Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

e7e5f45c08...18.exe

windows7-x64

7

e7e5f45c08...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/04/2024, 16:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe

  • Size

    796KB

  • MD5

    e7e5f45c08217fa45e040ad30949ef00

  • SHA1

    5af719ba1edabaee93e1df32a6063e8a8bd26b14

  • SHA256

    8176776decc15e74c2c1ce7123fbf09cbabcef9c6f033e6adefffde26d00c61b

  • SHA512

    3d558b7072d8cad6d01ba517f2038cf2c7c4ea851c593f6d362c7addecb1d406dde356e182cf33b54a678f0ddf7e78042160448532f17cc34183c1a48cdb0aaf

  • SSDEEP

    12288:+vOtc+qr3vR/eg9AC3UFrZ6Th/6slwiGawbgGWVPZU:UOFqrp/ZVEFrZ6TR1lSQGWVa

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 25 IoCs
  • Loads dropped DLL 50 IoCs
  • Drops file in System32 directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 64 IoCs
    evasion
  • Modifies registry class 50 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Control Panel
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
      "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Modifies Control Panel
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
        "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies Control Panel
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2588
        • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
          "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Modifies Control Panel
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:892
          • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
            "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Modifies Control Panel
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:2944
            • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
              "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in System32 directory
              • Drops file in Windows directory
              • Modifies Control Panel
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:576
              • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in System32 directory
                • Drops file in Windows directory
                • Modifies Control Panel
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:1688
                • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                  "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Drops file in System32 directory
                  • Drops file in Windows directory
                  • Modifies Control Panel
                  • Modifies registry class
                  • Suspicious use of WriteProcessMemory
                  PID:1460
                  • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                    "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Drops file in System32 directory
                    • Drops file in Windows directory
                    • Modifies Control Panel
                    • Modifies registry class
                    • Suspicious use of WriteProcessMemory
                    PID:1476
                    • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                      "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Drops file in System32 directory
                      • Drops file in Windows directory
                      • Modifies Control Panel
                      • Modifies registry class
                      • Suspicious use of WriteProcessMemory
                      PID:2304
                      • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                        "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                        11⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Drops file in Windows directory
                        • Modifies registry class
                        • Suspicious use of WriteProcessMemory
                        PID:2520
                        • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                          "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                          12⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          • Modifies Control Panel
                          • Modifies registry class
                          • Suspicious use of WriteProcessMemory
                          PID:636
                          • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                            "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                            13⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Drops file in System32 directory
                            • Drops file in Windows directory
                            • Modifies Control Panel
                            • Modifies registry class
                            • Suspicious use of WriteProcessMemory
                            PID:1496
                            • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                              "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                              14⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Drops file in System32 directory
                              • Drops file in Windows directory
                              • Modifies registry class
                              • Suspicious use of WriteProcessMemory
                              PID:1564
                              • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                15⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                • Drops file in System32 directory
                                • Drops file in Windows directory
                                • Modifies Control Panel
                                • Modifies registry class
                                • Suspicious use of WriteProcessMemory
                                PID:812
                                • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                  "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                  16⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Drops file in System32 directory
                                  • Drops file in Windows directory
                                  • Modifies Control Panel
                                  • Modifies registry class
                                  • Suspicious use of WriteProcessMemory
                                  PID:3028
                                  • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                    "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                    17⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    • Drops file in System32 directory
                                    • Drops file in Windows directory
                                    • Modifies Control Panel
                                    • Modifies registry class
                                    PID:2952
                                    • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                      "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                      18⤵
                                      • Executes dropped EXE
                                      • Loads dropped DLL
                                      • Drops file in System32 directory
                                      • Drops file in Windows directory
                                      • Modifies Control Panel
                                      • Modifies registry class
                                      PID:2272
                                      • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                        "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                        19⤵
                                        • Executes dropped EXE
                                        • Loads dropped DLL
                                        • Drops file in System32 directory
                                        • Drops file in Windows directory
                                        • Modifies Control Panel
                                        • Modifies registry class
                                        PID:1732
                                        • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                          "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                          20⤵
                                          • Executes dropped EXE
                                          • Loads dropped DLL
                                          • Drops file in System32 directory
                                          • Drops file in Windows directory
                                          • Modifies Control Panel
                                          • Modifies registry class
                                          PID:1160
                                          • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                            "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                            21⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            • Drops file in System32 directory
                                            • Drops file in Windows directory
                                            • Modifies Control Panel
                                            • Modifies registry class
                                            PID:2516
                                            • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                              "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                              22⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Drops file in System32 directory
                                              • Drops file in Windows directory
                                              • Modifies Control Panel
                                              • Modifies registry class
                                              PID:2072
                                              • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                                "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                                23⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Drops file in System32 directory
                                                • Drops file in Windows directory
                                                • Modifies Control Panel
                                                • Modifies registry class
                                                PID:3012
                                                • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                                  "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                                  24⤵
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Drops file in System32 directory
                                                  • Drops file in Windows directory
                                                  • Modifies Control Panel
                                                  • Modifies registry class
                                                  PID:2472
                                                  • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                                    "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                                    25⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    • Modifies Control Panel
                                                    • Modifies registry class
                                                    PID:2424
                                                    • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
                                                      "C:\Windows\system32\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe"
                                                      26⤵
                                                      • Executes dropped EXE
                                                      PID:520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\IsUn0404.exe
    Filesize

