Overview

overview

10

Static

static

3

e08aed27b1...18.exe

windows7-x64

10

e08aed27b1...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-09-2024 16:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e08aed27b1e5b0506664aff7a195866a_JaffaCakes118.exe

  • Size

    257KB

  • MD5

    e08aed27b1e5b0506664aff7a195866a

  • SHA1

    370e5d245a9c78fba5c459b983e3e98c72fd6fcd

  • SHA256

    f96525ff562cc924d49640ea5d3739fecabf915e6872bca8166c01a5f5e9a703

  • SHA512

    c0c77dcb230fa0d1b17756caebe4b411ec1d7fa0399653604ced7e3c394e8aea1282a1bb4e864575ea693b2ff30b789e012807f27efaa9e30fa84933d938d5e9

  • SSDEEP

    6144:mUgaFWMtFBeh+OZb5NyL7tfQN5/inEaMadDKNa1aIfJCuXXXXXX:mKFWKBeh+OZWtfQunka1KNaT/XXXXXX

Score
10/10
metasploitbackdoordiscoveryevasiontrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Modifies security service 2 TTPs 22 IoCs
    evasion
  • Executes dropped EXE 10 IoCs
  • Drops file in System32 directory 32 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 33 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs .reg file with regedit 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e08aed27b1e5b0506664aff7a195866a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e08aed27b1e5b0506664aff7a195866a_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4520
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\v.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3720
      • C:\Windows\SysWOW64\regedit.exe
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        3⤵
        • Modifies security service
        • System Location Discovery: System Language Discovery
        • Runs .reg file with regedit
        PID:3144
    • C:\Windows\SysWOW64\firefoxV2.com
      C:\Windows\system32\firefoxV2.com 1140 "C:\Users\Admin\AppData\Local\Temp\e08aed27b1e5b0506664aff7a195866a_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3436
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c c:\v.bat
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:1344
        • C:\Windows\SysWOW64\regedit.exe
          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
          4⤵
          • Modifies security service
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:4492
      • C:\Windows\SysWOW64\firefoxV2.com
        C:\Windows\system32\firefoxV2.com 1208 "C:\Windows\SysWOW64\firefoxV2.com"
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4836
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c c:\v.bat
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2044
          • C:\Windows\SysWOW64\regedit.exe
            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
            5⤵
            • Modifies security service
            • System Location Discovery: System Language Discovery
            • Runs .reg file with regedit
            PID:4560
        • C:\Windows\SysWOW64\firefoxV2.com
          C:\Windows\system32\firefoxV2.com 1180 "C:\Windows\SysWOW64\firefoxV2.com"
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2152
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c c:\v.bat
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1092
            • C:\Windows\SysWOW64\regedit.exe
              REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
              6⤵
              • Modifies security service
              • System Location Discovery: System Language Discovery
              • Runs .reg file with regedit
              PID:1576
          • C:\Windows\SysWOW64\firefoxV2.com
            C:\Windows\system32\firefoxV2.com 1188 "C:\Windows\SysWOW64\firefoxV2.com"
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:3024
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c c:\v.bat
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4740
              • C:\Windows\SysWOW64\regedit.exe
                REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                7⤵
                • Modifies security service
                • System Location Discovery: System Language Discovery
                • Runs .reg file with regedit
                PID:3680
            • C:\Windows\SysWOW64\firefoxV2.com
              C:\Windows\system32\firefoxV2.com 1192 "C:\Windows\SysWOW64\firefoxV2.com"
              6⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1896
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c c:\v.bat
                7⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:3548
                • C:\Windows\SysWOW64\regedit.exe
                  REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                  8⤵
                  • Modifies security service
                  • System Location Discovery: System Language Discovery
                  • Runs .reg file with regedit
                  PID:3512
              • C:\Windows\SysWOW64\firefoxV2.com
                C:\Windows\system32\firefoxV2.com 1196 "C:\Windows\SysWOW64\firefoxV2.com"
                7⤵
                • Executes dropped EXE
                • Drops file in System32 directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:764
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c c:\v.bat
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:4684
                  • C:\Windows\SysWOW64\regedit.exe
                    REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                    9⤵
                    • Modifies security service
                    • System Location Discovery: System Language Discovery
                    • Runs .reg file with regedit
                    PID:4976
                • C:\Windows\SysWOW64\firefoxV2.com
                  C:\Windows\system32\firefoxV2.com 1184 "C:\Windows\SysWOW64\firefoxV2.com"
                  8⤵
                  • Executes dropped EXE
                  • Drops file in System32 directory
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:924
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c c:\v.bat
                    9⤵
                    • System Location Discovery: System Language Discovery
                    PID:756
                    • C:\Windows\SysWOW64\regedit.exe
                      REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                      10⤵
                      • Modifies security service
                      • System Location Discovery: System Language Discovery
                      • Runs .reg file with regedit
                      PID:3536
                  • C:\Windows\SysWOW64\firefoxV2.com
                    C:\Windows\system32\firefoxV2.com 1200 "C:\Windows\SysWOW64\firefoxV2.com"
                    9⤵
                    • Executes dropped EXE
                    • Drops file in System32 directory
                    • System Location Discovery: System Language Discovery
                    PID:796
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c c:\v.bat
                      10⤵
                      • System Location Discovery: System Language Discovery
                      PID:1860
                      • C:\Windows\SysWOW64\regedit.exe
                        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                        11⤵
                        • Modifies security service
                        • System Location Discovery: System Language Discovery
                        • Runs .reg file with regedit
                        PID:3548
                    • C:\Windows\SysWOW64\firefoxV2.com
                      C:\Windows\system32\firefoxV2.com 1212 "C:\Windows\SysWOW64\firefoxV2.com"
                      10⤵
                      • Executes dropped EXE
                      • Drops file in System32 directory
                      • System Location Discovery: System Language Discovery
                      PID:2672
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c c:\v.bat
                        11⤵
                        • System Location Discovery: System Language Discovery
                        PID:408
                        • C:\Windows\SysWOW64\regedit.exe
                          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                          12⤵
                          • Modifies security service
                          • System Location Discovery: System Language Discovery
                          • Runs .reg file with regedit
                          PID:2312
                      • C:\Windows\SysWOW64\firefoxV2.com
                        C:\Windows\system32\firefoxV2.com 1204 "C:\Windows\SysWOW64\firefoxV2.com"
                        11⤵
                        • Executes dropped EXE
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        PID:3644
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c c:\v.bat
                          12⤵
                          • System Location Discovery: System Language Discovery
                          PID:4484
                          • C:\Windows\SysWOW64\regedit.exe
                            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                            13⤵
                            • Modifies security service
                            • System Location Discovery: System Language Discovery
                            • Runs .reg file with regedit
                            PID:3776
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4436,i,3239535018877284530,3457823197501312703,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:8
    1⤵
      PID:4464

