Overview

overview

10

Static

static

3

JaffaCakes...a0.exe

windows7-x64

10

JaffaCakes...a0.exe

windows10-2004-x64

10

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/01/2025, 03:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_44e8be3915ad13e5f47cdd72568dc3a0.exe

  • Size

    1.2MB

  • MD5

    44e8be3915ad13e5f47cdd72568dc3a0

  • SHA1

    1d0b23716e5f0f05eaed280034b022eec5219bee

  • SHA256

    272c9bd5c18c4063064002d34485502eaf00148026749e5a5b7e928abad92706

  • SHA512

    37e33e47205446f20b0d8f57e66828f4e67dc7e2c84795b46ebf6115a3ba3a67a3e01b08e253accb84dbeaef6ef4584a4e55368e30bc02483eb89d5b3307d706

  • SSDEEP

    24576:1G0MLNN1u7y7PsS5TnHqt6oGNyC2xQ1/NTI0YhpNt:1zMLZu7uTH26oGNyC2SNuhN

Score
10/10
salitybackdoordiscoveryevasionpersistenceprivilege_escalationtrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

  • Modifies firewall policy service 3 TTPs 3 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • Sality family
    sality
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 15 IoCs
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • UPX packed file 39 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 11 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\system32\fontdrvhost.exe
    "fontdrvhost.exe"
    1⤵
      PID:780
    • C:\Windows\system32\fontdrvhost.exe
      "fontdrvhost.exe"
      1⤵
        PID:788
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        1⤵
          PID:340
        • C:\Windows\system32\sihost.exe
          sihost.exe
          1⤵
            PID:2588
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
            1⤵
              PID:2668
            • C:\Windows\system32\taskhostw.exe
              taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
              1⤵
                PID:2804
              • C:\Windows\Explorer.EXE
                C:\Windows\Explorer.EXE
                1⤵
                  PID:3588
                  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_44e8be3915ad13e5f47cdd72568dc3a0.exe
                    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_44e8be3915ad13e5f47cdd72568dc3a0.exe"
                    2⤵
                    • Modifies firewall policy service
                    • UAC bypass
                    • Windows security bypass
                    • Loads dropped DLL
                    • Windows security modification
                    • Checks whether UAC is enabled
                    • Enumerates connected drives
                    • Drops autorun.inf file
                    • Drops file in Program Files directory
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    • System policy modification
                    PID:4712
                    • C:\Users\Admin\AppData\Roaming\alipay\cf\alicsrv.exe
                      C:\Users\Admin\AppData\Roaming\alipay\cf\alicsrv.exe /R
                      3⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Modifies Internet Explorer settings
                      • Modifies registry class
                      PID:4052
                    • C:\Users\Admin\AppData\Roaming\alipay\cf\alicnotify.exe
                      C:\Users\Admin\AppData\Roaming\alipay\cf\alicnotify.exe /R
                      3⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Modifies Internet Explorer settings
                      • Modifies registry class
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:4808
                    • C:\Users\Admin\AppData\Roaming\alipay\cf\aliccom.exe
                      C:\Users\Admin\AppData\Roaming\alipay\cf\aliccom.exe /R
                      3⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Modifies Internet Explorer settings
                      • Modifies registry class
                      PID:3280
                    • C:\Users\Admin\AppData\Roaming\alipay\cf\alicupsrv.exe
                      C:\Users\Admin\AppData\Roaming\alipay\cf\alicupsrv.exe /R
                      3⤵
                      • Executes dropped EXE
                      • System Location Discovery: System Language Discovery
                      • Modifies Internet Explorer settings
                      • Modifies registry class
                      PID:2768
                    • C:\Windows\system32\regsvr32.exe
                      "C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Roaming\alipay\cf\alicdo_x64.dll"
                      3⤵
                      • Loads dropped DLL
                      • Modifies registry class
                      PID:4896
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                  1⤵
                    PID:3748
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                    1⤵
                      PID:3928
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:4032
                      • C:\Windows\System32\RuntimeBroker.exe
                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                        1⤵
                          PID:3004
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3176
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            1⤵
                              PID:4212
                            • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                              "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                              1⤵
                                PID:764
                              • C:\Windows\System32\RuntimeBroker.exe
                                C:\Windows\System32\RuntimeBroker.exe -Embedding
                                1⤵
                                  PID:1744

