Overview

overview

10

Static

static

3

f052347e93...18.exe

windows7-x64

10

f052347e93...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-09-2024 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f052347e9314846d6edd49d64df97aeb_JaffaCakes118.exe

  • Size

    209KB

  • MD5

    f052347e9314846d6edd49d64df97aeb

  • SHA1

    bff4af3dbd5e691828d05b07e64f91cb857a6367

  • SHA256

    335a13fd4fa4710e331261898883ef03dda84b293c189fcaf291fe9fdbafc256

  • SHA512

    27780ffcd387e69daa27fd431c88555bf88ace7bfe7ba418c1850548540c2d2e33495844fa8b871a97395607a8cefa391cc2e4bd66c201e447fb5767c173361f

  • SSDEEP

    6144:hlqtXlhQ8ZK0lAswvP6bQ7yMP+DE827YYscT:hlogQKXd6b7MP+Dd2UYZT

Score
10/10
metasploitbackdoordiscoveryevasiontrojan

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit
  • Modifies security service 2 TTPs 22 IoCs
    evasion
  • Executes dropped EXE 10 IoCs
  • Drops file in System32 directory 22 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 33 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 33 IoCs
  • Runs .reg file with regedit 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f052347e9314846d6edd49d64df97aeb_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\f052347e9314846d6edd49d64df97aeb_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\a.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Windows\SysWOW64\regedit.exe
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        3⤵
        • Modifies security service
        • System Location Discovery: System Language Discovery
        • Runs .reg file with regedit
        PID:2480
    • C:\Windows\SysWOW64\WinzAPI32.exe
      C:\Windows\system32\WinzAPI32.exe 1212 "C:\Users\Admin\AppData\Local\Temp\f052347e9314846d6edd49d64df97aeb_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4200
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c c:\a.bat
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:752
        • C:\Windows\SysWOW64\regedit.exe
          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
          4⤵
          • Modifies security service
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:4756
      • C:\Windows\SysWOW64\WinzAPI32.exe
        C:\Windows\system32\WinzAPI32.exe 1176 "C:\Windows\SysWOW64\WinzAPI32.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2200
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c c:\a.bat
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4356
          • C:\Windows\SysWOW64\regedit.exe
            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
            5⤵
            • Modifies security service
            • System Location Discovery: System Language Discovery
            • Runs .reg file with regedit
            PID:4628
        • C:\Windows\SysWOW64\WinzAPI32.exe
          C:\Windows\system32\WinzAPI32.exe 1140 "C:\Windows\SysWOW64\WinzAPI32.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:2576
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c c:\a.bat
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:4496
            • C:\Windows\SysWOW64\regedit.exe
              REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
              6⤵
              • Modifies security service
              • System Location Discovery: System Language Discovery
              • Runs .reg file with regedit
              PID:5096
          • C:\Windows\SysWOW64\WinzAPI32.exe
            C:\Windows\system32\WinzAPI32.exe 1148 "C:\Windows\SysWOW64\WinzAPI32.exe"
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:3676
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c c:\a.bat
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3468
              • C:\Windows\SysWOW64\regedit.exe
                REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                7⤵
                • Modifies security service
                • System Location Discovery: System Language Discovery
                • Runs .reg file with regedit
                PID:2080
            • C:\Windows\SysWOW64\WinzAPI32.exe
              C:\Windows\system32\WinzAPI32.exe 1144 "C:\Windows\SysWOW64\WinzAPI32.exe"
              6⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:4248
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c c:\a.bat
                7⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:4064
                • C:\Windows\SysWOW64\regedit.exe
                  REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                  8⤵
                  • Modifies security service
                  • System Location Discovery: System Language Discovery
                  • Runs .reg file with regedit
                  PID:4080
              • C:\Windows\SysWOW64\WinzAPI32.exe
                C:\Windows\system32\WinzAPI32.exe 1156 "C:\Windows\SysWOW64\WinzAPI32.exe"
                7⤵
                • Executes dropped EXE
                • Drops file in System32 directory
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:2304
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c c:\a.bat
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:4804
                  • C:\Windows\SysWOW64\regedit.exe
                    REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                    9⤵
                    • Modifies security service
                    • System Location Discovery: System Language Discovery
                    • Runs .reg file with regedit
                    PID:3188
                • C:\Windows\SysWOW64\WinzAPI32.exe
                  C:\Windows\system32\WinzAPI32.exe 1160 "C:\Windows\SysWOW64\WinzAPI32.exe"
                  8⤵
                  • Executes dropped EXE
                  • Drops file in System32 directory
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • Suspicious use of WriteProcessMemory
                  PID:3796
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c c:\a.bat
                    9⤵
                    • System Location Discovery: System Language Discovery
                    PID:1416
                    • C:\Windows\SysWOW64\regedit.exe
                      REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                      10⤵
                      • Modifies security service
                      • System Location Discovery: System Language Discovery
                      • Runs .reg file with regedit
                      PID:3904
                  • C:\Windows\SysWOW64\WinzAPI32.exe
                    C:\Windows\system32\WinzAPI32.exe 1152 "C:\Windows\SysWOW64\WinzAPI32.exe"
                    9⤵
                    • Executes dropped EXE
                    • Drops file in System32 directory
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    PID:4628
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c c:\a.bat
                      10⤵
                      • System Location Discovery: System Language Discovery
                      PID:1860
                      • C:\Windows\SysWOW64\regedit.exe
                        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                        11⤵
                        • Modifies security service
                        • System Location Discovery: System Language Discovery
                        • Runs .reg file with regedit
                        PID:3680
                    • C:\Windows\SysWOW64\WinzAPI32.exe
                      C:\Windows\system32\WinzAPI32.exe 1164 "C:\Windows\SysWOW64\WinzAPI32.exe"
                      10⤵
                      • Executes dropped EXE
                      • Drops file in System32 directory
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      PID:1320
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c c:\a.bat
                        11⤵
                        • System Location Discovery: System Language Discovery
                        PID:1332
                        • C:\Windows\SysWOW64\regedit.exe
                          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                          12⤵
                          • Modifies security service
                          • System Location Discovery: System Language Discovery
                          • Runs .reg file with regedit
                          PID:3188
                      • C:\Windows\SysWOW64\WinzAPI32.exe
                        C:\Windows\system32\WinzAPI32.exe 1168 "C:\Windows\SysWOW64\WinzAPI32.exe"
                        11⤵
                        • Executes dropped EXE
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        PID:3260
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c c:\a.bat
                          12⤵
                          • System Location Discovery: System Language Discovery
                          PID:4348
                          • C:\Windows\SysWOW64\regedit.exe
                            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                            13⤵
                            • Modifies security service
                            • System Location Discovery: System Language Discovery
                            • Runs .reg file with regedit
                            PID:4576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    e6d8af5aed642209c88269bf56af50ae

