Overview

overview

10

Static

static

3

2d3728194b...18.exe

windows7-x64

10

2d3728194b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    137s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2024 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d3728194bb0fcdf013114f8c2d4b416_JaffaCakes118.exe

  • Size

    209KB

  • MD5

    2d3728194bb0fcdf013114f8c2d4b416

  • SHA1

    c4e1856ba775abee83dc859fd435a7e71fa38d9f

  • SHA256

    11d4ca0c5f76091f3423fb30ebd6adc6c9983609f46da62b0fe2056edd608cc0

  • SHA512

    4891963b25f3b15a6ebbc5f97f73d57a8a16faa327ddb19153073f5e796c92fe8fcc54b5c6c708c52baf170a75dfd8f42b267ef1ec2027f14aa8fb2a6ded463c

  • SSDEEP

    3072:iNu9h3eiLZT2UTOyU2qTq/yecrqyEIlyny4iio1t1oBM9/AC99kLNh11GJ+UEtE4:lh3eeTXFUnq/yesLEoynn7BMJSXtt34M

Score
10/10
bootkitdiscoveryevasionpersistence

Malware Config

Signatures

  • Modifies security service 2 TTPs 20 IoCs
    evasion
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 20 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 11 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 22 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 31 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 33 IoCs
  • Runs .reg file with regedit 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d3728194bb0fcdf013114f8c2d4b416_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2d3728194bb0fcdf013114f8c2d4b416_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\AcD.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Windows\SysWOW64\regedit.exe
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        3⤵
        • Modifies security service
        • System Location Discovery: System Language Discovery
        • Runs .reg file with regedit
        PID:1112
    • C:\Windows\SysWOW64\Tilecomgm.com
      C:\Windows\system32\Tilecomgm.com 480 "C:\Users\Admin\AppData\Local\Temp\2d3728194bb0fcdf013114f8c2d4b416_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Writes to the Master Boot Record (MBR)
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:768
      • C:\Windows\SysWOW64\Tilecomgm.com
        C:\Windows\system32\Tilecomgm.com 536 "C:\Windows\SysWOW64\Tilecomgm.com"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Writes to the Master Boot Record (MBR)
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1604
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c c:\AcD.bat
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:280
          • C:\Windows\SysWOW64\regedit.exe
            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
            5⤵
            • Modifies security service
            • System Location Discovery: System Language Discovery
            • Runs .reg file with regedit
            PID:2320
        • C:\Windows\SysWOW64\Tilecomgm.com
          C:\Windows\system32\Tilecomgm.com 548 "C:\Windows\SysWOW64\Tilecomgm.com"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Writes to the Master Boot Record (MBR)
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:2748
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c c:\AcD.bat
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2812
            • C:\Windows\SysWOW64\regedit.exe
              REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
              6⤵
              • Modifies security service
              • System Location Discovery: System Language Discovery
              • Runs .reg file with regedit
              PID:608
          • C:\Windows\SysWOW64\Tilecomgm.com
            C:\Windows\system32\Tilecomgm.com 552 "C:\Windows\SysWOW64\Tilecomgm.com"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Writes to the Master Boot Record (MBR)
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:1724
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c c:\AcD.bat
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1004
              • C:\Windows\SysWOW64\regedit.exe
                REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                7⤵
                • Modifies security service
                • System Location Discovery: System Language Discovery
                • Runs .reg file with regedit
                PID:2572
            • C:\Windows\SysWOW64\Tilecomgm.com
              C:\Windows\system32\Tilecomgm.com 560 "C:\Windows\SysWOW64\Tilecomgm.com"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Writes to the Master Boot Record (MBR)
              • Drops file in System32 directory
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:388
              • C:\Windows\SysWOW64\cmd.exe
                cmd /c c:\AcD.bat
                7⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:264
                • C:\Windows\SysWOW64\regedit.exe
                  REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                  8⤵
                  • Modifies security service
                  • System Location Discovery: System Language Discovery
                  • Runs .reg file with regedit
                  PID:2672
              • C:\Windows\SysWOW64\Tilecomgm.com
                C:\Windows\system32\Tilecomgm.com 568 "C:\Windows\SysWOW64\Tilecomgm.com"
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Writes to the Master Boot Record (MBR)
                • Drops file in System32 directory
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                PID:1700
                • C:\Windows\SysWOW64\cmd.exe
                  cmd /c c:\AcD.bat
                  8⤵
                  • System Location Discovery: System Language Discovery
                  PID:2460
                  • C:\Windows\SysWOW64\regedit.exe
                    REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                    9⤵
                    • Modifies security service
                    • System Location Discovery: System Language Discovery
                    • Runs .reg file with regedit
                    PID:2624
                • C:\Windows\SysWOW64\Tilecomgm.com
                  C:\Windows\system32\Tilecomgm.com 556 "C:\Windows\SysWOW64\Tilecomgm.com"
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Writes to the Master Boot Record (MBR)
                  • Drops file in System32 directory
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  PID:1316
                  • C:\Windows\SysWOW64\cmd.exe
                    cmd /c c:\AcD.bat
                    9⤵
                    • System Location Discovery: System Language Discovery
                    PID:2260
                    • C:\Windows\SysWOW64\regedit.exe
                      REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                      10⤵
                      • Modifies security service
                      • System Location Discovery: System Language Discovery
                      • Runs .reg file with regedit
                      PID:2684
                  • C:\Windows\SysWOW64\Tilecomgm.com
                    C:\Windows\system32\Tilecomgm.com 564 "C:\Windows\SysWOW64\Tilecomgm.com"
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Writes to the Master Boot Record (MBR)
                    • Drops file in System32 directory
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    PID:2804
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd /c c:\AcD.bat
                      10⤵
                      • System Location Discovery: System Language Discovery
                      PID:2124
                      • C:\Windows\SysWOW64\regedit.exe
                        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                        11⤵
                        • Modifies security service
                        • System Location Discovery: System Language Discovery
                        • Runs .reg file with regedit
                        PID:288
                    • C:\Windows\SysWOW64\Tilecomgm.com
                      C:\Windows\system32\Tilecomgm.com 572 "C:\Windows\SysWOW64\Tilecomgm.com"
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Writes to the Master Boot Record (MBR)
                      • Drops file in System32 directory
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      PID:2272
                      • C:\Windows\SysWOW64\cmd.exe
                        cmd /c c:\AcD.bat
                        11⤵
                        • System Location Discovery: System Language Discovery
                        PID:2992
                        • C:\Windows\SysWOW64\regedit.exe
                          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                          12⤵
                          • Modifies security service
                          • System Location Discovery: System Language Discovery
                          • Runs .reg file with regedit
                          PID:1480
                      • C:\Windows\SysWOW64\Tilecomgm.com
                        C:\Windows\system32\Tilecomgm.com 576 "C:\Windows\SysWOW64\Tilecomgm.com"
                        11⤵
                        • Executes dropped EXE
                        • Writes to the Master Boot Record (MBR)
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        PID:2284
                        • C:\Windows\SysWOW64\cmd.exe
                          cmd /c c:\AcD.bat
                          12⤵
                          • System Location Discovery: System Language Discovery
                          PID:2904
                          • C:\Windows\SysWOW64\regedit.exe
                            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                            13⤵
                            • Modifies security service
                            • System Location Discovery: System Language Discovery
                            • Runs .reg file with regedit
                            PID:1112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\AcD.bat
    Filesize

