d698d7b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    6bf876cd9994f0d41be4eca36d22c42a

    SHA1

    50cda4b940e6ba730ce59000cfc59e6c4d7fdc79

    SHA256

    ff39ffe6e43e9b293c5be6aa85345e868a27215293e750c00e1e0ba676deeb2a

    SHA512

    605e2920cd230b6c617a2d4153f23144954cd4bae0f66b857e1b334cd66258fbc5ba049c1ab6ab83c30fd54c87235a115ec7bbfd17d6792a4bbbae4c6700e106

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    360B

    MD5

    3a1a83c2ffad464e87a2f9a502b7b9f1

    SHA1

    4ffa65ecdd0455499c8cd6d05947605340cbf426

    SHA256

    73ed949fba75a20288ac2d1e367180d4c8837fd31c66143707768d5b0e3bd8b6

    SHA512

    8232967faaf29b8b93b5042ba2bb1fcb6d0f0f2fa0e19573b1fe49f526ba434c5e76e932829e3c71beb0903e42c293ed202b619fee8aba93efe4a99e8aec55e2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    872656500ddac1ddd91d10aba3a8df96

    SHA1

    ddf655aea7e8eae37b0a2dd4c8cabaf21cf681fc

    SHA256

    d6f58d2fbf733d278281af0b9e7732a591cdd752e18a430f76cb7afa806c75f8

    SHA512

    e7fab32f6f38bde67c8ce7af483216c9965ab62a70aee5c9a9e17aa693c33c67953f817406c1687406977b234d89e62d7feb44757527de5db34e5a61462a0be9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    1KB

    MD5

    3bd23392c6fcc866c4561388c1dc72ac

    SHA1

    c4b1462473f1d97fed434014532ea344b8fc05c1

    SHA256

    696a382790ee24d6256b3618b1431eaf14c510a12ff2585edfeae430024c7a43

    SHA512

    15b3a33bb5d5d6e6b149773ff47ade4f22271264f058ad8439403df71d6ecfaa2729ef48487f43d68b517b15efed587b368bc6c5df549983de410ec23b55adb1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    1KB

    MD5

    f31b2aa720a1c523c1e36a40ef21ee0d

    SHA1

    9c8089896c55e6e6a9cca99b1b98c544723d314e

    SHA256

    cea90761ea6ef6fb8ac98484b5720392534a9774e884c3e343ae29559aa0a716

    SHA512

    a679ce1192e15cd9b8dd4a3d7ecf85707ec23fa944c020b226172497c0b5600460558cfa9304ddf2c582a95e0fcd7f1b26004c8fba0ed9afcddc6ded770c85bb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    9e5db93bd3302c217b15561d8f1e299d

    SHA1

    95a5579b336d16213909beda75589fd0a2091f30

    SHA256

    f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

    SHA512

    b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    182B

    MD5

    09e45f09a25fed7995c8430f4a370ade

    SHA1

    fc49fec86e600a7c4e1b6bfa274f883635d65687

    SHA256

    f827e79f717d490ba61a9ec5f8198ebc3066e22fd25871f06ce15f04162f57b9

    SHA512

    1a6ed68eced45f30fff3f281ceb082d6ae9e13bc71f6f7da5b4ba064e9876ef7efd76eaffe1325f6e3dfa3a5429200302ea84915245f26ac393105fd1ec365ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    298B

    MD5

    4117e5a9c995bab9cd3bce3fc2b99a46

    SHA1

    80144ccbad81c2efb1df64e13d3d5f59ca4486da

    SHA256

    37b58c2d66ab2f896316ee0cdba30dcc9aac15a51995b8ba6c143c8ba34bf292

    SHA512

    bdb721bd3dea641a9b1f26b46311c05199de01c6b0d7ea2b973aa71a4f796b292a6964ddef32ba9dfc4a545768943d105f110c5d60716e0ff6f82914affb507c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    574B

    MD5

    5020988c301a6bf0c54a293ddf64837c

    SHA1

    5b65e689a2988b9a739d53565b2a847f20d70f09

    SHA256

    a123ebc1fac86713cdd7c4a511e022783a581ea02ba65ea18360555706ae5f2d

    SHA512

    921a07597f8c82c65c675f5b09a2552c7e2e8c65c8df59eebbe9aff0bfe439ad93f5efc97ba521be31299323051d61ead6a3f0be27302dc0f728b7a844fb2fcf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    1daa413d1a8cd1692f2e4ae22b54c74a

    SHA1

    2e02e2a23cfaa62f301e29a117e291ff93cc5d31

    SHA256

    10732e2612780d9694faf0bb9b27cdc6f3376ad327da7dfc346e9e5579493d33

    SHA512

    b947c70c7c4af971e3fbdc66fb7175b6624ac68c6a723dac7ecb5cf5f43bbe210fa0fa61fd4b6153dccf7de077d003ca03f061e209dc37773546b038e6aef277