                                Network

                                MITRE ATT&CK Enterprise v15

                                Reconnaissance

                                Resource Development

                                Initial Access

                                Replication Through Removable Media

                                1
                                T1091

                                Execution

                                Persistence

                                Create or Modify System Process

                                1
                                T1543

                                Windows Service

                                1
                                T1543.003

                                Event Triggered Execution

                                1
                                T1546

                                Component Object Model Hijacking

                                1
                                T1546.015

                                Privilege Escalation

                                Abuse Elevation Control Mechanism

                                1
                                T1548

                                Bypass User Account Control

                                1
                                T1548.002

                                Create or Modify System Process

                                1
                                T1543

                                Windows Service

                                1
                                T1543.003

                                Event Triggered Execution

                                1
                                T1546

                                Component Object Model Hijacking

                                1
                                T1546.015

                                Defense Evasion

                                Abuse Elevation Control Mechanism

                                1
                                T1548

                                Bypass User Account Control

                                1
                                T1548.002

                                Impair Defenses

                                4
                                T1562

                                Disable or Modify System Firewall

                                1
                                T1562.004

                                Disable or Modify Tools

                                3
                                T1562.001

                                Modify Registry

                                6
                                T1112

                                Credential Access

                                Discovery

                                Peripheral Device Discovery

                                1
                                T1120

                                Query Registry

                                2
                                T1012

                                System Information Discovery

                                3
                                T1082

                                System Location Discovery

                                1
                                T1614

                                System Language Discovery

                                1
                                T1614.001

                                Lateral Movement

                                Replication Through Removable Media

                                1
                                T1091

                                Collection

                                Command and Control

                                Exfiltration

                                Impact

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Temp\nssA653.tmp\InstallOptions.dll
                                  Filesize

                                  14KB

                                  MD5

                                  325b008aec81e5aaa57096f05d4212b5

                                  SHA1

                                  27a2d89747a20305b6518438eff5b9f57f7df5c3

                                  SHA256

                                  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

                                  SHA512

                                  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nssA653.tmp\KillProcDLL.dll
                                  Filesize

                                  32KB

                                  MD5

                                  83142eac84475f4ca889c73f10d9c179

                                  SHA1

                                  dbe43c0de8ef881466bd74861b2e5b17598b5ce8

                                  SHA256

                                  ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

                                  SHA512

                                  1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nssA653.tmp\System.dll
                                  Filesize

                                  11KB

                                  MD5

                                  c17103ae9072a06da581dec998343fc1

                                  SHA1

                                  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

                                  SHA256

                                  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

                                  SHA512

                                  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nssA653.tmp\inetc.dll
                                  Filesize

                                  20KB

                                  MD5

                                  9a7d35d1e9e5dfb6a7872d49cf64db83

                                  SHA1

                                  4da9dd5427c0fdfa2cce3ee29ac5147b74ff3834

                                  SHA256

                                  c7a365c50611e7b3bbec6f73e9b33fa83d9ca91c34cde67969cd7cab79293160

                                  SHA512

                                  cb98bc94b883ecd88102a017de484560085c0f70fa379489618cc10c017d543e53b12502a0a7cae49682887676c4c590fc481ab9cd531467b1d090499783db3a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Temp\nssA653.tmp\ioSpecial.ini
                                  Filesize

                                  680B

                                  MD5

                                  5b46a98c2d65b06449982ab2474770f4

                                  SHA1

                                  534d372d70070e2a77f72e1e741c7b3994d3050d

                                  SHA256

                                  e014aa7417c00d8354dad77c4dfba3838dd64400fd86f4f334ee39311d32b434

                                  SHA512

                                  f9c8a32efa71208a2813095f4a9f49ee72b253aa746253248e30ed816ab8ae04d5856c926d79bc69daa9a8615b3f103740b2588dc77f9a3db4861bdff63583d5

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\alipay\cf\aliccom.exe
                                  Filesize

                                  118KB

                                  MD5

                                  7df3aafc0af6779b32290f5cc003be6a

                                  SHA1

                                  a6feb3fefa5a848a2ead191d7228ef318dd64b09

                                  SHA256

                                  c76d9003607efbcdb935f6f3415c485bc4ce8041125aa7a9213c0eda8014609a

                                  SHA512

                                  0279e2c5993eed2cd04be99480f38ec88108171e10fd86d069ce7951e1b685245dc21e1c368987977289cc25c0dacaebebd60c330c11a7c1124ae28446e96160

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\alipay\cf\alicdo.dll
                                  Filesize

                                  138KB

                                  MD5

                                  18ec25f89a56a1849ba65c4d7eaf6c2a

                                  SHA1

                                  795ce1a788b49ddfd6a584aa44b6b88b2fb0087e

                                  SHA256

                                  36f93b47be802ea0efd4c2f2088a2352b35fb835b3039b78317ad90bf0f587e8

                                  SHA512

                                  eca707a28231495d98f417d96593861598b6d256ba0c0bff262316eab407d022890a59acb656587c0a460ebaa8745699d0145b813c321213109df9b51eaa0922

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\alipay\cf\alicdo_x64.dll
                                  Filesize