    SHA1

    633d40da997074dc0ed10938ebc49a3aeb3a7fc8

    SHA256

    550abc09abce5b065d360dfea741ab7dd8abbe2ea11cd46b093632860775baec

    SHA512

    6949fc255c1abf009ecbe0591fb6dbfd96409ee98ae438dbac8945684ccf694c046d5b51d2bf7679c1e02f42e8f32e8e29a9b7bdbc84442bec0497b64dfa84cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    bef09dc596b7b91eec4f38765e0965b7

    SHA1

    b8bb8d2eb918e0979b08fd1967dac127874b9de5

    SHA256

    8dab724d5941eb7becff35ce1a76e8525dcdca024900e70758300dcdddf8e265

    SHA512

    0bbce4150b47bafb674f2074fdfc20df86edadb85037f93c541d1d53f721ed52e37a49d14522dac56e9d2e9ce801bcdb701509fa02285778a086d547f1be966a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    8a36f3bf3750851d8732b132fa330bb4

    SHA1

    1cb36be31f3d7d9439aac14af3d7a27f05a980eb

    SHA256

    5d88aebc1d13a61609ef057cb38dc9d7b0a04a47a7670a7591f40d1ea05b6ad9

    SHA512

    a822885389f3b12baed60b565646bed97aea1740e163e236ca3647fb63a9c15f6e21bc5ff92eb2d47bb6b1268c71ffb8e5e84006f3c04377d9d3a7c16434e646

