Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...a9.exe

windows7-x64

10

JaffaCakes...a9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/01/2025, 14:06 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe

  • Size

    165KB

  • MD5

    4050f3601ab7931a0f6db2262ecb25a9

  • SHA1

    aea77ad2a71dea57b06d824ab8617149e2d1edcc

  • SHA256

    cd705b00962c246a2513eebce6e3c6b50aed5b3576569006d362a3f16e5b10ea

  • SHA512

    1d1ce6495680eb604873297f515f163e9c9145451552158bd897968eab3094e3b8b8ea46e974a15b28b11e9f82a7f64f8569d2c0720d00f30f5a69e140fe2507

  • SSDEEP

    3072:hMMbRiYder+FnuJ2PaCZwXPlbPXHVO2oBvQ6xNDCnz1dShLeA184Uum9xVp:hzb0Yd+3Ehih1PoBI6HDw11A184UTxV

Score
10/10
cycbotbackdoordiscoverypersistenceratupx

Malware Config

Signatures

  • Cycbot

    Cycbot is a backdoor and trojan written in C++..

    backdoorratcycbot
  • Cycbot family
    cycbot
  • Detects Cycbot payload 7 IoCs

    Cycbot is a backdoor and trojan written in C++.

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe"
    1⤵
    • Modifies WinLogon for persistence
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4468
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe startC:\Program Files (x86)\LP\0B09\619.exe%C:\Program Files (x86)\LP\0B09
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1644
    • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
      C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe startC:\Program Files (x86)\4DB0B\lvvm.exe%C:\Program Files (x86)\4DB0B
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2224

