Overview

overview

10

Static

static

1

JaffaCakes...20.exe

windows7-x64

10

JaffaCakes...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_43983f52deaefe1ad90e41142c646320.exe

  • Size

    600KB

  • MD5

    43983f52deaefe1ad90e41142c646320

  • SHA1

    fb534dd7bb3ce23aa145f8bbbc1cd0bd5a55e39c

  • SHA256

    21b728321502d6e91aa763a31289f730dcc168b1e04b7ce31979e01ff330ed19

  • SHA512

    1d468b4ca2a76e38b3975b30db15783da20b7d82afbf43cd01af7dee4578256accb714b9352485baf31a711a41820b4e9ec85ee1c14d4576aff6a6006cc25278

  • SSDEEP

    12288:V7lw1DxUp2fX9IiyO9KWz3d7ysgfBnnl241:V7m1DJ3yO9KWz3lysgpnncg

Score
10/10
revengeratdiscoverystealertrojan

Malware Config

Signatures

  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • Revengerat family
    revengerat
  • RevengeRat Executable 1 IoCs
    stealer
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43983f52deaefe1ad90e41142c646320.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_43983f52deaefe1ad90e41142c646320.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v7f.exe
      C:\Users\Admin\AppData\Local\Temp\OCS\ocs_v7f.exe -install -3885466 -dcude -8afe1021521e472782870d5035cea463 - -ChromeBundle -lmaxosbdikimtwzp -393504
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" http://www.download-sponsor.de/exitdownload/thankyou.php?pid=dcude&cid=3885466&appname=[APPNAME]&cbstate=&uid=8196c0be-d7f4-4853-a1ed-20020fab3d9f&sid=8afe1021521e472782870d5035cea463&scid=&source=ChromeBundle&language=en-cl&cdata=utyp-31.ua-66697265666f782e657865.userid-393531626337373564396462316431613739353163623231
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" http://www.download-sponsor.de/exitdownload/thankyou.php?pid=dcude&cid=3885466&appname=[APPNAME]&cbstate=&uid=8196c0be-d7f4-4853-a1ed-20020fab3d9f&sid=8afe1021521e472782870d5035cea463&scid=&source=ChromeBundle&language=en-cl&cdata=utyp-31.ua-66697265666f782e657865.userid-393531626337373564396462316431613739353163623231
          4⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2044
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.0.1205315155\1163780566" -parentBuildID 20221007134813 -prefsHandle 1212 -prefMapHandle 1172 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe2f50a7-a543-4c57-aed8-0d740cbae299} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 1300 45d0f58 gpu
            5⤵
              PID:296
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.1.2017629093\855674771" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1504 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9adf2466-3dbb-49c9-b15d-eaaa07c432b2} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 1520 de4558 socket
              5⤵
                PID:764
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.2.1064320693\2104283584" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e6320d9-45bd-4365-aa4e-c493fd601ee0} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 2084 1a38b858 tab
                5⤵
                  PID:2484
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.3.1410024098\1266702697" -childID 2 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c31f76a-c119-4f48-81f3-4d95e3c7aba7} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 2892 1d1c9458 tab
                  5⤵
                    PID:2556
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.4.655612038\405722112" -childID 3 -isForBrowser -prefsHandle 3648 -prefMapHandle 3396 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7140af3-4ea5-4850-825d-539fb36ef355} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3664 20618358 tab
                    5⤵
                      PID:288
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.5.486019504\1308901392" -childID 4 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0dcaf1b-3fd1-47cf-a13b-4e1eae24e699} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3760 20616858 tab
                      5⤵
                        PID:2248
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.6.437486375\1323704186" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 3940 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa3e3e4d-b2b6-4834-896a-6651539b99bd} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 3924 20618958 tab
                        5⤵
                          PID:2144
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2044.7.1049030820\509424513" -childID 6 -isForBrowser -prefsHandle 1944 -prefMapHandle 3320 -prefsLen 27487 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee9837b-4ceb-4245-b9ef-98991b947788} 2044 "\\.\pipe\gecko-crash-server-pipe.2044" 1808 1a321e58 tab
                          5⤵
                            PID:1700

