Overview

overview

10

Static

static

3

JaffaCakes...d0.exe

windows7-x64

10

JaffaCakes...d0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2025 01:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_696c96725d86dc1938286c46bf39e7d0.exe

  • Size

    720KB

  • MD5

    696c96725d86dc1938286c46bf39e7d0

  • SHA1

    d00dea4527ccb182354de87c22d8c79c2d1380b3

  • SHA256

    1b84100df9f7e673590ffa92f7be26344e2460ee72b97523434b66f9f755b3d1

  • SHA512

    e1e4880874029a553a80ebe18e82bbc57c858383c83707d0e3483d0751715fcebc9c496b222d3bbda0c98a9405211b978fd9e3cafc727f988f72591942fa90bb

  • SSDEEP

    12288:jriaKhUV+FKJpwDEEJrcyC1CabAns8iV1pw/c6dePyOE14GMWT9JGqF106Lz:6aK6VhJaPJ3xaEs78cbPyOE1PTnt

Score
10/10
darkcometguest16discoveryevasionpersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Botnet

Guest16

C2

engtaher79.no-ip.biz:79

192.168.56.3:79
Mutex

DC_MUTEX-9YMZPUD

Attributes
  • InstallPath

    MSDCSC\msdcsc.exe

  • gencode

    MRDCry2n9S8v

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    MicroUpdate

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Windows security bypass 2 TTPs 1 IoCs
    evasiontrojan
  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_696c96725d86dc1938286c46bf39e7d0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_696c96725d86dc1938286c46bf39e7d0.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1748
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275464 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2500
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_696c96725d86dc1938286c46bf39e7d0.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_696c96725d86dc1938286c46bf39e7d0.exe
      2⤵
      • Modifies WinLogon for persistence
      • Loads dropped DLL
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_696c96725d86dc1938286c46bf39e7d0.exe" +s +h
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2780
        • C:\Windows\SysWOW64\attrib.exe
          attrib "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_696c96725d86dc1938286c46bf39e7d0.exe" +s +h
          4⤵
          • Sets file to hidden
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2660
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2772
        • C:\Windows\SysWOW64\attrib.exe
          attrib "C:\Users\Admin\AppData\Local\Temp" +s +h
          4⤵
          • Sets file to hidden
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2668
      • C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
        "C:\Users\Admin\Documents\MSDCSC\msdcsc.exe"
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of SetThreadContext
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2612
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
            PID:2176
          • C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
            C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
            4⤵
            • Windows security bypass
            • Executes dropped EXE
            • Windows security modification
            • Adds Run key to start application
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            PID:804
            • C:\Windows\SysWOW64\notepad.exe
              notepad
              5⤵
              • System Location Discovery: System Language Discovery
              PID:1188

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b299f108cc7ed3c433f1be72e64cf435

      SHA1

      0ad885305280ce81b237bf26f8e47455740f17c3

      SHA256

      50030127502e77f64cc9fc5dde2f5397353b2b9ae1747cb1f09e6f478897935f

      SHA512

      5d4d66408ab40914d33f2007546187acbbf1233541fa8679d443d563a4d17f826abd5165048c6b565d338ea2d445937277c4ee4e268c7a5708917e4d28f3dc7f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7c3c699abfaf393badd129ec9adb4236

      SHA1

      8cc680d748c16c180d867039b74c24c3ad862618

      SHA256

      a14d99884f7d3addcf006206c11a9ed23a2efe912018ee1de260d6c97d0297cb

      SHA512

      17b0fd5167a442ef9749d60572865a6109dc680a48581bbfe6d3d9ca717b2037146e506c9956a57d0d1d02e28a2a53ed0a62e471bf98bb75125471ace54947c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c278298c636531326da832db2a5c9735

      SHA1

      708f5161ecf206ec92036b53198544af08761ab0

      SHA256

      70cbb66bfd5cbcd0ae124d7ff9a87c2898b9d883bbe1783c58e997741a15256f

      SHA512

      a7b61cd1ca8f402db6432f3e7c5c77605f492f542d880bd8b22a2beb965cfcd0f381e3b253db76a78bb83e9c5ab39997fc57801246b9088ca5064ce0ae97d2a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1acc2a98ceb5dc6c1866817e72d446f9

