Overview

overview

10

Static

static

3

ed58956a96...18.exe

windows7-x64

10

ed58956a96...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2024, 09:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ed58956a966e93b49800731fcff2842a_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    ed58956a966e93b49800731fcff2842a

  • SHA1

    ba2040c213946595a888335da82b0db30c95b2eb

  • SHA256

    d3340e920c83ea0e55b1a4c3ad353e29cc0a22fa9fd6177ca5b8ab94945e9168

  • SHA512

    e78e2b258f8c3f97396be796f57d4442c5043120e81b8625be5c7d8feeb1b5064119e6cb65913680d04103c72ae65fba49b7acb731cd3910ad79e63a7ce110bd

  • SSDEEP

    24576:dzO5uEOelK9ntwlENXtejSIlnst8xsr83KSwxRM7L3ICRObfBuCnWQmHmkN:Y18OENXt4u82rhSwxR83DsUCDmHmkN

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Checks BIOS information in registry 2 TTPs 22 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 12 IoCs
  • Loads dropped DLL 28 IoCs
  • Drops file in System32 directory 22 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • NTFS ADS 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed58956a966e93b49800731fcff2842a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ed58956a966e93b49800731fcff2842a_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2176
    • C:\Users\Admin\AppData\Local\Temp\NetBot_Attacker.exe
      C:\Users\Admin\AppData\Local\Temp\NetBot_Attacker.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 92
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:1268
    • \??\c:\windows\temp\dumpmem.exe
      c:\windows\temp\dumpmem.exe
      2⤵
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Windows\SysWOW64\wuamgrd.exe
        C:\Windows\system32\wuamgrd.exe 640 "c:\windows\temp\dumpmem.exe"
        3⤵
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2944
        • C:\Windows\SysWOW64\wuamgrd.exe
          C:\Windows\system32\wuamgrd.exe 736 "C:\Windows\SysWOW64\wuamgrd.exe"
          4⤵
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3000
          • C:\Windows\SysWOW64\wuamgrd.exe
            C:\Windows\system32\wuamgrd.exe 744 "C:\Windows\SysWOW64\wuamgrd.exe"
            5⤵
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • NTFS ADS
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1864
            • C:\Windows\SysWOW64\wuamgrd.exe
              C:\Windows\system32\wuamgrd.exe 748 "C:\Windows\SysWOW64\wuamgrd.exe"
              6⤵
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in System32 directory
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • NTFS ADS
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1144
              • C:\Windows\SysWOW64\wuamgrd.exe
                C:\Windows\system32\wuamgrd.exe 740 "C:\Windows\SysWOW64\wuamgrd.exe"
                7⤵
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in System32 directory
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • NTFS ADS
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:776
                • C:\Windows\SysWOW64\wuamgrd.exe
                  C:\Windows\system32\wuamgrd.exe 752 "C:\Windows\SysWOW64\wuamgrd.exe"
                  8⤵
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Drops file in System32 directory
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • NTFS ADS
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:1732
                  • C:\Windows\SysWOW64\wuamgrd.exe
                    C:\Windows\system32\wuamgrd.exe 760 "C:\Windows\SysWOW64\wuamgrd.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • NTFS ADS
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:2752
                    • C:\Windows\SysWOW64\wuamgrd.exe
                      C:\Windows\system32\wuamgrd.exe 768 "C:\Windows\SysWOW64\wuamgrd.exe"
                      10⤵
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Drops file in System32 directory
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      • NTFS ADS
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2100
                      • C:\Windows\SysWOW64\wuamgrd.exe
                        C:\Windows\system32\wuamgrd.exe 764 "C:\Windows\SysWOW64\wuamgrd.exe"
                        11⤵
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        • NTFS ADS
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:2844
                        • C:\Windows\SysWOW64\wuamgrd.exe
                          C:\Windows\system32\wuamgrd.exe 784 "C:\Windows\SysWOW64\wuamgrd.exe"
                          12⤵
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Drops file in System32 directory
                          • System Location Discovery: System Language Discovery
                          • Modifies registry class
                          • NTFS ADS
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    e582fdc070a07a4178d74a3bdb015163