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    26KB

                    MD5

                    159a9036c7ae9e622ab8245b919d45c1

                    SHA1

                    f07965b78ac8eeed8743817b4abe06a075243553

                    SHA256

                    f5d2f367fc291fe714f5d51768912675b41a9f305e4ffad4d96a53ba121e9711

                    SHA512

                    b8afb99833fd761381b9ac5898747232888234a1240c784fadd4b829fa56b05f16b3aa0f3a48f04a4db49a4a8ff2f0b79ddf234441517321d0ad97ec4385d6f4

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                    Filesize

                    15KB

                    MD5

                    96c542dec016d9ec1ecc4dddfcbaac66

                    SHA1

                    6199f7648bb744efa58acf7b96fee85d938389e4

                    SHA256

                    7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                    SHA512

                    cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\OCS\lmaxosbdikimtwzp.dat
                    Filesize

                    91B

                    MD5

                    cf3248f5f9a03d6cbfd53a1769cee2a0

                    SHA1

                    3d10b59fce66f5cc8b579db82f7f8209b126576a

                    SHA256

                    0e39095b9c489474c620abe48e9d075e2f610134b8a924e4ec1fd8a9027ce461

                    SHA512

                    942a27020d80fcca96bd4d7ef9c337297fbbb179f298939c0534376ff3debe7e338369362c38bb56af73209f6ea542148b25d356922879d2b589f520bb615429

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    442KB

                    MD5

                    85430baed3398695717b0263807cf97c

                    SHA1

                    fffbee923cea216f50fce5d54219a188a5100f41

                    SHA256

                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                    SHA512

                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    8.0MB

                    MD5

                    a01c5ecd6108350ae23d2cddf0e77c17

                    SHA1

                    c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                    SHA256

                    345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                    SHA512

                    b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    9KB

                    MD5

                    937b37424521d35b782da8adc093875b

                    SHA1

                    895d49598dde4c0865a646b6d483a873534c4962

                    SHA256

                    79ab659339f875c252a011d5b12fbe4fea21ce491771d08b9c10a06f42b24b4c

                    SHA512

                    a3cb649282c82277c2bd1a0b03165b9f297b161bc7fe45b2ac9134a027955954cf0b3091ddd35ed57a3c2da425ab983c3210f339c01cdf1142d585bc119989f4

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\08ba4f8c-143f-4572-a5fc-615ab8bab99a
                    Filesize

                    733B

                    MD5

                    dd1c00982817dfc6e019c56df0897f05

                    SHA1

                    6d3244035a9e0aa1101d87c313253bc6d5f98c29

                    SHA256

                    097e2e001ed18799f9b1718797486480debcf3021ff8bb653cafff5831669d42

                    SHA512

                    f2e257d972b3d3fdef2caaf34953fa67c84e60d9874a16249acb79ebb3378b8932a9ec245b68591e98960c4f921886a11cdb5c59e38f1d8c6048564bde786763

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                    Filesize

                    997KB

                    MD5

                    fe3355639648c417e8307c6d051e3e37

                    SHA1

                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                    SHA256

                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                    SHA512

                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    3d33cdc0b3d281e67dd52e14435dd04f

                    SHA1

                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                    SHA256

                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                    SHA512

                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                    Filesize

                    479B

                    MD5

                    49ddb419d96dceb9069018535fb2e2fc

                    SHA1

                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                    SHA256

                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                    SHA512

                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                    Filesize

                    372B

                    MD5

                    8be33af717bb1b67fbd61c3f4b807e9e

                    SHA1

                    7cf17656d174d951957ff36810e874a134dd49e0

                    SHA256

                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                    SHA512

                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                    Filesize