Network

  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    5.114.82.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    5.114.82.104.in-addr.arpa
    IN PTR
    Response
    5.114.82.104.in-addr.arpa
    IN PTR
    a104-82-114-5deploystaticakamaitechnologiescom
  • flag-us
    DNS
    cdn.adventofdeception.com
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    Remote address:
    8.8.8.8:53
    Request
    cdn.adventofdeception.com
    IN A
    Response
    cdn.adventofdeception.com
    IN A
    199.59.243.228
  • flag-us
    DNS
    cdn.adventofdeception.com
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    Remote address:
    8.8.8.8:53
    Request
    cdn.adventofdeception.com
    IN A
  • flag-us
    GET
    http://cdn.adventofdeception.com/wp-content/uploads/2011/06/frame7.png?sv=836&tq=gwY92w4AC8zK9vspFnOiAGI346Z8AYTMbve6ZWBKDIdi5y67aJGckhbJc8B4xg0EcsnlKrIg9qG7wHR06Lhy0558entp%2FNiYMcVgLReK4J2%2BoX48sUkN42p4Fkk4zJkuzowUkvLy8O2UqJ375MZT4A0lYbuOV8CwZ3AndtV%2BRhNj%2BGWZpdHt79grgzURtNEEFyOC91GY%2BpDVr2e%2BEs2DLY4ylVdrClzUAAhONslnMOhR7AWTS
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    Remote address:
    199.59.243.228:80
    Request
    GET /wp-content/uploads/2011/06/frame7.png?sv=836&tq=gwY92w4AC8zK9vspFnOiAGI346Z8AYTMbve6ZWBKDIdi5y67aJGckhbJc8B4xg0EcsnlKrIg9qG7wHR06Lhy0558entp%2FNiYMcVgLReK4J2%2BoX48sUkN42p4Fkk4zJkuzowUkvLy8O2UqJ375MZT4A0lYbuOV8CwZ3AndtV%2BRhNj%2BGWZpdHt79grgzURtNEEFyOC91GY%2BpDVr2e%2BEs2DLY4ylVdrClzUAAhONslnMOhR7AWTS HTTP/1.0
    Connection: close
    Host: cdn.adventofdeception.com
    Accept: */*
    User-Agent: chrome/9.0
    Response
    HTTP/1.1 200 OK
    date: Tue, 28 Jan 2025 03:29:35 GMT
    content-type: text/html; charset=utf-8
    content-length: 1846
    x-request-id: ebf9f105-494b-4893-a1f3-7db484ddee35
    cache-control: no-store, max-age=0
    accept-ch: sec-ch-prefers-color-scheme
    critical-ch: sec-ch-prefers-color-scheme
    vary: sec-ch-prefers-color-scheme
    x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_YWpjTSAAeoqL69UUoZXB34tec2j79fzTVH/IEQ2dS2liae+pMC/nT194c2DggZH1Gchk30FA8c7q4p1r3+VLgg==
    set-cookie: parking_session=ebf9f105-494b-4893-a1f3-7db484ddee35; expires=Tue, 28 Jan 2025 03:44:35 GMT; path=/
    connection: close
  • flag-us
    DNS
    228.243.59.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.243.59.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tulfb-uqu4.kupinosis.com
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    Remote address:
    8.8.8.8:53
    Request
    tulfb-uqu4.kupinosis.com
    IN A
    Response
  • flag-us
    DNS
    m4cid.enotusfed.com
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    Remote address:
    8.8.8.8:53
    Request
    m4cid.enotusfed.com
    IN A
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    197.87.175.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    197.87.175.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26duwoge.enotusfed.com
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    Remote address:
    8.8.8.8:53
    Request
    26duwoge.enotusfed.com
    IN A
    Response
  • flag-us
    DNS
    70.252.19.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    70.252.19.2.in-addr.arpa
    IN PTR
    Response
    70.252.19.2.in-addr.arpa
    IN PTR
    a2-19-252-70deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.google.com
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    Remote address:
    8.8.8.8:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.179.100
  • flag-fr
    GET
    http://www.google.com/
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    Remote address:
    142.250.179.100:80
    Request
    GET / HTTP/1.0
    Connection: close
    Host: www.google.com
    Accept: */*
    Response
    HTTP/1.0 302 Found
    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNqe4bwGIjCvBtCGAQU_uJln5YgiXgM74seIyzIJTLSntAbZGuYB54bMEjBa4p87Phjnx_aLRlAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgsI257hvAYQhczZCBIEtdewUw
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-Lal2yo3GNGejTsEapyMaBA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Date: Tue, 28 Jan 2025 03:30:35 GMT
    Server: gws
    Content-Length: 396
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-Xhud_y5rSZvutenCr1SY4OsPM2zMKv6i-XykBz8giAVxYYNZsbzA; expires=Sun, 27-Jul-2025 03:30:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
  • flag-fr
    GET
    http://www.google.com/
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    Remote address:
    142.250.179.100:80
    Request
    GET / HTTP/1.1
    Connection: close
    Pragma: no-cache
    Host: www.google.com
    Response
    HTTP/1.1 302 Found
    Location: http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNue4bwGIjB8v_vHyGWPf7zfOXQ588wtkyHgLKBTIpa6hrmPWLhbirCqquBEjHUqLePof8gSk-EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    x-hallmonitor-challenge: CgwI257hvAYQ9-KXyQESBLXXsFM
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-O0UhZ4_-IhUpBcmJ1UsgDg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
    Date: Tue, 28 Jan 2025 03:30:35 GMT
    Server: gws
    Content-Length: 396
    X-XSS-Protection: 0
    X-Frame-Options: SAMEORIGIN
    Set-Cookie: AEC=AZ6Zc-VOcp4kKll_criLPKb5xBmHANztG7k7fzLisNnJP_ixsGfgsysJl74; expires=Sun, 27-Jul-2025 03:30:35 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
    Connection: close
  • flag-fr
    GET
    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNue4bwGIjB8v_vHyGWPf7zfOXQ588wtkyHgLKBTIpa6hrmPWLhbirCqquBEjHUqLePof8gSk-EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    Remote address:
    142.250.179.100:80
    Request
    GET /sorry/index?continue=http://www.google.com/&q=EgS117BTGNue4bwGIjB8v_vHyGWPf7zfOXQ588wtkyHgLKBTIpa6hrmPWLhbirCqquBEjHUqLePof8gSk-EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
    Connection: close
    Pragma: no-cache
    Host: www.google.com
    Response
    HTTP/1.1 429 Too Many Requests
    Date: Tue, 28 Jan 2025 03:30:35 GMT
    Pragma: no-cache
    Expires: Fri, 01 Jan 1990 00:00:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Content-Type: text/html
    Server: HTTP server (unknown)
    Content-Length: 3086
    X-XSS-Protection: 0
    Connection: close
  • flag-us
    DNS
    100.179.250.142.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.179.250.142.in-addr.arpa
    IN PTR
    Response
    100.179.250.142.in-addr.arpa
    IN PTR
    par21s20-in-f41e100net
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    170.253.116.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    170.253.116.51.in-addr.arpa
    IN PTR
    Response
  • 199.59.243.228:80
    http://cdn.adventofdeception.com/wp-content/uploads/2011/06/frame7.png?sv=836&tq=gwY92w4AC8zK9vspFnOiAGI346Z8AYTMbve6ZWBKDIdi5y67aJGckhbJc8B4xg0EcsnlKrIg9qG7wHR06Lhy0558entp%2FNiYMcVgLReK4J2%2BoX48sUkN42p4Fkk4zJkuzowUkvLy8O2UqJ375MZT4A0lYbuOV8CwZ3AndtV%2BRhNj%2BGWZpdHt79grgzURtNEEFyOC91GY%2BpDVr2e%2BEs2DLY4ylVdrClzUAAhONslnMOhR7AWTS
    http
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    730 B
     2.8kB
     7
    7