    SHA1

    b4f1d7dac5417bb597900165df7f94b507a73c25

    SHA256

    2b9929252552c1196534ec35b6f8ed9c34447206618caa40259249d4136c59ed

    SHA512

    44b3bcb82229c02cfb9e6184c748da3536f21ea22fddc7df86c366c9d60ee5ae2e3dbb9916c59470c2b10303c15f6e5db104a921d04e264df200425335f493ab

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    8b0b371f02997fbc2827590a1aea7bd4

    SHA1

    85c977427ec47da08ed5fdbd79ba849db7db45d4

    SHA256

    802bf5e5abccd8f2e3d3bd1eff6d94aaaa5507553a662f025cf15b315c7f1df8

    SHA512

    ab794584326e14788cfc6c9031195fef2f650e94f8dabf883852f9eec902747aeb05fe69ea95f9e0a497392f37037ed8f726d6ef698079dd92f4cd5ae51b9d79

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    e6872f357751c99311bc77394894fc48

    SHA1

    0edd27304d074f8e9dc4e36043768ab836d9fbec

    SHA256

    d9916f96a7de82d9c802ad0c54925b2863b18704a3764cc318e3f4147cdac530

    SHA512

    305c459861579ba5fb697cceb8c7a2521d5ca56a4cd1b4a55d715c6f17dba0a053c056f03c51250487d78646450efe29af59d4e5c4632de3f94a175015a8d490

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    1ee6175f603331713d02fc9531f2fde6

    SHA1

    a0afc5dd188e3e753248cade2838a8bc5e9a9c28

    SHA256

    8eb5c8a0d6c87864aea71c570cb4f68bbc2f6e4b958841b6e71ee76bb4ef6fd7

    SHA512

    02aeca27f3c54b9d5e8cce23dd3f88bf519f8685192d10b82ce2017fe71bf62d4f50578fda8e43ff09d8899647796b58392c6b6877c8e4c3eb76db35bd6120fb

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    5a7836a7351b9914951e0382165e76f6

    SHA1

    bb66b97e0d01e708b3e9b588edcefa89889d11d3

    SHA256

    0afd888181f7e5024dd0ea81f1a0c418432192775e897173ec72a603d769272f

    SHA512

    ea3b4fdca609f6c758e90f678a1d097cc91b1873fcc71c1881709c82e18bbccc999e5080f604658c520d4ee79cac18f4255fc4b3a4d11912b44e71232d36f733

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    26b95bdf3ee6fb01cd3df5bb7af843d8

    SHA1

    36f5192b8d09dad2b121f0792f4e528c3917c37d

    SHA256

    5ad4b123636adda63dfc1b279085f24a49593d669ddb54718e3f607e5f999817

    SHA512

    95ab679ae358c90af6f1d3aafe22f098665934debd5677a6eeaca5016eec7a206086af284b00d6e36c3dfe6cfc3a0da73c514092b48d3de4ed6f0508ffeb3f52

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    2da7f54330ffecf3a518a027ca789e7e

    SHA1

    2ca8cfd92e4c1ef1e794fecc8a2a5b88a7b626df

    SHA256

    1ff9752f4ca26bae26f7dbd020ae564ac5f51a28422f2f213132f8321c26f875

    SHA512

    09e0706817698f6bcf49ae61bcdda3c7b60675da0ad7930b455207d0bc4e76f33c67a0c59705970f88a912602494390e0f8a978cc573090c55ba1312e2e61e89

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    bfbbacbf917c0eacf91a49a0ded4cd44

    SHA1

    cc9d5fb48046191e30b3a0ac8b32921c1ff965a0

    SHA256

    4427f28cc94eec8dbb5f37d170f672ca6d098262dbd6756cf45a85906fd50bd1

    SHA512

    cb2e1432322d93762de4ffc3c93c50fc9dc577934deeb19a189735100cee2ed0789da328788bef05d2368da49c5120e340d83d24d96f377891f6fa5e0f94999e

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    d84b4b22a0f656276403f4015e2ea87d

