Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/05/2024, 16:00 UTC

General

  • Target

    2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe

  • Size

    521KB

  • MD5

    2fe998b5b614163c8904ebb4c3be78db

  • SHA1

    d14914ccbbd6630f7e59c09ee56f890a6d4d6c84

  • SHA256

    14c8612af64a329292bf1504569cdec8cb526dfb53e3766a65a174e89de899a4

  • SHA512

    c2160be44aa189b74c9d4ba8ebc48f9f2abc84b6e9d1860c77d52d486c980c5da83bb14a82de471ec325a7bcf9235de4cbedda2388f1fb1ebb88de8b0afb9a22

  • SSDEEP

    12288:z94hz08xqd0h7WgX3NaT9CP7acQXvQdgkyKL/IzGbUt577v:xWxq+hN3Nhdg/yqF

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe"
    1⤵
    • Checks BIOS information in registry
    • Maps connected drives based on registry
    • Suspicious use of SetWindowsHookEx
    PID:4744
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 2548
      2⤵
      • Program crash
      PID:1240
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4744 -ip 4744
    1⤵
      PID:3064
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:5064

      Network

      • flag-us
        DNS
        232.168.11.51.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.168.11.51.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        77.190.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        77.190.18.2.in-addr.arpa
        IN PTR
        Response
        77.190.18.2.in-addr.arpa
        IN PTR
        a2-18-190-77deploystaticakamaitechnologiescom
      • flag-us
        DNS
        api.getmagnoplay.com
        2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe
        Remote address:
        8.8.8.8:53
        Request
        api.getmagnoplay.com
        IN A
        Response
      • flag-us
        DNS
        ssl.google-analytics.com
        2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe
        Remote address:
        8.8.8.8:53
        Request
        ssl.google-analytics.com
        IN A
        Response
        ssl.google-analytics.com
        IN A
        172.217.16.232
      • flag-gb
        GET
        https://ssl.google-analytics.com/collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=Start_Application&el=3.2.650&ev=1&t=event
        2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe
        Remote address:
        172.217.16.232:443
        Request
        GET /collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=Start_Application&el=3.2.650&ev=1&t=event HTTP/1.1
        Accept: */*
        Proxy-authorization: Basic
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
        Host: ssl.google-analytics.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Access-Control-Allow-Origin: *
        Pragma: no-cache
        X-Content-Type-Options: nosniff
        Cross-Origin-Resource-Policy: cross-origin
        Server: Golfe2
        Content-Length: 35
        Date: Thu, 09 May 2024 21:39:10 GMT
        Expires: Mon, 01 Jan 1990 00:00:00 GMT
        Cache-Control: no-cache, no-store, must-revalidate
        Age: 66119
        Last-Modified: Sun, 17 May 1998 03:00:00 GMT
        Content-Type: image/gif
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • flag-gb
        GET
        https://ssl.google-analytics.com/collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=UAC_YES&el=3.2.650&ev=2&t=event
        2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe
        Remote address:
        172.217.16.232:443
        Request
        GET /collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=UAC_YES&el=3.2.650&ev=2&t=event HTTP/1.1
        Accept: */*
        Proxy-authorization: Basic
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
        Host: ssl.google-analytics.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Access-Control-Allow-Origin: *
        Pragma: no-cache
        X-Content-Type-Options: nosniff
        Cross-Origin-Resource-Policy: cross-origin
        Server: Golfe2
        Content-Length: 35
        Date: Thu, 09 May 2024 20:55:31 GMT
        Expires: Mon, 01 Jan 1990 00:00:00 GMT
        Cache-Control: no-cache, no-store, must-revalidate
        Age: 68738
        Last-Modified: Sun, 17 May 1998 03:00:00 GMT
        Content-Type: image/gif
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • flag-gb
        GET
        https://ssl.google-analytics.com/collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=Navigate2&el=3.2.650&ev=3&t=event
        2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe
        Remote address:
        172.217.16.232:443
        Request
        GET /collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=Navigate2&el=3.2.650&ev=3&t=event HTTP/1.1
        Accept: */*
        Proxy-authorization: Basic
        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
        Host: ssl.google-analytics.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Access-Control-Allow-Origin: *
        Pragma: no-cache
        X-Content-Type-Options: nosniff
        Cross-Origin-Resource-Policy: cross-origin
        Server: Golfe2
        Content-Length: 35
        Date: Thu, 09 May 2024 20:55:31 GMT
        Expires: Mon, 01 Jan 1990 00:00:00 GMT
        Cache-Control: no-cache, no-store, must-revalidate
        Age: 68738
        Last-Modified: Sun, 17 May 1998 03:00:00 GMT
        Content-Type: image/gif
        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
      • flag-us
        DNS
        232.16.217.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.16.217.172.in-addr.arpa
        IN PTR
        Response
        232.16.217.172.in-addr.arpa
        IN PTR
        mad08s04-in-f81e100net
        232.16.217.172.in-addr.arpa
        IN PTR
        lhr48s28-in-f8�H
      • flag-us
        DNS
        232.16.217.172.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        232.16.217.172.in-addr.arpa
        IN PTR
      • flag-us
        DNS
        195.187.250.142.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        195.187.250.142.in-addr.arpa
        IN PTR
        Response
        195.187.250.142.in-addr.arpa
        IN PTR
        lhr25s33-in-f31e100net
      • flag-us
        DNS
        157.123.68.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        157.123.68.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        138.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        138.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        171.39.242.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        171.39.242.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        31.121.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        31.121.18.2.in-addr.arpa
        IN PTR
        Response
        31.121.18.2.in-addr.arpa
        IN PTR
        a2-18-121-31deploystaticakamaitechnologiescom
      • flag-us
        DNS
        28.118.140.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        28.118.140.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        154.239.44.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        154.239.44.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        79.190.18.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        79.190.18.2.in-addr.arpa
        IN PTR
        Response
        79.190.18.2.in-addr.arpa
        IN PTR
        a2-18-190-79deploystaticakamaitechnologiescom
      • flag-us
        DNS
        14.227.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        14.227.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        8.179.89.13.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        8.179.89.13.in-addr.arpa
        IN PTR
        Response
      • 172.217.16.232:443
        https://ssl.google-analytics.com/collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=Start_Application&el=3.2.650&ev=1&t=event
        tls, http
        2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe
        2.5kB
        6.0kB
        13
        9

