Overview

overview

10

Static

static

3

e86ad40904...18.exe

windows7-x64

10

e86ad40904...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-12-2024 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e86ad40904b8d251d9ddef1d1a54a26b_JaffaCakes118.exe

  • Size

    2.4MB

  • MD5

    e86ad40904b8d251d9ddef1d1a54a26b

  • SHA1

    354fc288ada35c1bda4ea9f6b4e6243d88d82cb5

  • SHA256

    16201e427085c22f33f0263fb0bf38620e9b7c20ccb502aa2a60a69597ef49eb

  • SHA512

    cfebf4652de998a6b190b8e9473b2116ae5548bdcb101c61c38fca628852b0f0d747fee87ce7fe2110de620d7d152c8b387310cd024a00da73d3ea95edbf061d

  • SSDEEP

    49152:CfzMiizP4eW7O13XIUOcQ4Gi3zsyWbVd6wbSnf+9OdfnQ4Moe:GWzQe6fUHGiDsyWbVdR2n29OZQQe

Score
10/10
cybergateratasdiscoverypersistencestealertrojanupx

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

RaTAS

C2

spy2281.no-ip.org:17604

Mutex

Microsoft

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    svchost.exe

  • install_dir

    WDR

  • install_file

    svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    cache

  • regkey_hkcu

    CALC_Sysrem

  • regkey_hklm

    SYSTEM.DLL

Signatures

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate
  • Cybergate family
    cybergate
  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops file in System32 directory 5 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 8 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3520
      • C:\Users\Admin\AppData\Local\Temp\e86ad40904b8d251d9ddef1d1a54a26b_JaffaCakes118.exe
        "C:\Users\Admin\AppData\Local\Temp\e86ad40904b8d251d9ddef1d1a54a26b_JaffaCakes118.exe"
        2⤵
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4936
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\update.exe
          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\update.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3540
          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\update.exe
            4⤵
            • Adds policy Run key to start application
            • Boot or Logon Autostart Execution: Active Setup
            • Executes dropped EXE
            • Adds Run key to start application
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of WriteProcessMemory
            PID:560
            • C:\Windows\SysWOW64\explorer.exe
              explorer.exe
              5⤵
              • Boot or Logon Autostart Execution: Active Setup
              • System Location Discovery: System Language Discovery
              PID:3744
            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\update.exe
              "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\update.exe"
              5⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Drops file in System32 directory
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of AdjustPrivilegeToken
              PID:3664
              • C:\Windows\SysWOW64\WDR\svchost.exe
                "C:\Windows\system32\WDR\svchost.exe"
                6⤵
                • Executes dropped EXE
                • Drops file in System32 directory
                • Suspicious use of SetThreadContext
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2996
                • C:\Windows\SysWOW64\WDR\svchost.exe
                  7⤵
                  • Executes dropped EXE
                  • System Location Discovery: System Language Discovery
                  PID:2944
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 568
                    8⤵
                    • Program crash
                    PID:2420
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SpyNet.exe
          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SpyNet.exe
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Checks SCSI registry key(s)
          • Checks processor information in registry
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1440
          • C:\Windows\SysWOW64\cscript.exe
            "C:\Windows\system32\cscript.exe" "C:\Users\Admin\AppData\Local\Temp\teste.vbs"
            4⤵
            • System Location Discovery: System Language Discovery
            PID:2676
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2944 -ip 2944
      1⤵
        PID:3576

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\IP.txt
        Filesize

        119KB

        MD5

        ce214b4bffa72ac8258a6073d6c77fc6

        SHA1

        a2d156ab40fd19a59cb225df31843492a8dbe953

        SHA256

        4bae52d51ffa5164c06d0bd15a1f76b83cb4f2d7bb92451743f189826bd9b4b4

        SHA512

        131033ca07a423d77a49d2e8f392a4cb95ebaa17482f43637fade3d18c9e071d87cad280ae6b8494d949916acaa6359e8d45def30bd7dcfebe97ef81625e471e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Language\Default.ini
        Filesize

        14KB

        MD5

        ee9826fd3883b9756896baed5d076cc6

        SHA1

        d1c829cabcb967410e03489723d9e51b9549d6f6

        SHA256

        e06ff3e2b4cf78d6147d00dbfd00066751d1d6680b3dd672e861574741a894d9

        SHA512

        404cfe3632fc3614a0e686504a2edcdf984aab20afc8fc4c7785d76bd52bf466078e756838c2ce5350439ad128756e55e1c3b12f3badd70fba8e74d171a05538

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Settings\Settings.ini
        Filesize

