Overview

overview

10

Static

static

7

e5fff3b288...18.exe

windows7-x64

10

e5fff3b288...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-09-2024 03:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5fff3b2883a77ba676e822f50c876bc_JaffaCakes118.exe

  • Size

    713KB

  • MD5

    e5fff3b2883a77ba676e822f50c876bc

  • SHA1

    6d7d49f9d2a15c7b5dbe6f18890cb3db104da454

  • SHA256

    5b20ac5ff7d0f91ab0e4670d93ed7c19e881cd936c6b461612cbdc3d1e80776c

  • SHA512

    b1cc4b1335cc8e521e70ece7a03b7154f0c17887091b50689d0fcfa51485fc23328dcdc550d0d0d0d9d5503b8d3cf403c1fc1c996e720966fa900e6aad6bd1d4

  • SSDEEP

    12288:LyR//TP9mlG+sw2xbqTOuQd47a1PuMgPzvxfzEzRq/3uPQ:LK/7glps9btumq8ulqzM/3uPQ

Score
10/10
metasploitbackdoordiscoveryevasionthemidatrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Modifies security service 2 TTPs 20 IoCs
    evasion
  • Executes dropped EXE 10 IoCs
  • Identifies Wine through registry keys 2 TTPs 11 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 40 IoCs
  • Themida packer 40 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Drops file in System32 directory 22 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 11 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 31 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs .reg file with regedit 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5fff3b2883a77ba676e822f50c876bc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e5fff3b2883a77ba676e822f50c876bc_JaffaCakes118.exe"
    1⤵
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\a.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2292
      • C:\Windows\SysWOW64\regedit.exe
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        3⤵
        • Modifies security service
        • System Location Discovery: System Language Discovery
        • Runs .reg file with regedit
        PID:1420
    • C:\Windows\SysWOW64\msupdate.exe
      C:\Windows\system32\msupdate.exe 652 "C:\Users\Admin\AppData\Local\Temp\e5fff3b2883a77ba676e822f50c876bc_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Windows\SysWOW64\msupdate.exe
        C:\Windows\system32\msupdate.exe 776 "C:\Windows\SysWOW64\msupdate.exe"
        3⤵
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1100
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c c:\a.bat
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:304
          • C:\Windows\SysWOW64\regedit.exe
            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
            5⤵
            • Modifies security service
            • System Location Discovery: System Language Discovery
            • Runs .reg file with regedit
            PID:2792
        • C:\Windows\SysWOW64\msupdate.exe
          C:\Windows\system32\msupdate.exe 780 "C:\Windows\SysWOW64\msupdate.exe"
          4⤵
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:584
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c c:\a.bat
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2628
            • C:\Windows\SysWOW64\regedit.exe
              REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
              6⤵
              • Modifies security service
              • System Location Discovery: System Language Discovery
              • Runs .reg file with regedit
              PID:2120
          • C:\Windows\SysWOW64\msupdate.exe
            C:\Windows\system32\msupdate.exe 788 "C:\Windows\SysWOW64\msupdate.exe"
            5⤵
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Loads dropped DLL
            • Drops file in System32 directory
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            PID:2916
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c c:\a.bat
              6⤵
              • System Location Discovery: System Language Discovery
              PID:1680
              • C:\Windows\SysWOW64\regedit.exe
                REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                7⤵
                • Modifies security service
                • System Location Discovery: System Language Discovery
                • Runs .reg file with regedit
                PID:2752
            • C:\Windows\SysWOW64\msupdate.exe
              C:\Windows\system32\msupdate.exe 784 "C:\Windows\SysWOW64\msupdate.exe"
              6⤵
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Loads dropped DLL
              • Drops file in System32 directory
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • System Location Discovery: System Language Discovery
              • Suspicious behavior: EnumeratesProcesses
              PID:1032
              • C:\Windows\SysWOW64\cmd.exe
                cmd /c c:\a.bat
                7⤵
                • System Location Discovery: System Language Discovery
                PID:644
                • C:\Windows\SysWOW64\regedit.exe
                  REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                  8⤵
                  • Modifies security service
                  • System Location Discovery: System Language Discovery
                  • Runs .reg file with regedit
