Overview

overview

10

Static

static

5

44d56ece23...18.exe

windows7-x64

10

44d56ece23...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2024, 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44d56ece23d45d0c57e7f6ab498ea640_JaffaCakes118.exe

  • Size

    255KB

  • MD5

    44d56ece23d45d0c57e7f6ab498ea640

  • SHA1

    75f714e5f09ea679ecf9d6894093a403682b1d60

  • SHA256

    ea4d1ab1cf391c2ecfcd7b4c8fd7fd79ad7b89539606ec236e4f532204818752

  • SHA512

    c3c6a7a38ed848d508871dab669d543fb9461bc56d89b81d2edf79fdb8a5c8813c1d727caa638e888d396a41423e46b57a5b032621918018e7b9caadcf9a7c9a

  • SSDEEP

    6144:1xlZam+akqx6YQJXcNlEHUIQeE3mmBWFv6w:Plf5j6zCNa0xeE3md

Score
10/10
discoveryevasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 64 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 12 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44d56ece23d45d0c57e7f6ab498ea640_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\44d56ece23d45d0c57e7f6ab498ea640_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4060
    • C:\Windows\SysWOW64\jzehtjdlex.exe
      jzehtjdlex.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3616
      • C:\Windows\SysWOW64\deyuvbqx.exe
        C:\Windows\system32\deyuvbqx.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4072
    • C:\Windows\SysWOW64\fvjwuylduvwkvzg.exe
      fvjwuylduvwkvzg.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1580
    • C:\Windows\SysWOW64\deyuvbqx.exe
      deyuvbqx.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3080
    • C:\Windows\SysWOW64\jafwzraotxgid.exe
      jafwzraotxgid.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:5016
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

6
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
    Filesize

    255KB

    MD5

    92a6e49a971206cbe7b1f549423f6e03

    SHA1

    e6e7540b8b6f99ade1de436b1f2bbabc8e9b2765

    SHA256

    91c726cd3474701022ef0c6370ecb67e1f528cb554368e0e49e814821df58122

    SHA512

    ef206d7fb042b6e90848cff2a757a5ae538ffdd7bbdd0b6886da8ac90923f5e560ef460500c8e886261016290b3b775be19ed260c17c4c3ea4fc382553b2a10a

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
    Filesize

    255KB

    MD5

    ad2c3533f8d9629d333aed73a476cb84

    SHA1

    e985a3f028a61b777bb47a1c127895208163f93f

    SHA256

    8423354d0104e3f6329c4384d94286403f1d911c6f1b26f69afa48f29110eb05

    SHA512

    fe2112cd7678c1abbd0d9b034861843e335d77225c0c7d7d72806d23328aa37677f0718338ca5f11b582c1607df2dcdc5c844ca0ff34f73da4d2e167d91ca04f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    344B

    MD5

    8d24315d203378f8ef7f8177284de374

    SHA1

    d357c466b157e28b01213ff41cc2682437c6126c

    SHA256

    51c0d07ebe114b47df7ff52aae0fd85024318a52c3cf27672ac713cd256edc99

    SHA512

    fe6451ff809454e7834d612fd8ca246389ecdd249b955bffdeca5b8b2ceeb4e68c6823f365c1832fa27b20d0868ad19b56d378fa6f0655f4c647fa2728cf12ca

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
    Filesize

    16B

    MD5

    d29962abc88624befc0135579ae485ec

    SHA1

    e40a6458296ec6a2427bcb280572d023a9862b31

    SHA256

    a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

    SHA512

    4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    1KB

    MD5

    f58bb370cd87a045fd8679cdab4f3826

    SHA1

    a581ca207f3584c37e86f1ef2f7b6f00d53bdfb5

    SHA256

    4775573917a8bd7a5bc4969522d8141e4e437e36591d487b11a45ef2f8687151

    SHA512

    2b704abeb9a852f409e31cf7e34f774018f086f7e9963a9679bbc076d6c1893d0c5bdebb819c15f93473dfd7ece6f12d294f3201269d79892d4e96bd7ec72f36

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    2KB

    MD5

    73c34dc18a92359651315f1157aa3697

    SHA1

    4ca5dbbd3b4169891bae2b38be942a657e4b9161

    SHA256

    681c7b1be09f52834468b29d40744be83d44eaf53c8d77879902386f94cc9eec

    SHA512

    af514f8469d28a20d9d9c3e41cf81a0a896168d593a4bcf7450eb196bef01c84103ded0606c5e26e6f08b24f64a54b8488d146a396b05dfb9162ad88f47cd409

    Download Submit

  • C:\Windows\SysWOW64\deyuvbqx.exe
    Filesize

    255KB

    MD5

    b3d1cee3522d4a12c026b0eea6b4fc9f

    SHA1

    a54d8c7e09d4ecd575cd0361e203d00e28b7881d

    SHA256

    7bd102e23da9b5d39cac398184a9127a9bac285a2c40cbf003978549719ebeb4

    SHA512

    9bb961239d808813b3d15651eff8994d03ecc41ca3d5224a0b4d49bcb05f36e98882e0ea9a7be39decb5e8f520ad943a1588356ad3f183f1f4ec05fa56a06ff1

