Overview

overview

10

Static

static

3

2d3728194b...18.exe

windows7-x64

10

2d3728194b...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-10-2024 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d3728194bb0fcdf013114f8c2d4b416_JaffaCakes118.exe

  • Size

    209KB

  • MD5

    2d3728194bb0fcdf013114f8c2d4b416

  • SHA1

    c4e1856ba775abee83dc859fd435a7e71fa38d9f

  • SHA256

    11d4ca0c5f76091f3423fb30ebd6adc6c9983609f46da62b0fe2056edd608cc0

  • SHA512

    4891963b25f3b15a6ebbc5f97f73d57a8a16faa327ddb19153073f5e796c92fe8fcc54b5c6c708c52baf170a75dfd8f42b267ef1ec2027f14aa8fb2a6ded463c

  • SSDEEP

    3072:iNu9h3eiLZT2UTOyU2qTq/yecrqyEIlyny4iio1t1oBM9/AC99kLNh11GJ+UEtE4:lh3eeTXFUnq/yesLEoynn7BMJSXtt34M

Score
10/10
discoveryevasion

Malware Config

Signatures

  • Modifies security service 2 TTPs 22 IoCs
    evasion
  • Executes dropped EXE 10 IoCs
  • Drops file in System32 directory 22 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 33 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 33 IoCs
  • Runs .reg file with regedit 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d3728194bb0fcdf013114f8c2d4b416_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2d3728194bb0fcdf013114f8c2d4b416_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4776
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\AcD.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:468
      • C:\Windows\SysWOW64\regedit.exe
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        3⤵
        • Modifies security service
        • System Location Discovery: System Language Discovery
        • Runs .reg file with regedit
        PID:2972
    • C:\Windows\SysWOW64\Tilecomgm.com
      C:\Windows\system32\Tilecomgm.com 1196 "C:\Users\Admin\AppData\Local\Temp\2d3728194bb0fcdf013114f8c2d4b416_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3920
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c c:\AcD.bat
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2112
        • C:\Windows\SysWOW64\regedit.exe
          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
          4⤵
          • Modifies security service
          • System Location Discovery: System Language Discovery
          • Runs .reg file with regedit
          PID:1752
      • C:\Windows\SysWOW64\Tilecomgm.com
        C:\Windows\system32\Tilecomgm.com 1208 "C:\Windows\SysWOW64\Tilecomgm.com"
        3⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:944
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c c:\AcD.bat
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1712
          • C:\Windows\SysWOW64\regedit.exe
            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
            5⤵
            • Modifies security service
            • System Location Discovery: System Language Discovery
            • Runs .reg file with regedit
            PID:492
        • C:\Windows\SysWOW64\Tilecomgm.com
          C:\Windows\system32\Tilecomgm.com 1180 "C:\Windows\SysWOW64\Tilecomgm.com"
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:468
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c c:\AcD.bat
            5⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:5096
            • C:\Windows\SysWOW64\regedit.exe
              REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
              6⤵
              • Modifies security service
              • System Location Discovery: System Language Discovery
              • Runs .reg file with regedit
              PID:3524
          • C:\Windows\SysWOW64\Tilecomgm.com
            C:\Windows\system32\Tilecomgm.com 1184 "C:\Windows\SysWOW64\Tilecomgm.com"
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:4724
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c c:\AcD.bat
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:4972
              • C:\Windows\SysWOW64\regedit.exe
                REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                7⤵
                • Modifies security service
                • System Location Discovery: System Language Discovery
                • Runs .reg file with regedit
                PID:3504
            • C:\Windows\SysWOW64\Tilecomgm.com
              C:\Windows\system32\Tilecomgm.com 1176 "C:\Windows\SysWOW64\Tilecomgm.com"
              6⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:2892
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c c:\AcD.bat
                7⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:3912
                • C:\Windows\SysWOW64\regedit.exe
                  REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                  8⤵
                  • Modifies security service
                  • System Location Discovery: System Language Discovery
                  • Runs .reg file with regedit
                  PID:3980
              • C:\Windows\SysWOW64\Tilecomgm.com
                C:\Windows\system32\Tilecomgm.com 1188 "C:\Windows\SysWOW64\Tilecomgm.com"
                7⤵
                • Executes dropped EXE
                • Drops file in System32 directory
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:3524
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c c:\AcD.bat
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of WriteProcessMemory
                  PID:1384
                  • C:\Windows\SysWOW64\regedit.exe
                    REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                    9⤵
                    • Modifies security service
                    • System Location Discovery: System Language Discovery
                    • Runs .reg file with regedit
                    PID:4828
                • C:\Windows\SysWOW64\Tilecomgm.com
                  C:\Windows\system32\Tilecomgm.com 1200 "C:\Windows\SysWOW64\Tilecomgm.com"
                  8⤵
                  • Executes dropped EXE
                  • Drops file in System32 directory
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • Suspicious use of WriteProcessMemory
                  PID:1180
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c c:\AcD.bat
                    9⤵
                    • System Location Discovery: System Language Discovery
                    PID:2516
                    • C:\Windows\SysWOW64\regedit.exe
                      REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                      10⤵
                      • Modifies security service
                      • System Location Discovery: System Language Discovery
                      • Runs .reg file with regedit
                      PID:3380
                  • C:\Windows\SysWOW64\Tilecomgm.com
                    C:\Windows\system32\Tilecomgm.com 1192 "C:\Windows\SysWOW64\Tilecomgm.com"
                    9⤵
                    • Executes dropped EXE
                    • Drops file in System32 directory
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    PID:1604
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /c c:\AcD.bat
                      10⤵
                      • System Location Discovery: System Language Discovery
                      PID:4704
                      • C:\Windows\SysWOW64\regedit.exe
                        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                        11⤵
                        • Modifies security service
                        • System Location Discovery: System Language Discovery
                        • Runs .reg file with regedit
                        PID:1968
                    • C:\Windows\SysWOW64\Tilecomgm.com
                      C:\Windows\system32\Tilecomgm.com 1204 "C:\Windows\SysWOW64\Tilecomgm.com"
                      10⤵
                      • Executes dropped EXE
                      • Drops file in System32 directory
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      PID:4420
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c c:\AcD.bat
                        11⤵
                        • System Location Discovery: System Language Discovery
                        PID:5048
                        • C:\Windows\SysWOW64\regedit.exe
                          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                          12⤵
                          • Modifies security service
                          • System Location Discovery: System Language Discovery
                          • Runs .reg file with regedit
                          PID:756
                      • C:\Windows\SysWOW64\Tilecomgm.com
                        C:\Windows\system32\Tilecomgm.com 1212 "C:\Windows\SysWOW64\Tilecomgm.com"
                        11⤵
                        • Executes dropped EXE
                        • Drops file in System32 directory
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        PID:4048
                        • C:\Windows\SysWOW64\cmd.exe
                          C:\Windows\system32\cmd.exe /c c:\AcD.bat
                          12⤵
                          • System Location Discovery: System Language Discovery
                          PID:2068
                          • C:\Windows\SysWOW64\regedit.exe
                            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                            13⤵
                            • Modifies security service
                            • System Location Discovery: System Language Discovery
                            • Runs .reg file with regedit
                            PID:2020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    274B