    5KB

    MD5

    0019a0451cc6b9659762c3e274bc04fb

    SHA1

    5259e256cc0908f2846e532161b989f1295f479b

    SHA256

    ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

    SHA512

    314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    476B

    MD5

    a5d4cddfecf34e5391a7a3df62312327

    SHA1

    04a3c708bab0c15b6746cf9dbf41a71c917a98b9

    SHA256

    8961a4310b2413753851ba8afe2feb4c522c20e856c6a98537d8ab440f48853a

    SHA512

    48024549d0fcb88e3bd46f7fb42715181142cae764a3daeb64cad07f10cf3bf14153731aeafba9a191557e29ddf1c5b62a460588823df215e2246eddaeff6643

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    9e5db93bd3302c217b15561d8f1e299d

    SHA1

    95a5579b336d16213909beda75589fd0a2091f30

    SHA256

    f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

    SHA512

    b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    208B

    MD5

    67a0c98a371995d5434cb9788ee1c42f

    SHA1

    7171d3dca52f038ca9d9e8b13f356462dbc8f3cc

    SHA256

    2ac5bd7466724458c6f36bbbe6be697bfbc95d3b8f8ad486b83d595bd295dbc3

    SHA512

    f5b31a9e68044db25853f9a158dd4ff1da717beb5802dd11a6d3b705b5bf065304c98df3c81c8487e922d4f94690ecfb2662077bffb50cba036bcd8e50935191

