Overview

overview

10

Static

static

3

JaffaCakes...df.exe

windows7-x64

10

JaffaCakes...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2025, 05:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_77dee8b1b368b860d694420325d37ddf.exe

  • Size

    780KB

  • MD5

    77dee8b1b368b860d694420325d37ddf

  • SHA1

    4056aa8fdcc535d39201429caef1364aac338bdf

  • SHA256

    f47ca6f4ac15343f6f087d6dcdda8729b403f65004c2a14944fa0a3ca839f79d

  • SHA512

    9325721e1482f544785dfceeeb61c37faedd406e40fc6d3ac8d2830499d805c20dcc93e7225f83ea3de831dba881ca06ea4f1d5befe4be0968be90af906e856c

  • SSDEEP

    12288:JJ7THB9DS/Eg8KWWBnUdtoThEkQOSxpqLlWanPk0xlASzSwtuAFIrH4W:bz/D/6BxmkDspqLlTnTxj5WrH4W

Score
10/10
expirobackdoorcredential_accessdiscoveryevasionspywarestealertrojan

Malware Config

Signatures

  • Expiro family
    expiro
  • Expiro, m0yv

    Expiro aka m0yv is a multi-functional backdoor written in C++.

    backdoorexpiro
  • Expiro payload 2 IoCs
    backdoor
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Enumerates connected drives 3 TTPs 42 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_77dee8b1b368b860d694420325d37ddf.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_77dee8b1b368b860d694420325d37ddf.exe"
    1⤵
    • Drops Chrome extension
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:996
  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:4720
  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:4788
  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    1⤵
    • Executes dropped EXE
    PID:2020
  • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    1⤵
    • Executes dropped EXE
    PID:1888
  • C:\Windows\System32\OpenSSH\ssh-agent.exe
    C:\Windows\System32\OpenSSH\ssh-agent.exe
    1⤵
    • Executes dropped EXE
    PID:1960

Network

  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    182.129.81.91.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    182.129.81.91.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    156.33.209.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    156.33.209.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    104.219.191.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    104.219.191.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.163.202.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.163.202.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    21.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    21.236.111.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    182.129.81.91.in-addr.arpa
    dns
    72 B
     147 B
     1
    1

    DNS Request

    182.129.81.91.in-addr.arpa

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    156.33.209.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    156.33.209.4.in-addr.arpa

  • 8.8.8.8:53
    104.219.191.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    104.219.191.52.in-addr.arpa

  • 8.8.8.8:53
    200.163.202.172.in-addr.arpa
    dns
    74 B
     160 B
     1
    1

    DNS Request

    200.163.202.172.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    21.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    21.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    Filesize

    2.1MB

    MD5

    63173a2d44156724779ac5c374a5249a

    SHA1

    aaac9cb71f386e8b2d5c1f4be4cab641e466dead

    SHA256

    eb70059c00bbb7d14c60148ec3b5306630f363cd04cba93a43925612161fd7ab

    SHA512

    cc4a89eabe326901ece376d37c103a76f96749c486cf9f2851af11fb274b34e2a6bbbf22586eda455c1e7b11b970464323b376638b0ce553441ec2acbf1cf309

    Download Submit

  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    Filesize

    781KB

    MD5

    116c68f8fcc1e080fbd0ec5b4d622652

    SHA1

    ba3035a0b4ea1dab6e967d49082439b625ca303e

    SHA256

    85e16304f05767c701ac3aadc9059e8a0d280ca1095f60a30aa9272dfc372fac

    SHA512

    6742658c1392a553cc6e5e07b9d3ea133313a4557c9f9471092d67d11bec43473dc4d913a7dd395e3593061e3bfada8796e8f2f8ee4a0ba267d00f6e525c7023

    Download Submit

  • C:\Program Files\7-Zip\7z.exe
    Filesize

    1.1MB

    MD5

    1b59a7a5efdf1d5f24015a5f13367156

    SHA1

    6ca75da490e98f89d6e3e05444ac4f4dc9bb2741

    SHA256

    04594af625f601103aab5055bfb93b0499a84988df054a70e5cd7c34efd1586c

    SHA512

    f5ee20a46693b07706642661ddd4e371871b555cf51f139f2a44bcd4963d42b038c911dab3dbc4f02084e5431b8f218b9f7abf638434f87ecb8d58136f8d5064