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    298B

    MD5

    4117e5a9c995bab9cd3bce3fc2b99a46

    SHA1

    80144ccbad81c2efb1df64e13d3d5f59ca4486da

    SHA256

    37b58c2d66ab2f896316ee0cdba30dcc9aac15a51995b8ba6c143c8ba34bf292

    SHA512

    bdb721bd3dea641a9b1f26b46311c05199de01c6b0d7ea2b973aa71a4f796b292a6964ddef32ba9dfc4a545768943d105f110c5d60716e0ff6f82914affb507c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    5575ef034e791d4d3b09da6c0c4ee764

    SHA1

    50a0851ddf4b0c4014ad91f976e953baffe30951

    SHA256

    9697ec584ef188873daa789eb779bb95dd3efa2c4c98a55dffa30cac4d156c14

    SHA512

    ecf52614d3a16d8e558751c799fde925650ef3e6d254d172217e1b0ed76a983d45b74688616d3e3432a16cec98b986b17eaecd319a18df9a67e4d47f17380756

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    360B

    MD5

    3a1a83c2ffad464e87a2f9a502b7b9f1

    SHA1

    4ffa65ecdd0455499c8cd6d05947605340cbf426

    SHA256

    73ed949fba75a20288ac2d1e367180d4c8837fd31c66143707768d5b0e3bd8b6

    SHA512

    8232967faaf29b8b93b5042ba2bb1fcb6d0f0f2fa0e19573b1fe49f526ba434c5e76e932829e3c71beb0903e42c293ed202b619fee8aba93efe4a99e8aec55e2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    849B

    MD5

    558ce6da965ba1758d112b22e15aa5a2

    SHA1

    a365542609e4d1dc46be62928b08612fcabe2ede

    SHA256

    c11beaac10a5e00391ef4b41be8c240f59c5a2dc930aead6d7db237fcd2641fb

    SHA512

    37f7f10c3d201b11cc5224ae69c5990eb33b4430c601d3c21f6bec9323621120442e0cfa49e1f4eda459ea4ac750277e446dca78b9e44c1445bd891e4e460b5c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    9e5db93bd3302c217b15561d8f1e299d

    SHA1

    95a5579b336d16213909beda75589fd0a2091f30

    SHA256

    f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

    SHA512

    b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    f82bc8865c1f6bf7125563479421f95c

    SHA1

    65c25d7af3ab1f29ef2ef1fdc67378ac9c82098d

    SHA256

    f9799dc2afb8128d1925b69fdef1d641f312ed41254dd5f4ac543cf50648a2f6

    SHA512

    00a9b7798a630779dc30296c3d0fed2589e7e86d6941f4502ea301c5bce2e80a5d8a4916e36183c7064f968b539ae6dac49094b1de3643a1a2fedc83cf558825

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    7fe70731de9e888ca911baeb99ee503d

    SHA1

    0073da5273512f66dbf570580dc55957535c2478

    SHA256

    ec8ce13a4cab475695329eddc61ff2eee378e79f0d2f9ca3a9bc7b18bd52b89a

    SHA512

    4421df7085fd2aac218d5544152d77080b99c1eaa24076975a6b1bb01149a19a1c0d6cc2c042cd507b37af9a220e7ce1f026103cdabfaec5994b1533c2f3eeac

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    5da7efcc8d0fcdf2bad7890c3f8a27ca

    SHA1

    681788d5a3044eee8426d431bd786375cd32bf13

    SHA256

    7f142c13b7039582d0f10df0271f0e1feea35760a92bf0c5034f444066c92df8

    SHA512

    6e3281f2350c524f9c24ab4455d4c5a109875ead35a35aba3c085d90f99cbc64c6645dfcb805d7a5e670869e67feb481a655305236be8d716347a7c4696a358b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    0bccb0cc2d0641cd0ac7ce17afe64b9f

    SHA1

    103f5bc2b153913e8a614a7abb43941fe90862a4

    SHA256

    cae50ec401dae988f1221cead7de58cf4301040fd9fbb8d1c4ad032034ee1842

    SHA512

    cce4edc7c607ca3969fb19f93a836d87170e2c50fcf136acb3bcb5500b99b1ae73a999b7d648a3643f58cf960b071b24215e1c59f874ca38a50cf1ef90b06389