    SHA1

    825942337ccde20a641904e9cc30d6538118a48f

    SHA256

    294bc5445934de3fd1bd39c364f9f3deb310a815b74eefee2bd9875f7a41af32

    SHA512

    84477670c46635c5e64c0789cea88b7d3ea351400d4b333294d85015ab1d13ab8564c1bea4747e40ea38d8c2f73b516b1375e6e9e5ee2a7c0b9da552aeb141c6

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    a7e5221ddedc7b3d1519e3dcb9453af5

    SHA1

    0fe4222465eb0b8781695c6f7f4864c5bf9f74e1

    SHA256

    71e339649ca2ef9546b3d2c9600563d24ccbbf8638f47fc67db1d1359b383b21

    SHA512

    d09bcd2d82a842858eff22ada7c995654b8931374f7ba4098b8ff66d8f358d1f1046a00cf90460c5c9c10300358943d07f25613cd6fffd8aa915b7f706b773dc

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    f3beda8fe2153783ff2e33ce61904979

    SHA1

    584ba3d9e1b35994e75caa52464b82af04957fd9

    SHA256

    3eb00ea7bb59b85b260f27ba04c0848dcbdfcd0750f7be14615b2cc306051e1e

    SHA512

    a184d0c5e6bcdeb566ee2a2a749f67512d6419e054a8e484d12e1002ac5124d89186b78fe59b75f07e730c23d1c4029b620e02a986649bea3e915c9c1dffb685

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    bae81d481abb34e7c911e6397bdbaac4

    SHA1

    bd10440da0c39af305605dbfd5b807d43e095e7c

    SHA256

    b9d322496ea8d4290f3e90ac95e15f6ddba903e3109e4a6017c8442650b0909d

    SHA512

    a50252cd93bb9626c93fa19e4698374ee1baf1adaa03dc75e80ac6005a40839a3695f6411a79fe0f1d41fa1dd4e63892eb56bdad65e054f897b37dd5fa81ab8e

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    4639f1954ccdea3d379f68a51e14d75f

    SHA1

    aaca3f348168823719f1cc73fdb658fbb4b1f9e1

    SHA256

    cdc023b7436eca3f6306b934ee187bff5a25ec5401a9e1ceb48fb86bfadba106

    SHA512

    a95c9d4a62b989a4d014d48e332bf98131240b7dd3b5e0e759ba4f80111ce0cea2403198dcc3940facece8bc7d31b8ac6669a38e17c03f7fede3e4b055b0a851

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    ed66b8138074e4d35ad55a4cb3b191d1

    SHA1

    d00aafebe139a03d9452300e89db72d5cd68f9ba

    SHA256

    9217a569171fc7fa097302720d94ebfd9f41e1f17f1d652c091d2fbf8e66c9bd

    SHA512

    3ef8b42d0f8d3b00b6d07886aaaf50df2b4de8a25f78570b6688d3b65f0fd3dfe947f3ed99d282e71f6caa7261a1ebfd70ccd2c6a8ed536fc90cc78173bcd989

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    e1b04619abaf65ac2b0213c0ba68f42c

    SHA1

    48618c82f7924dfa09ae9481f6c2b7492a24712e

    SHA256

    3f3c67ff05c15f5aa32f2e5f14ea906914347f1c01051ef1af48d1866bea4dd0

    SHA512

    cb834dbc890d9d52197b41a8608dfeee4750139309dc4affc38c616626f2d724bc902fdbb03b1fcfe5302a0b4507b643c5597afbf261edad6ebb5e7afdf1079d

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    28e4f2cb5cce3116f20bcfd6c8166b2d

    SHA1

    3d5060f7f6d5831a8549cef65eb9494dcb6ac9f0

    SHA256

    7b5167e1bfe59fe5b9b4a1773283234e7e68e45edc01b36d39ebcff8aa95b9b8

    SHA512

    a8c92dc28ac37c8773a97ad269a301d8a4d0ecc74ff1c744cefbbbec96fb18e2eabd732be79bd2979e40f17fc46524131fbd729e5a8b237336cd333bc2b0356f

    Download Submit

  • C:\ProgramData\TEMP:CE2C623F
    Filesize

    112B

    MD5

    28c5197bd9306a63c939addb482dd1db

    SHA1

    df2b5ab4653b7df5b830579f1f3a2ed1284977f3

    SHA256

    d73cf0338f11b768e80b674c220c6e551e801f520b34008681cfa1e26dbcf8a6

    SHA512

    28a93c5b5b31dc05375d38035bbc5e1195e18929f1ab2b2a5ae42cbba4048b1ebef409930d58f86d435084f45ed2a91bb082c76b515739528e68e3a88d6a3deb