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    703B

    MD5

    e2564fc59a86ea85b7485ab7288c68c4

    SHA1

    bc1544d9a03d1adafe399067ac32bf8d1cedbdb0

    SHA256

    68e8d8ef14bfbe96ebad3fb391fd4c1e57068a7f950dd31840884f6d58b078a8

    SHA512

    e09c6741d99ec41763e939aa39adb4e0f8508d37556c52251eec268849e85960da42ace7e9b82f1927de5bcf29ebec205189b113d2bb123025f3e6615b28ff0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    501effddf60a974e98b67dc8921aa7e8

    SHA1

    734dfe4b508dbc1527ec92e91821a1251aec5b2e

    SHA256

    672e3c47827c2fc929fc92cd7d2a61d9ba41e847f876a1e5486e2701cbc3cb06

    SHA512

    28081046c5b0eb6a5578134e19af2a447d38afda338bd3ae4c2fc0054460580d47f9ab6d8c9001ff605e76df462e7bbcab80be15deaf3ca6264e20717dfb9c1c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    e6d8af5aed642209c88269bf56af50ae

    SHA1

    633d40da997074dc0ed10938ebc49a3aeb3a7fc8

    SHA256

    550abc09abce5b065d360dfea741ab7dd8abbe2ea11cd46b093632860775baec

    SHA512

    6949fc255c1abf009ecbe0591fb6dbfd96409ee98ae438dbac8945684ccf694c046d5b51d2bf7679c1e02f42e8f32e8e29a9b7bdbc84442bec0497b64dfa84cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    1KB

    MD5

    5f6aefafda312b288b7d555c1fc36dc9

    SHA1

    f25e2fdea9dd714d0fae68af71cace7bb49302ce

    SHA256

    60f6d3cbf831857bf18e46a43ff403a03e2035d9430a72d768ea9cec1947917a

    SHA512

    97f0250ba79b008d7632a2f32a7b851d9ca87f116b2854d5343c120511cfd55551a1f3eb3e0959602656b39b3f86003a0f9d04243ceb8b73d28eb9bb9449a6de

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    815B

    MD5

    fadf3805f68986d2ee9c82f560a564e4

    SHA1

    87bcab6ab1fb66ace98eb1d36e54eb9c11628aa6

    SHA256

    d6e4760c4554b061363e89648dc4144f8a9ba8a300dde1a1621f22ecc62ab759

    SHA512

    e3e495385da6d181a2411554a61b27c480ff31fa49225e8b2dc46b9ec4f618343475a8d189786b956c91efc65bfb05be19065bfdf3288eb011c5ec427e764cb9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    1KB

    MD5

    3637baf389a0d79b412adb2a7f1b7d09

    SHA1

    f4b011a72f59cf98a325f12b7e40ddd0548ccc16

    SHA256

    835336f5d468ac1d8361f9afbc8e69ff1538c51b0b619d641b4b41dcfaa39cba

    SHA512

    ea71a49c3673e9ce4f92d0f38441b3bc5b3b9ef6649caa21972648e34b6cec8694fa8fb7fc0ddad1e58f0464e0ba917c4500090a3db3fc07e1d258079c1c2506

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    6b0182442d6e09100c34904ae6d8ee0c

    SHA1

    6255e65587505629521ea048a4e40cc48b512f2c

    SHA256

    cb34af7065e6c95f33fee397991045dae5dfae9d510660e6981ee6263542f9a4

    SHA512

    64395a0c6fce50a64a2067522b798f9b27c577da96e8d68f830a075ba833f1d644af27a9c6fc941ebb3d79999ac31576763378c9997a5b38eb5fdf075918eb46

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    851B

    MD5

    a13ff758fc4326eaa44582bc9700aead

    SHA1

    a4927b4a3b84526c5c42a077ade4652ab308f83f

    SHA256

    c0915178e63bf84c54e9c942b5cc80327c24d84125042767d7e1e2ef3e004588

    SHA512

    86c336086a1d0ca689e133df8e3c3ec83eeef86649dbf8b9d367c3e543358ad54f69d1a20d56c56200e294f22b2741186db0f359051159b4e670d3e9b5861842

    Download Submit

  • C:\Windows\SysWOW64\Tilecomgm.com
    Filesize

    209KB

    MD5

    2d3728194bb0fcdf013114f8c2d4b416

    SHA1

    c4e1856ba775abee83dc859fd435a7e71fa38d9f

    SHA256

    11d4ca0c5f76091f3423fb30ebd6adc6c9983609f46da62b0fe2056edd608cc0

    SHA512

    4891963b25f3b15a6ebbc5f97f73d57a8a16faa327ddb19153073f5e796c92fe8fcc54b5c6c708c52baf170a75dfd8f42b267ef1ec2027f14aa8fb2a6ded463c