    Download Submit

  • C:\v.bat
    Filesize

    5KB

    MD5

    0019a0451cc6b9659762c3e274bc04fb

    SHA1

    5259e256cc0908f2846e532161b989f1295f479b

    SHA256

    ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

    SHA512

    314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

    Download Submit

  • \Windows\SysWOW64\firefoxV2.com
    Filesize

    257KB

    MD5

    e08aed27b1e5b0506664aff7a195866a

    SHA1

    370e5d245a9c78fba5c459b983e3e98c72fd6fcd

    SHA256

    f96525ff562cc924d49640ea5d3739fecabf915e6872bca8166c01a5f5e9a703

    SHA512

    c0c77dcb230fa0d1b17756caebe4b411ec1d7fa0399653604ced7e3c394e8aea1282a1bb4e864575ea693b2ff30b789e012807f27efaa9e30fa84933d938d5e9

    Download Submit

  • memory/1276-437-0x0000000002ED0000-0x0000000003011000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1276-433-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1276-440-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1276-314-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1292-1165-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1292-1044-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1332-780-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1332-679-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1564-879-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1564-804-0x0000000002E70000-0x0000000002FB1000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1564-801-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1648-1281-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1648-1167-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1760-1288-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1760-1291-0x0000000002E80000-0x0000000002FC1000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1760-1293-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1804-206-0x00000000022D0000-0x00000000022D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1804-203-0x00000000022C0000-0x00000000022C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1804-404-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1804-187-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1804-307-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1804-312-0x0000000002E70000-0x0000000002FB1000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1804-308-0x00000000005C0000-0x0000000000604000-memory.dmp

    Filesize

    272KB

    Download

  • memory/1804-423-0x00000000005C0000-0x0000000000604000-memory.dmp

    Filesize

    272KB

    Download

  • memory/1804-193-0x00000000005C0000-0x0000000000604000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2012-564-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2012-438-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2012-556-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2012-561-0x0000000002E70000-0x0000000002FB1000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2060-923-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2060-1042-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2264-178-0x0000000002E30000-0x0000000002E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-157-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-34-0x0000000002580000-0x0000000002581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-33-0x0000000002550000-0x0000000002551000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-32-0x0000000002560000-0x0000000002561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-31-0x0000000002530000-0x0000000002531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-30-0x0000000002540000-0x0000000002541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-29-0x0000000002020000-0x0000000002021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-28-0x0000000002030000-0x0000000002031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-27-0x0000000002000000-0x0000000002001000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-26-0x0000000002010000-0x0000000002011000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-25-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-24-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-22-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-21-0x0000000000A60000-0x0000000000A61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-20-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-19-0x00000000008A0000-0x00000000008A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-18-0x0000000000A50000-0x0000000000A51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-17-0x00000000005E0000-0x00000000005E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-16-0x0000000000600000-0x0000000000601000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-15-0x00000000005C0000-0x00000000005C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-14-0x00000000005D0000-0x00000000005D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-13-0x00000000005A0000-0x00000000005A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-12-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-11-0x0000000000570000-0x0000000000571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-10-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-9-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-8-0x0000000000560000-0x0000000000561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-7-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-6-0x0000000000550000-0x0000000000554000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2264-5-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-4-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-3-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-2-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-159-0x0000000002D30000-0x0000000002D31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-35-0x0000000002570000-0x0000000002571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-158-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-160-0x0000000002D20000-0x0000000002D21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-161-0x0000000002D50000-0x0000000002D51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-162-0x0000000002D40000-0x0000000002D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-163-0x0000000002D70000-0x0000000002D71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-164-0x0000000002D60000-0x0000000002D61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-165-0x0000000002D90000-0x0000000002D91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-166-0x0000000002D80000-0x0000000002D81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-167-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-169-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-174-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2264-175-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-176-0x0000000002E10000-0x0000000002E11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-177-0x0000000002E40000-0x0000000002E41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-1-0x00000000002F0000-0x0000000000334000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2264-179-0x0000000002E60000-0x0000000002E61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-180-0x0000000002E50000-0x0000000002E51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-186-0x0000000002E70000-0x0000000002FB1000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2264-188-0x0000000002DE0000-0x0000000002DE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-189-0x0000000002E00000-0x0000000002E01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-190-0x0000000002E20000-0x0000000002E21000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-192-0x0000000002E70000-0x0000000002FB1000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2264-194-0x00000000002F0000-0x0000000000334000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2264-306-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2264-170-0x0000000002DD0000-0x0000000002DD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-36-0x00000000025A0000-0x00000000025A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-37-0x0000000002590000-0x0000000002591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-39-0x00000000025C0000-0x00000000025C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-40-0x00000000025B0000-0x00000000025B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-41-0x00000000025E0000-0x00000000025E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-42-0x00000000025D0000-0x00000000025D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-23-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2264-0-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2980-1409-0x0000000000400000-0x0000000000541000-memory.dmp

    Filesize

    1.3MB

    Download