    Download Submit

  • C:\Program Files\7-Zip\7zFM.exe
    Filesize

    1.5MB

    MD5

    ee2d85959d54d054c02f8d79182ba833

    SHA1

    3425f571e6fc05073365a6b6a222fa5379a51361

    SHA256

    a072d00dfa57de14bb9c26c867853d178799a9da77f1176183982f565a7a477b

    SHA512

    0f28a4a4e934bfcfc92150e57dd6ac78fbf8d73640ae8b7d738db2b1f4dcfc375fcf15e163e9d81e574200ef8852b1f7a73946700dcc2068c84d6ad934004255

    Download Submit

  • C:\Program Files\7-Zip\7zG.exe
    Filesize

    1.2MB

    MD5

    dce33b6cef626928baffa36c2e24a4fd

    SHA1

    69064fde03bb96d9456b878f57f3c9fe6efacc89

    SHA256

    7321eeb8ea352058d5c9409c5f3553ee16ca7689b6265a92d36f0c488f85e536

    SHA512

    570999b8d5c8f6438766894e0edec0616cd7cca1313d28fee53cd3a638f2682b72f15e85c2b2026fb9b0334c4cc6f79378a0ed163ed66bcf66a7801537427d98

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
    Filesize

    832KB

    MD5

    b80c0f29f7e5e865caaffab1424dfdb8

    SHA1

    a6d541141aa9e52f712ec6a3800741781ecbf8e8

    SHA256

    89ed52ac46f0eea3b4205dd88c86fd6084a4b5b4eb57004d18138dae4743ab95

    SHA512

    4813982e00df9a2f535e379ecddb9e68b5d971a74e7b1cba2fc584a24be4a1e0909f4d549384b3f62a82061625531fbf6a904386a45bb29c5d9f7bb0a40397d8

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe
    Filesize

    4.6MB

    MD5

    25614371d469f719fe0f2f4c7f4f9655

    SHA1

    a62909cae767dffb2710e0eb3370d4f9da7dccd1

    SHA256

    a966e643e6e25e8fd1e1a05205c399839a63f910a84228896868857696b2aed8

    SHA512

    ba7c29798633312aa80bc3d11101d6aba3fe6868c6ea4a7cdabdf6414e41daf5230f2dc00c14b87526317d4ec6d5705834c22847b6d94e835a6f9de6a3e966e4

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe
    Filesize

    898KB

    MD5

    be11ed09422c82c550800c50b8db7f9c

    SHA1

    365b7f6150cf81acbe655e317e02a801e63e95f7

    SHA256

    2dcce073cf6bc5f57f8e998414df6ba0d23713c31f1fd25dec323548b4046b6b

    SHA512

    71ea07252a59d12e7f4a16a3b07ae52461dbbbf21498a3f5f85e6bfb7f25462930055451522c2d194c8e8273824a859bef65cd9f1868638ae462340911ed4e7f

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
    Filesize

    24.0MB

    MD5

    028e126134a70424a5a9d5382d421f26

    SHA1

    df6b857d24185da1f10705347671c0576b268629

    SHA256

    f840e8929d615d8612b44a00027e17bd614d628879bbee39e845a7ac4c3609a4

    SHA512

    66082c7868694d29eb8f907a92e9a19729f06b53eaaf157ea9a3c89b6a6e7cf56274c97c2af4f553e99f2c67fed77ecac9134810d5a1cfe3663526444f3c9c0b

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe
    Filesize

    2.7MB

    MD5

    9e853a7df100fc2a83eb4456a7fb7efb

    SHA1

    afa108d9648597aa3085fde384c1f8ff9996ec95

    SHA256

    ac16029e35a54e665b1fa55f4b28574bc85a7929a6540c4052b8f70d05eed117

    SHA512

    2fb0fa6d6a34036b0150a511952170717e106adc3bf3b239af10b79fa4f7bd9fd29f35a971f4589265856cf6f63e742fac1777068dc40ab62d23300d652de252

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
    Filesize

    797KB

    MD5

    84b5155d8a3995f86dd9ca991b1c0eba

    SHA1

    e4a4f23973c0c1076d5a5011e20389a77e0475f3

    SHA256

    30296e78163da1c2fbe44f518b458e7286d68f573953bfcee5406d91c58bb3ca

    SHA512

    defc0389b0651106bf030ed7991c76ecad44c4d143c12d199af75dfc8ed3250aa834c3c0a70f217a2c067b3fed934cadc0e80a5606d46d8d0d1b4856ec5ffcda