        1KB

        MD5

        448a49c2d7253c927e820056e9e7ea8b

        SHA1

        c7171c7b597beea4bb584319ddac80eadee5d3be

        SHA256

        afcc1b53d0e2ef177754d4f6ae9ab391e7115e39fc73caaabcb3cd585c2e4c7c

        SHA512

        54dc9c1eba0154aa648ec317c51642fd88d7dcd50b4e5f1eea5c67e1c7db91a7e8cb97d0b538e4a280d91a65fea8baa888734960fbf636b7067ac407840a5224

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\SpyNet.exe
        Filesize

        2.0MB

        MD5

        98de7bcad1ba2caf74007bd97bc2b505

        SHA1

        8a79d06159a339313b810f23835b8417429dd356

        SHA256

        e4b3b3e72bd3bf4052a3136cb811ea54923bc2d7807709992e0345743d49ced8

        SHA512

        ef57cc4f0ad4bf1f54baaf7213bf868c418eebfb0eee3c32ff376b67d5d5337c35a94a1418951d82aae371820ce37eade7cf0a74ce54a4198e18327bd232a35d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\update.exe
        Filesize

        364KB

        MD5

        9f83c3e14573faac037963bb7932fab7

        SHA1

        c17853ac6f3c1423d6d471944f3ecc04813fe997

        SHA256

        f42a6bbaabb0a7a78a72aecea9f06707b41b4b45b33720e07abed3d07b2a964d

        SHA512

        cf5e4c3fa6d72fb5399460f4c7e5330c4c80b175f97503b935bb7bf89c73a6674c9a3e8e8b32a383c0655a3516a064071b7454a95b96c3b619f78a497365ee38

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt
        Filesize

        229KB

        MD5

        1f2ce9fa3bde1b8f422c1340a75b03d2

        SHA1

        b97f5c6114cc7524e5fd87e828d360d11b6784e2

        SHA256

        eead11e2e07b2b573ffa6ab96dfc6d52a435f75f2ae6f8f16456bde10a1f08e1

        SHA512

        c865f1d88b4a6d64079a145c63cf836dbb10249720f2df9312b774254edfd8267185fd442e6e8a72aa502fc30425c8c0749c830a1a61e08b675de20eaa857afd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        b8ada7379c1783584655c1212d68d8ae

        SHA1

        2223f802d11a9f57fe9127e335a40f935de11e0a

        SHA256

        cd9ee867cb07e6e4b96d18de4a6a920e19fcf74e26f9c9ebc93d84908fbd51ca

        SHA512

        8e29f27fc1a37e9fb120a5d2b8201d2d47be437659b367093a5373da9f0a34b31407c33e7765c90c2dbdb8533a049bc0cd94ce8f593c1090824583ec0cc87abc

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        d7163da98cfdfc9d6ef1cfbc9caaa8be

        SHA1

        ca47716ade8c5b3e6812bbb7a2264fc4447dbf55

        SHA256

        010a38c8c3aa83a42da8f0adbd6b3c02e51e37a9af6b304641280892f2136b21

        SHA512

        d30c7964719f2fa22b16ba097e7a4cee922f32f1d63644118b643d3bcf0c8b4886692871e44473be7f7824efda6ae513a45f2adaf49abe558d88b5ecf4d6ba1b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        5d95dc2934d7a375c5b978510370f5f7

        SHA1

        e0048ac038f554a4b4421b3a1ccb7e1d34842be2

        SHA256

        d0d18587e6bdf12f4904047beb5e17fb24d3625e3ad455f56c4a1a1f9f564809

        SHA512

        f96e74fa51e7cadc5811f6558ef0b7b4dadb6a40d9d75d67603b73abdb44e7a2496058c122feb55bd6644b12f188926e1a3794d375ee2a947b9df6164999128d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        72d441308bad9c9e7d12c8c77cbe9c7c

        SHA1

        03a40957db97b238de924fc0f185444b1c5057c9

        SHA256

        64b5d596d7b4c3ca4e7ed5f0a44d3ef8498c3db8a709808a4ea96d4bf04b011b

        SHA512

        2284224cb3fb9d7c3c344e1c3b63e5a0f1219ea984e2ade58c22073063f688536c34145143d851c3fedbd9dd7493198f6269333d550c4ab2befebeab10ed9f06

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        243aa4d1611033482fa5e2582dcff65a

        SHA1

        1c7917c3c879901a6496e542273e6a450b5b713d

        SHA256

        ab84ec91679e71c60c79b28d1822cc2f7ff268afe6b2245e0ebdf20818c33123

        SHA512

        f5bfa038a1dfafe5d7ea9905b7c43f49fe5723d190e05fcf69b1761c18c013c1479b65def5ef9cfc9ab3902855114728daa8e14d23a3e0b31f29f8ff21dd5e97

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        3be5bc1ddd08959ff1caa9c713da3d7b