    MD5

    eee5718ce97d259fd8acec31375fc375

    SHA1

    989c64b0c9a049f1b7ad9e677c4566ab1559744f

    SHA256

    1975123645c58e5160d63cc6ab8430f9dd0bc70d5cddafccf3687d655730dcfb

    SHA512

    6c2e14846b20128ac8bea8470b4455fd4b65de7457c216824cfa7008fafa41c29445290de6780dc4f6f3beea97ec3137c02c9b7504877d6c845e573a7b7db610

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    815B

    MD5

    fadf3805f68986d2ee9c82f560a564e4

    SHA1

    87bcab6ab1fb66ace98eb1d36e54eb9c11628aa6

    SHA256

    d6e4760c4554b061363e89648dc4144f8a9ba8a300dde1a1621f22ecc62ab759

    SHA512

    e3e495385da6d181a2411554a61b27c480ff31fa49225e8b2dc46b9ec4f618343475a8d189786b956c91efc65bfb05be19065bfdf3288eb011c5ec427e764cb9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    9e5db93bd3302c217b15561d8f1e299d

    SHA1

    95a5579b336d16213909beda75589fd0a2091f30

    SHA256

    f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

    SHA512

    b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    849B

    MD5

    558ce6da965ba1758d112b22e15aa5a2

    SHA1

    a365542609e4d1dc46be62928b08612fcabe2ede

    SHA256

    c11beaac10a5e00391ef4b41be8c240f59c5a2dc930aead6d7db237fcd2641fb

    SHA512

    37f7f10c3d201b11cc5224ae69c5990eb33b4430c601d3c21f6bec9323621120442e0cfa49e1f4eda459ea4ac750277e446dca78b9e44c1445bd891e4e460b5c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    61ec72543aaac5c7b336d2b22f919c07