                  PID:1016
              • C:\Windows\SysWOW64\msupdate.exe
                C:\Windows\system32\msupdate.exe 800 "C:\Windows\SysWOW64\msupdate.exe"
                7⤵
                • Executes dropped EXE
                • Identifies Wine through registry keys
                • Loads dropped DLL
                • Drops file in System32 directory
                • Suspicious use of NtSetInformationThreadHideFromDebugger
                • System Location Discovery: System Language Discovery
                • Suspicious behavior: EnumeratesProcesses
                PID:2812
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c c:\a.bat
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:1780
                  • C:\Windows\SysWOW64\regedit.exe
                    REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                    9⤵
                    • Modifies security service
                    • System Location Discovery: System Language Discovery
                    • Runs .reg file with regedit
                    PID:1328
                • C:\Windows\SysWOW64\msupdate.exe
                  C:\Windows\system32\msupdate.exe 804 "C:\Windows\SysWOW64\msupdate.exe"
                  8⤵
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Loads dropped DLL
                  • Drops file in System32 directory
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • System Location Discovery: System Language Discovery
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3012
                  • C:\Windows\SysWOW64\cmd.exe
                    cmd /c c:\a.bat
                    9⤵
                    • System Location Discovery: System Language Discovery
                    PID:2996
                    • C:\Windows\SysWOW64\regedit.exe
                      REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                      10⤵
                      • Modifies security service
                      • System Location Discovery: System Language Discovery
                      • Runs .reg file with regedit
                      PID:2988
                  • C:\Windows\SysWOW64\msupdate.exe
                    C:\Windows\system32\msupdate.exe 796 "C:\Windows\SysWOW64\msupdate.exe"
                    9⤵
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2924
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd /c c:\a.bat
                      10⤵
                      • System Location Discovery: System Language Discovery
                      PID:2480
                      • C:\Windows\SysWOW64\regedit.exe
                        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                        11⤵
                        • Modifies security service
                        • System Location Discovery: System Language Discovery
                        • Runs .reg file with regedit
                        PID:2136
                    • C:\Windows\SysWOW64\msupdate.exe
                      C:\Windows\system32\msupdate.exe 792 "C:\Windows\SysWOW64\msupdate.exe"
                      10⤵
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Loads dropped DLL
                      • Drops file in System32 directory
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1964
                      • C:\Windows\SysWOW64\cmd.exe
                        cmd /c c:\a.bat
                        11⤵
                        • System Location Discovery: System Language Discovery
                        PID:896
                        • C:\Windows\SysWOW64\regedit.exe
                          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                          12⤵
                          • Modifies security service
                          • System Location Discovery: System Language Discovery
                          • Runs .reg file with regedit
                          PID:1396
                      • C:\Windows\SysWOW64\msupdate.exe
                        C:\Windows\system32\msupdate.exe 816 "C:\Windows\SysWOW64\msupdate.exe"
                        11⤵
                        • Executes dropped EXE
                        • Identifies Wine through registry keys
                        • Loads dropped DLL
                        • Drops file in System32 directory
                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2848
                        • C:\Windows\SysWOW64\cmd.exe
                          cmd /c c:\a.bat
                          12⤵
                          • System Location Discovery: System Language Discovery
                          PID:2904
                          • C:\Windows\SysWOW64\regedit.exe
                            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                            13⤵
                            • Modifies security service
                            • System Location Discovery: System Language Discovery
                            • Runs .reg file with regedit
                            PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    9e5db93bd3302c217b15561d8f1e299d

