Overview

overview

7

Static

static

5

JaffaCakes...ad.exe

windows7-x64

7

JaffaCakes...ad.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 10:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_8a97890a209a611782bc523cd041daad.exe

  • Size

    1.2MB

  • MD5

    8a97890a209a611782bc523cd041daad

  • SHA1

    0ad57150a7b863ab117510524ebbf78ac4ea2b4d

  • SHA256

    96ad579f81fdf940299949663f52538fefc2bec2853acb1a60187ab01d498675

  • SHA512

    7fd5b86d466f7d7ec015178ae9cc284e1b73c83910ec6c5fb538581d0892441b5707c8680f5c7adef9f14aa2d0fbf899b92cf9c952875c52fd1f08178d978346

  • SSDEEP

    24576:8PatCg7EPqmZNBGdAzft4SvQaOjEobyo6INOAvTSCuJ6SWhAT:vtV7EPqmdGd8ft4SvSPntIg8J6Dhi

Score
7/10
adwaredefense_evasiondiscoverystealertrojanupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • AutoIT Executable 3 IoCs

    AutoIT scripts compiled to PE executables.

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 14 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Phishing Filter 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 50 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a97890a209a611782bc523cd041daad.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8a97890a209a611782bc523cd041daad.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:6048
    • C:\Users\Admin\AppData\Local\Temp\CMSetup.exe
      C:\Users\Admin\AppData\Local\Temp\CMSetup.exe -s "http://fbgdc.com/click/?c=11855&s=116447&subid=sub1517"
      2⤵
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      PID:5844
    • C:\Users\Admin\AppData\Local\Temp\OfferBoxSetup.exe
      C:\Users\Admin\AppData\Local\Temp\OfferBoxSetup.exe /S
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1540
    • C:\Users\Admin\AppData\Local\Temp\AcPro.exe
      C:\Users\Admin\AppData\Local\Temp\AcPro.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5616
      • C:\Users\Admin\AppData\Local\Temp\is-TH7NU.tmp\AcPro.tmp
        "C:\Users\Admin\AppData\Local\Temp\is-TH7NU.tmp\AcPro.tmp" /SL5="$A02F0,185455,54272,C:\Users\Admin\AppData\Local\Temp\AcPro.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:5264
        • C:\Windows\SysWOW64\regsvr32.exe
          "regsvr32.exe" /s AutocompletePro.dll
          4⤵
          • Loads dropped DLL
          • Installs/modifies Browser Helper Object
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          PID:4036
        • C:\Program Files (x86)\AutocompletePro\InstTracker.exe
          "C:\Program Files (x86)\AutocompletePro\InstTracker.exe" -install -cs:true -si:7999 -ver:1.1 -dir:"C:\Program Files (x86)\AutocompletePro"
          4⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          PID:992
    • C:\Users\Admin\AppData\Local\Temp\msindex.exe
      C:\Users\Admin\AppData\Local\Temp\msindex.exe
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5352
      • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\indexsvc.exe
        "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\indexsvc.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:5240
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2160
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3096
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3096 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4084
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2328
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:3864
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:5188
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2964
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:404
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:404 CREDAT:17410 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:5908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
    Filesize

    95KB

    MD5

    4a509b7784d59ee10c4e912b532e7aab

    SHA1

    6e5649af31edaba52e65f885d2e1a4c28341582c

    SHA256

    9e38900e97a8937b5dbbdce26f338d443cc321d22fd28e2f5aeb7d9d369fceb7

    SHA512

    d7c3fcab788ea29cf8083873a4fb10508061c9edecab4523f8ee89476d630740aedbcc964f7c3b15ec0c01e34d17dd55e9a983a9b09ad1cfb45c51a1dfb2ef33

    Download Submit

  • C:\Program Files (x86)\AutocompletePro\InstTracker.exe
    Filesize

    8KB

    MD5

    fdb8a7445724c2631a260d854f73b0e4

    SHA1

    5255d0fe074802f1376be76f2c67644274711854

    SHA256

    e52fcd3259b6ce4bb7d618a239789025c0c39582425870c39b1233a5ae4b50c2

    SHA512

    7e22d5186359cccb4e7ba2fae076473579ef90d89c91285c8f426a7ecaf041b0f5323fd88910324fc4d2258ad1f71a759651b3ce89394ff8943e112582ae2e47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
    Filesize

    471B

    MD5

    4a326b4601ab30dfcfec12796d4473af

    SHA1

    fcc8ab255f002787a2f4756a6e7aaebc4ca0b5ff

    SHA256

    58c3470bcc9b953996e86f7741d7a6b1afe327c1c65788c2ef262c1beb6df10c

    SHA512

    2462008010263772ed24dbf2e6b9c002e29334c7529ddbc5f8272dbb41d5eb54dcc9556ade4dab79f32a10cdff67520882a5505f80dd23a752ea69407afd654e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187
    Filesize

