107c51b0d1450b5066cf98873e1d2126b5282fc81a892182da8c395a57ba3d7e

Analysis

max time kernel
146s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
Size

5.0MB
MD5

13b592e64b7b9c793bf72cd8789a8ff4
SHA1

90565d7d1410c857f9750adad80e91b6d25d8c8b
SHA256

107c51b0d1450b5066cf98873e1d2126b5282fc81a892182da8c395a57ba3d7e
SHA512

435b75c2e4314ee443adaacd7e0ae0580ed668b77b1cca33c4bcbf16d922b35761812f33cea49c583017889eeaceeb63c5c835ca1c0d22a258800cadafd46255
SSDEEP

98304:fUN5TVf1czAIfW4+TmAhl49RScJi0cONg3BC3vt2U3Rk+IcQQsHE+x23spOgDk:+5TLQ+Cf9RJsetk1cQQsk+MspOV

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0008000000016ca2-7.dat	acprotect

Loads dropped DLL 25 IoCs

pid	Process
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe

UPX packed file 29 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000016ca2-7.dat	upx
behavioral1/memory/2440-15-0x00000000040C0000-0x000000000411B000-memory.dmp	upx
behavioral1/memory/2440-127-0x0000000006040000-0x000000000609B000-memory.dmp	upx
behavioral1/memory/2440-244-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-373-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-460-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-557-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-569-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-667-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-681-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-783-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-893-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-995-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-1102-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-1213-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-1325-0x00000000060C0000-0x000000000611B000-memory.dmp	upx
behavioral1/memory/2440-1429-0x0000000002510000-0x000000000256B000-memory.dmp	upx
behavioral1/memory/2440-1535-0x0000000002550000-0x00000000025AB000-memory.dmp	upx
behavioral1/memory/2440-1649-0x0000000002590000-0x00000000025EB000-memory.dmp	upx
behavioral1/memory/2440-1752-0x0000000006040000-0x000000000609B000-memory.dmp	upx
behavioral1/memory/2440-1855-0x0000000002590000-0x00000000025EB000-memory.dmp	upx
behavioral1/memory/2440-1861-0x0000000006040000-0x000000000609B000-memory.dmp	upx
behavioral1/memory/2440-1968-0x0000000006040000-0x000000000609B000-memory.dmp	upx
behavioral1/memory/2440-2076-0x0000000006040000-0x000000000609B000-memory.dmp	upx
behavioral1/memory/2440-2183-0x0000000006040000-0x000000000609B000-memory.dmp	upx
behavioral1/memory/2440-2291-0x0000000006040000-0x000000000609B000-memory.dmp	upx
behavioral1/memory/2440-2402-0x0000000006040000-0x000000000609B000-memory.dmp	upx
behavioral1/memory/2440-2512-0x0000000006040000-0x000000000609B000-memory.dmp	upx
behavioral1/memory/2440-2614-0x0000000006040000-0x000000000609B000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
2440	13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\13b592e64b7b9c793bf72cd8789a8ff4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~ZM708F.tmp

Filesize
47KB

MD5
778ec2605d321a00f97abe22b2c543c9

SHA1
9755525dc45b0f68cf8927b455105fd4021f31c3

SHA256
be44028a67f9186034a7753e23087cae8b619af7d86bb4d43e84904a17d235cd

SHA512
b6135a31a3e8d92e9ca04540055fab00fb9e086cbca6a1b423a62a464eb0cf8f73205115c05ab64c7ad5379391e987cf88a65954e199a0ab7b20e665fd35c3b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{B75B2F7D-2A3F-4CD7-A14F-8B72C75DA770}\css\style.css

Filesize
798B

MD5
cb5973a649f313f168e5d668cfc9e7e8

SHA1
84ef3619b568654bb0c77f935a1c335032e4e0b4

SHA256
9a67a56443d8b7e07dc68f7ce128bec7c970ea12c3462d36d5634dce5150af0c

SHA512
61dedd513b187a947972fa8f47667ea129989d576498ca4de48004882be387b669bf321014d66b9db5e7907ba2659f5770761dfe6b431a0513fcf2cca12cc856

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{B75B2F7D-2A3F-4CD7-A14F-8B72C75DA770}\images\line.gif

Filesize
43B

MD5
edd0fd087a54df4dbcf0afa8e309629f

SHA1
ad944d9989a0dd6fe9f471d511d755b8c53517be

SHA256
0aff2a7ec123f7f837dded84bb0f3ba8f43e39e2298d57d06f8b29eb485a825c

SHA512
a90f00493e3b45bc4d8422164acd7b7ed63bcab533cc5376c1818fd76962e1617e1c8b95dcccfd4492c251ab69d30e3c8d1e38596bc933bc631afdb2981fad0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{B75B2F7D-2A3F-4CD7-A14F-8B72C75DA770}\images\logo.bmp

