Overview

overview

10

Static

static

5

JaffaCakes...b0.exe

windows7-x64

10

JaffaCakes...b0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2025 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_6c9f7afb7c09c420a413b5f7f2c5cdb0.exe

  • Size

    374KB

  • MD5

    6c9f7afb7c09c420a413b5f7f2c5cdb0

  • SHA1

    bc05b30655eee5f223c9f0d634ba354b8f585486

  • SHA256

    87a862ecd148181c318d98a64f0cb24ae19d1ebcabf379f0d8254181ffb2cd0b

  • SHA512

    c5cd584abd1c3ce3aea2ac52713d46bfa241ad50f1be32e8ca20aee373b7c163aee7797b4a2b53e5ae06f3647331dc95cbb382ceac1f4c9170cce3008c14113f

  • SSDEEP

    6144:HcNYS996KFifeVjBpeExgVTFSXFoMc5RhCaL37yEAvDNeqQeld94a3ovBa0:HcW7KEZlPzCy37MDN18vV

Score
10/10
darkcometramnitkazantipbankerdiscoveryevasionpersistenceratspywarestealertrojanupxworm

Malware Config

Extracted

Family

darkcomet

Botnet

kazantip

C2

93.116.48.67:27015

Mutex

DC_MUTEX-9FW9Z8Q

Attributes
  • InstallPath

    winlogon\winlogon.exe

  • gencode

    gpLuj6pfvQbs

  • install

    true

  • offline_keylogger

    true

  • persistence

    true

  • reg_key

    winlogon.exe

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies firewall policy service 3 TTPs 3 IoCs
    evasion
  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit
  • Ramnit family
    ramnit
  • Windows security bypass 2 TTPs 2 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 5 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 46 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 55 IoCs
  • System policy modification 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6c9f7afb7c09c420a413b5f7f2c5cdb0.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6c9f7afb7c09c420a413b5f7f2c5cdb0.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6c9f7afb7c09c420a413b5f7f2c5cdb0Srv.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6c9f7afb7c09c420a413b5f7f2c5cdb0Srv.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1952
      • C:\Program Files (x86)\Microsoft\DesktopLayer.exe
        "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:792
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2716
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2060
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:209930 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2604
    • C:\Windows\SysWOW64\winlogon\winlogon.exe
      "C:\Windows\system32\winlogon\winlogon.exe"
      2⤵
      • Modifies firewall policy service
      • Modifies security service
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Loads dropped DLL
      • Windows security modification
      • Adds Run key to start application
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2832
      • C:\Windows\SysWOW64\winlogon\winlogonSrv.exe
        C:\Windows\SysWOW64\winlogon\winlogonSrv.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2732
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
            PID:2632
        • C:\Windows\SysWOW64\notepad.exe
          notepad
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2884

    Network

    MITRE ATT&CK Enterprise v15

    Reconnaissance

    Resource Development

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    2
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Winlogon Helper DLL

    1
    T1547.004

    Create or Modify System Process

    2
    T1543

    Windows Service

    2
    T1543.003

    Privilege Escalation

    Boot or Logon Autostart Execution

    2
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Winlogon Helper DLL

    1
    T1547.004

    Create or Modify System Process

    2
    T1543

    Windows Service

    2
    T1543.003

    Defense Evasion

    Impair Defenses

    3
    T1562

    Disable or Modify System Firewall

    1
    T1562.004

    Disable or Modify Tools

    2
    T1562.001

    Modify Registry

    8
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Lateral Movement

    Collection

    Command and Control

    Exfiltration

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c04b35f7bdd4222416bdaa61d2557606

      SHA1

      6b28efaa1f75bc101b377f7740a6cf47ffaf51c8

      SHA256

      9caf187840297a5708c4f0cafea25709b998eeb61f37e2e6a5bf413fa32ca217

      SHA512

      3507218d2895f6b9176be0406bcc18e1d19ac30325101596304de0ec8b714948be4405204a4faa536ac7dd65ba89e8af5eff39c07f5b8320e395c0384684cbb2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      aca3a95817d2b126f676513583c1bd5d

      SHA1

      83c91eb4e0abadd5aff10e82d70bf7d6cdc0874e

      SHA256

      36b6861cf74b29111c5f43dd7bab79cc4478c2295ca972d7fc6e8f8fa65ff023

      SHA512

      ee4d4fcb14cf6d9cfc2e1055342a7c8a04104ed47d94bc42550dad5e77b7fe178c8f2ddfbe4cf456fd3686d5db7df39e8c8a5a44628e2a0346fb2aa373ade4eb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      15fd9ac7e563f7518cee7e8477a2e1ba

      SHA1

      10c0523003b6db4f9b06611109e45f486207dab0

      SHA256

      a25b3e42ca632364ac3de19da18cd2ea832b63bddec37aad4db98a9c15e9a64e

      SHA512

      fcecb98bc4f57ba891717716cc511703963f20448f5e121dc0dc23094e749760a56e57bde7808cfd87fa74c33f18a43c88ac9493a833a77231ce0e92aad92bff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      61241f857984cea962643a744656ba9c