    Download Submit

  • memory/388-693-0x00000000034B0000-0x000000000356C000-memory.dmp

    Filesize

    752KB

    Download

  • memory/388-575-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/768-329-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/768-191-0x00000000003E0000-0x00000000003E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-189-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-198-0x0000000000710000-0x0000000000711000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-328-0x00000000004C0000-0x00000000004F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/768-204-0x0000000002420000-0x0000000002421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-203-0x0000000002400000-0x0000000002401000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-190-0x00000000004C0000-0x00000000004F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/768-202-0x00000000023E0000-0x00000000023E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-209-0x0000000003320000-0x00000000033DC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/768-207-0x00000000004C0000-0x00000000004F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/768-206-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/768-187-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/768-201-0x00000000023C0000-0x00000000023C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-192-0x00000000003F0000-0x00000000003F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-193-0x0000000000560000-0x0000000000561000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-194-0x0000000000580000-0x0000000000581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-195-0x00000000005A0000-0x00000000005A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-196-0x00000000006D0000-0x00000000006D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-197-0x00000000006F0000-0x00000000006F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-199-0x0000000002380000-0x0000000002381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/768-200-0x00000000023A0000-0x00000000023A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1604-451-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1604-212-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1604-330-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1604-333-0x0000000003330000-0x00000000033EC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1700-696-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1724-691-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2140-163-0x00000000026B0000-0x00000000026B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-17-0x0000000000780000-0x0000000000781000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-172-0x0000000002970000-0x0000000002971000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-171-0x0000000002940000-0x0000000002941000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-170-0x0000000002950000-0x0000000002951000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-169-0x0000000002920000-0x0000000002921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-168-0x0000000002930000-0x0000000002931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-167-0x0000000002900000-0x0000000002901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-166-0x0000000002910000-0x0000000002911000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-165-0x00000000028E0000-0x00000000028E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-164-0x00000000028F0000-0x00000000028F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-174-0x0000000002990000-0x0000000002991000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-162-0x00000000026C0000-0x00000000026C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-161-0x0000000002650000-0x0000000002651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-160-0x0000000002660000-0x0000000002661000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-159-0x0000000002630000-0x0000000002631000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-158-0x0000000002640000-0x0000000002641000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-157-0x0000000002200000-0x0000000002201000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-156-0x0000000002620000-0x0000000002621000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-175-0x0000000002980000-0x0000000002981000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-4-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-5-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-6-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-7-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-8-0x00000000004C0000-0x00000000004C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-9-0x0000000000500000-0x0000000000501000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-10-0x00000000004F0000-0x00000000004F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-11-0x0000000000520000-0x0000000000521000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-12-0x0000000000510000-0x0000000000511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-13-0x0000000000540000-0x0000000000541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-14-0x0000000000530000-0x0000000000531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-15-0x0000000000760000-0x0000000000761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-16-0x0000000000750000-0x0000000000751000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-173-0x0000000002960000-0x0000000002961000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-155-0x00000000021E0000-0x00000000021E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-154-0x00000000021F0000-0x00000000021F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-188-0x00000000002F0000-0x0000000000320000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2140-18-0x0000000000770000-0x0000000000771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-186-0x0000000003340000-0x00000000033FC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2140-185-0x0000000003340000-0x00000000033FC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2140-184-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2140-19-0x00000000007A0000-0x00000000007A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-20-0x0000000000790000-0x0000000000791000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-21-0x00000000008D0000-0x00000000008D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-22-0x00000000007B0000-0x00000000007B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-23-0x00000000008F0000-0x00000000008F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-24-0x00000000008E0000-0x00000000008E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-25-0x0000000000910000-0x0000000000911000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-26-0x0000000000900000-0x0000000000901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-27-0x0000000000930000-0x0000000000931000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-28-0x0000000000920000-0x0000000000921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-29-0x00000000020B0000-0x00000000020B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-1-0x00000000002F0000-0x0000000000320000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2140-30-0x00000000020A0000-0x00000000020A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-31-0x00000000020D0000-0x00000000020D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-0-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2140-34-0x00000000020F0000-0x00000000020F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-35-0x00000000020E0000-0x00000000020E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-36-0x0000000002110000-0x0000000002111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-37-0x0000000002100000-0x0000000002101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-32-0x00000000020C0000-0x00000000020C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2140-3-0x00000000002D0000-0x00000000002D4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2748-571-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2748-454-0x0000000003320000-0x00000000033DC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2748-335-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download