    SHA1

    5bddb1f73b24c2113e9bf8268640f75fb0f3bd8d

    SHA256

    088881ff28ef1240847decd884be366614865bf9660f862dbffa64d504467aea

    SHA512

    e8ed6c1813218a542e0449f6bcda47b9464f2445a5d4b20e20b657d5328eb9fd5ddf859e61794a0b3d32057590ac029064c078d5743fe1a316ca8fdf254f7f62

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    2KB

    MD5

    f8a9a1aa9bab7821d25ae628e6d04f68

    SHA1

    c3e7a9ccc9805ae94aabfd16e2cb461fde3fae5a

    SHA256

    76ee7c489d11427af94d0334368ef2ed44df4a74984ffd4022c9ea9fae9c41fb

    SHA512

    0fb3a29367fa3c3eb36c6a7e9ff217ccdd7cce18309964aa7068a00f500ea4ea49588344ebbc52ae77d83e5042c3fdb84f56fa1dae07b8bb774aed6fffd18c0a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    1011B

    MD5

    5088b4be1b90717121e76c1fc33c033a

    SHA1

    090676b012c30e6b0d6493ca1e9a31f3093cad6f

    SHA256

    d1d8c8ac4136082ac60938e8148c43d81fa91a124eccf34048e629d22daeef3a

    SHA512

    0cac2dcf138b1a66f857a54c92afe467ef7544655cd1c4aec3b4084c92c9186d9ba10e0e74a54a6e43e676068d3747f668f7286d44fcefce7ee4d385a3a96962

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    1daa413d1a8cd1692f2e4ae22b54c74a

    SHA1

    2e02e2a23cfaa62f301e29a117e291ff93cc5d31

    SHA256

    10732e2612780d9694faf0bb9b27cdc6f3376ad327da7dfc346e9e5579493d33

    SHA512

    b947c70c7c4af971e3fbdc66fb7175b6624ac68c6a723dac7ecb5cf5f43bbe210fa0fa61fd4b6153dccf7de077d003ca03f061e209dc37773546b038e6aef277

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    1KB

    MD5

    e2d37af73d5fe4a504db3f8c0d560e3d

    SHA1

    88c6bf5b485dd9c79283ccb5d2546ffbb95e563d

    SHA256

    e615959931f345e611ac44be7534d697c1495c641d13e50ae919a7807c8ff008

    SHA512

    8cb17131326361071a3ae2997cdfaa316ce10c481f48af23fa526380daffa39b2538251cbaa4cf3bd9a9c0014a9184be5a13a44cf45fb93591ba3180670ddb89

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    298B

    MD5

    4117e5a9c995bab9cd3bce3fc2b99a46

    SHA1

    80144ccbad81c2efb1df64e13d3d5f59ca4486da

    SHA256

    37b58c2d66ab2f896316ee0cdba30dcc9aac15a51995b8ba6c143c8ba34bf292

    SHA512

    bdb721bd3dea641a9b1f26b46311c05199de01c6b0d7ea2b973aa71a4f796b292a6964ddef32ba9dfc4a545768943d105f110c5d60716e0ff6f82914affb507c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1.reg
    Filesize

    3KB

    MD5

    d085cde42c14e8ee2a5e8870d08aee42

    SHA1

    c8e967f1d301f97dbcf252d7e1677e590126f994

    SHA256

    a15d5dfd655de1214e0aae2292ead17eef1f1b211d39fac03276bbd6325b0d9f

    SHA512

    de2cebd45d3cf053df17ae43466db6a8b2d816bf4b9a8deb5b577cfedf765b5dcdc5904145809ad3ca03ccff308f8893ec1faa309dd34afcab7cc1836d698d7b

    Download Submit

  • C:\Windows\SysWOW64\Tilecomgm.com
    Filesize

    209KB

    MD5

    2d3728194bb0fcdf013114f8c2d4b416

    SHA1

    c4e1856ba775abee83dc859fd435a7e71fa38d9f

    SHA256

    11d4ca0c5f76091f3423fb30ebd6adc6c9983609f46da62b0fe2056edd608cc0

    SHA512

    4891963b25f3b15a6ebbc5f97f73d57a8a16faa327ddb19153073f5e796c92fe8fcc54b5c6c708c52baf170a75dfd8f42b267ef1ec2027f14aa8fb2a6ded463c