                    11.8MB

                    MD5

                    33bf7b0439480effb9fb212efce87b13

                    SHA1

                    cee50f2745edc6dc291887b6075ca64d716f495a

                    SHA256

                    8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                    SHA512

                    d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                    Filesize

                    1KB

                    MD5

                    688bed3676d2104e7f17ae1cd2c59404

                    SHA1

                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                    SHA256

                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                    SHA512

                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                    Filesize

                    1KB

                    MD5

                    937326fead5fd401f6cca9118bd9ade9

                    SHA1

                    4526a57d4ae14ed29b37632c72aef3c408189d91

                    SHA256

                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                    SHA512

                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    d610913bdacf19d41bbe494a245980fe

                    SHA1

                    c2efbc1dd5c2dfe7bfeb688c2262c95ef7373a00

                    SHA256

                    21a985d2b3e841d04cdaaff749c609d5f9ad17daab2320e6090e4713b9e58b89

                    SHA512

                    61ff6762bdf87418d2f9e85001ecc4c7d2cfc7c56a0ac433121417da37839ce7c0138a517a7babf6e3fdef1a662cc9915a11648f0b55e96822462f9253d4e9a4

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js
                    Filesize

                    7KB

                    MD5

                    e604029107b4d4c0d20ff5bb63120101

                    SHA1

                    345bfb70adbdddab1432f2cfbbc60685be31e5f0

                    SHA256

                    92478113f1146c3f84fdea88dc2bd94e8a2da401e53187ae47e2fdd6132090c2

                    SHA512

                    c62aaf4e944f937131ec078f5bbc6ebf289676f852120a04c6b45968ef1647a452c97a89d8cc774e7d2e1cfe2201858949069679e8106717bafc65058ee65ffa

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    2KB

                    MD5

                    a42a558b91be24a2ca4dfd0ac4da60ae

                    SHA1

                    da5baf715500365e550bd9a7e2533eb7ef5bbdd6

                    SHA256

                    5505267e3657e4cdd913b6ca221beb98f33ce0014771b35727b6a59e24bc5f87

                    SHA512

                    ce4685d530035bb4152b257fc571fe078af0b73fee195748ffc6bb64aefed1b6a0df491828687982a051577581b2e22e2da6474ac7a6397d39b472ac9a9cec57

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    b06e7a21ecc2edc4c09f96992b7a0851

                    SHA1

                    da5c5087730cf70af21955069405917f962d0ba1

                    SHA256

                    60c25b96fcdb90e48260ec3da0c63e896fcf64c5ebc49b53ae576d622f22d225

                    SHA512

                    cdca1587b343a1ce5979f990a1d212b41a3611a84b113458faf1d5d3f6d5f677b86006fa382ce26ffb973260bcb866ea9b9f7f61600cdd7adfe7bc047d330063

                    Download Submit

                  • \Users\Admin\AppData\Local\Temp\OCS\ocs_v7f.exe
                    Filesize

                    288KB

                    MD5

                    ea3ccd42dbdc3500e3888daf53d8ef5d

                    SHA1

                    848c686280eaa04b172fccffbd312132a0c46172

                    SHA256

                    cd166eede0e0e5303fc3f5fe5f0dd44999020f116bde2adea15319cc214751b5

                    SHA512

                    7126ec10c2301354f32f3f813958c61eaef63fe946b804ebd6f5934068b344ab75857886d867373f7a2ccf47f18a5a0f1dbe652e9649963a9fdea2b3de6dba50

                    Download Submit

                  • memory/2808-24-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2808-13-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2808-14-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2808-16-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2808-12-0x000007FEF55BE000-0x000007FEF55BF000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2808-17-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2808-19-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2808-20-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2808-23-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2808-22-0x000007FEF55BE000-0x000007FEF55BF000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2808-21-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

                    Filesize

                    9.6MB

                    Download

                  • memory/2808-18-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

                    Filesize

                    9.6MB

                    Download