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1.reg
      Filesize

      1KB

      MD5

      5f6aefafda312b288b7d555c1fc36dc9

      SHA1

      f25e2fdea9dd714d0fae68af71cace7bb49302ce

      SHA256

      60f6d3cbf831857bf18e46a43ff403a03e2035d9430a72d768ea9cec1947917a

      SHA512

      97f0250ba79b008d7632a2f32a7b851d9ca87f116b2854d5343c120511cfd55551a1f3eb3e0959602656b39b3f86003a0f9d04243ceb8b73d28eb9bb9449a6de

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.reg
      Filesize

      784B

      MD5

      5a466127fedf6dbcd99adc917bd74581

      SHA1

      a2e60b101c8789b59360d95a64ec07d0723c4d38

      SHA256

      8cd3b8dd28ac014cf973d9ab4b03af1c274bbc9b5ee0ee4ab8af0bdb01573b84

      SHA512

      695cafc932bc8f0a514bc515860cb275297665de63ca3394b55f42c457761ebf654d29d504674681a77b34e3356a469e8c5b97ff7efc24de330d5375f025cba5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.reg
      Filesize

      925B

      MD5

      0d1e5715cf04d212bcd7c9dea5f7ab72

      SHA1

      a8add44bf542e4d22260a13de6a35704fb7f3bfb

      SHA256

      5d1fc763bce7a43e9e47a75ddb116b7e5d077cc5541c55bc06f2951105b88473

      SHA512

      89da5156b2021e4279d7fb8e3bf0196495f84d9aa04c921533d609f02b1b3edd29de80d5930483b914fe82f5fc319993f7fcd925ca22351fccd56c82652f2117