    Download Submit

  • \??\c:\AcD.bat
    Filesize

    5KB

    MD5

    0019a0451cc6b9659762c3e274bc04fb

    SHA1

    5259e256cc0908f2846e532161b989f1295f479b

    SHA256

    ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

    SHA512

    314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

    Download Submit

  • memory/468-647-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/468-534-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/468-422-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/944-420-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/944-307-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/944-533-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/1180-877-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2892-873-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/2892-650-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/3524-763-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/3524-875-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/3920-188-0x0000000002570000-0x0000000002571000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-190-0x00000000024A0000-0x00000000024A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-305-0x0000000000520000-0x0000000000550000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3920-304-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/3920-181-0x0000000002290000-0x0000000002291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-182-0x00000000023E0000-0x00000000023E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-180-0x0000000002280000-0x0000000002281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-184-0x0000000002420000-0x0000000002421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-185-0x0000000002480000-0x0000000002481000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-178-0x0000000000520000-0x0000000000550000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3920-189-0x0000000002440000-0x0000000002441000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-411-0x0000000000520000-0x0000000000550000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3920-191-0x00000000024D0000-0x00000000024D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-406-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/3920-176-0x00000000004F0000-0x00000000004F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-183-0x0000000002400000-0x0000000002401000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-192-0x00000000024F0000-0x00000000024F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-193-0x0000000002530000-0x0000000002531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-194-0x0000000002550000-0x0000000002551000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3920-187-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4724-761-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4724-648-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4724-536-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4776-15-0x0000000002420000-0x0000000002421000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-10-0x00000000022A0000-0x00000000022A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-165-0x0000000003300000-0x0000000003301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-164-0x0000000003310000-0x0000000003311000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-163-0x00000000032E0000-0x00000000032E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-162-0x00000000032C0000-0x00000000032C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-161-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-160-0x0000000003280000-0x0000000003281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-159-0x0000000003260000-0x0000000003261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-158-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-156-0x0000000003240000-0x0000000003241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-155-0x0000000003250000-0x0000000003251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-153-0x0000000003220000-0x0000000003221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-152-0x0000000003230000-0x0000000003231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-151-0x0000000003100000-0x0000000003101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-148-0x00000000030F0000-0x00000000030F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-177-0x0000000000630000-0x0000000000660000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4776-168-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-169-0x00000000032B0000-0x00000000032B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-175-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4776-179-0x0000000000600000-0x0000000000601000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-170-0x00000000032D0000-0x00000000032D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-149-0x00000000030E0000-0x00000000030E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-171-0x00000000032F0000-0x00000000032F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-167-0x0000000003320000-0x0000000003321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-150-0x0000000003110000-0x0000000003111000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-4-0x0000000000770000-0x0000000000771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-7-0x0000000002240000-0x0000000002241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-5-0x0000000000610000-0x0000000000611000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-6-0x0000000000620000-0x0000000000621000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-8-0x0000000002280000-0x0000000002281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-166-0x0000000003330000-0x0000000003331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-11-0x0000000002290000-0x0000000002291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-12-0x00000000022C0000-0x00000000022C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-13-0x00000000022B0000-0x00000000022B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-0-0x0000000000400000-0x00000000004BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/4776-16-0x00000000022F0000-0x00000000022F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-18-0x0000000002430000-0x0000000002431000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-19-0x0000000002450000-0x0000000002451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-20-0x0000000002470000-0x0000000002471000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-21-0x00000000024A0000-0x00000000024A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-22-0x00000000024C0000-0x00000000024C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-23-0x00000000024F0000-0x00000000024F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-24-0x00000000024E0000-0x00000000024E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-25-0x0000000002510000-0x0000000002511000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-26-0x0000000002500000-0x0000000002501000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-27-0x0000000002520000-0x0000000002521000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-28-0x0000000002540000-0x0000000002541000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-29-0x0000000002230000-0x0000000002231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-30-0x00000000022E0000-0x00000000022E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-31-0x0000000002440000-0x0000000002441000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-32-0x0000000002460000-0x0000000002461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-33-0x0000000002490000-0x0000000002491000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-34-0x00000000024B0000-0x00000000024B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-35-0x00000000024D0000-0x00000000024D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-36-0x0000000002530000-0x0000000002531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-37-0x0000000002550000-0x0000000002551000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-14-0x00000000022D0000-0x00000000022D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-9-0x0000000002270000-0x0000000002271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4776-3-0x0000000002220000-0x0000000002224000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4776-2-0x0000000000630000-0x0000000000660000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4776-1-0x0000000000600000-0x0000000000601000-memory.dmp

    Filesize

    4KB

    Download