Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

NEAS.86e5b...JC.exe

windows7-x64

10

NEAS.86e5b...JC.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2023, 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.86e5bf5f49d8fcf02addad1089af2040_JC.exe

  • Size

    1.7MB

  • MD5

    86e5bf5f49d8fcf02addad1089af2040

  • SHA1

    cceb213a8dd473716244cc093a1d5615d6e279b1

  • SHA256

    f444a97206d7d0a931249df0989486856010c2aa3db1d44382925b3afd323da0

  • SHA512

    8f9fc9636c956b279fc323fa494f3e91e54e981ff5aeb690dd7a885ebae70866369a70ed6bdf37ebc1e057a9f43caf656be6b97e78eed3b7f78421e3b0090c47

  • SSDEEP

    49152:DpPNiqTVoiCVsqSMRrQFTAm4o24TduMpwNRn:NNiqpcsFCrQFEm40vpwj

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 4 IoCs
  • Identifies Wine through registry keys 2 TTPs 5 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Drops file in Windows directory 4 IoCs
  • Creates scheduled task(s) 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NEAS.86e5bf5f49d8fcf02addad1089af2040_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.86e5bf5f49d8fcf02addad1089af2040_JC.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2880
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1152
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Loads dropped DLL
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1736
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Loads dropped DLL
          • Adds Run key to start application
          • Drops file in System32 directory
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1692
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            PID:1668
          • C:\Windows\SysWOW64\schtasks.exe
            schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:39 /f
            5⤵
            • Creates scheduled task(s)
            PID:1588
          • C:\Windows\SysWOW64\schtasks.exe
            schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:40 /f
            5⤵
            • Creates scheduled task(s)
            PID:1484
          • C:\Windows\SysWOW64\schtasks.exe
            schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 11:41 /f
            5⤵
            • Creates scheduled task(s)
            PID:2764
      • C:\Windows\Explorer.exe
        C:\Windows\Explorer.exe
        3⤵
          PID:1520

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Resources\Themes\explorer.exe
      Filesize

      1.7MB

      MD5

      69218c963b12667dc582a5b1fe6d27f7

      SHA1

      96f196184e48a0f840a12d15db127d7170f6fd43

      SHA256

      46ba14ff395a068479ef606e91a253e7aa866d82f7dc600c9ed9234b4f4db3e0

      SHA512

      cfc6466b90c6b45fe88ca685fe070b5954a7d148fcaabf2aec2827ec98b861c18ef3aa8bcff07dde8290ed4139c05d9d2239ea397eb38e89e0483d25fa773908

      Download Submit

    • C:\Windows\Resources\spoolsv.exe
      Filesize

      1.7MB

      MD5

      394ae7174f1ec09708c26b36c5cf8246

      SHA1

      a6b061cf5a96f695b7bbe035257966569b764cbc

      SHA256

      c3a12e452a76098c4df13490a128ceeb63d36bc684a7d77cd157e15ab4c5001e

      SHA512

      53b7c3153a7c7ba49eb7da709af1a03bcace644d487a14772f4295a819c5ec4074361b371ebd137e02858597071d9308dd3a1b2f598d8a389446def3eae0b6ae

      Download Submit

    • C:\Windows\Resources\spoolsv.exe
      Filesize

      1.7MB

      MD5

      394ae7174f1ec09708c26b36c5cf8246

      SHA1

      a6b061cf5a96f695b7bbe035257966569b764cbc

      SHA256

      c3a12e452a76098c4df13490a128ceeb63d36bc684a7d77cd157e15ab4c5001e

      SHA512

      53b7c3153a7c7ba49eb7da709af1a03bcace644d487a14772f4295a819c5ec4074361b371ebd137e02858597071d9308dd3a1b2f598d8a389446def3eae0b6ae

      Download Submit

    • C:\Windows\Resources\spoolsv.exe
      Filesize

      1.7MB

      MD5

      394ae7174f1ec09708c26b36c5cf8246

      SHA1

      a6b061cf5a96f695b7bbe035257966569b764cbc

      SHA256

      c3a12e452a76098c4df13490a128ceeb63d36bc684a7d77cd157e15ab4c5001e

      SHA512

      53b7c3153a7c7ba49eb7da709af1a03bcace644d487a14772f4295a819c5ec4074361b371ebd137e02858597071d9308dd3a1b2f598d8a389446def3eae0b6ae