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.reg
      Filesize

      3KB

      MD5

      752fd85212d47da8f0adc29004a573b2

      SHA1

      fa8fe3ff766601db46412879dc13dbec8d055965

      SHA256

      9faa69e9dabfb4beb40790bf12d0ae2ac0a879fb045e38c03b9e4d0ab569636e

      SHA512

      d7bbadb2ed764717dc01b012832e5c1debd6615bbdc121b5954e61d6364a03b2dd03718bdea26c5c2a6dbb6e33c5a7657c76862f6d8c0a916f7a0f9f8dd3b209

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.reg
      Filesize

      3KB

      MD5

      1daa413d1a8cd1692f2e4ae22b54c74a

      SHA1

      2e02e2a23cfaa62f301e29a117e291ff93cc5d31

      SHA256

      10732e2612780d9694faf0bb9b27cdc6f3376ad327da7dfc346e9e5579493d33

      SHA512

      b947c70c7c4af971e3fbdc66fb7175b6624ac68c6a723dac7ecb5cf5f43bbe210fa0fa61fd4b6153dccf7de077d003ca03f061e209dc37773546b038e6aef277

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.reg
      Filesize

      2KB

      MD5

      f82bc8865c1f6bf7125563479421f95c

      SHA1

      65c25d7af3ab1f29ef2ef1fdc67378ac9c82098d

      SHA256

      f9799dc2afb8128d1925b69fdef1d641f312ed41254dd5f4ac543cf50648a2f6

      SHA512

      00a9b7798a630779dc30296c3d0fed2589e7e86d6941f4502ea301c5bce2e80a5d8a4916e36183c7064f968b539ae6dac49094b1de3643a1a2fedc83cf558825

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.reg
      Filesize

      1KB

      MD5

      f31b2aa720a1c523c1e36a40ef21ee0d

      SHA1

      9c8089896c55e6e6a9cca99b1b98c544723d314e

      SHA256

      cea90761ea6ef6fb8ac98484b5720392534a9774e884c3e343ae29559aa0a716

      SHA512

      a679ce1192e15cd9b8dd4a3d7ecf85707ec23fa944c020b226172497c0b5600460558cfa9304ddf2c582a95e0fcd7f1b26004c8fba0ed9afcddc6ded770c85bb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.reg
      Filesize

      3KB

      MD5

      9e5db93bd3302c217b15561d8f1e299d

      SHA1

      95a5579b336d16213909beda75589fd0a2091f30

      SHA256

      f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

      SHA512

      b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.reg
      Filesize

      476B

      MD5

      a5d4cddfecf34e5391a7a3df62312327

      SHA1

      04a3c708bab0c15b6746cf9dbf41a71c917a98b9

      SHA256

      8961a4310b2413753851ba8afe2feb4c522c20e856c6a98537d8ab440f48853a

      SHA512

      48024549d0fcb88e3bd46f7fb42715181142cae764a3daeb64cad07f10cf3bf14153731aeafba9a191557e29ddf1c5b62a460588823df215e2246eddaeff6643

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1.reg
      Filesize

      1KB

      MD5

      47985593a44ee38c64665b04cbd4b84c

      SHA1

      84900c2b2e116a7b744730733f63f2a38b4eb76e

      SHA256

      4a62e43cadba3b8fa2ebead61f9509107d8453a6d66917aad5efab391a8f8e70

      SHA512

      abdd7f2f701a5572fd6b8b73ff4a013c1f9b157b20f4e193f9d1ed2b3ac4911fa36ffc84ca62d2ceea752a65af34ec77e3766e97e396a8470031990faff1a269

      Download Submit

    • C:\Windows\SysWOW64\firefoxV2.com
      Filesize

      257KB

      MD5

      e08aed27b1e5b0506664aff7a195866a

      SHA1

      370e5d245a9c78fba5c459b983e3e98c72fd6fcd

      SHA256

      f96525ff562cc924d49640ea5d3739fecabf915e6872bca8166c01a5f5e9a703

      SHA512

      c0c77dcb230fa0d1b17756caebe4b411ec1d7fa0399653604ced7e3c394e8aea1282a1bb4e864575ea693b2ff30b789e012807f27efaa9e30fa84933d938d5e9

