Overview

overview

10

Static

static

3

ed58956a96...18.exe

windows7-x64

10

ed58956a96...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-09-2024 09:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed58956a966e93b49800731fcff2842a_JaffaCakes118.exe

  • Size

    1.7MB

  • MD5

    ed58956a966e93b49800731fcff2842a

  • SHA1

    ba2040c213946595a888335da82b0db30c95b2eb

  • SHA256

    d3340e920c83ea0e55b1a4c3ad353e29cc0a22fa9fd6177ca5b8ab94945e9168

  • SHA512

    e78e2b258f8c3f97396be796f57d4442c5043120e81b8625be5c7d8feeb1b5064119e6cb65913680d04103c72ae65fba49b7acb731cd3910ad79e63a7ce110bd

  • SSDEEP

    24576:dzO5uEOelK9ntwlENXtejSIlnst8xsr83KSwxRM7L3ICRObfBuCnWQmHmkN:Y18OENXt4u82rhSwxR83DsUCDmHmkN

Score
10/10
metasploitbackdoordiscoverytrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Checks BIOS information in registry 2 TTPs 22 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 12 IoCs
  • Drops file in System32 directory 22 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • NTFS ADS 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed58956a966e93b49800731fcff2842a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\ed58956a966e93b49800731fcff2842a_JaffaCakes118.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3996
    • C:\Users\Admin\AppData\Local\Temp\NetBot_Attacker.exe
      C:\Users\Admin\AppData\Local\Temp\NetBot_Attacker.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:208
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 208 -s 272
        3⤵
        • Program crash
        PID:1484
    • \??\c:\windows\temp\dumpmem.exe
      c:\windows\temp\dumpmem.exe
      2⤵
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1056
      • C:\Windows\SysWOW64\wuamgrd.exe
        C:\Windows\system32\wuamgrd.exe 1296 "c:\windows\temp\dumpmem.exe"
        3⤵
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3536
        • C:\Windows\SysWOW64\wuamgrd.exe
          C:\Windows\system32\wuamgrd.exe 1448 "C:\Windows\SysWOW64\wuamgrd.exe"
          4⤵
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3616
          • C:\Windows\SysWOW64\wuamgrd.exe
            C:\Windows\system32\wuamgrd.exe 1452 "C:\Windows\SysWOW64\wuamgrd.exe"
            5⤵
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • NTFS ADS
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4320
            • C:\Windows\SysWOW64\wuamgrd.exe
              C:\Windows\system32\wuamgrd.exe 1456 "C:\Windows\SysWOW64\wuamgrd.exe"
              6⤵
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Drops file in System32 directory
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • NTFS ADS
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:232
              • C:\Windows\SysWOW64\wuamgrd.exe
                C:\Windows\system32\wuamgrd.exe 1460 "C:\Windows\SysWOW64\wuamgrd.exe"
                7⤵
                • Checks BIOS information in registry
                • Executes dropped EXE
                • Drops file in System32 directory
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • NTFS ADS
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:680
                • C:\Windows\SysWOW64\wuamgrd.exe
                  C:\Windows\system32\wuamgrd.exe 1404 "C:\Windows\SysWOW64\wuamgrd.exe"
                  8⤵
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Drops file in System32 directory
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • NTFS ADS
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2900
                  • C:\Windows\SysWOW64\wuamgrd.exe
                    C:\Windows\system32\wuamgrd.exe 1468 "C:\Windows\SysWOW64\wuamgrd.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Drops file in System32 directory
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • NTFS ADS
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:5076
                    • C:\Windows\SysWOW64\wuamgrd.exe
                      C:\Windows\system32\wuamgrd.exe 1472 "C:\Windows\SysWOW64\wuamgrd.exe"
                      10⤵
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Drops file in System32 directory
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      • NTFS ADS
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:2528
                      • C:\Windows\SysWOW64\wuamgrd.exe
                        C:\Windows\system32\wuamgrd.exe 1476 "C:\Windows\SysWOW64\wuamgrd.exe"
                        11⤵
                        • Checks BIOS information in registry
                        • Executes dropped EXE
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        • NTFS ADS
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:4512
                        • C:\Windows\SysWOW64\wuamgrd.exe
                          C:\Windows\system32\wuamgrd.exe 1480 "C:\Windows\SysWOW64\wuamgrd.exe"
                          12⤵
                          • Checks BIOS information in registry
                          • Executes dropped EXE
                          • Drops file in System32 directory
                          • System Location Discovery: System Language Discovery
                          • Modifies registry class
                          • NTFS ADS
                          • Suspicious use of AdjustPrivilegeToken
                          PID:820
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 208 -ip 208
    1⤵
      PID:2248
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4280,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
      1⤵
        PID:2140