Filesize
2KB

MD5
12c2fbd2e0c4f3d0ae7041cf4c77a5e2

SHA1
dc6415ca5587b4ef5548ea898a4072602e1d8024

SHA256
82123efb70e474dfe9b8b43f0145e749a53d69744b88b7f14aaecb16a8ce0b77

SHA512
429e003a2cd322ce1a30326b857c6911dda3c99aa778fb8ddfdeeeb2171620877e119e7e5759bb4051295b5f4633bbcd6d1fd259541fb817409e83a760ac4fea

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{B75B2F7D-2A3F-4CD7-A14F-8B72C75DA770}\index_ru.html

Filesize
2KB

MD5
a82117db7038a05c5ccc57135c187944

SHA1
0ed43f027238a8a7aec38fe9b997ad77687f4e59

SHA256
df67774a0748f84768fae306f34a79e502ae24d62c58581756892a0435042342

SHA512
09f6db0a3a534054406517694c8c69a5d5bfa835ee67cf68443697e9e9b9d85c9297dc42ce57799e97cca35e5ab574b4676352236a431e46c303d73d7fe2615a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{B75B2F7D-2A3F-4CD7-A14F-8B72C75DA770}\js\common.js

Filesize
102B

MD5
fd7b0ad90e04f867f0caf572d03b6d1c

SHA1
f54f16fcb066d29d280276dd280b7ee7c83a1573

SHA256
c9c9589c41594137ef6f54b394d3495910601e8f0d77f4ba0866b513e84a24e6

SHA512
0215bd6562e26025c3dd0e6d9696a930368a146bd6d9eab8b0b30149ceeb03a8d0f7b8511203f27e3adcfc5affb9ef7ca040659eb670fead4289c233910f553c

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{B75B2F7D-2A3F-4CD7-A14F-8B72C75DA770}\js\lang.js

Filesize
632B

MD5
f3ca8504fe38798d402ada65acc0923e

SHA1
8f9930721e2a559be8e4379cb6e9dc9ffd71ef52

SHA256
f4b4d8d4bb78d970a3fcf6dc8ee0353776801ef373b54d839cd8853c1481a378

SHA512
ab1324ec6f5dcd034efadb6eef3224244de5eb328a4c28e4646a7a182d6af2ec60dad50f52b1e8aedbe18e3eb6a03a4705949763746952492e9abb0f9e01bec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{B75B2F7D-2A3F-4CD7-A14F-8B72C75DA770}\js\unitpngfix.js

Filesize
959B

MD5
997b4c4553a419650ec27b7f53cd94ef

SHA1
13a577fe4669412ef3d54bd761ff7878876079c1

SHA256
a044dffe80c9ce80d2364681836b7835fdc1c49f30ba83192231e5089973c9a4

SHA512
5f423448c03f1f79b4cc326125e27e60a57bf54c9c834c6be6b848712a814c71376a2def86bb5bbe20c4856798ee88560222f9ff60a9e81a5ece1110d7ef76c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\act.html

Filesize
1KB

MD5
a1b9539655d5d658025ceb2d7229c7a4

SHA1
d2451fbc65b40e587da0eb826ae31723644fba73

SHA256
a00d1d2b1f2484016b5635911941a4312a931f923d38ae370d8ca12b9eb7b0c0

SHA512
5cfeec2f8ba358a6825919cb284dc9f05f7a47cc4a95abb3b755f4d682f21daf50b79d8d9fb57937f15cb250ddfea21a505365676cc3630029a34965b3c22797

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\act_e.html

Filesize
1KB

MD5
9add02c9b061f26558ac4232deafada3

SHA1
d4a632d0c47151736b141cc57a0da347070416dd

SHA256
843c4564e35070038719842da2ac56db54de10bf56e1018acd24c5d6f16b83e1

SHA512
fe6ab97b46549c0fde52991168238da781a86379dbe0f792110c9421945e2b5602f414a6533bab12ecd2da14beb12b8d22bdfb871203fd861f4b24d677aa1125

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\images\clear.gif

Filesize
43B

MD5
9bb191c6827273aa978cab39a3587950

SHA1
25d8043336eb799e52b1a0e15ff6b95e09c24e35

SHA256
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

SHA512
c3970b9a8dc9b424528274e8d22d21e9990ce956aede61cba13de8d7832a8c896eaf1032662a78e95980ea013090cd4406f32604da3c6f557aa136842d04324d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\images\folder.png