      Download Submit

    • \??\c:\v.bat
      Filesize

      5KB

      MD5

      0019a0451cc6b9659762c3e274bc04fb

      SHA1

      5259e256cc0908f2846e532161b989f1295f479b

      SHA256

      ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

      SHA512

      314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

      Download Submit

    • memory/764-870-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/764-983-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/796-1097-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/796-1210-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/924-984-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/924-1096-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1896-756-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1896-869-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2152-640-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2152-528-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2672-1324-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2672-1211-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3024-754-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3024-642-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3436-411-0x00000000008D0000-0x0000000000914000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3436-412-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3436-298-0x00000000008D0000-0x0000000000914000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3436-297-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3436-185-0x0000000002420000-0x0000000002421000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3436-186-0x0000000002430000-0x0000000002431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3436-181-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3436-183-0x00000000008D0000-0x0000000000914000-memory.dmp

      Filesize

      272KB

      Download

    • memory/3644-1325-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4520-22-0x0000000002490000-0x0000000002491000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-161-0x00000000032D0000-0x00000000032D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-10-0x0000000002390000-0x0000000002391000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-9-0x00000000023D0000-0x00000000023D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-8-0x00000000023B0000-0x00000000023B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-5-0x0000000002380000-0x0000000002381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-3-0x00000000007C0000-0x00000000007C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-2-0x0000000002350000-0x0000000002351000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-12-0x00000000023E0000-0x00000000023E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-159-0x00000000032B0000-0x00000000032B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-158-0x00000000032C0000-0x00000000032C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-160-0x00000000032E0000-0x00000000032E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-157-0x0000000003190000-0x0000000003191000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-176-0x0000000003390000-0x0000000003391000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-175-0x00000000033A0000-0x00000000033A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-174-0x0000000003370000-0x0000000003371000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-173-0x0000000003380000-0x0000000003381000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-172-0x0000000003350000-0x0000000003351000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-171-0x0000000003360000-0x0000000003361000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-170-0x0000000003330000-0x0000000003331000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-13-0x0000000002420000-0x0000000002421000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-180-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4520-14-0x0000000002410000-0x0000000002411000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-182-0x0000000000A30000-0x0000000000A74000-memory.dmp

      Filesize

      272KB

      Download

    • memory/4520-15-0x0000000002440000-0x0000000002441000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-169-0x0000000003340000-0x0000000003341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-168-0x0000000003310000-0x0000000003311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-167-0x0000000003320000-0x0000000003321000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-16-0x0000000002430000-0x0000000002431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-17-0x0000000002460000-0x0000000002461000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-166-0x00000000032F0000-0x00000000032F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-165-0x0000000003300000-0x0000000003301000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-156-0x00000000031A0000-0x00000000031A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-11-0x00000000023A0000-0x00000000023A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-152-0x0000000003160000-0x0000000003161000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-155-0x0000000003170000-0x0000000003171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-154-0x0000000003180000-0x0000000003181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-153-0x0000000003150000-0x0000000003151000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-18-0x0000000002450000-0x0000000002451000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-19-0x0000000002480000-0x0000000002481000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-20-0x0000000002470000-0x0000000002471000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-21-0x00000000024A0000-0x00000000024A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-0-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4520-1-0x0000000000A30000-0x0000000000A74000-memory.dmp

      Filesize

      272KB

      Download

    • memory/4520-23-0x00000000024D0000-0x00000000024D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-4-0x00000000007B0000-0x00000000007B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-24-0x00000000024C0000-0x00000000024C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-25-0x00000000024F0000-0x00000000024F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-26-0x00000000024E0000-0x00000000024E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-27-0x0000000002620000-0x0000000002621000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-28-0x0000000002500000-0x0000000002501000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-29-0x0000000002640000-0x0000000002641000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-30-0x0000000002630000-0x0000000002631000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-31-0x0000000002660000-0x0000000002661000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-32-0x0000000002650000-0x0000000002651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-33-0x0000000002680000-0x0000000002681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-34-0x0000000002670000-0x0000000002671000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-35-0x00000000026A0000-0x00000000026A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-36-0x0000000002690000-0x0000000002691000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-37-0x00000000026C0000-0x00000000026C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-38-0x00000000026B0000-0x00000000026B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-39-0x00000000026E0000-0x00000000026E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-40-0x00000000026D0000-0x00000000026D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-41-0x0000000002700000-0x0000000002701000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-42-0x00000000026F0000-0x00000000026F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4520-6-0x00000000023C0000-0x00000000023C4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/4836-527-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4836-414-0x0000000000400000-0x0000000000541000-memory.dmp

      Filesize

      1.3MB

      Download