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        7e3bdb290b6d5b97b872351e09d51122

        SHA1

        85e0331976292741425e03b3b14c8847249082bf

        SHA256

        4d83957b2072e8197cb3bee464dd74169aa57b71868e0ef7777aab0e806b5c32

        SHA512

        f0f570550d3d688928a9f36643382db8f06096fe0a4033d4634a6023a2de54285d82d68f2b66cf4eb099e8bd77f2927d90f05f9167d9585183a00f987d8d3a33

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        883f96ccd85e6754dbd35ca17f48acf1

        SHA1

        8f0a69659f9bd54ad6d68db5664f3cd5cd1f89d0

        SHA256

        12bb488a5906643329296fe22ed3625a5df8ff3c9629c006df4fe2d1ce2687b6

        SHA512

        4ed8369709babf502dac080c7ef9afcc51d0dea8fda6de7d265e568c286b7e6b34e02302a675100e37a76549776e8180d081bb03bfaad7c012c32df52186cce3

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        9d301c5a1102684a0a450bc33e979dd2

        SHA1

        926c75cd7478df58fb9ffee0ff1bda780be0d311

        SHA256

        979866fe9a35d6bb09ab35da1dab09de0f8631a959f83fa2f7da87089dae5bd3

        SHA512

        88b655a33158c24caadffb765b70295c6714f53218e4e1ae8889616e4e43bc8bd40a78aa2bdc7636470397accb933e4375899fd006ea23461dd9d598ba559177

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        c5286c419b3c34833973715ac3740702

        SHA1

        cc08e4bf353e2cc93902c62cdaa512082edc6dea

        SHA256

        2d635a3306ebdeca1d85617d5337819470743b3ddd529b88980b204db525f0d8

        SHA512

        ef49d056999710562f5503f340a16d7893d85d9d21a3df930d356adc6ee0a016713618353e0d88f32a79b1103090106ed456fe6314cd63395820cbec37ad1b23

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        10dc2f0e29606a57be8d7113930cb1db

        SHA1

        f41a8567db1d1a77f57a934aac1833c7b015c23c

        SHA256

        e7b1f8cd20015420dbb4be4c222768950cc0cd6bc91d8068ea1733e9ad97d8b1

        SHA512

        587218022ce2018d3360c9d5b7cfbd0cee4822e6e3bb4037a15cd1dfc609eb437bb48c778fe77b8339ed3b07547e3dd0011c45b8a918c4694ad44a08051b7a14

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        37884e2e312b49597fbaf1ee35fe47ea

        SHA1

        383cc8462fccb15d634e82e01d92d47b5509dda2

        SHA256

        1fa2efb04e6f3fcc1e8366867106f07e86e2d8a00690a09760a3f192798231e2

        SHA512

        17c561c2feb3bed0aeede40ae4bf87e2a7d897eb8e880387f21a9e61328828ad6629857a4bd731a43678206cb63e33b71881c0965cb561574a84348a79902749

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        e1c0203ba46f50a343641455963edaee

        SHA1

        ea91ec292186b962d63d4869365e4868803c3ee4

        SHA256

        87d8022e3d994e2a6673e98176ce8a35c19e846daf5d5967cf19ab36908e4ad9

        SHA512

        f983b005a33a89298b104bcb7afceb6f9006562ad9e8ddd79c05adf72e1385ad657269e0addd35e15bccbe5500e7a30f412f8ec59d9dec27516c9ab2faa12a33

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        14a8232152e224cace5b2ca2a3597346