    412B

    MD5

    b8b7d2e4ccee3728a7382107c3f85aa6

    SHA1

    355656abb293870cf5867bc1078088f0874cbf69

    SHA256

    8b8ab62944f44ca836eaed388abaf5dc65226fb73a7ed33f04b365bd9dd45e5b

    SHA512

    aade3fe68120379924c0f98c67fbbc9f2218ac81ac97f6b5638a64d05e8b6d6f62778d44424cf852492917d0e4ced2df22eadac5eaa5ff63d69b7a0562ae887d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{095C132B-0BC0-11F0-AF5D-C6CB468AE5AC}.dat
    Filesize

    5KB

    MD5

    9ba14f67c9af30ebfbdf1af40292cc9b

    SHA1

    19a14d75fcc8b53706174b6adcdc88a7fa05e301

    SHA256

    9f231a40140d2490f27cb353549f7ab387e6ece9704d170df6f4fb6a9d07c43b

    SHA512

    175be3cb1487827e61e1cc57ccb5e07e6af460104aae3f9c9eccdf5db191231f6583ae81f5ef51ac11dd082a74797b03a7eaade329d50b4ba1a7434969bbe3f8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC4186CE-0BBF-11F0-AF5D-C6CB468AE5AC}.dat
    Filesize

    5KB

    MD5

    2cc4bc1c8c180a89646fb7a818d4712c

    SHA1

    a9aedd4d37614c7d4d8aff441dfb8f0989f2973d

    SHA256

    a32aced32780fdda3411c48d0598c1d3b55cb4d1a87a70aed1b65dc1535fdedd

    SHA512

    1b6a5c06ac98c2f077018d5f4050e5a94496d0999ba3ae9281769e3055e6d805d708af833b9923260f34ae4167ea2ded320e48a41464e73d791280fd14c255b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml
    Filesize

    376B

    MD5

    199d0476f6b468484ea3fcfc4337061b

    SHA1

    62321899488ebfe9ff608de298c1c22a684766e0

    SHA256

    0ef2ca81020a000da5ae75c189b60bf37dfcbd0dfc69ece986caf8c5beb13207

    SHA512

    257241bf91582d891b1789dda15c584a397c6cfe796db0313d78607ba27e01ae036dec7417f339d3140b535541613597009b4f4352c9a63c327bf5b4640dacfe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\463FIIFI\click[1].htm
    Filesize

    1KB

    MD5

    06c45d76c7182c0862b0dfc8ec2eafad

    SHA1

    22e754ba0016310069a3daa6192a26ba16d46ef6

    SHA256

    745fac29e8ef417abc08036d42accfbf4cd528707ccba34738bfb498d4047c9e

    SHA512

    ca18ed6b85d94baef5f49b96fc150c3b35cbf3a02a70896ee12a05590b83851e8ca462ef0e1dd147cb8fa020af7fbc75d2fa96b0b6433f1ca24aa03aa2eca24a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\463FIIFI\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7P8EHEOE\iife.min[1].js
    Filesize

    33KB

    MD5

    63f9fd621d1fbd53b7c5856e58c11ccd

    SHA1

    a46973c2fbdbfeb159e0d717a90f88307e274012

    SHA256

    c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089

    SHA512

    d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\indexsvc.exe
    Filesize

    837KB

    MD5

    64c036fb3e9f5ca7e315157fb3d3e6aa

    SHA1

    70b2780eff2cc7532078175da3bade14363cb6d8

    SHA256

    be68f81551486bde25a109f273486e79cac59d1f60579fc564895a1dd6171510

    SHA512

    5cd0bb5abd7a16869187c1d2c167f41a7be04a55b62c4e91f2178ed9065f72d87157f1b026ba2cb9ed5cab2403b8b9747f6e2816994a54987edaf0b7c2cffb48

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CMSetup.exe
    Filesize

    372KB

    MD5

    16f4bffd0725b944a8d140d1095044e5

    SHA1

    c7aad8597e288f751f6c8aa89bd6f49ff8aa4798

    SHA256

    117240378dc4fabd527634b7f1047c1ab3a19d3876aba34154d312ef25484d53

    SHA512

    51c0166c33e56b32d6e3b498c848601e108ead8d5a51425251a0040011874a335c98fccfa903ece9984c7acdaa67a4860313d21c46c64c1ce2fc4792de2836f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\OfferBoxSetup.exe
    Filesize