      SHA1

      af55927c44cfb31315775d8bc3ccfff43f3efd33

      SHA256

      fc7d086266cf32e384db4af87ef40dcb0196dbace6569917407eb9f9d7cd7b61

      SHA512

      267e43405951ea4939d9adced8573398703994474be234c381562df2a3f5ccc8e3a5cff16f77d9dcc9762c711bc1f98de828a22b952e394fe32df3e83d534809

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6efa662cb66c279b7f9cea5b7a8759b6

      SHA1

      293f17b65157c93c59243079e3cfb93ec67b9714

      SHA256

      c66299dfd260fe649a316b7758844c3ee49325fb21fc271bc9dfb552260e7225

      SHA512

      1b3b63027d2ba723312f295f89c8a12915f553ca8df6fa57f90d0e333fcac3708e87eac8332ef8bf630138fab51f80c7513c14c43f3ad24398efa81435f84a82

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9b75748a313cc345201ff361a88f60c1

      SHA1

      56e9a29a2d631285ae6647d6a07a344030135c83

      SHA256

      1269cfbf3a6a42d8a06ab28d9caf93d284aeace8977d312887b2185305882ab5

      SHA512

      9dfa8ae6a40a4ce4227f62c5a1fe55c1460cc521d2b22ddcf86e84bb36dac6f0210218075e9a30c35f52981fea1fdbe2d78d77844c5f0053c47ab467e465483a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9fbba195840c268269cca34ee7b2ff8e

      SHA1

      ac9124c4413982763d134967b8d98d09e96313fb

      SHA256

      66f246a148cf53c4d8e72d9623036f25df61b7847b19a08aa69e52c2bf6ad851

      SHA512

      573c6a49262009fc5a2dd2d1db329b3f2613c87552d9e8913feaeb4d3eaedfa5308bb50bc57876cddd4c9d1247819e2547e52f5123a13a167da0d435ee1059f2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7b06343fa3f6678ceaa2916d7bac02ca

      SHA1

      9c2bd60fec9504071f80ff17f5aac9e3f2639be0

      SHA256

      557e1cc97d308ddd57a7c3629d657e986eaca17eb172eed6254e5d79c5f0ecaf

      SHA512

      1bab9c491fae135daa077c105fcad679de2817a2cafa069754e6899fb7f87ee58c795927ece7c42dcd41bc97b982f17987054545a752afac4bbee893c43e9486

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      79bee06080a5176479b493b9d94b6657

      SHA1

      252d3e2de669d86eb00c9df473d09377a3532293

      SHA256

      02fceb94c8c22fbea5537f6c4af5a6cb6f36b9e8ed5913688ff827c26436ade5

      SHA512

      5045a5bb3ba04615fa8654b879b405ef217b61ebb08ea91495797fd83ff31ee4bf029d8f7ebea008361b752dfaad3ebebf16a201a9615e7e8516b2d8bbd1346b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3d2c07bb09cfe452a4bb9e4c21c2313e

      SHA1

      0c2d5c14b0d27ba401aa0abc3cc4f1614fb3b8da

      SHA256

      d37a4db61fa6794fee186850138e95e0ffea4d13b00d6239f3ed7b0c8bdff4a1

      SHA512

      6b92ed6575e2762cbef36afdf6d5381ad2575471c31dedacbc994810efcd86e94d55a1e5be28ac6ac063073270c959dbb0676837ad0c3e6b1d8633a5d564b830

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      23db74ac2f46588b4c4bb9461b58b2c0

      SHA1

      1db014b4e8dd718997a89c2b2d47241f003d77a1

      SHA256

      f87c850e2a7be831ea269a48fee7e975330593d05a7c30322797c30ea9bf4bac

      SHA512

      9e375b9e2d26ff630945786677e71c5c0ba0d67d978c5dd1ba0317ba5febf331e3f917fd48991b2a59be5fd8047af4fa516bfad82c8969546998b2bab3675b54

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f8f91c60191b95a76e36d9801bc3d5c8

      SHA1

      dd985832c71a120ab1d3047443fc31f02d9bd5a2

      SHA256

      c486eb9012114aefe42478d1ca8410c27ae6511fcd3e6530d3e15fb9692eafe0

      SHA512

      f1b75eb99c9993c6ebda3280983d52652ba89e0ae15f47195fa1b19a34f9b82a93efb95c8226b26635958e4685af2ca36c90571e3f5b439ba7a7a50133e42c23

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c51904f52953b4e2752378465c61b780

      SHA1

      c2f314e0839fc62878536ad8f4120c5b276b5dd3

      SHA256

      b098f0c5902c8d2403e8c7e86ec6eca19beec03b117d180f98fe6d653800ec50

      SHA512

      79ac56d8c5528017ff7897410bdc5c6ebeba9a97de1539dfd6f3e0e5aaea8eceed5cff4c49f69db8e7d6c642625477b44b7f06ee2332f7ddc7b6f36d937142f8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a8eecad96a01ca0506499e486cda796