    Download Submit

  • C:\Windows\Temp\dumpmem.exe
    Filesize

    872KB

    MD5

    6d739905bd6962378d3126509de91d13

    SHA1

    848bb1805d650f7b42a15eb95f65911a86d36a94

    SHA256

    1b5679e5d6d196a753ef94e5015b9b323fb897b12dd83d7b34fc98c17284c774

    SHA512

    ff297e451e40d673ae041f7d99f1259188284766a966afe59ff492ab712cba0d6df5195c1d8c8828304c562a9d48f46a8aa71ef6c574ca7bb216bc19d4b37108

    Download Submit

  • \Users\Admin\AppData\Local\Temp\NetBot_Attacker.exe
    Filesize

    844KB

    MD5

    3fa8cb560504fe14923cdd790d258092

    SHA1

    c46676477909dfff3c182ea0752cb38ad8fdbc27

    SHA256

    8f1cebc046bad09f335da363c4b530e2b9105ee73d78e6cc292d9f605cc00be6

    SHA512

    0398767c55e16dfc0a50a4b57bbc3558b77d7075cbfcdb33439164ef9c1ff2f33db0e3ff2e66c0d00ec4a5561817c143bcea2d326fbf30bdc15b36acbb0ea80a

    Download Submit

  • memory/776-179-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/776-205-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/776-230-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1144-174-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1144-200-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1732-235-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1732-260-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1732-214-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1864-134-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1864-135-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1864-137-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1864-138-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1864-139-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1864-140-0x0000000001FF0000-0x0000000002084000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1864-145-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1864-133-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1864-120-0x0000000001FF0000-0x0000000002084000-memory.dmp

    Filesize

    592KB

    Download

  • memory/1864-169-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2100-274-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2100-320-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2100-295-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2176-10-0x0000000003B10000-0x0000000003DB9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2176-29-0x0000000003BF0000-0x0000000003DFC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2176-11-0x0000000003B10000-0x0000000003DB9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2176-23-0x0000000003BF0000-0x0000000003DFC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2388-18-0x0000000000400000-0x00000000006A9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2388-13-0x0000000000400000-0x00000000006A9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2752-290-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2752-265-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2816-40-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2816-58-0x0000000001FC0000-0x0000000002054000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2816-30-0x0000000001FC0000-0x0000000002054000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2816-41-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2816-38-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2816-42-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2816-43-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2816-66-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2816-44-0x0000000001FC0000-0x0000000002054000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2816-37-0x0000000001FC0000-0x0000000002054000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2816-39-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2816-36-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2816-54-0x0000000002DE0000-0x0000000002FEC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2816-55-0x0000000002FD0000-0x00000000031DC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2844-349-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2844-325-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-76-0x0000000000B50000-0x0000000000BE4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2944-74-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-57-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-73-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-75-0x0000000000B50000-0x0000000000BE4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2944-72-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-71-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-107-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-108-0x0000000000B50000-0x0000000000BE4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2944-104-0x0000000000B50000-0x0000000000BE4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2944-70-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-69-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-59-0x0000000000B50000-0x0000000000BE4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2944-77-0x0000000000B50000-0x0000000000BE4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2944-80-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2944-82-0x0000000000B50000-0x0000000000BE4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/2944-85-0x00000000034D0000-0x00000000036DC000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-87-0x0000000002020000-0x00000000020B4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3000-101-0x0000000002020000-0x00000000020B4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3000-100-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-99-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-98-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-136-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-97-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-95-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-96-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-110-0x0000000002020000-0x00000000020B4000-memory.dmp

    Filesize

    592KB

    Download

  • memory/3000-113-0x0000000000400000-0x000000000060C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-118-0x0000000003220000-0x000000000342C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-117-0x0000000003220000-0x000000000342C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3000-128-0x0000000002020000-0x00000000020B4000-memory.dmp

    Filesize

    592KB

    Download