Filesize
1KB

MD5
95aeee0a22d081f89ad164356a28c4ec

SHA1
6876e98636889ebf37181587c62a80634b4764fa

SHA256
38636170b97a7778df25136aa9288e9b20fae5daf51d7ab0335339fbdf61b50d

SHA512
d2fdbf6910b4f634086578812c45333f655b04fa507fd272eb5349b581b463a113cc4069b3f3df8555729f8d071be7cf7654d32b47f338becddada7d0d08ff36

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\images\pg_bg.gif

Filesize
1KB

MD5
f6256fac35a08d3f74618f90ffd63ae8

SHA1
b6b56d1c8e6d78c50a9c16b7535af4758b6ad207

SHA256
80ff887dfe481ff522c785faa0dec7ed479d7cf3e455a0679aa814015932dfc4

SHA512
e760f2fa1f8d52e1d4770f40dbc81cfc7d1f2ee69f54b05c8279c9ff88424f05d26026762dc9f0bb7ce575dbfe4cdb1b28c9b81f53de3eaef2db514b9a93c3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\images\pg_fill.gif

Filesize
103B

MD5
b329042c01fef0f3a857022723c8bb17

SHA1
72e638818277ffd08c26853322251f08951b44bb

SHA256
c326f095066971b33a91c49130f06fb48d0e780a3779bc2970e987b46880a259

SHA512
3a4479334593aaa5f4d9177cf4159ae7feb285b146fc03f282e38075380faa9f99c107636360e4ef3d2382e37873b2d7cff2b7d00292f11a980ba967799d4389

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\images\pg_left.gif

Filesize
1KB

MD5
cf1411b3ad017737ca7cd6bde1e16889

SHA1
1fb89291b97237318354b3df6a8c380960117c8f

SHA256
1bfa623bd168314fbe0a482c8b778aec0305c08fda7d722da93d0014c1793ad1

SHA512
27292ae76bc11b66414fedbe1a7a0a46520ebd6aba823d3a3d7ed163f3a4e9a91c2857030189d3bc705c35cff34239679a0fe17544a44254eb5f014b60074f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\images\pg_right.gif

Filesize
1KB

MD5
41d44b879b4ae9bff6a78c1187d90280

SHA1
807059de70fc0036e0644804f0170da91b900006

SHA256
7b47a14c272c9fe0089e4298d66e2a865a53b382e33a13bb190666badf77dd30

SHA512
44672da8442cf2ed02872abf1b0e218251002b6d0d7145d3556661efbc24b55a1987817eba2f67b7a95c555b40d070ab68d0c3b7993ed7b822b9d747416be576

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\index.html

Filesize
1KB

MD5
6bf20a909082e9938f131c8f13ee82d4

SHA1
e209cb20fc03d4196d660ee59e27a6be94aa1695

SHA256
899b7f786d875c3b4f4165b357977f2ba989bf84eef694b3a5ff091bffbc4a8f

SHA512
e4d94a6d72f08c37e2ff468afc0f95800706ae37632c3e58207c971cfd1b4bb7b9791767c0c7740af6004fe7bf44902f30320f64096a293660161238aff8ee58

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\index_en.html

Filesize
2KB

MD5
b110aed843a2976569fe5c626b121c9b

SHA1
9435fd38e0e17f874b027997aef18c1f54c095f0

SHA256
7da9ba4ec17d1ac0b7bf04a71baba2d4214e181f361a7f015c1f345da5226cb0

SHA512
ef5e3a0b769ed0116251b192c54a3ca0d76b7b8ef95a692039a3e43b4fdd318717dc8b4482e0217136f2e48dbbb6e3edbd0bba9b8fd3d75c69ccb89ad0e1ea08

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\install.html

Filesize
2KB

MD5
b1425d9676f8cc81a0f735e07774d9b9

SHA1
17041f9a02fdda8aa8a7ae4fd5f3ffb1e4425ac1

SHA256
94f70f5a574174ee1e7245b6900c5d10fe023080fdfbcc3f5be3a01b0c9689f9

SHA512
5779b002edfc8cdab17ed32847a11c9321c233d067c2396acabd782de056abc32ae574ca14ee3a47aa15b97d0808cd6aeeab06844052bf29326d60bffe59ea9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\install_e.html

Filesize
2KB

MD5
f293d2fb21ad789ca16e7fdae8979d13

SHA1
1390bb126bccbc6ee861f1dd5c02e0fbcc475851

SHA256
01cf710d28f48806a134c23906c8322ecaa3cde4423706e38eb0d69cbe2fae05

SHA512
b86cdeb6cf8a4034795a65569591c0347eb63128b49e1261ed6d55ea2fc6378e1efa0b514c9a99a76bb4c8a9b29e9c6d91d24d4343150c6e12ee0a530d7c91b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\js\jquery.min.js