    130KB

    MD5

    b315823b314421c0d62a0a7ea893a584

    SHA1

    ea6e03bcb6a8a10e668a318057e41d2f1d5d675b

    SHA256

    f9fad07e0581a1ffb58266f1313a3c43fa3a3af0e060c4cfb1d14d7f8d0ce1c5

    SHA512

    ab1d42fde4f70bfc2b688eacd1bfe31954923e13f229c3db4959bff4cb2ee3e364b99782f2e8a5cb1622bdb5de84b4bb7e04be0068c7dce1a494063845302190

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\autA53B.tmp
    Filesize

    426KB

    MD5

    272ceed651946194801cb481ffc45390

    SHA1

    02c6711b070525bd895a576d020371fb6aadce21

    SHA256

    e85b7e5a0367e54456da30509646c529ee673681c3c5d894d37e03ba15c8e0d8

    SHA512

    d367acf8520139bf986ec3cb93b7a431b7a239d8d8a1791214149720a836aaca3455bcc536857bf8b1d20fa9eaaff4a6cacdeb8c308c23b3e03dc1194fd6f5a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-Q5VV4.tmp\IssProc.dll
    Filesize

    184KB

    MD5

    8eae382eabf41d58cb4e4f6bccb48bca

    SHA1

    104b402efcf67cfb885d3d5f2c3cbad9837c6fd2

    SHA256

    154cb086cf647d673cc0646ab3db30e2c68974743eb8348cd3d77113bd15d18b

    SHA512

    bc1d46e2b91b51c2adb84f6fa08cb5c0c95909fd7761e0a19a6db8e7f6a0e768d575530dd920e722ba5440cfcdee48677d3260bae473bced72a1a1c62ab0e469

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-TH7NU.tmp\AcPro.tmp
    Filesize

    680KB

    MD5

    ed69e64731547eba52476a2d2a2f7882

    SHA1

    cbcd56bbb5230d11a01f18e9bf59f97802bb475b

    SHA256

    427fa988a8a8c63393693ffeb61ddec195f000220ee55fd5112ec91682e933b0

    SHA512

    04202de8dafb4c8964230d94eb44ad8ffd1d138b24f445aa3d707f4d9a9e9520d3d6f80cb0731ab9ebb7143011fe0d856d7e262d9672272876958d5e8ad55afe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\msindex.exe
    Filesize

    217KB

    MD5

    43b930742524589b90068b05d1dff6d1

    SHA1

    c301874b2621c764b1b5a29e0acf2a4998dc5554

    SHA256

    3de93c3367781abf74e1e37af0043cec8b5efe2ea8d2d47bf74570b0d80e0e7a

    SHA512

    8547291c347aaa49e21c01bb018db33e752749b2415801c734bd9f4e5bf01f9a8e8f23d8100265169bad11fa4850deccb7a6002e92f9ce7406d6f91814265888

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz83B8.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5b84d250794433db5a2d26f34699dd9

    SHA1

    bc06abccf6a4783973ec11b6766b43b4a265820c

    SHA256

    96f3357a024c549d7cb9e6447b1a56a2a8029b4f12e6e597428e68620761c5e0

    SHA512

    121d67f85a24096799ed913dccb64ef65d9479f98a6d88c2a0e05f05a65f460d557c5fdfe2c42a0a61b9cbaedd9b7031978111a2713250a89848ab4f3bb4ce84

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsz83B8.tmp\NsisPluginOB.dll
    Filesize

    148KB

    MD5

    71b36382009ed5b31788441fb3c7e05f

    SHA1

    34248376866accdeeebea6fdb2d102377cd5db35

    SHA256

    1e06ce4f7298c67068211982d36013c8e65401dfbdbd03134900a2c8677de534

    SHA512

    59f6e3b58f7b7e17ad79fef336cd3f46b9ddf4b67f6f4705132a0184cd98460dc27d3a21cdfe0cdd121f05633fb9e6687f49a49d829163ac7d9d0448b066277e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF7425FDFE26534722.TMP
    Filesize

    16KB

    MD5

    f2f7eb881f2cd472a10805795150dbde

    SHA1

    dc13c5ee5f3e10bb069565784329bce89d2fa56a

    SHA256

    28166e9616e5edb992ac7d169e846db77664f3b1e7b9bf89b15c0edb0fa7a6a0

    SHA512

    7f6022180ac0a06261676bc750ff98984e318b7c51284ee516839c32cb56d1b1a6d09e69d2a04636aa147de1ce78b0405fa1318c8cb2758108b7cce2a46d13ac

    Download Submit

  • memory/5264-99-0x0000000000400000-0x00000000004BA000-memory.dmp

    Filesize

    744KB

    Download

  • memory/5352-129-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/5352-112-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/5616-100-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/5616-51-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/6048-102-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/6048-0-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/6048-103-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/6048-115-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download