      Download Submit

    • C:\Windows\Resources\svchost.exe
      Filesize

      1.7MB

      MD5

      8e0a33dba3d636f9af101eb1542af43f

      SHA1

      11842fff75fe8042f3a7f0a43fdbff555fe6f203

      SHA256

      44e77e0bb2a5335e04da1cf63554504d94639a7c9193521e15f07d60902af181

      SHA512

      decee8364279c339c8b5b322c013c0ce014546f7d444502257b16151aa257f6d9ca227e332ab1aee465fe65cc403478937c0fad078a315c4985809368890fe4b

      Download Submit

    • \??\c:\windows\resources\spoolsv.exe
      Filesize

      1.7MB

      MD5

      394ae7174f1ec09708c26b36c5cf8246

      SHA1

      a6b061cf5a96f695b7bbe035257966569b764cbc

      SHA256

      c3a12e452a76098c4df13490a128ceeb63d36bc684a7d77cd157e15ab4c5001e

      SHA512

      53b7c3153a7c7ba49eb7da709af1a03bcace644d487a14772f4295a819c5ec4074361b371ebd137e02858597071d9308dd3a1b2f598d8a389446def3eae0b6ae

      Download Submit

    • \??\c:\windows\resources\svchost.exe
      Filesize

      1.7MB

      MD5

      8e0a33dba3d636f9af101eb1542af43f

      SHA1

      11842fff75fe8042f3a7f0a43fdbff555fe6f203

      SHA256

      44e77e0bb2a5335e04da1cf63554504d94639a7c9193521e15f07d60902af181

      SHA512

      decee8364279c339c8b5b322c013c0ce014546f7d444502257b16151aa257f6d9ca227e332ab1aee465fe65cc403478937c0fad078a315c4985809368890fe4b

      Download Submit

    • \??\c:\windows\resources\themes\explorer.exe
      Filesize

      1.7MB

      MD5

      69218c963b12667dc582a5b1fe6d27f7

      SHA1

      96f196184e48a0f840a12d15db127d7170f6fd43

      SHA256

      46ba14ff395a068479ef606e91a253e7aa866d82f7dc600c9ed9234b4f4db3e0

      SHA512

      cfc6466b90c6b45fe88ca685fe070b5954a7d148fcaabf2aec2827ec98b861c18ef3aa8bcff07dde8290ed4139c05d9d2239ea397eb38e89e0483d25fa773908

      Download Submit

    • \Windows\Resources\Themes\explorer.exe
      Filesize

      1.7MB

      MD5

      69218c963b12667dc582a5b1fe6d27f7

      SHA1

      96f196184e48a0f840a12d15db127d7170f6fd43

      SHA256

      46ba14ff395a068479ef606e91a253e7aa866d82f7dc600c9ed9234b4f4db3e0

      SHA512

      cfc6466b90c6b45fe88ca685fe070b5954a7d148fcaabf2aec2827ec98b861c18ef3aa8bcff07dde8290ed4139c05d9d2239ea397eb38e89e0483d25fa773908

      Download Submit

    • \Windows\Resources\spoolsv.exe
      Filesize

      1.7MB

      MD5

      394ae7174f1ec09708c26b36c5cf8246

      SHA1

      a6b061cf5a96f695b7bbe035257966569b764cbc

      SHA256

      c3a12e452a76098c4df13490a128ceeb63d36bc684a7d77cd157e15ab4c5001e

      SHA512

      53b7c3153a7c7ba49eb7da709af1a03bcace644d487a14772f4295a819c5ec4074361b371ebd137e02858597071d9308dd3a1b2f598d8a389446def3eae0b6ae

      Download Submit

    • \Windows\Resources\spoolsv.exe
      Filesize

      1.7MB

      MD5

      394ae7174f1ec09708c26b36c5cf8246

      SHA1

      a6b061cf5a96f695b7bbe035257966569b764cbc

      SHA256

      c3a12e452a76098c4df13490a128ceeb63d36bc684a7d77cd157e15ab4c5001e

      SHA512

      53b7c3153a7c7ba49eb7da709af1a03bcace644d487a14772f4295a819c5ec4074361b371ebd137e02858597071d9308dd3a1b2f598d8a389446def3eae0b6ae

      Download Submit

    • \Windows\Resources\svchost.exe
      Filesize

      1.7MB

      MD5

      8e0a33dba3d636f9af101eb1542af43f

      SHA1

      11842fff75fe8042f3a7f0a43fdbff555fe6f203

      SHA256

      44e77e0bb2a5335e04da1cf63554504d94639a7c9193521e15f07d60902af181

      SHA512

      decee8364279c339c8b5b322c013c0ce014546f7d444502257b16151aa257f6d9ca227e332ab1aee465fe65cc403478937c0fad078a315c4985809368890fe4b