    HTTP Request

    GET http://cdn.adventofdeception.com/wp-content/uploads/2011/06/frame7.png?sv=836&tq=gwY92w4AC8zK9vspFnOiAGI346Z8AYTMbve6ZWBKDIdi5y67aJGckhbJc8B4xg0EcsnlKrIg9qG7wHR06Lhy0558entp%2FNiYMcVgLReK4J2%2BoX48sUkN42p4Fkk4zJkuzowUkvLy8O2UqJ375MZT4A0lYbuOV8CwZ3AndtV%2BRhNj%2BGWZpdHt79grgzURtNEEFyOC91GY%2BpDVr2e%2BEs2DLY4ylVdrClzUAAhONslnMOhR7AWTS

    HTTP Response

    200
  • 127.0.0.1:53192
  • 142.250.179.100:80
    http://www.google.com/
    http
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    302 B
     1.5kB
     5
    5

    HTTP Request

    GET http://www.google.com/

    HTTP Response

    302
  • 142.250.179.100:80
    http://www.google.com/
    http
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    307 B
     1.5kB
     5
    5

    HTTP Request

    GET http://www.google.com/

    HTTP Response

    302
  • 142.250.179.100:80
    http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNue4bwGIjB8v_vHyGWPf7zfOXQ588wtkyHgLKBTIpa6hrmPWLhbirCqquBEjHUqLePof8gSk-EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
    http
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    526 B
     3.7kB
     6
    7

    HTTP Request

    GET http://www.google.com/sorry/index?continue=http://www.google.com/&q=EgS117BTGNue4bwGIjB8v_vHyGWPf7zfOXQ588wtkyHgLKBTIpa6hrmPWLhbirCqquBEjHUqLePof8gSk-EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

    HTTP Response

    429
  • 127.0.0.1:53192
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
  • 127.0.0.1:53192
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
  • 127.0.0.1:53192
  • 127.0.0.1:53192
  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    5.114.82.104.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    5.114.82.104.in-addr.arpa

  • 8.8.8.8:53
    cdn.adventofdeception.com
    dns
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    142 B
     87 B
     2
    1

    DNS Request

    cdn.adventofdeception.com

    DNS Request

    cdn.adventofdeception.com

    DNS Response

    199.59.243.228

  • 224.0.0.251:5353
    168 B
     3
  • 8.8.8.8:53
    228.243.59.199.in-addr.arpa
    dns
    73 B
     131 B
     1
    1