    Download Submit

  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\cpkcoelj.tmp
    Filesize

    4.6MB

    MD5

    c1251c2752afd5e2d1af754416c95e03

    SHA1

    efedb67f9f05c625482f3f7cb5714b1acd9ffa4f

    SHA256

    0148a3143ad5d5ebd0b2e451f83a6216ceb47ca1f2db2eda5711186ee72450df

    SHA512

    2ccd6c8caca74a5a47d469781bea4b1e9732a0852d01ce98c6e11043c946dbfd5a2356eacfac594b1a21c8c6d697dc68c34416467e0c6c0598212970d305a4ac

    Download Submit

  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
    Filesize

    2.1MB

    MD5

    d26eb6953129c52ef078216fbf111f33

    SHA1

    dcdf21f4f2f3218560119f43e4400fabd8b5d469

    SHA256

    4a8731715af3b00ad31ffc28f0c1c6ad3fc21c9dd0ef21be3d6472f0dc56d897

    SHA512

    f02e93a8b4d8f6ed8ed34c8335f452e640012ff6485c11a4fe09ab4a6961bf197aba7856205d2fe9d8db75ede14874ef541e12cfbe7a76f54ae2ca35ac40c181

    Download Submit

  • C:\Program Files\Internet Explorer\iexplore.exe
    Filesize

    1.3MB

    MD5

    627c6b091631c9e7df6537e00c7ce5a3

    SHA1

    0cc5b61e82c496af951fde60631df39d0e818f02

    SHA256

    d277b8a9d9975427cf418fc3a904e411f60952dd9dcf1bc08d1f86518ac24769

    SHA512

    9a23e631dcd4bfafa89e3e4b1cd716f1c25cb5b440b3964ccc8295368450b297ddaf42c6c0474a779bcfd13f5e06d71acba406561c314f76785d98a07e95e177

    Download Submit

  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    Filesize

    978KB

    MD5

    50e5f8a4f848b914c6a6aaaaa2f5042c

    SHA1

    9623b4dd8ce98a6f3ab35ab98b5a35fd985fee2d

    SHA256

    8147ac157eadee25af9f54ce84ce1393f4963da926ea8193b3d490d946d5116d

    SHA512

    f2bc46553e4bd0f23e185165b2684cb2da60df169a29d4b2160872e3274fd5d59f7c1191911bb381b64a7009be9ed69b46da7f7b92afd52bbf4a9833b6dc3f15

    Download Submit

  • C:\Windows\System32\OpenSSH\ssh-agent.exe
    Filesize

    932KB

    MD5

    57e5a81fe0d525d4846cd13ad77611f5

    SHA1

    1ef18158863d4eda9955a4ecb414196e847b6ede

    SHA256

    1af62869732cc4e95421c19124eba47e620d20f587b22d6bfca183ee0e2b322a

    SHA512

    e4162e86d36cdac5d2aa784d89d29b844bbb4893e102ac252ee449d342e8c2b93a9a0283283b0b5a871fd470d0f38e756f0199c8c969d4fa7449177c4dd0b00b

    Download Submit

  • C:\Windows\System32\edjpfopn.tmp
    Filesize

    1.3MB

    MD5

    2496539304d607141eb59af8eb354e66

    SHA1

    4c947129f6369da8c266d141bf0ddd3c5ea20f4a

    SHA256

    bae2e5a0ce95caff6fb3ba3289f4a6ffe14b388cb9dc740f00e2e64e9b6ed518

    SHA512

    717296e2fdc64d82d8f0160729ee88198690e40a5e773f301cc809b0dcace9e589d5401cff40d80cb7e6eadbaa6c831edf80c2b4c4e7db1e295635d540ced5bc

    Download Submit

  • \??\c:\program files\windows media player\wmpnetwk.exe
    Filesize

    1.5MB

    MD5

    c1755571968c533c632d9c168b0b91d6

    SHA1

    eff78d6846d09b790d9e1c7d7a786356237f9560

    SHA256

    1a9ea895f8de6f10f50356f76dea70f6696313a0e10ef64b4b6314b8e537da1d

    SHA512

    75bdce21cfd3816ff0ca4ab9300f923c2a786106b5b1685e30216c01aa2faf0b9fa886bec01f161744a29d2aff4ec5093339c842ea1f53ca0ac1e6e8651be1a4

    Download Submit

  • \??\c:\windows\system32\Agentservice.exe
    Filesize

    1.7MB

    MD5

    28771967a0aa1fafddce022f9290eb3f

    SHA1

    4762586a2ca52824118b1431e999d21185c68392

    SHA256

    d734bbf712bede11b47db31ff6bce74acdb802d12989df49733c4e9fd64b46e8

    SHA512

    9413e4313953dff65a41238201b63490165bffebb4c3dd54064513a8ce59b75fbbe44883cd93b189393e4c401628834c547ded4c7eeb155eb34cbf81c89d00ea