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    300B

    MD5

    9e1df6d58e6c905e4628df434384b3c9

    SHA1

    e67dd641da70aa9654ed24b19ed06a3eb8c0db43

    SHA256

    25bb4f644e47b4b64b0052ec7edfd4c27f370d07ef884078fea685f30b9c1bb0

    SHA512

    93c9f24dc530e08c85776955c200be468d099d8f1d2efe5e20cbb3a1d803fe23e0ba9b589df2498832082a283d79f6f1053a26d15f49e31a0da395ecc7225ad3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    d8be0d42e512d922804552250f01eb90

    SHA1

    cda2fd8fc9c4cdf15d5e2f07a4c633e21d11c9d3

    SHA256

    901619f668fe541b53d809cd550460f579985c3d2f3d899a557997e778eb1d82

    SHA512

    f53619e1ec3c9abc833f9fca1174529fb4a4723b64f7560059cd3147d74ea8fe945a7bd0034f6fb68c0e61b6782a26908d30a749a256e019031b5a6ac088eb97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    1b2949b211ab497b739b1daf37cd4101

    SHA1

    12cad1063d28129ddd89e80acc2940f8dfbbaab3

    SHA256

    3e906a8373d1dfa40782f56710768abd4365933ad60f2ca9e974743c25b4cb6c

    SHA512

    a9e6555d435fe3e7a63059f20cd4c59531319421efcd90ca1d14498c28d9882ab0b7cd1af63dd50fa693b3b5a714db572d61867c56b86618423c7feaf043f2ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    5855edf3afa67e11de78af0389880d18

    SHA1

    c43fcd36d70a6ffcd41fbb48c1d0c406fd00286f

    SHA256

    c7798759a159989611cdf47f702c8813ad0f029b52f18af573f383859a8bfaaa

    SHA512

    5be99a55f86486c04bda0a089571c296d041dae337321578c0f8d19d7bd2e51802aafbc8716753b6191b8e5ced782a5bc7d44bdd4995ab8e6ac1f7cd4b0f91ee

    Download Submit

  • C:\Windows\SysWOW64\WinzAPI32.exe
    Filesize

    209KB

    MD5

    f052347e9314846d6edd49d64df97aeb

    SHA1

    bff4af3dbd5e691828d05b07e64f91cb857a6367

    SHA256

    335a13fd4fa4710e331261898883ef03dda84b293c189fcaf291fe9fdbafc256

    SHA512

    27780ffcd387e69daa27fd431c88555bf88ace7bfe7ba418c1850548540c2d2e33495844fa8b871a97395607a8cefa391cc2e4bd66c201e447fb5767c173361f

    Download Submit

  • \??\c:\a.bat
    Filesize

    5KB

    MD5

    0019a0451cc6b9659762c3e274bc04fb

    SHA1

    5259e256cc0908f2846e532161b989f1295f479b

    SHA256

    ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

    SHA512

    314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

    Download Submit

  • memory/1320-1151-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2044-130-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2044-6-0x00000000007A0000-0x00000000007A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2044-8-0x00000000022F0000-0x00000000022F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2044-0-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2044-1-0x00000000009B0000-0x00000000009E0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2044-2-0x00000000022B0000-0x00000000022B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2044-3-0x00000000022A0000-0x00000000022A5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2044-135-0x00000000009B0000-0x00000000009E0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2044-5-0x00000000022C0000-0x00000000022C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2044-9-0x00000000022E0000-0x00000000022E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2044-10-0x00000000022D0000-0x00000000022D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2044-7-0x0000000002280000-0x0000000002281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2200-360-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2304-812-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2576-473-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3260-1264-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3676-586-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3796-925-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4200-133-0x0000000002100000-0x0000000002101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4200-126-0x0000000000590000-0x00000000005C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4200-127-0x0000000000650000-0x0000000000655000-memory.dmp

    Filesize

    20KB

    Download

  • memory/4200-132-0x0000000002110000-0x0000000002111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4200-134-0x00000000020F0000-0x00000000020F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4200-246-0x0000000000590000-0x00000000005C0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4200-245-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4200-131-0x00000000020E0000-0x00000000020E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4248-699-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4628-1038-0x0000000000400000-0x000000000052F000-memory.dmp

    Filesize

    1.2MB

    Download