                                  166KB

                                  MD5

                                  4fadaf57d79db0a06b6c5e346f670e31

                                  SHA1

                                  e124258cb2443f6b9571fd42b0435c2d38221846

                                  SHA256

                                  b7309b8292d13eeaf00f228c9fe761db91ab14ab11b19c8d4d18e1f848de3665

                                  SHA512

                                  1d13eebd9a84c9109d05551db877f228042132f25bebd4b9f442f0d9d9ca3fcaa10bdf1ef203c1b0f0959b8b765e4ea76fff3846d2a98034569fa50bda509d82

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\alipay\cf\alicnotify.exe
                                  Filesize

                                  180KB

                                  MD5

                                  2fbc957aabaa90fdfd8ab5c71615fbf7

                                  SHA1

                                  109db527524a6726b45c26b5506bb26d6ce51b7f

                                  SHA256

                                  08a1c67e3b23493f2721b30e66b97264f5fe6d76b181fc7cef612bcd99aa8e8d

                                  SHA512

                                  1de833d71cbcfc4c5f2cc36b9268a9d2d9af0fe08bf3487956aef72830fd52e43cf305762e226a47185be4e3fbc4550fd64a7719e5f165478ff4c7d35ca7097e

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\alipay\cf\alicsrv.exe
                                  Filesize

                                  137KB

                                  MD5

                                  3ca10f5534b260b9c44a62048e04d379

                                  SHA1

                                  d9b74e89abd2a4acb380eadada318ddc07c7b673

                                  SHA256

                                  d048026bef84d407000987c3710f198162c45e944797c2fd31b1b1cee832b7ce

                                  SHA512

                                  a9b8a78bda328c06e8f5c62fdc3756027589fbc5b4c7113dcd89fa7f18b8211ecfc8952f858e4fabc27a604961165b40b5a272579ced72afc1ad6470d2288520

                                  Download Submit

                                • C:\Users\Admin\AppData\Roaming\alipay\cf\alicupsrv.exe
                                  Filesize

                                  171KB

                                  MD5

                                  86d2b9f11d32e9d933d16e01862d053a

                                  SHA1

                                  a175d90441c916de35d42cd9a7cd8e3a5ad141aa

                                  SHA256

                                  604b467afb707176ba6558eb6d3d1a53d818f57bf33a105c28b8a480857038ce

                                  SHA512

                                  f855f8a7c7a321d0b685fe0c4e0cfe2cd11426087e077305ee79f55c4730a910e2aa9fda02720957fb1b70b2de8c0ca0b06e4b7a82ad8e395307e029b0afb535

                                  Download Submit

                                • F:\qrnll.exe
                                  Filesize

                                  100KB

                                  MD5

                                  47b8018793ab41e13581228d992cb589

                                  SHA1

                                  490bf98a5a1371ae2723b9aea32af86c7edb9944

                                  SHA256

                                  5cb6462cefd80fedec0fcefa45b5662a3957ab0a00196952e95c1a1bc98a0697

                                  SHA512

                                  63af9ceb8fc40124cbad9ff64741f6a231de2dfdc190f6a757b58821c7d7f8bd23c04f85567a59149bbc46d6d1b0e5154a5015e3f9434ea784303001b8a239f2

                                  Download Submit

                                • memory/4712-123-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-132-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-7-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-8-0x0000000002380000-0x0000000002382000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/4712-6-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-10-0x0000000002380000-0x0000000002382000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/4712-5-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-100-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-101-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-102-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-104-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-103-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-115-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-116-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-118-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-119-0x0000000002380000-0x0000000002382000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/4712-120-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-121-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-24-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-126-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-127-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-129-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-130-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-11-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-134-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-136-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-138-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-141-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-142-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-150-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-151-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-154-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-155-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-157-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-158-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-160-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-25-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-19-0x0000000002380000-0x0000000002382000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/4712-9-0x0000000003600000-0x0000000003601000-memory.dmp

                                  Filesize

                                  4KB

                                  Download

                                • memory/4712-4-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-3-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-1-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-0-0x0000000000400000-0x000000000044E000-memory.dmp

                                  Filesize

                                  312KB

                                  Download

                                • memory/4712-161-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download

                                • memory/4712-231-0x0000000000400000-0x000000000044E000-memory.dmp

                                  Filesize

                                  312KB

                                  Download

                                • memory/4712-259-0x0000000000400000-0x000000000044E000-memory.dmp

                                  Filesize

                                  312KB

                                  Download

                                • memory/4712-253-0x0000000002380000-0x0000000002382000-memory.dmp

                                  Filesize

                                  8KB

                                  Download

                                • memory/4712-245-0x00000000023B0000-0x000000000343E000-memory.dmp

                                  Filesize

                                  16.6MB

                                  Download