    Download Submit

  • C:\Windows\SysWOW64\fvjwuylduvwkvzg.exe
    Filesize

    255KB

    MD5

    a11b4a792d0d78adc1d8658b9ca9da9d

    SHA1

    150c11533e17bd61fa2bd7e22bef44fdd83970ab

    SHA256

    3405d106d5c96a6dfb588370d2e200130aa90ca6bc608f0f6fd8171a6bf6c6fb

    SHA512

    91957fb74132b1f72eb67e7ad275a9e8bd04d9bc8d9785ff5d8a3642714204a495c7d5c1fed54155c1c7ffb2b7687096dc028071fdc72347893840d4cae8b42b

    Download Submit

  • C:\Windows\SysWOW64\jafwzraotxgid.exe
    Filesize

    255KB

    MD5

    34ef808da35c52d4a6cefff4fa065a48

    SHA1

    6b363424d75cc5b459ea9e5f8684d6e0c2d21c33

    SHA256

    6ef0eba32c7f0226410cfbdbb7a0c5e35ad45375b3bbc029850026344f01bb8e

    SHA512

    893c813d74f36563779249bcc424c2764eec265586220c0a66b93990d79e4d71a936eac4e0b8ff3609f08f273ac3771b1f75337b51b8bbde2b425aa62f3d0020

    Download Submit

  • C:\Windows\SysWOW64\jzehtjdlex.exe
    Filesize

    255KB

    MD5

    8d033a6e77f193a28207f5728bb72cd9

    SHA1

    593f373cf5a729dacf864e3fe0f2524bcf5fbd40

    SHA256

    8e1ffa950ac563e2ec62cb929649518dab22d7e73bbd6e3af8ed45acdb7874a7

    SHA512

    da2559fe81f3f626f298c8c8ea461dfe28b221907265c8c80cefc5f36d2557da9857b957e6d872f5d67d153c2f1a8539e5e051d57886867f0931a1c4b30b42c5

    Download Submit

  • C:\Windows\mydoc.rtf
    Filesize

    223B

    MD5

    06604e5941c126e2e7be02c5cd9f62ec

    SHA1

    4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

    SHA256

    85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

    SHA512

    803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    255KB

    MD5

    30f9ae1b33a3c313007c09e0a6556056

    SHA1

    f7f5b3cdebc910e45df0d4da600d12c63a3150eb

    SHA256

    42f94296eafce80248ec1ae77575c69e635c428f3523ff19cb592b35adc86cd1

    SHA512

    c6b2cfa33b32b2c35d4c14cd0f9602f15bd37e199d641b0c54de361ece0f458720ade92f4e6972ac17d5669836f5194c88e269df7c2572b77e58cb61ac4dab63

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    255KB

    MD5

    7f986a65e0a5164b83c92877e3bc0e91

    SHA1

    6af9f712fc672eed53cb323255deebb6bf9dc48b

    SHA256

    7ca4f227a71d73c23036d96a6bd6e37f68e1d6e5e1183a43515b515a7d6aa8a1

    SHA512

    51faaf38eb359ece861b0aa687a045cf586ea3f7667c77acaff9c54f5e3049dfea35575f877cb4e405eed3982e070572627e63763140b610e082e452ea13077d

    Download Submit

  • memory/1580-616-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-86-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-628-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-554-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-625-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-622-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-619-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-578-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-583-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-613-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-82-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-610-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-607-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-595-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1580-588-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2208-38-0x00007FFDE15B0000-0x00007FFDE15C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2208-41-0x00007FFDDF3F0000-0x00007FFDDF400000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2208-37-0x00007FFDE15B0000-0x00007FFDE15C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2208-36-0x00007FFDE15B0000-0x00007FFDE15C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2208-39-0x00007FFDE15B0000-0x00007FFDE15C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2208-40-0x00007FFDE15B0000-0x00007FFDE15C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2208-42-0x00007FFDDF3F0000-0x00007FFDDF400000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-579-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3080-584-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3080-83-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3080-555-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3080-596-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3080-589-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3080-87-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3080-31-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3080-602-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-594-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-624-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-582-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-618-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-25-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-615-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-612-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-587-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-627-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-577-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-81-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-609-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-621-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-606-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-553-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3616-85-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4060-35-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4060-0-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4072-599-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4072-586-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4072-566-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4072-91-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4072-591-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4072-92-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4072-581-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4072-603-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4072-44-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-590-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-580-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-617-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-614-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-88-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-84-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-620-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-585-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-611-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-623-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-597-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-32-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-626-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-608-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-556-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/5016-629-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download