    SHA1

    95a5579b336d16213909beda75589fd0a2091f30

    SHA256

    f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

    SHA512

    b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    d085cde42c14e8ee2a5e8870d08aee42

    SHA1

    c8e967f1d301f97dbcf252d7e1677e590126f994

    SHA256

    a15d5dfd655de1214e0aae2292ead17eef1f1b211d39fac03276bbd6325b0d9f

    SHA512

    de2cebd45d3cf053df17ae43466db6a8b2d816bf4b9a8deb5b577cfedf765b5dcdc5904145809ad3ca03ccff308f8893ec1faa309dd34afcab7cc1836d698d7b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    c8441ec8a2edf9b2f4f631fe930ea4d9

    SHA1

    2855ee21116b427d280fcaa2471c9bd3d2957f6f

    SHA256

    dd2fa55643d4e02b39ef5a619f2ca63e49d6cc1e6513d953c2d9400d46b88184

    SHA512

    b0b03828275f895adf93ef6b9d40d31e10f166d40c1ee0f5697aadcee1b6d5e8b81637ccfcf66ba9dfd92295f106cfac0eca2320b71a15ad96fdbe06f6764ef7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    849B

    MD5

    558ce6da965ba1758d112b22e15aa5a2

    SHA1

    a365542609e4d1dc46be62928b08612fcabe2ede

    SHA256

    c11beaac10a5e00391ef4b41be8c240f59c5a2dc930aead6d7db237fcd2641fb

    SHA512

    37f7f10c3d201b11cc5224ae69c5990eb33b4430c601d3c21f6bec9323621120442e0cfa49e1f4eda459ea4ac750277e446dca78b9e44c1445bd891e4e460b5c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    10B

    MD5

    c756b8eac93de58d57105a6c35adb50f

    SHA1

    b18d370dabc3c5b9e82d74f19bbc101a1be009f2

    SHA256

    853448e59c9bb7599fa8a5ff03a0b608781a02d41f58576f1192e0c48cb8d635

    SHA512

    09fbfe4a17b1fb6167c6889e5a0ab41cfef9e1372796e69c2558a50a002d9c1e2b0d81d45d7f96be9d02a8025d0ae276ecc01f135e9ccb04c301adcffd67d263

    Download Submit

  • C:\a.bat
    Filesize

    5KB

    MD5

    0019a0451cc6b9659762c3e274bc04fb

    SHA1

    5259e256cc0908f2846e532161b989f1295f479b

    SHA256

    ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

    SHA512

    314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

    Download Submit

  • \Windows\SysWOW64\msupdate.exe
    Filesize

    713KB

    MD5

    e5fff3b2883a77ba676e822f50c876bc

    SHA1

    6d7d49f9d2a15c7b5dbe6f18890cb3db104da454

    SHA256

    5b20ac5ff7d0f91ab0e4670d93ed7c19e881cd936c6b461612cbdc3d1e80776c

    SHA512

    b1cc4b1335cc8e521e70ece7a03b7154f0c17887091b50689d0fcfa51485fc23328dcdc550d0d0d0d9d5503b8d3cf403c1fc1c996e720966fa900e6aad6bd1d4

    Download Submit

  • memory/584-404-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/584-281-0x0000000000CC0000-0x0000000000F38000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/584-282-0x0000000000CC0000-0x0000000000F38000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/584-400-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/584-401-0x0000000000CC0000-0x0000000000F38000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/584-403-0x0000000000CC0000-0x0000000000F38000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/584-402-0x0000000000CC0000-0x0000000000F38000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/584-413-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1032-656-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1032-658-0x0000000000CB0000-0x0000000000F28000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1032-669-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1032-539-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1032-659-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1032-657-0x0000000000CB0000-0x0000000000F28000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1100-284-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1100-273-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1100-276-0x0000000004DC0000-0x0000000005038000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1100-274-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1100-155-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1964-1277-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1964-1163-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2116-10-0x0000000000401000-0x0000000000420000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2116-6-0x00000000042B0000-0x00000000042B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-5-0x0000000004260000-0x0000000004262000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2116-4-0x0000000004140000-0x0000000004141000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-3-0x0000000004210000-0x0000000004211000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-2-0x00000000042A0000-0x00000000042A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2116-7-0x00000000007C0000-0x00000000007C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-0-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2116-17-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2116-18-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2116-8-0x0000000004170000-0x0000000004171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2116-130-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2116-9-0x0000000004200000-0x0000000004201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2552-145-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2552-139-0x0000000000EC0000-0x0000000001138000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2552-141-0x0000000000EC0000-0x0000000001138000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2552-140-0x0000000000EC0000-0x0000000001138000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2552-143-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2552-144-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2552-157-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2552-146-0x0000000000EC0000-0x0000000001138000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2552-147-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2552-148-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2552-149-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2812-786-0x0000000000F90000-0x0000000001208000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2812-787-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2812-665-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2812-666-0x0000000000F90000-0x0000000001208000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2812-668-0x0000000000F90000-0x0000000001208000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2812-667-0x0000000000F90000-0x0000000001208000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2812-785-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2812-796-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2848-1278-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2916-530-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2916-533-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2916-532-0x0000000000C50000-0x0000000000EC8000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2916-410-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2916-411-0x0000000000C50000-0x0000000000EC8000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2916-414-0x0000000000C50000-0x0000000000EC8000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2916-531-0x0000000000C50000-0x0000000000EC8000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2916-540-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2924-1040-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2924-920-0x0000000000F90000-0x0000000001208000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2924-1129-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2924-1038-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2924-1039-0x0000000000F90000-0x0000000001208000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3012-913-0x0000000000C40000-0x0000000000EB8000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3012-929-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3012-914-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3012-794-0x0000000000C40000-0x0000000000EB8000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3012-912-0x0000000000400000-0x0000000000678000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/3012-793-0x0000000000C40000-0x0000000000EB8000-memory.dmp

    Filesize

    2.5MB

    Download