Overview

overview

10

Static

static

5

5691f8daf8...18.exe

windows7-x64

10

5691f8daf8...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5691f8daf89fcb97032f8ab5b4d671db_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    5691f8daf89fcb97032f8ab5b4d671db

  • SHA1

    8a7f6d40e5c44cc48e847806683cb419ed345f11

  • SHA256

    776d07a69fd0780e421400e5eb3d6469195d161eb063f712add08f25c6077fed

  • SHA512

    dd1d6f00c2e81af8daf8402390847028096b6746667b839bf8ee4ee13fde901f6bcebcb964deb041b59289befc1501cf6d6f59cebf70a8ab95d692dc58dd391e

  • SSDEEP

    24576:M29edV3EqRFllOCq4Bj5g13isqB4wWbouQ:D9a3FrlHq4vjsqB4wgK

Score
10/10
darkcometsalityguest 777backdoordiscoveryevasionpersistencerattrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Extracted

Family

darkcomet

Botnet

Guest 777

C2

magnumbiz2.no-ip.biz:1000

Mutex

DC_MUTEX-WUY2B69

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    lbwAN2cQj9ve

  • install

    true

  • offline_keylogger

    true

  • password

    123456

  • persistence

    false

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies firewall policy service 3 TTPs 3 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 15 IoCs
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of SetThreadContext 1 IoCs
  • UPX packed file 22 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1096
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1160
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
          PID:1220
          • C:\Users\Admin\AppData\Local\Temp\5691f8daf89fcb97032f8ab5b4d671db_JaffaCakes118.exe
            "C:\Users\Admin\AppData\Local\Temp\5691f8daf89fcb97032f8ab5b4d671db_JaffaCakes118.exe"
            2⤵
            • Modifies firewall policy service
            • UAC bypass
            • Windows security bypass
            • Windows security modification
            • Checks whether UAC is enabled
            • Suspicious use of SetThreadContext
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            • System policy modification
            PID:1756
            • C:\Users\Admin\AppData\Local\Temp\5691f8daf89fcb97032f8ab5b4d671db_JaffaCakes118.exe
              "C:\Users\Admin\AppData\Local\Temp\5691f8daf89fcb97032f8ab5b4d671db_JaffaCakes118.exe"
              3⤵
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2808
              • C:\Users\Admin\AppData\Local\Temp\CBSIDLM-TR1_5-YOONO_DESKTOP-10968233.EXE
                "C:\Users\Admin\AppData\Local\Temp\CBSIDLM-TR1_5-YOONO_DESKTOP-10968233.EXE"
                4⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Checks whether UAC is enabled
                • System Location Discovery: System Language Discovery
                PID:2704
              • C:\Users\Admin\AppData\Local\Temp\CMDEXP.EXE
                "C:\Users\Admin\AppData\Local\Temp\CMDEXP.EXE"
                4⤵
                • Modifies WinLogon for persistence
                • Executes dropped EXE
                • Loads dropped DLL
                • Adds Run key to start application
                • System Location Discovery: System Language Discovery
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:2720
                • C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
                  "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"
                  5⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of SetWindowsHookEx
                  PID:1780
        • C:\Windows\system32\DllHost.exe
          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
          1⤵
            PID:1524

          Network

          MITRE ATT&CK Enterprise v15

          Reconnaissance

          Resource Development

          Initial Access

          Execution

          Persistence

          Boot or Logon Autostart Execution

          2
          T1547

          Registry Run Keys / Startup Folder

          1
          T1547.001

          Winlogon Helper DLL

          1
          T1547.004

          Create or Modify System Process

          1
          T1543

          Windows Service

          1
          T1543.003

          Privilege Escalation

          Abuse Elevation Control Mechanism

          1
          T1548

          Bypass User Account Control

          1
          T1548.002

          Boot or Logon Autostart Execution

          2
          T1547

          Registry Run Keys / Startup Folder

          1
          T1547.001

          Winlogon Helper DLL

          1
          T1547.004

          Create or Modify System Process

          1
          T1543

          Windows Service

          1
          T1543.003

          Defense Evasion

          Abuse Elevation Control Mechanism

          1
          T1548

          Bypass User Account Control

          1
          T1548.002

          Impair Defenses

          4
          T1562

          Disable or Modify System Firewall

          1
          T1562.004

          Disable or Modify Tools

          3
          T1562.001

          Modify Registry

          7
          T1112

          Credential Access

          Discovery

          System Information Discovery

          2
          T1082

          System Location Discovery

          1
          T1614

          System Language Discovery

          1
          T1614.001

          Lateral Movement

          Collection

          Command and Control

          Exfiltration

          Impact

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\CMDEXP.EXE
            Filesize