      SHA1

      c313eddf76b3d5dc2e2d5c6470162f541eb9c1d2

      SHA256

      03de48b95457179495c59963821428bc1a5711d66a27541736001de814cf7f3e

      SHA512

      6fa097b65258fe18789ff3582f4c85b8ea68cf4a66c33ecd798e533922e10fd437435af365cb3c4d0fb34e6a6617aeee6db4a6b6b6684b1c79df2d785ee2c436

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0ec1e2e5d886cbd2d09fb1539640fe5c

      SHA1

      6e8c97e2b56342c51280e974d1f0f3416552554e

      SHA256

      5a06d3e0b75a906517179f0bd314ced2dc17884f051eca7f895f9ffca0e0c81a

      SHA512

      021a32b7bc93a6c2709c92f7304009c6613199bf0af723a67f31ea41ff895b9cb9ec49774a331bf5223f612e3ef0202557b8eb14450bf555ebea7513e7c6984c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7a94760ad7e2efadae9e63a8748d8163

      SHA1

      66b278d0da8fa4e21994756786958df23032bb4c

      SHA256

      a8f5a7c950f892136923f6234a343788ad6df47cbe9bdee7ba0cd619189dcb86

      SHA512

      2e6b3a58ab7cca79ec93cbde89345477d619bd77dc28aa034f29eabcabf5e22d4ff0da524d5028cd31ef5a4425c44d9d38d2ab429d9c5fb159bbb2ea2086aa80

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b93571dfe194bdbe02bce7b1abc2e2df

      SHA1

      59495beb858ba0f7c08e5942da3317b98764fd7b

      SHA256

      33891fe960dbfada1f6f8354bbc7ce4fb3cc31ed7adbaed6f5bb074ac4ada82f

      SHA512

      aa1ca0885f5cae447a0b847364afac533cfb631ce7a04d3e92c6925778f060353deec7a1690865db61c3b9b0e7e82cbea589f54d4efbce83387cc3511ade089a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9995e2ca7e853d3075d80fb77585dd28

      SHA1

      b6e54d4bd1254b12598c0629a163cca746caa0bd

      SHA256

      7dd7d76d924328429c9ac01f9dccdc4b4bcaa4e60c802e4c0028cd2c54a2e1d8

      SHA512

      2b3f6052aec746c20daca83b94b94186be409d34d916fe465edb748a4759d9edec87b4b94252b84e79e08d73549da8ecbf892924df9c422569370c364ebcd9da

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6656a2f5069c1e2412190955aac9a95e

      SHA1

      e1114ff173cd646e9e4f85e203c84a234380240a

      SHA256

      22c43c7592cdd781309f418b55ebcdcd34801272fd66d390d9343feaf2d77d04

      SHA512

      8b44fa08412f81b652264e9962478668a93fb88119c6aef89f84f445a1bd557685764fa7cd7f5ecf328cf532c5e7b025c439b4f113ff5548d4d16082236e5879

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabE2A5.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarE315.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\JaffaCakes118_6c9f7afb7c09c420a413b5f7f2c5cdb0Srv.exe
      Filesize

      55KB

      MD5

      ff5e1f27193ce51eec318714ef038bef

      SHA1

      b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6

      SHA256

      fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320

      SHA512

      c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a

      Download Submit

    • \Windows\SysWOW64\winlogon\winlogon.exe
      Filesize

      374KB

      MD5

      6c9f7afb7c09c420a413b5f7f2c5cdb0

      SHA1

      bc05b30655eee5f223c9f0d634ba354b8f585486

      SHA256

      87a862ecd148181c318d98a64f0cb24ae19d1ebcabf379f0d8254181ffb2cd0b

      SHA512

      c5cd584abd1c3ce3aea2ac52713d46bfa241ad50f1be32e8ca20aee373b7c163aee7797b4a2b53e5ae06f3647331dc95cbb382ceac1f4c9170cce3008c14113f

      Download Submit

    • memory/792-23-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/792-22-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/792-21-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/792-24-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/792-26-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1952-11-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1952-9-0x0000000000230000-0x000000000023F000-memory.dmp

      Filesize

      60KB

      Download

    • memory/1952-8-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2500-0-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2500-4-0x0000000000240000-0x000000000026E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2500-34-0x0000000004490000-0x0000000004577000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2500-19-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2500-35-0x0000000004490000-0x0000000004577000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2732-48-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2732-46-0x00000000001D0000-0x00000000001D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2832-522-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2832-520-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2832-518-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2832-42-0x0000000002180000-0x00000000021AE000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2832-209-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2832-41-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB

      Download

    • memory/2884-49-0x00000000000C0000-0x00000000000C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2884-87-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download