    DNS Request

    228.243.59.199.in-addr.arpa

  • 8.8.8.8:53
    tulfb-uqu4.kupinosis.com
    dns
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    70 B
     143 B
     1
    1

    DNS Request

    tulfb-uqu4.kupinosis.com

  • 8.8.8.8:53
    m4cid.enotusfed.com
    dns
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    65 B
     138 B
     1
    1

    DNS Request

    m4cid.enotusfed.com

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    197.87.175.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    197.87.175.4.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    26duwoge.enotusfed.com
    dns
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    68 B
     141 B
     1
    1

    DNS Request

    26duwoge.enotusfed.com

  • 8.8.8.8:53
    70.252.19.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    70.252.19.2.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    www.google.com
    dns
    JaffaCakes118_4050f3601ab7931a0f6db2262ecb25a9.exe
    60 B
     76 B
     1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.179.100

  • 8.8.8.8:53
    100.179.250.142.in-addr.arpa
    dns
    74 B
     112 B
     1
    1

    DNS Request

    100.179.250.142.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    170.253.116.51.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    170.253.116.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\99E4D\DB0B.9E4
    Filesize

    996B

    MD5

    2674d1714a952a910bdcda1a3aec0e8b

    SHA1

    6d2f7b01aaf72b65cbd81e70bf09c2e65ee88af3

    SHA256

    ecb54c8b06958c9134d35fd89b82f112bd1bc5a1683c267cc296877da7f6afe9

    SHA512

    669751e93700740bfb14f6686f02521196e68c1677df2e659fda8b2f1c0bab843509a6ed533c93ec666d5e99ab01726086907d4156865db4fc408bc70a6eb868

    Download Submit

  • C:\Users\Admin\AppData\Roaming\99E4D\DB0B.9E4
    Filesize

    600B

    MD5

    129bcfedcb2c684691f97574d0544335

    SHA1

    bc93427ae5f85b4b5f75cd617ccc427a9db64abe

    SHA256

    e5046c029873478748a69efcfef06e4a391c66a3206717c4911780028d93a304

    SHA512

    039079080463846fcb08f1681e9c527c0e338d6d312dfa0b907ce40414802c855bedbd657f8e6e1f3174a3e5a3d3aeece81eb535496c7c75e317296480499186

    Download Submit

  • C:\Users\Admin\AppData\Roaming\99E4D\DB0B.9E4
    Filesize

    1KB

    MD5

    f294e79f1544ac1efaa68fe00cbbecb4

    SHA1

    5fc41f4a7835321399da90075f51378a35b2e478

    SHA256

    9414793d74da7d4a2951f0691ea7a29dd398102c97672121f6dee03e6fedacf4

    SHA512

    ad89c744e2d9112fb7aa649de6697bdc072d8b1706755e6773de2b06620266eaa910ce7072c65e1fa8f3b09ae1a8b09439e80a8bd7fecaa28d83e89432696e74

    Download Submit

  • memory/1644-19-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/1644-14-0x0000000075490000-0x00000000754C9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1644-17-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/1644-16-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/1644-20-0x0000000075490000-0x00000000754C9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2224-123-0x0000000075490000-0x00000000754C9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2224-119-0x0000000075490000-0x00000000754C9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2224-121-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/2224-124-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/4468-21-0x0000000000400000-0x000000000048E000-memory.dmp

    Filesize

    568KB

    Download

  • memory/4468-22-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/4468-4-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/4468-0-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/4468-125-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/4468-3-0x0000000000400000-0x000000000048E000-memory.dmp

    Filesize

    568KB

    Download

  • memory/4468-1-0x0000000075490000-0x00000000754C9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4468-307-0x0000000000400000-0x0000000000491000-memory.dmp

    Filesize

    580KB

    Download

  • memory/4468-308-0x0000000075490000-0x00000000754C9000-memory.dmp

    Filesize

    228KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.