      SHA1

      5f8327f490f06d09e555dbd04bc1b9bc3b7289c3

      SHA256

      c671e4cee2e253ce75747a4d4f0bfbf7e8fb542e4d839808ec6fcb2ce973f3d4

      SHA512

      697df37ca6774d10a568cc2a871fef8c45830a512f12abfd7d14f534bd81771097db67f4108898215b11487bc62c4d8efddc267a9364bbc9e62edd062579fdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5ed9e3964144231873d5ce32b4621f31

      SHA1

      56fc33247cdbc6191d6792e2f8d5e655da1b3f71

      SHA256

      6b448d18df275caea0f5343993f9bc5777f62ccb1634220e07245812642e7bb5

      SHA512

      a2cf23e9970ca3ad2178a407a9037d582fdf6daff9c9dd5cfe5ce864b8cee649efc5b3112b33bd30c2721f2bc6fcba38d678b3ef01baece647e533cb32421095

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e8284a43bf0f2202944a44c7347ab0d1

      SHA1

      05ef8a21c4a7c5ecfe03107905e2750e9d1e5459

      SHA256

      86c16c6daf8538b4c28743840b94af064bfd5d198f9457895b14d28be4643bda

      SHA512

      03dae31b9c97294440347ff1b8644beb9a31248fad71223fd16ae89fd1ccee1237f0ad5d3ad8142628176226ef0154eac85a2fb1b71bd393ab2a6fd9da077868

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2f90f1a7164267d22da5ef3d9523c0f8

      SHA1

      a80ec580c37abca8e1447c0ad672c784c31286fb

      SHA256

      755618e2ce3c2522fd94db31c915d42344ff6759651066d432badcc840669f04

      SHA512

      d0fd136456ef528d5364e6fb1e2f67ffdf9cd80be02c59aeeb82d0033e9187a8bb7a549dd6b4a4f58767b21a952711af7090fb93d127f676617bc01e3944fd55

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      67ff964c96819b76d1a335e9ac4e5179

      SHA1

      c45bbaea1a92c11e2d49a82dc4e8d35b105eb88d

      SHA256

      e6ef6fb933d1cf2ed0c6f3c418bbde83d616459c8bac0d82e5026a13142a9a04

      SHA512

      cabf1acc5e9198834c5f87e47dde5e1425b6f463b7c44a484814990c76eebd3c3d4e354658f30b32411e761e69c7734c8f92caf8d041e3864e464fdc98395b80

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0b43d4c7af45638595f5c17957d1747b

      SHA1

      60f2ecb20e6ff33b9cc6b627a090617836ce969e

      SHA256

      a1c6691e8e8dcfeef2f58d3c67984724b8df01f3eb69b6d5fb474569b6420de9

      SHA512

      d0cf9d5085a103901b47fe2dd7063ae91168b220775838f3f73ca5e63b52fa8efd02d67294ac20ea8484905ea6ed24163628d46bbd81d28ce6956a2f6acad5b1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      50a18c5844d6e00aa501a0d7536c2efc

      SHA1

      120d040461b85d23c2b910148761de5eceb760f9

      SHA256

      9204accdffa2f998cfaedbd1f74a9f1277c163de6b0a15d6b97e932ad05331c3

      SHA512

      4c701122e5d1c67068a5c980585f60ab52ba13751e141fe92e195a3685dadbc604a7f648b784e8b7ca8b1dcadd5ec2b499cdc4c2ff7915ead42f57af296ae75e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d9ba044a2c8a289b0112949f3672bf9e

      SHA1

      941dd7f1d96230ab45710c51e3299865a72384eb

      SHA256

      523fd53e2cb45be0069469da289c2857fc2b95fac6a6648fccba4d881d18458a

      SHA512

      e173fd4083b51c4ec68260523941a49aed865cd17a0807eefd89d16e1584503a654da54c6ad48eebb5f08590fbe78ea37bd3db42489bdcabe1598e3e7dd12050

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      779799c216db1a7f182961659fe7249f

      SHA1

      31860bf36cc90f1dcebf4e619c316185772e1824

      SHA256

      d28244a421e3af082f8ebe442601c7a915f93cc9bd3abfd9e14d3844cccc3826

      SHA512

      a4cd3651049f269e593cb98b758cf916c63b9d2e75951e30a5bc436ace93bd4eab6d90a01c7d74f4af8abf4a0622ce9a4fe73d417388c4d6cd31de26830cd1e5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0a7f13c9432a043b9db65b174c371935