        SHA1

        0959df2d35a6c44aacd6e8d65331934bd0f86818

        SHA256

        42217b05f23dd523e4c2a53257921f6c23a1f930d1615d8c24e9bf4dbc392f4c

        SHA512

        a8775db6bd0b4cffaa2dca89c12661bf397a110629749d014cb169a9e6df1b2b79376cea67ed66ac168a3b0ce992fb008e2533872d7d6b73c7ac4e672b2b2a5a

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        7e42aa529ae6a3ad3c4e728e50482863

        SHA1

        bf6cf529b52acb624d2e10b774b4ac92522ac272

        SHA256

        bf9e42dd0355ea8e4daddc038ed03aee0825d4b1c04c3d5083202b18c5e8c8cd

        SHA512

        292b169baf33642291640e9ebe5747763e26e00b4c83c254f2710f8fe1028e4ee795e363ff8c8fd8d8e7cdf311da46cd0b32e1443d2ad22fd2f76212466ec7fe

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        4f65da8566b6fb27181e3cf8da1bb5a5

        SHA1

        9139369e89445fe32a27afba8939a20970e99dda

        SHA256

        61bd8e711e3b057fb6859e3225b4691f624f2afe861caaf24bc81b973bfd864f

        SHA512

        51a90b3626e21c23758e9e78d8538d1a03443960210b820eb4bb2a4c1b0846094a84851a3b1f55742d95ed5fb3f0f27c7d3bcf4bcf0303c44835e309bacc6b73

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        f15be61079b9ca9816a29503edccd7d5

        SHA1

        7932c690213ad7d0d9c66679a84bcca2c71c0ae8

        SHA256

        917ccc7ce87e387004552da368c01450d56a0e92eeeece83ed42f19a095e55b4

        SHA512

        4c1792979912d55532963e9566d2bb1a582debebd89739c524dc5ae1f622875efbc6d91109aee3f0edb1018397c2ebe234d4027645554357db1de9f5f5483f51

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        ffd364faa7b06d244d05abf2a77b4c76

        SHA1

        6d0a4b5db9c064d026f90fe4cabcc75115de8939

        SHA256

        9570604121c720424165d8552811a49891f8492be5f2f1439339b299ea1ceaaa

        SHA512

        b4f759fa1452e2049f869c6f54beb100a754867f51995a892c07388533e66f6894e0a064fee28cba5c0a294d38020113fc3c72dd627cd8e3183bd2910f8e7e82

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        ea80c57862d775ef204128f102bdd823

        SHA1

        af0384c1fe19e32d993e88803e936abcc5c859b9

        SHA256

        12ab55398c81bd59e9eba1eb28f0084143ebc1242da704e6b847f7fb860f6509

        SHA512

        ede115cde91498f9911dda26d2e57433a751dca8942c8ccd5e72d502031567a71775417004258bd94bc93b16365df3cf0cd848a8e861e8f1877cc32bc4cfe352

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        84b439daff1da8922e1c65db8ad100de

        SHA1

        42f85fddf9124d37d062767cdc1cdaf902d148b5

        SHA256

        c74f8b654424bf729e42a70372786fc220e3f6fa7ab5c50b496ed31c725e19cd

        SHA512

        5cce7d9a0534b4e1e10baa48f49c389255057dad14b616e868145ad04f941829af41c8da8c8b8c02f6d6269423a00b158176733fad122ee1d46b55bb1ea633b5

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        a38dc961f04260730d957878de31b1ce

        SHA1

        6b3c62de9dbf78b770895bceff11311585ef77c8

        SHA256

        ca29dcffb7616ba5974140ac71cd155e202edc289405ab1709857783ed3ef683

        SHA512

        d26c3d696f424a3be28a0499cc6e10ae8c31089e611762f9dfd276dc75040e58043caf38c91c035be37a04cd8a2f64fb4d94985ea034f35c6e9c48220df1ed52