    Download Submit

  • \??\c:\windows\system32\fxssvc.exe
    Filesize

    1.2MB

    MD5

    929e4d520c3ed04e850f0c4d46312154

    SHA1

    ad05e3650b8bb5c44e49549fbc5f9db8f58bedaa

    SHA256

    c49ebf774ad96ac2074456b33f1704733ec6ab0a85046c74caac136252ce55d1

    SHA512

    87bde229eda3acbbeb39e1a0c7ea5cb47842aec46db018c90d8ddd3c7b013e25b8d23e02221ff62ccdb1ff920d8c4c4ace18e5839a69cc9efaea36f2b63965ab

    Download Submit

  • \??\c:\windows\system32\msdtc.exe
    Filesize

    700KB

    MD5

    f72ef0df7604add3a6482f0435a4fece

    SHA1

    24f98da1647ea08bb6bcc4d431f404f7ce4f4d0b

    SHA256

    1a345cf206c892d9b5a20de6df6cafab2b312cfeb014dc72c111b31bbfc86a3f

    SHA512

    9262e4371e361343cda1654e8dab744a53864f15e45e330c4e954357190f264f13a52d7af41c58f49e6ecc61a1c9304bdfaaf88f15bffc809f1ae56820891d0b

    Download Submit

  • \??\c:\windows\system32\msiexec.exe
    Filesize

    623KB

    MD5

    d13ae95b887258e33ee2782b90ade178

    SHA1

    f5949ee8c219d49959863233434c7cf9393ded2b

    SHA256

    8e2b482e593c8006326101f5af18787cc3be9f1001a1793f9c3a837a2820660e

    SHA512

    043c7abcbabbe7aa3cc8bfca6d9e32d7dbf0cf6fb120b3c2ccfc9001d4adc101c19f3b50c16d74ec6d05f8687cb20a9270007ca552a2f2f004170f8b35abd9c8

    Download Submit

  • \??\c:\windows\system32\snmptrap.exe
    Filesize

    572KB

    MD5

    12124ac7e8a9fb7e9bddbec89fc28da1

    SHA1

    a89a41a6b86a8e596ebc2235e3a5c28802a557a5

    SHA256

    b78897af52766c833207530460042a9f8aa7bb5e27d1aeeca0bcec73af984383

    SHA512

    721bb94d31fb47e170d38f4b37fa6069d455e527369775d8f1bc633af106cdea57ccf484423b86dfe45ecb117590a5e4d595dd90b8e4a6597bbd8934839f56c4

    Download Submit

  • \??\c:\windows\system32\wbengine.exe
    Filesize

    2.1MB

    MD5

    ded229420e26e09b99e782dcac5e2e60

    SHA1

    5a782dcd01cf7884889bd4b96ca8c9cb9b57908e

    SHA256

    7b8a36f4e3ac6bed50caff7534f81104dbefc02051d7f9e302fdbef53e7d29ba

    SHA512

    eace6ce68e674c3f45bdf1bd3b03a112c8219a394fe71ddfa5d3daee5e470ff49e679490870a6a2ca2aa360c4a80a3502bbbc73bb2bdc11b48b0c050be2830a6

    Download Submit

  • memory/996-643-0x0000000001000000-0x0000000001283000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/996-0-0x0000000001000000-0x0000000001283000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/996-2-0x0000000001000000-0x0000000001283000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/996-1-0x0000000001029000-0x000000000102A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1888-62-0x0000000140000000-0x00000001402B3000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1888-63-0x0000000140000000-0x00000001402B3000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1888-157-0x0000000140000000-0x00000001402B3000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1888-163-0x0000000140000000-0x00000001402B3000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1960-75-0x0000000140000000-0x00000001402E6000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1960-174-0x0000000140000000-0x00000001402E6000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2020-36-0x0000000140000000-0x00000001402B3000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2020-61-0x0000000140000000-0x00000001402B3000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2020-60-0x0000000140000000-0x00000001402B3000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/2020-37-0x0000000140000000-0x00000001402B3000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4720-118-0x0000000140000000-0x0000000140418000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4720-21-0x00000001400B2000-0x00000001400B3000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4720-20-0x0000000140000000-0x0000000140418000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4788-120-0x0000000140000000-0x000000014040F000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4788-119-0x0000000140000000-0x000000014040F000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4788-29-0x0000000140000000-0x000000014040F000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4788-28-0x0000000140000000-0x000000014040F000-memory.dmp

    Filesize

    4.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.