        HTTP Request

        GET https://ssl.google-analytics.com/collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=Start_Application&el=3.2.650&ev=1&t=event

        HTTP Response

        200
      • 172.217.16.232:443
        https://ssl.google-analytics.com/collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=Navigate2&el=3.2.650&ev=3&t=event
        tls, http
        2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe
        2.6kB
        6.6kB
        16
        10

        HTTP Request

        GET https://ssl.google-analytics.com/collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=UAC_YES&el=3.2.650&ev=2&t=event

        HTTP Response

        200

        HTTP Request

        GET https://ssl.google-analytics.com/collect?v=1&tid=UA-61193665-1&ds=Cplus&z=E9535A1D-0C35-4545-9B6D-F147563C856F&cid=99E892E3-A034-4BBF-9202-99AFAB37A794&uid=1436473535535aIb7hra9wC&sc=start&dr=http://admin.getmagnoplay.com&cn=52a098095f1c1ee867000011&cs=540706f95f1c1e135400001c&cm=79_10194_15390&ck=ddl&cc=DDL&ci=VzPtIfRl&dl=admin.getmagnoplay.com&dh=LoadC&dp=admin.getmagnoplay.com&dt=MaxCore&cd=MaxCore&linkid=LoadC&ua==Mozilla/5.0%20(Windows%20NT%206.1;%20WOW64;%20Trident/7.0;%20rv:11.0)%20like%20Gecko&ec=ExecutionCplus&ea=Navigate2&el=3.2.650&ev=3&t=event

        HTTP Response

        200
      • 142.250.187.234:443
        92 B
        40 B
        2
        1
      • 8.8.8.8:53
        232.168.11.51.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        232.168.11.51.in-addr.arpa

      • 8.8.8.8:53
        77.190.18.2.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        77.190.18.2.in-addr.arpa

      • 8.8.8.8:53
        api.getmagnoplay.com
        dns
        2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe
        66 B
        139 B
        1
        1

        DNS Request

        api.getmagnoplay.com

      • 8.8.8.8:53
        ssl.google-analytics.com
        dns
        2fe998b5b614163c8904ebb4c3be78db_JaffaCakes118.exe
        70 B
        86 B
        1
        1

        DNS Request

        ssl.google-analytics.com

        DNS Response

        172.217.16.232

      • 8.8.8.8:53
        232.16.217.172.in-addr.arpa
        dns
        146 B
        140 B
        2
        1

        DNS Request

        232.16.217.172.in-addr.arpa

        DNS Request

        232.16.217.172.in-addr.arpa

      • 8.8.8.8:53
        195.187.250.142.in-addr.arpa
        dns
        74 B
        112 B
        1
        1

        DNS Request

        195.187.250.142.in-addr.arpa

      • 8.8.8.8:53
        157.123.68.40.in-addr.arpa
        dns
        72 B
        146 B
        1
        1

        DNS Request

        157.123.68.40.in-addr.arpa

      • 8.8.8.8:53
        138.32.126.40.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        138.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
        144 B
        1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        171.39.242.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        171.39.242.20.in-addr.arpa

      • 8.8.8.8:53
        31.121.18.2.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        31.121.18.2.in-addr.arpa

      • 8.8.8.8:53
        28.118.140.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        28.118.140.52.in-addr.arpa

      • 8.8.8.8:53
        154.239.44.20.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        154.239.44.20.in-addr.arpa

      • 8.8.8.8:53
        79.190.18.2.in-addr.arpa
        dns
        70 B
        133 B
        1
        1

        DNS Request

        79.190.18.2.in-addr.arpa

      • 8.8.8.8:53
        14.227.111.52.in-addr.arpa
        dns
        72 B
        158 B
        1
        1

        DNS Request

        14.227.111.52.in-addr.arpa

      • 8.8.8.8:53
        8.179.89.13.in-addr.arpa
        dns
        70 B
        144 B
        1
        1

        DNS Request

        8.179.89.13.in-addr.arpa

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4744-0-0x0000000000400000-0x00000000005B4000-memory.dmp

        Filesize

        1.7MB

      • memory/4744-1-0x0000000000400000-0x00000000005B4000-memory.dmp

        Filesize

        1.7MB

      • memory/4744-2-0x00000000005AA000-0x00000000005AB000-memory.dmp

        Filesize

        4KB

      • memory/4744-3-0x0000000000400000-0x00000000005B4000-memory.dmp

        Filesize

        1.7MB

      • memory/4744-13-0x0000000000400000-0x00000000005B4000-memory.dmp

        Filesize

        1.7MB

      • memory/4744-14-0x0000000000400000-0x00000000005B4000-memory.dmp

        Filesize

        1.7MB

      • memory/4744-15-0x00000000005AA000-0x00000000005AB000-memory.dmp

        Filesize

        4KB

      • memory/4744-16-0x0000000000400000-0x00000000005B4000-memory.dmp

        Filesize

        1.7MB

      • memory/4744-19-0x0000000000400000-0x00000000005B4000-memory.dmp

        Filesize

        1.7MB

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.