            252KB

            MD5

            b114dc094d0053f257e4933a95926119

            SHA1

            904c18ac98491444e311b04fc2aa9f658f518036

            SHA256

            ad77670d3b037dddd9a8fd565b499dcebe6e0e067f8348a480e1e04b8d381352

            SHA512

            f394a9477fc2ee6da9d00b4d65a7b7504b83c5701032bf3e6dd9b3a9f6bffa63e4a1c65dd738d7556b3315a8f0d75efb6b7f2b6c209c98c7e36f396914dc81c0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\DownloadList.lua
            Filesize

            10KB

            MD5

            efcc382d98ba885e281d06f6448ab989

            SHA1

            7deff5310c8b09817f2cc001d9f7d5d721262f92

            SHA256

            8da165f4851b4ad8792c3a6069db855c27b151062805cc37cbe03fbbc2d8363d

            SHA512

            fd3dd0a700402453e2ce6f085d8af3c80dedae742d276d18d3d9a04945549276c146bea9ced6eb6e64a1a3661aac4df9397642d19842d82d0ebf63d7b106ce34

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaBridge.dll
            Filesize

            20KB

            MD5

            9d05719b084770dc9db32664d7c721df

            SHA1

            1b89b312f06ef282bb9509b58a0be8ef541fd903

            SHA256

            f80704c617aa9b65f390b93a52eb309e0f13a3b34b855617aad4f3126e6fe7a9

            SHA512

            dfc4680ded783a3f00122d8db098970e13028f58e14b87207fd70ce149bc6d0015f7cb5b4116cae71789f81d672e538e1c71ca70721162d7c719387f916e865c

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaSocket\lua\ltn12.lua
            Filesize

            8KB

            MD5

            e440044afe6c761507a996b5b45ab0f9

            SHA1

            ef772c758fd5d6098b41375f35ac26f3963cc306

            SHA256

            b1864aed85c114354b04fbe9b3f41c5ebc4df6d129e08ef65a0c413d0daabd29

            SHA512

            8a82df90459929de1c91ed29a122a149749d42adbb85faf0c3123d0f0886babc90cb93de85105feb7497b46552a6747ae05b985f5a488d1d8f1a2a7db44077b4

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaSocket\lua\mime.lua
            Filesize

            2KB

            MD5

            4bfdaaab9014fe129bc6388fd5687c8f

            SHA1

            2c6ff28245e1dc7ec9ac1c43c3cda354d07b2c4a

            SHA256

            e9167e0da842a0b856cbe6a2cf576f2d11bcedb5985e8e4c8c71a73486f6fa5a

            SHA512

            3a1a4d838bb5cafe71da262ee7bd6dccbd30dd4d7abe0d04f6ecf96bf704d5e111967be812894a47f2eb3374ee110620b7cc47eebac8b72ddcf7f506ba82a607

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaSocket\lua\socket.lua
            Filesize

            4KB

            MD5

            74dbe1060e91112e1c21ef9870b4a587

            SHA1

            86afb6aecb0a8387ffa5dead1cc9808332f94310

            SHA256

            15fd138a169cae80fecf4c797b33a257d587ed446f02ecf3ef913e307a22f96d

            SHA512

            73218ebb2ad27d3402173054be997089549698d9112acb4b1c9fe044689a40ceda3df00304d336d2034e61c04832f52d971509240414838841d40f53fc0c3723

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaSocket\lua\socket\ftp.lua
            Filesize