        Download Submit

      • C:\ProgramData\TEMP:CE2C623F
        Filesize

        112B

        MD5

        d8001eb751da9416ff62e5781d79a9e4

        SHA1

        3523646e3585487eef5378bc5e4a356447709cb0

        SHA256

        d13c5bf746813b68cce5be9dfa04924da950f86e715170ca6b581a5b12a0fa6f

        SHA512

        4c28fe61d1c5cdca925f16aba422eace9d6853a0411f708c17e875ad1982382d4479c583cfde1d67612952adb41060883ba965d0578cf0e312044d419b27df63

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\NetBot_Attacker.exe
        Filesize

        844KB

        MD5

        3fa8cb560504fe14923cdd790d258092

        SHA1

        c46676477909dfff3c182ea0752cb38ad8fdbc27

        SHA256

        8f1cebc046bad09f335da363c4b530e2b9105ee73d78e6cc292d9f605cc00be6

        SHA512

        0398767c55e16dfc0a50a4b57bbc3558b77d7075cbfcdb33439164ef9c1ff2f33db0e3ff2e66c0d00ec4a5561817c143bcea2d326fbf30bdc15b36acbb0ea80a

        Download Submit

      • C:\Windows\Temp\dumpmem.exe
        Filesize

        872KB

        MD5

        6d739905bd6962378d3126509de91d13

        SHA1

        848bb1805d650f7b42a15eb95f65911a86d36a94

        SHA256

        1b5679e5d6d196a753ef94e5015b9b323fb897b12dd83d7b34fc98c17284c774

        SHA512

        ff297e451e40d673ae041f7d99f1259188284766a966afe59ff492ab712cba0d6df5195c1d8c8828304c562a9d48f46a8aa71ef6c574ca7bb216bc19d4b37108

        Download Submit

      • memory/208-7-0x0000000000400000-0x00000000006A9000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/208-12-0x0000000000400000-0x00000000006A9000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/232-163-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/232-140-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/680-190-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/680-167-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1056-25-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1056-29-0x00000000008A0000-0x0000000000934000-memory.dmp

        Filesize

        592KB

        Download

      • memory/1056-27-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1056-24-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1056-54-0x00000000008A0000-0x0000000000934000-memory.dmp

        Filesize

        592KB

        Download

      • memory/1056-26-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1056-22-0x00000000008A0000-0x0000000000934000-memory.dmp

        Filesize

        592KB

        Download

      • memory/1056-56-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1056-23-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1056-17-0x00000000008A0000-0x0000000000934000-memory.dmp

        Filesize

        592KB

        Download

      • memory/1056-15-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1056-28-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2528-248-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2528-271-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2900-217-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2900-194-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3536-48-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3536-78-0x00000000022C0000-0x0000000002354000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3536-43-0x00000000022C0000-0x0000000002354000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3536-42-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3536-83-0x00000000022C0000-0x0000000002354000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3536-37-0x00000000022C0000-0x0000000002354000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3536-52-0x00000000022C0000-0x0000000002354000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3536-51-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3536-50-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3536-49-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3536-47-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3536-46-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3536-82-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3536-57-0x00000000022C0000-0x0000000002354000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3536-59-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3536-60-0x00000000022C0000-0x0000000002354000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3616-75-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3616-106-0x00000000020D0000-0x0000000002164000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3616-71-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3616-86-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3616-72-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3616-84-0x00000000020D0000-0x0000000002164000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3616-76-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3616-77-0x00000000020D0000-0x0000000002164000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3616-74-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3616-73-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3616-64-0x00000000020D0000-0x0000000002164000-memory.dmp

        Filesize

        592KB

        Download

      • memory/3616-109-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4320-102-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4320-98-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4320-97-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4320-100-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4320-136-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4320-101-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4320-113-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4320-103-0x0000000002270000-0x0000000002304000-memory.dmp

        Filesize

        592KB

        Download

      • memory/4320-110-0x0000000002270000-0x0000000002304000-memory.dmp

        Filesize

        592KB

        Download

      • memory/4320-99-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4320-89-0x0000000002270000-0x0000000002304000-memory.dmp

        Filesize

        592KB

        Download

      • memory/4512-275-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4512-298-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5076-244-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5076-221-0x0000000000400000-0x000000000060C000-memory.dmp

        Filesize

        2.0MB

        Download