Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2fdafb254c...18.exe

windows7-x64

10

2fdafb254c...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 15:45 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fdafb254cd0b250ce4d2330cfe10d1a_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    2fdafb254cd0b250ce4d2330cfe10d1a

  • SHA1

    73fbf34a64f560f236fea960ba7055e211f168f9

  • SHA256

    7883a94c3bd1af3f49dd72ff193742c26a849d54ff25cd91a9b78553b0e8d7bf

  • SHA512

    3cd78a0b6864d377350b17f8cdbdd72a3bd5879aa6007690077b560efe53f64bfbfaef14c906c16a15bf6f0a6915c9834a6cd6ed1665e848f39588e195520901

  • SSDEEP

    49152:W84BBskoGYvcxD8Bvj1j65e6t1UbvIyQ+dp7m4:W8kBnoGfKBpAeeUbgf+Xi

Score
10/10
luminositypersistencerat

Malware Config

Signatures

  • Luminosity 2 IoCs

    Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.

    ratluminosity
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 23 IoCs
    persistence
  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fdafb254cd0b250ce4d2330cfe10d1a_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2fdafb254cd0b250ce4d2330cfe10d1a_JaffaCakes118.exe"
    1⤵
    • Luminosity
    • Checks computer location settings
    • Drops desktop.ini file(s)
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Users\Admin\AppData\Local\Temp\Tskmgr.exe
      "C:\Users\Admin\AppData\Local\Temp\Tskmgr.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5060
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:4964
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /NP /sc onlogon /tn "Client Monitor" /rl highest /tr "'C:\Program Files (x86)\Client\client.exe' /startup" /f
        3⤵
        • Luminosity
        • Creates scheduled task(s)
        • Suspicious behavior: EnumeratesProcesses
        PID:3420
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:4616
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:1868
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:4640
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:4628
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:4384
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:3488
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:4260
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:824
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:4596
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:1464
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:1548
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:2984
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:4968
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:4228
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:2932
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:2144
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:2852
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:1204
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:2504
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:3696
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:4264
      • C:\Windows\SysWOW64\REG.exe
        REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /v "Client Monitor" /d "cmd /c """start """Client Monitor""" """C:\Program Files (x86)\Client\client.exe"""" /f /reg:64
        3⤵
        • Adds Run key to start application
        PID:3148
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:468
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\FolderN\Tskmgr.exe.lnk " /f
        3⤵
          PID:4452
      • C:\Users\Admin\AppData\Local\Temp\svhost.exe
        "C:\Users\Admin\AppData\Local\Temp\svhost.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:4444

    Network

    • flag-us
      DNS
      0.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-be
      GET
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      Remote address:
      88.221.83.208:443
      Request
      GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
      host: www.bing.com
      accept: */*
      accept-encoding: gzip, deflate, br
      user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
      Response
      HTTP/2.0 200
      cache-control: public, max-age=2592000
      content-type: image/png
      access-control-allow-origin: *
      access-control-allow-headers: *
      access-control-allow-methods: GET, POST, OPTIONS
      timing-allow-origin: *
      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
      content-length: 1107
      date: Fri, 10 May 2024 15:46:02 GMT
      alt-svc: h3=":443"; ma=93600
      x-cdn-traceid: 0.cc53dd58.1715355962.1a4c795
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      208.83.221.88.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      208.83.221.88.in-addr.arpa
      IN PTR
      Response
      208.83.221.88.in-addr.arpa
      IN PTR
      a88-221-83-208deploystaticakamaitechnologiescom
    • flag-us
      DNS
      183.59.114.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      183.59.114.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      24.121.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      24.121.18.2.in-addr.arpa
      IN PTR
      Response
      24.121.18.2.in-addr.arpa
      IN PTR
      a2-18-121-24deploystaticakamaitechnologiescom
    • flag-us
      DNS
      79.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      79.190.18.2.in-addr.arpa
      IN PTR
      Response
      79.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-79deploystaticakamaitechnologiescom
    • flag-us
      DNS
      133.190.18.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.190.18.2.in-addr.arpa
      IN PTR
      Response
      133.190.18.2.in-addr.arpa
      IN PTR
      a2-18-190-133deploystaticakamaitechnologiescom
    • 88.221.83.208:443
      https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
      tls, http2
      1.5kB
       6.3kB
       17
      11

      HTTP Request

      GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

      HTTP Response

      200
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 154.16.201.75:3141
      Tskmgr.exe
      260 B
       200 B
       5
      5
    • 8.8.8.8:53
      0.159.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      0.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      208.83.221.88.in-addr.arpa
      dns
      72 B
       137 B
       1
      1

      DNS Request

      208.83.221.88.in-addr.arpa

    • 8.8.8.8:53
      183.59.114.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      183.59.114.20.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      24.121.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      24.121.18.2.in-addr.arpa

    • 8.8.8.8:53
      79.190.18.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      79.190.18.2.in-addr.arpa

    • 8.8.8.8:53
      133.190.18.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      133.190.18.2.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Tskmgr.exe
      Filesize

      857KB

      MD5

      bc6529f2a93dd5eb328963e0b41a855a

      SHA1

      0d3fe448baa8a886fd33541f17e893a8a550640f

      SHA256

      b98c711a375f39574672d49fdb798e70dab73b56c5a605c2cfd55a82d8d1b528

      SHA512

      4b50bc0de71bdbdbe76622d498d70b940e11a5c34b6d58b43765eacb2447d3106da3ac80f3a20e7eed67598bf9875cda9646694724b8fae6d91a7ed97b0bad73

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\svhost.exe
      Filesize

      52KB

      MD5

      a64daca3cfbcd039df3ec29d3eddd001

      SHA1

      eee8b2573f71e8d5c3ee7e53af3e6772e090d0f3

      SHA256

      403752009f29381d5e4036b8be94589c89188f9ce8ef5f86959eaaada019ed36

      SHA512

      b6fe2d0ae3fcd4442579ecf10d498d61e0f042813c8fc4be8019da77d849cfcf0b168507139a1b5697227c272de9091788f8e03cf1ce13d5b5077568cfa6a479

      Download Submit

    • memory/2292-0-0x0000000074682000-0x0000000074683000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2292-1-0x0000000074680000-0x0000000074C31000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2292-2-0x0000000074680000-0x0000000074C31000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2292-23-0x0000000074680000-0x0000000074C31000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/3420-39-0x00000000012E0000-0x00000000012F7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3420-37-0x00000000012E0000-0x00000000012F7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3420-34-0x00000000012E0000-0x00000000012F7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3420-36-0x0000000000F00000-0x0000000000F01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3420-33-0x00000000012E0000-0x00000000012F7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3420-35-0x00000000012E0000-0x00000000012F7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/4444-31-0x00000000056D0000-0x00000000056E7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/4444-28-0x00000000056D0000-0x00000000056E7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/4444-24-0x00000000056D0000-0x00000000056E7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/4444-26-0x00000000056D0000-0x00000000056E7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/4444-25-0x00000000056D0000-0x00000000056E7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/4444-27-0x00000000056F0000-0x00000000056F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4444-19-0x0000000000430000-0x000000000050C000-memory.dmp

      Filesize

      880KB

      Download

    • memory/5060-32-0x0000000074680000-0x0000000074C31000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/5060-15-0x0000000074680000-0x0000000074C31000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/5060-14-0x0000000074680000-0x0000000074C31000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/5060-13-0x0000000074680000-0x0000000074C31000-memory.dmp

      Filesize

      5.7MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.