            9KB

            MD5

            7309f4294ae4abb4f6ae657b2a98d488

            SHA1

            327d143e9f7a1835a58fdaf569a8f7a937fcf2c0

            SHA256

            9ba5df91091c46f0ffe0a93ace577a4833c92cbec1742113d0a2da9e568f9a10

            SHA512

            a44d2603af63828e8a0b1fbc7455305c616e5bae4a351b429e7e94a6aa7e4d6425f69d57d6a44ba87ee5d29accfc01c1f3ff288652120ff8f08a66543d357895

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaSocket\lua\socket\http.lua
            Filesize

            12KB

            MD5

            61a2a779da46e835338f1ad1efad1717

            SHA1

            091d49262b7c1d1f4a89655673710f6d8a37baf0

            SHA256

            68fd4bc835da98dd1d5509333f8cc8861133c9439d3de879bf29a96de462940a

            SHA512

            657594b8ea1a2584c45d85df6c57c5ed43bfae2ece2db534e52ad66a8c7f8c1f85f99bc9329fd8d88a06b6fd2b9121b8e359dbdfd532da0e26d94352a055ec14

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaSocket\lua\socket\tp.lua
            Filesize

            3KB

            MD5

            2cad406e591cade482c7f16f39c21481

            SHA1

            84a3ab88ff7a9102c2c6d21bdb6eede6862167a4

            SHA256

            343afa62f69c7c140fbbf02b4ba2f7b2f711b6201bb6671c67a3744394084269

            SHA512

            ecc98991c25036b54f2bb71b3229e4bc8fb401e55db0e5f9c958c2a7b00b40fc9ae2d7e45002d4f2a03cec85535785c42ab6d20476fe095a76444d143493b145

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaSocket\lua\socket\url.lua
            Filesize

            10KB

            MD5

            8fb662c362da002b833793ea7794fdaf

            SHA1

            7afaf1ad22c95690cbb3f55226b617121efc20eb

            SHA256

            269526c11dbb25b1b4b13eec4e7577e15de33ca18afa70a2be5f373b771bd1ab

            SHA512

            b0b766ac2b5cff879009ad9f74295f7ab0bf8b0628b8aece5597243e0fa96f4a85361728fd8a08eea7d2629dfc5e5d8b6aebca432075ad74c131ad3161a475c7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaSocket\mime\core.dll
            Filesize

            52KB

            MD5

            4a4845ba1666907f708c9c10a31ec227

            SHA1

            1ebf626adc84147e5114885ce779f92d6eb68f3a

            SHA256

            a1ffee9687ab4a23a78b3251888aff09e2896d76f8d16d713367b265f125188d

            SHA512

            d009f5e2a2ecfbec5e5e788ade142d612846d0c99921774e4a11b060998dfb0680cf1e1a54604535d5560738093f9ae166866cb23eee5c7d9c4e5cc5a33e7464

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\UACInfo.dll
            Filesize

            4KB

            MD5

            d02a497be5f89c44827f142c4662f591

            SHA1

            38f83ccbac11de069df0e1cd79a6fdf7f006516c

            SHA256

            6d29dfd24695535b5973d8261d93373603ceaae03ab97662fe1b3dcc47d18226

            SHA512

            81c87f9d56a8ab7703a4effd3ba7b982b6765ecbdc0dbb1c595f549c4310a5db57dcdc38929eafe56983ea8cefc0b572c3faf82a4b62eb7c564b05550215f1c1

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\definitions.lua
            Filesize

            4KB

            MD5

            840fd3d93db939b1e4b504d8fe587ed1

            SHA1

            98f0dd4aca7765c158bcd1fe1d11bbee5e1e586e

            SHA256

            e2d0e6bcd2d6cb69a6d9e84d80f9cb182fb0b6db5592d8b304ad6eb98590c35c

            SHA512

            570ae6db31df726b8fe9aff35e553ad669d4c25deabce424b865b96597933225ab644a7e2944b8507e2d5a0b0e04396025ce711cba9beac7bc5844c435ab76a1

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\json.lua
            Filesize