      Download Submit

    • memory/1152-45-0x00000000047C0000-0x00000000047C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-51-0x0000000004790000-0x0000000004791000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-188-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-198-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-186-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-196-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-184-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-26-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-171-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-182-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-69-0x0000000072940000-0x0000000072A93000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1152-180-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-31-0x0000000075A20000-0x0000000075B10000-memory.dmp

      Filesize

      960KB

      Download

    • memory/1152-32-0x00000000752A0000-0x000000007536C000-memory.dmp

      Filesize

      816KB

      Download

    • memory/1152-33-0x0000000072940000-0x0000000072A93000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1152-67-0x0000000075A20000-0x0000000075B10000-memory.dmp

      Filesize

      960KB

      Download

    • memory/1152-36-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-38-0x00000000047B0000-0x00000000047B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-190-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-178-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-68-0x00000000752A0000-0x000000007536C000-memory.dmp

      Filesize

      816KB

      Download

    • memory/1152-174-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-46-0x0000000004250000-0x0000000004251000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-47-0x0000000004220000-0x0000000004221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-48-0x00000000047A0000-0x00000000047A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-49-0x0000000004230000-0x0000000004231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-50-0x0000000004240000-0x0000000004241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-65-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-52-0x0000000004780000-0x0000000004781000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-54-0x0000000004820000-0x0000000004821000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-55-0x0000000004850000-0x0000000004851000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-53-0x0000000004810000-0x0000000004811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-56-0x0000000004830000-0x0000000004831000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-192-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-176-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-194-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1152-58-0x0000000004860000-0x0000000004861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1152-61-0x0000000005280000-0x0000000005687000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1668-140-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-177-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-183-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-193-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-191-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-179-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-172-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-181-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-187-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-175-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-195-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-185-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-197-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-189-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1692-199-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1736-64-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1736-70-0x0000000075A20000-0x0000000075B10000-memory.dmp

      Filesize

      960KB

      Download

    • memory/1736-83-0x00000000047D0000-0x00000000047D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-86-0x0000000004810000-0x0000000004811000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-87-0x0000000004290000-0x0000000004291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-88-0x0000000004850000-0x0000000004851000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-85-0x00000000047C0000-0x00000000047C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-81-0x00000000047E0000-0x00000000047E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-82-0x0000000004270000-0x0000000004271000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-77-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1736-80-0x0000000004260000-0x0000000004261000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-74-0x0000000072940000-0x0000000072A93000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1736-152-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1736-84-0x0000000004800000-0x0000000004801000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1736-72-0x00000000752A0000-0x000000007536C000-memory.dmp

      Filesize

      816KB

      Download

    • memory/2880-35-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2880-19-0x00000000046D0000-0x00000000046D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-0-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2880-57-0x0000000075A20000-0x0000000075B10000-memory.dmp

      Filesize

      960KB

      Download

    • memory/2880-41-0x0000000072940000-0x0000000072A93000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2880-44-0x00000000752A0000-0x000000007536C000-memory.dmp

      Filesize

      816KB

      Download

    • memory/2880-158-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2880-30-0x00000000052C0000-0x00000000056C7000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2880-29-0x00000000046F0000-0x00000000046F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-28-0x0000000004860000-0x0000000004861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-27-0x0000000004660000-0x0000000004661000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-25-0x0000000004710000-0x0000000004711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-24-0x00000000046E0000-0x00000000046E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-66-0x00000000052C0000-0x00000000056C7000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2880-16-0x0000000004690000-0x0000000004691000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-18-0x0000000004680000-0x0000000004681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-17-0x00000000046C0000-0x00000000046C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-15-0x0000000004650000-0x0000000004651000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-14-0x0000000004640000-0x0000000004641000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-13-0x00000000046A0000-0x00000000046A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-12-0x0000000004630000-0x0000000004631000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-9-0x00000000046B0000-0x00000000046B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2880-8-0x0000000000400000-0x0000000000807000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/2880-6-0x00000000752A0000-0x000000007536C000-memory.dmp

      Filesize

      816KB

      Download

    • memory/2880-3-0x0000000072940000-0x0000000072A93000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2880-2-0x0000000075A20000-0x0000000075B10000-memory.dmp

      Filesize

      960KB

      Download

    • memory/2880-1-0x00000000770D0000-0x00000000770D2000-memory.dmp

      Filesize

      8KB

      Download