    796KB

    MD5

    362ebda13866ad5892f72b672867974c

    SHA1

    145fca5c9be8cb7f4f75f42d58fe72ca8e65f648

    SHA256

    f734645d049edf8f45093c8fae1e3ea6bf140d4b72aac005d34f5a61f3bc656f

    SHA512

    09a46d8c04aad71f7a8384676a2e6625d002bfe3561d9266d3a92ae89ab68ef60b974fdeb1b15390cc7dd3e98035127567b2462d17355133b931e5e0d4a74e4d

    Download Submit

  • C:\Windows\IsUninst.exe
    Filesize

    796KB

    MD5

    8d40efcb4db34ee9c8e1b0ab968a529c

    SHA1

    22f020107fb989dc28129e513b9b71643d0f6f53

    SHA256

    a5b2a5468b56124bc326fbb26ab5010cef8978780c0597ce6d621c3cc0933dda

    SHA512

    73f814506fc381cd6c203f6e06d360cdd663fd2012bb95ab6b10e2005ea921214ad7275ea74aaca71698401e9b7e4888c4bb264e419a5bc5f1184aa05e7ed4f0

    Download Submit

  • C:\Windows\IsUninst.exe
    Filesize

    796KB

    MD5

    ed96a52d568d39c49e03c7ef82d65684

    SHA1

    a80549cb5764cbf521f35ee658606d55b22a14cf

    SHA256

    ead8ba771164e78e83f1735c4fcde7c9d12fbece127ea7e168e54ed96502de77

    SHA512

    cb7e574c33e7371fc01131ffbd142392833ecede5036bac6301c29347878ce4ebfddad840301d6d858cf955d0678b3c8a6792528653e1b711587394dd65c7fc4

    Download Submit

  • C:\Windows\IsUninst.exe
    Filesize

    796KB

    MD5

    e4aba795cd09480b29bfc7faebf982de

    SHA1

    f20728baaea3379d3a28d61e978e4a729db4c440

    SHA256

    93351261f5b9bf30140449d5f37cd12b0eb2d775fd03b5a96b916dd9d72db959

    SHA512

    110c5fb77a146547140288e4411dc5bfe211136c00ee7cd3117d14e442d98ca47e3fb06b8dc743f196ec2a47d238ed32b97166047824bec4d4dfdb3020256775

    Download Submit

  • C:\Windows\SysWOW64\e7e5f45c08217fa45e040ad30949ef00_JaffaCakes118.exe
    Filesize

    796KB

    MD5

    e7e5f45c08217fa45e040ad30949ef00

    SHA1

    5af719ba1edabaee93e1df32a6063e8a8bd26b14

    SHA256

    8176776decc15e74c2c1ce7123fbf09cbabcef9c6f033e6adefffde26d00c61b

    SHA512

    3d558b7072d8cad6d01ba517f2038cf2c7c4ea851c593f6d362c7addecb1d406dde356e182cf33b54a678f0ddf7e78042160448532f17cc34183c1a48cdb0aaf

    Download Submit

  • memory/520-208-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/576-72-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/576-63-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/576-62-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/636-134-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/636-130-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/812-146-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/812-150-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/892-49-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/892-39-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1160-175-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1160-176-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1160-180-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1460-96-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1460-85-0x0000000000350000-0x0000000000351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1460-94-0x0000000003140000-0x000000000321D000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1476-107-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1496-139-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1496-135-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1564-145-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1564-141-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1564-140-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1688-74-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1688-84-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1732-174-0x0000000003240000-0x000000000331D000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1732-168-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1732-169-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1732-173-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2072-192-0x00000000030E0000-0x00000000030ED000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2072-191-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2072-186-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-15-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2188-0-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2188-1-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2188-14-0x00000000034B0000-0x000000000358D000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2272-167-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2272-163-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2304-118-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2304-108-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2304-106-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2424-203-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2424-207-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2472-198-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2472-202-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2516-181-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2516-185-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2520-128-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2520-119-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2588-40-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2588-28-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2588-29-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2944-61-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2944-51-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2952-162-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2952-158-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2952-157-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/3012-197-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/3012-193-0x0000000000300000-0x0000000000301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-190-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/3016-27-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/3016-16-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-151-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/3028-152-0x00000000004E0000-0x00000000004E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3028-156-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download