            18KB

            MD5

            29b3c5e9e82d2bb50dabb265e95a63eb

            SHA1

            4be64773dbf6784f480d82b564aed19a91518977

            SHA256

            ce576da68ae4f8636849a50d3f03278ee414109b6232014e5c1ba3c107ecf469

            SHA512

            300cf2335aeb6d78d2c1bb9c7b81553c0ec91e8cb872dab0cc2b7d5ee54d7b9368c1acb92d64e9ddd895c7fccd066eaf0ae94d24a371c854e3931e8d9acb6c33

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\utils.lua
            Filesize

            39KB

            MD5

            1a08e6701868d895a482039de5f19872

            SHA1

            ea3acc57b598ce7564994f4131e7e7029f098503

            SHA256

            5ee55478e71a8d5e4697ec52495fb9e1bea104e30d783475b876a04e10781657

            SHA512

            0892c0177414bee95ea687753d85d5e4cb95f0eb8e0e97ea0f30840f0e0d9418ce60ddfdb58dea1ede52eae749704a45759f539de12cecca93247bcdaa58d56d

            Download Submit

          • \Users\Admin\AppData\Local\Temp\CBSIDLM-TR1_5-YOONO_DESKTOP-10968233.EXE
            Filesize

            573KB

            MD5

            795ce399b0ff5850ec39b6ed73b68282

            SHA1

            76a33f18410cd93dc994975222aa0ac5606af1dc

            SHA256

            a8e30ceaeb1ae11c989c952e9dabdf19f4ea384fb7f7f1d9fd36d2a6312ae76f

            SHA512

            c3659798f63f52afbe3a98ad9b2c9331cfb87698a3769a6209c20b019908d53e86c70d4b03890c5205f41da777a0e214765c6c335c4767402f442530c45c591e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\FloatingProgress.dll
            Filesize

            25KB

            MD5

            b592d0d9c7f00f86167b785770c16aa2

            SHA1

            b23d7dd1f8e4898f8ebae6fc991859ee56927138

            SHA256

            246b585650b61dd13b5cf61850bf13fddf327124cb59832952a0390f44c96ec0

            SHA512

            f8a06492e249a0a58793951a26c5145fa390f5cb8d0e1d2e79476dab3d7730c4894ff2b9f7ad2957270639114ab75ee6ac126cc7a6bfd066b725d6e6944b9697

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaSocket\socket\core.dll
            Filesize

            80KB

            MD5

            4bf7db111acfa7c28ad36606107b3322

            SHA1

            6f20b9f6663ce0c309a2ce60e718d64ffb6c75b3

            SHA256

            bfe8445c38ee71240e856f85d79e94123d7179bf43688de0e2a14e32e6ef21b0

            SHA512

            0a5e66a65b80e15d8198f2934c58227ae17680f0fbea9865b2f44af82a29c53d4f95cf9616b4dfd75202420eb73b7d962cf2c84fdad6ce26afe1eb4bb978d0b6

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\LuaXml_lib.dll
            Filesize

            11KB

            MD5

            7292b642bd958aeb7fd7cfd19e45b068

            SHA1

            19a800620d041634abae5b5d096cb0e87ce4c188

            SHA256

            90f1bb98e034fcf7bfddb8cb0a85b27a9c9ddb01b926b4e139e1e8fc53d41d09

            SHA512

            bd758e0833454e0aa2af976ac94fde17c5401102c5991887cefbe8e337974381584c73e2d1e50e49263c55c3788e24dc7f8bd0b9d2a76a6cbe38e48dd9d6c44a

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\System.dll
            Filesize

            10KB

            MD5

            7e3c808299aa2c405dffa864471ddb7f

            SHA1

            b5de7804dd35ed7afd0c3b59d866f1a0749495e0

            SHA256

            91c47a9a54a3a8c359e89a8b4e133e6b7296586748ed3e8f4fe566abd6c81ddd

            SHA512

            599f61d5270227a68e5c4b8db41b5aa7bc17a4bbe91dd7336b410516fa6107f4f5bf0bbb3f6cc4b2e15b16bf9495fdc70832bab6262046cb136ad18f0c9b3738

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\lua51.dll
            Filesize