        SHA1

        324cd95d2dd0354835962c85bc08150269cf35b7

        SHA256

        90aef5175ee8820802e6f8508d0e66aabe0e813a641847054dc9e553e75aae3c

        SHA512

        d19167b526ddea334674a0a6a97adfe69804c77e97a123e96174b01409902cacfefb30590c9f7c5f70203eeeba03ef92a1494d966aec47e21aa1d8fe8488ab93

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        d6971eea7e75b079e10e73d4738c159a

        SHA1

        1acd884e994decc605063dd724285801e93f74e7

        SHA256

        7eca657c5f3c296e735640d0cf1ae3a4c90d73d5cbba49d686ca72118acd4541

        SHA512

        eaee14c5bbecde12c84121b013c1116ab692e70de4f2d4970b8099c783d1c31392b327ac60142124b654352bc5e800eec7012a1edbab0034d14cfba3a81c330d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        dafd2af6d24183b6e8402cc3243820ef

        SHA1

        ddb9da45d82d815a4b80f486edc70bd7370d4f39

        SHA256

        23ba7acedf501cf6b18204487607131c6a10705f3ea73daafd752dbb143ea27e

        SHA512

        898152382c8ecad3f7190ff1f71bb82a5a91914ccb6d4007b5729c15dd058cd7907b7462dae12769c1d5fd585924e0c3fcec2024f25dd5506ae01f1fd41b7228

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        cbd9fc48751019e2b7137f01768c3bba

        SHA1

        2680a48c6bdacc8d0d2f9859ae7a689c0d626106

        SHA256

        e98b9fc7aa79d0e5a001014f6f76d4015ba281e6a9af0cfcb3c98f877f526541

        SHA512

        ce492e3b3745389ed74adb7a2073aaea7edfa0db17581ea06f4a550489f494599dc413cd3694bfb2cad74bcff5ee5a96e0a2dfc3b2a74825c8c35ef0dc660bd1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        cdfd5fa726cd14c0f2529f34830050dd

        SHA1

        6492ecc88c0f5a43b231dc361af33c06f3ac313c

        SHA256

        72577707d1f171b8ae329dda387361e530d7861d3d72503f40c711e817613c8f

        SHA512

        1f046adbd90b445c2f94778c3cac51669de739136f1442a6f2f38b19a6e612af9008c8bcd88a604444e3955ae98b8d2a21d01318d16e4ba30666c9c4a1b739a0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        e2dd123eaad59cdd31bcaf3631e4cf6c

        SHA1

        f979341fe56441fb61a2810c699ef3302c0042b9

        SHA256

        9907bf3bec1d9dd60c0032fcac6f2441cf6e4c192f92aec0eb9bf9eff860d41e

        SHA512

        6c76f8dbd73f95909d6006465582b8565b8b8ca61e65a673234b23b936c22d2ea175f06ab330af6285508d3023f1532eccbc59428448fb80dce949fb244e7f5d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        5b993ae80685c1b41f2ba31e1501477d

        SHA1

        5dd97191636a75eea6f011375d039f15c4c85af2

        SHA256

        1fbc8675592c46ac7f2636596006871c84af01b84cc87af2f716de49d1bc5341

        SHA512

        d18e7fc501ec79f061f8ff5f44c63597f7ab6d1efbf080fa92b764641fcd968754360770675cf3c959e0c6f8d18121c2571ff288ac363aa5bdbb28574dbf88b3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        114d703183d1fe5de2465bfc35b48eed

        SHA1

        63752e2d2a4a7e39f1d0edc0fe3421dd741f2a67

        SHA256

        017a8cfeb9cdee87f6309e6922c38170acdbb5a4af0703df8792a10abd785030

        SHA512

        1c06d591602713a22e147466ae8c4a4771521deb765c47418e5e1585e668a3a5db66beba3fa8c514b5cd0a2d4ec17df327d2873dd81b3f78c24d85be5b9fcb77

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        ddb5a63e20593c0831ff12a0b908ffe9

        SHA1

        ac4b61a5ae74a0919a5f0838d66213cf034569d9

        SHA256

        efcb4208d50a98afbef8c5d082c2cf2fbccd9292860c4e707b7d0937a7d3e098

        SHA512

        fd96defc1ebc48e481c2af8071ebd48b5d62237c610d58508db73afa851101758506fa91edfcf1cd3e382411028c852bb3824fc3a726031f7223bf693c304aaa

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        129a3e917168a640863caacfde88d5ee

        SHA1

        15ef12c60797bf76add9516549097fa4a55edd22

        SHA256

        25104d170dbdc450a0812798ecba76807b2355aa5d778eedaab75ca0efdac76e

        SHA512

        d1f2c5183ddb13c86a9cc9d5c97c0f25bc230898323b4b270368503935e4b4d7b6146b71ba1fd55bae0af4733d16ed4eb7b19981c2f43943c698e63989fe1b59