      SHA1

      e27912727e659626efa2b897696f7505455e5d03

      SHA256

      8e3de68778223d3ca3f75ad596bd674ee1eeff596bda310b4f56f4588e5cf3cf

      SHA512

      029db8ced0f29ba883dfc9154316e1e275e0bdec2bf7808b182e04ec95f6fb19822ebf0653fab00adccb387ccd728023f5d33af829f572feb0fc7091c2004052

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1cdf374683d6cd90e3fe5d5a8ff8dfa2

      SHA1

      23b04c045c6819d57a3aec56f605b4dc5f0fddb2

      SHA256

      95e5041282c7fd3296932cc8924d0a7579924c4ab6c401a1ffb3781f2342a5cb

      SHA512

      ed5456cd4845b1b63d1c7d798b5f00546d13c0da27e245a904572f70dfdad78ff0780a9ed261fbc96d600cace2c0521d5480b0cc02cee61891bacb379b62db4a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f7f3ca74e9ce9f1eb1bc6e50f1ed7108

      SHA1

      bd5e22459712a7d243a075aefcd9253385a515ec

      SHA256

      190a4576ed640902a42d711fb9b359b914b671c41dce615e3d97ce594b34d621

      SHA512

      d7aef29937a655e87393068ceb8c2cc9dc6d395ee53c37b2cf536e79a3c272e9dc615277fef83aecb1ab5293ae0cf21204aae66f29fa65e574cc057f56fb781d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      02141f7f160231dbae8767da9d13e6f7

      SHA1

      43d9cc67760eb821249387614dfe1993ac46b677

      SHA256

      443b0d773b0db3408593eeb3c6a52973227cf778a90a7cad3c6d883a19b03f02

      SHA512

      7db74e2b78f98b84a36ccbbb3895d064ef7b07e693dc0afa45f6325f52dcc840ff38b2490f288427ffb18563835616481dfda4a69273fa5422ea90a553757fd7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bfbe85e206f6ae9d4c7c6e11e717986e

      SHA1

      3baff1aaeb4a463d43a00773661369b4d299a733

      SHA256

      069ee1d51401cd208919641dbaee6c4ffe4876856e71565bb1629faf9d109870

      SHA512

      9b6ea0c38397d7ae9006463f59a609d910a6e47a8939cd4cbd412f28f09a7fbcf5912df621dacc43ecd1f072dc592dd62cc5b4ca9c76214f58d097aaab6adcfd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e5eb58f00cfbfa6500851782db0518e8

      SHA1

      07f10ad675c2e5a40815245d74cb185784f8c899

      SHA256

      f828b4fee1215d752822d0b858e7df815469e3d85aa65b7f27c609b5460d78e8

      SHA512

      9b7b3fb5a272f1ce6e08e2d99223689c650b3f74bb7b85b2cee5f0960c1c2149395ed8df14dfa441b4f0926262daa60545d4ef173b7a8c41a42b654e729ebb15

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      340df21f37bf2209f414e62d785d62fa

      SHA1

      b2ef5dd9faf6e7f0482ca6ddda8d0837e77ce8ab

      SHA256

      06dcc86c62588aef82b9820c7338cfb59cf143ad0cac66cc1538d94af59672b6

      SHA512

      87466d382391b06ce7bfbfd5816802ed72873146c731c515726c9ba9cb6ce902843cd3d4620e7054dc0a863dabfea79ef17a4a4d17e7c69b3b0f2b2b4c88c61c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabC767.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC7C8.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\Documents\MSDCSC\msdcsc.exe
      Filesize

      720KB

      MD5

      696c96725d86dc1938286c46bf39e7d0

      SHA1

      d00dea4527ccb182354de87c22d8c79c2d1380b3

      SHA256

      1b84100df9f7e673590ffa92f7be26344e2460ee72b97523434b66f9f755b3d1

      SHA512

      e1e4880874029a553a80ebe18e82bbc57c858383c83707d0e3483d0751715fcebc9c496b222d3bbda0c98a9405211b978fd9e3cafc727f988f72591942fa90bb

      Download Submit

    • memory/804-67-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/804-66-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/804-65-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/1188-68-0x0000000000100000-0x0000000000101000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1724-3-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/1924-0-0x00000000003E0000-0x00000000003E4000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2752-8-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-13-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-26-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-24-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-6-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-27-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-11-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-25-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-15-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-16-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-23-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-20-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2752-18-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-4-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download

    • memory/2752-44-0x0000000000400000-0x00000000004B2000-memory.dmp

      Filesize

      712KB

      Download