            160KB

            MD5

            13c3a33c1f6e43f38de533fd0b766c98

            SHA1

            6b92c3d6694ddc40d9b75853baa51cb2f9f8db13

            SHA256

            4158063b0a868431f6430f54c1192bf20e58a43a6d3d03b740e090951e2f4427

            SHA512

            d64466c03deec744e7c0bfc23e54ee91a4eff4075fb92ef97c0014bbfb00e0d21731119a3a199fb9cac4a528419e8b8066589eddadb16b445ea298d67b037c15

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\luacom.dll
            Filesize

            287KB

            MD5

            ed7f7857933b38e5d10daf828e79af19

            SHA1

            7f1445f87f7e2256efc33ef56da20c3b23a1e0f9

            SHA256

            9dd5218bc2d12f4d07e268bc6ec01d6eefde4b99a07246d0a96d18477d331b5b

            SHA512

            ceaf9597d4cb725c4ec8b7af8d1090b38df102b52ca7606a24e9a094fc81f450f93ad22770c905db9115e271fa5fa4f5731caa7b1875e204edb10fb691741715

            Download Submit

          • \Users\Admin\AppData\Local\Temp\nsoDDF2.tmp\version.dll
            Filesize

            6KB

            MD5

            ebc5bb904cdac1c67ada3fa733229966

            SHA1

            3c6abfa0ddef7f3289f38326077a5041389b15d2

            SHA256

            3eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75

            SHA512

            fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f

            Download Submit

          • memory/1096-16-0x0000000001FD0000-0x0000000001FD2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1756-25-0x00000000002B0000-0x00000000002B2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1756-63-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-29-0x00000000002B0000-0x00000000002B2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1756-52-0x00000000002B0000-0x00000000002B2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1756-4-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-6-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-8-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-1-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-13-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-10-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-28-0x00000000002C0000-0x00000000002C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1756-12-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-9-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-30-0x00000000002B0000-0x00000000002B2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1756-7-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-11-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-62-0x0000000000400000-0x00000000005B6000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1756-14-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-15-0x0000000002990000-0x0000000003A1E000-memory.dmp

            Filesize

            16.6MB

            Download

          • memory/1756-44-0x00000000052D0000-0x0000000005486000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1756-0-0x0000000000400000-0x00000000005B6000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1756-26-0x00000000002C0000-0x00000000002C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1780-264-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

            Download

          • memory/1780-389-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

            Download

          • memory/1780-388-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

            Download

          • memory/2704-201-0x0000000002570000-0x00000000025BE000-memory.dmp

            Filesize

            312KB

            Download

          • memory/2704-140-0x0000000002550000-0x0000000002566000-memory.dmp

            Filesize

            88KB

            Download

          • memory/2704-386-0x0000000000380000-0x0000000000389000-memory.dmp

            Filesize

            36KB

            Download

          • memory/2704-100-0x0000000000460000-0x0000000000488000-memory.dmp

            Filesize

            160KB

            Download

          • memory/2704-244-0x0000000000510000-0x000000000051C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2704-387-0x0000000000510000-0x0000000000512000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2704-152-0x0000000000390000-0x000000000039E000-memory.dmp

            Filesize

            56KB

            Download

          • memory/2720-268-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

            Download

          • memory/2720-82-0x0000000000400000-0x00000000004B7000-memory.dmp

            Filesize

            732KB

            Download

          • memory/2720-262-0x0000000003CC0000-0x0000000003D77000-memory.dmp

            Filesize

            732KB

            Download

          • memory/2720-261-0x0000000003CC0000-0x0000000003D77000-memory.dmp

            Filesize

            732KB

            Download

          • memory/2808-81-0x0000000002C80000-0x0000000002D37000-memory.dmp

            Filesize

            732KB

            Download

          • memory/2808-31-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download

          • memory/2808-84-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download

          • memory/2808-33-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download

          • memory/2808-80-0x0000000002C80000-0x0000000002D37000-memory.dmp

            Filesize

            732KB

            Download

          • memory/2808-35-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download

          • memory/2808-37-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download

          • memory/2808-64-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download

          • memory/2808-46-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download

          • memory/2808-39-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download

          • memory/2808-41-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download

          • memory/2808-43-0x0000000000400000-0x00000000004E0000-memory.dmp

            Filesize

            896KB

            Download