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        bbadf066cfdaabd59a4dcca3a49846ec

        SHA1

        c5aacdf82c0f13f9a36013d9cbc204d3dd852bbf

        SHA256

        3b583d31d46015970c15981b8d55bf7017e000eb267cc01920f1f9f22f97f687

        SHA512

        ceb0c2dc30f4b83fd7454f43c87b33c2c6b67f85e7d62ffa6f1c7d7d95d33226ce585759a63214a2a55a502e3bfd59e134e0ee497a645b7360b25cf0f3296c72

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        3975246b5c6a7cc9c7de096c55eb0e15

        SHA1

        25f1d8e196ed4fd2c2cbfc12df4e60ff206d3195

        SHA256

        b74f0cc0a5d33bf50a0e4e30f98b46e588b57049e1a226a447de987c46b443eb

        SHA512

        64c9367c6165c6f91509f43981539438e1a7d42b17d2a18fa7aeab36533c707be4e0005ce98791631d7d133ad62d21157b39d1eeaccf0232b68e7a6c6b7d90df

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\XxX.xXx
        Filesize

        8B

        MD5

        f65298ef8906d3d8ef66d552b8f56ca2

        SHA1

        9445632e781e0773c4ab785f672d26fde5224aa9

        SHA256

        4880455547921168812a501bb3cb9412254952804beb7a9f7d7663dd44b36c17

        SHA512

        41dacaff92940bd9a598325ed71d208418d8bcb631d6bce12675c18c7113ab524e9efe2dbf2974317f0f8c28dd23ab34d4e48f9c7577f9c15b3f4772787bb9c2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\teste.txt
        Filesize

        2B

        MD5

        81051bcc2cf1bedf378224b0a93e2877

        SHA1

        ba8ab5a0280b953aa97435ff8946cbcbb2755a27

        SHA256

        7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

        SHA512

        1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\teste.vbs
        Filesize

        841B

        MD5

        615964e5ab63a70f0e205a476c48e356

        SHA1

        292620321db69d57ba23fa98d2a89484ddcf83d0

        SHA256

        38a2c0e90a7c86eb5355710dd205f22f84dbba59e688cd3da6394af8c924a102

        SHA512

        69886825baf2075f8e6cdc50b0b34f92d5d06d42db4586396fb3db806fef79986ba5754c7b1251b007cde4f943efe9e3d27800dd7e15f8084fd7e7e6046c3ccc

        Download Submit

      • C:\Users\Admin\AppData\Roaming\logs.dat
        Filesize

        15B

        MD5

        e21bd9604efe8ee9b59dc7605b927a2a

        SHA1

        3240ecc5ee459214344a1baac5c2a74046491104

        SHA256

        51a3fe220229aa3fdddc909e20a4b107e7497320a00792a280a03389f2eacb46

        SHA512

        42052ad5744ad76494bfa71d78578e545a3b39bfed4c4232592987bd28064b6366a423084f1193d137493c9b13d9ae1faac4cf9cc75eb715542fa56e13ca1493

        Download Submit

      • memory/560-14-0x0000000000400000-0x0000000000450000-memory.dmp

        Filesize

        320KB

        Download

      • memory/560-12-0x0000000000400000-0x0000000000450000-memory.dmp

        Filesize

        320KB

        Download

      • memory/560-10-0x0000000000400000-0x0000000000450000-memory.dmp

        Filesize

        320KB

        Download

      • memory/560-13-0x0000000000400000-0x0000000000450000-memory.dmp

        Filesize

        320KB

        Download

      • memory/560-24-0x0000000024010000-0x0000000024072000-memory.dmp

        Filesize

        392KB

        Download

      • memory/560-28-0x0000000024080000-0x00000000240E2000-memory.dmp

        Filesize

        392KB

        Download

      • memory/560-1209-0x0000000000400000-0x0000000000450000-memory.dmp

        Filesize

        320KB

        Download

      • memory/1440-19-0x0000000000400000-0x0000000000957000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1440-1237-0x0000000000400000-0x0000000000957000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1440-20-0x0000000000400000-0x0000000000957000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/2996-1234-0x0000000000400000-0x0000000000413000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3540-15-0x0000000000400000-0x0000000000413000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3540-6-0x0000000000400000-0x0000000000413000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3664-2978-0x0000000000400000-0x0000000000413000-memory.dmp

        Filesize

        76KB

        Download

      • memory/3744-30-0x0000000001210000-0x0000000001211000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3744-29-0x0000000000F50000-0x0000000000F51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3744-36-0x0000000000240000-0x0000000000673000-memory.dmp

        Filesize

        4.2MB

        Download