Filesize
89KB

MD5
9118381924c51c89d9414a311ec9c97f

SHA1
71cce71820cc47b3bd1098618d248325fcf24ddb

SHA256
951d6bae39eb172f57a88bd686f7a921cf060fd21f59648f0d20b6a8f98fc5a5

SHA512
496d1b07bcd838dcce15d4e880b33c985fa5a6f49a3c7e7983e472c95f3e751664896e67fdcd603601a4e62db17f30cb4e63c7bd20aab1a884a19243893a135a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\where.html

Filesize
2KB

MD5
bb2751665a6ef4fa015ad074d0adb4a8

SHA1
67204801054d918479765aeba6cd6bd5c3eb0da2

SHA256
a5d53cea57900e2a5179665ae18aa90a7e56a61188f9f01f0ff50f911cfa7698

SHA512
f3fa35a50cff6a8edcd7853ef6629787f46e0c1356f1719decd1d23523ba84e825c2d3698de9a1bcca0fde20999f5c18e3a2ed5bf0e8031f5d212d0f8240f6d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\~zm_{BD426DAE-ABA0-44CE-BD07-C4EBBF3E7C0C}\where_e.html

Filesize
2KB

MD5
ed53c8cc3d8e7624ad056c1e34f15334

SHA1
dad95eeee758a76aa79f882e64ec0fd48b84bc22

SHA256
a30f82989bcc0f614bbc5cd00335a19820f65526e82b760312585a59ab213fe0

SHA512
7b0ced99938417e3f70cb253425d315f54715e36c68093c483ae3b24721446e497e010017c6042ca3f675ff0a4ddb9cdcb27c1bd744f13e14fc7223148f8b991

Download Submit
\Users\Admin\AppData\Local\Temp\{DD1CCFC0-FCBB-4D34-BE1A-5F74725C31AE}.dll

Filesize
120KB

MD5
c9f333d1ff898672a34805f94a265329

SHA1
2deaac66698fb2e9b3868d23034c3211c508b739

SHA256
07e546811635574c77edfda126b0e5f5292b4ea13f35158eddedcfc3cbf74b6b

SHA512
048c71e48e2def0bfc69ebfb69b834d650a9377082782333f50728fdfd6675df8093d0c87e606022e55d09f81549d4ca3b640bcdd33b9ddc9aace03ee1466add

Download Submit
memory/2440-460-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-1213-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-127-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download
memory/2440-15-0x00000000040C0000-0x000000000411B000-memory.dmp

Filesize
364KB

Download
memory/2440-3-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-1-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-2-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-230-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-232-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-233-0x00000000040C0000-0x000000000411B000-memory.dmp

Filesize
364KB

Download
memory/2440-244-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-341-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download
memory/2440-373-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-449-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-0-0x0000000000409000-0x000000000040B000-memory.dmp

Filesize
8KB

Download
memory/2440-557-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-558-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-569-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-667-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-681-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-775-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-783-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-893-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-990-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-995-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-1102-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-1205-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-126-0x0000000000409000-0x000000000040B000-memory.dmp

Filesize
8KB

Download
memory/2440-1325-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-1317-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-1429-0x0000000002510000-0x000000000256B000-memory.dmp

Filesize
364KB

Download
memory/2440-1530-0x00000000060C0000-0x000000000611B000-memory.dmp

Filesize
364KB

Download
memory/2440-1529-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-1535-0x0000000002550000-0x00000000025AB000-memory.dmp

Filesize
364KB

Download
memory/2440-1638-0x0000000002510000-0x000000000256B000-memory.dmp

Filesize
364KB

Download
memory/2440-1649-0x0000000002590000-0x00000000025EB000-memory.dmp

Filesize
364KB

Download
memory/2440-1746-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-1747-0x0000000002550000-0x00000000025AB000-memory.dmp

Filesize
364KB

Download
memory/2440-1752-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download
memory/2440-1855-0x0000000002590000-0x00000000025EB000-memory.dmp

Filesize
364KB

Download
memory/2440-1856-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-1861-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download
memory/2440-1968-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download
memory/2440-2071-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-2076-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download
memory/2440-2179-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-2183-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download
memory/2440-2291-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download
memory/2440-2394-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-2402-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download
memory/2440-2512-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download
memory/2440-2609-0x0000000000400000-0x000000000057C000-memory.dmp

Filesize
1.5MB

Download
memory/2440-2614-0x0000000006040000-0x000000000609B000-memory.dmp

Filesize
364KB

Download