Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

a6f401a3c5...18.exe

windows7-x64

6

a6f401a3c5...18.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 14:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6f401a3c5bb9139eafbf6aa1f16d8ab_JaffaCakes118.exe

  • Size

    675KB

  • MD5

    a6f401a3c5bb9139eafbf6aa1f16d8ab

  • SHA1

    0064470764732f5ae3cd2759f870072858fc1c09

  • SHA256

    5f183148a689ece3c844dcdd4f28de1cb3b4c68729054969c790106891410d19

  • SHA512

    2588868e056e1106d5811635e546db45dd7ce92007e3ee0ab1b53421f1ef979243de4bfe389798f77878d4ffb5b49bdc6e9f9938b8155a469bcd5673177aa75b

  • SSDEEP

    12288:ipvgWIBv0OXA89bn6b7MP+Dd2Y1tq0DQ49sApCpj1P9XkGbgf:imWQ0t7MP+h2YpUOBpuPxpbgf

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a6f401a3c5bb9139eafbf6aa1f16d8ab_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\a6f401a3c5bb9139eafbf6aa1f16d8ab_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4724
    • C:\Users\Admin\AppData\Local\Temp\a6f401a3c5bb9139eafbf6aa1f16d8ab_JaffaCakes118.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4904
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=a6f401a3c5bb9139eafbf6aa1f16d8ab_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3636
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc345546f8,0x7ffc34554708,0x7ffc34554718
          4⤵
            PID:1648
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
            4⤵
              PID:4500
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:3524
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
              4⤵
                PID:3192
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
                4⤵
                  PID:3452
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
                  4⤵
                    PID:1728
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                    4⤵
                      PID:2428
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
                      4⤵
                        PID:3944
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
                        4⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4728
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
                        4⤵
                          PID:3604
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                          4⤵
                            PID:2104
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
                            4⤵
                              PID:3316
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
                              4⤵
                                PID:1792
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
                                4⤵
                                  PID:184
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                                  4⤵
                                    PID:4284
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11068933537576786227,1716595520883913046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
                                    4⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3052
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=a6f401a3c5bb9139eafbf6aa1f16d8ab_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                                  3⤵
                                    PID:3604
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc345546f8,0x7ffc34554708,0x7ffc34554718
                                      4⤵
                                        PID:3620
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4728
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3408

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      b9569e123772ae290f9bac07e0d31748

                                      SHA1

                                      5806ed9b301d4178a959b26d7b7ccf2c0abc6741

                                      SHA256

                                      20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

                                      SHA512

                                      cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      eeaa8087eba2f63f31e599f6a7b46ef4

                                      SHA1

                                      f639519deee0766a39cfe258d2ac48e3a9d5ac03

                                      SHA256

                                      50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

                                      SHA512

                                      eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      264B

                                      MD5

                                      a8cef1c394a82421960a846b9367af05

                                      SHA1

                                      6a5b470db034971a96131d1676c5f330e5da06d1

                                      SHA256

                                      45c9273441f1da228a50a88724f9fe80eb234c5afabef1bc1d054e0e1987b00f

                                      SHA512

                                      f6ddf70438bfa761e52767d595394eef0354a23db9b322fa5674a4b32af26439c93e601616b0eef240a1317638b6fd35924a3e553dfb04dd06ecb31e4a934b47

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      437B

                                      MD5

                                      05592d6b429a6209d372dba7629ce97c

                                      SHA1

                                      b4d45e956e3ec9651d4e1e045b887c7ccbdde326

                                      SHA256

                                      3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

                                      SHA512

                                      caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      b27dff7ea1f72cce1e9916a015052e67

                                      SHA1

                                      c8defb2661480d629411660aa55460b3bbba5e7f

                                      SHA256

                                      9698c15b5a55e25d328bb5d62db96930197de1631d8aa04cbcddd2cfbdfa6870

                                      SHA512

                                      d40089f91358052076b36916216f113b3830194edcd703f2f9e03f9d041cbbf99c39fbc1eebc3c05f9b5fd6fb9d51be23f5ef370857c4bdad17c28e56273db29

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      461cb53c3b10bbb9e5ebc7dd29644c7f

                                      SHA1

                                      cbad0193bd45597262d4951ae160c478439c910c

                                      SHA256

                                      2691522ee24af8e035b866904de3a9bd884f415573b2d8432cb0412fffbf1add

                                      SHA512

                                      9bdde26713560b7bb31c08166747a35ffc5dcf2a9678b8d16440df86d001bbdf596b56ae22f26d6ec3a7f7ad47f80b5fdd67502f10fbbb927ec74f2a6573b583

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      db27ad5ce09266d75c2655a54d594a9c

                                      SHA1

                                      c5c092937496e5ce7ee5e6341a5a48939f76ec6a

                                      SHA256

                                      743578ec7a4227c046b1d49e2cf3e3c0464dd67584a71be4898ff9176f919ce4

                                      SHA512

                                      1ef05db7b5d43a31e146e9e733fff762a783289bbd44f5e8af7e2e31760307b46cecb6a2ef43e5eac38be6276e1abaf34e88015b84807bd5d157e0634362a17d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      371B

                                      MD5

                                      2a2a7151298be28501d7b1cadf6a469e

                                      SHA1

                                      df5d258f24fe3a7a86474fe3f2d4babf30a90534

                                      SHA256

                                      64411d25782c20feec9a918db9ae164c8f68adcc6d6f8b0c578ce75f3b73f5a3

                                      SHA512

                                      26a77a24dc9a6eead26aa20dc1f69d958ea24a7068e1cd694cea49a8e6ea24018e3baffb68f999f5f27da2a17c678da78b07adeed3bd04c7a41ecf515811e679

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f906.TMP
                                      Filesize

                                      371B

                                      MD5

                                      41aa3dbf868039e31759420960b3d4ec

                                      SHA1

                                      ace4cb6182c692e4d42a095865a9d5b850d9a289

                                      SHA256

                                      30d203a8fd9c038a09ac33bc643fb92e2ff871ea5a96c19e38d2eca136e1e390

                                      SHA512

                                      72ce24187489960d9512031719f173226759307cfe2b02e2309fdae4061d9fa0c616f756bd5a569804664a86c92a59249a530efdac76b6d603e3ea88872c909d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      157a908b5873bd8f3a0ae343b105e514

                                      SHA1

                                      72282df30ffced59ae81c8a2bcb173e214b77536

                                      SHA256

                                      2102a0e241a9b1b28b4347a9314dc2a57aae07bae6fc5cd3cce2268a0b6de6ca

                                      SHA512

                                      57f9b78b06a11f0a34bb234b0699b844e3d342a4c39dacd638eb0f0c9a32511687c1ba86132292322f691cc2540beb0f81cf985c0fb229495179ac30c02325b3

                                      Download Submit

                                    • memory/4724-0-0x0000000000400000-0x0000000000495000-memory.dmp

                                      Filesize

                                      596KB

                                      Download

                                    • memory/4724-10-0x0000000002240000-0x0000000002270000-memory.dmp

                                      Filesize

                                      192KB

                                      Download

                                    • memory/4724-9-0x0000000000400000-0x0000000000495000-memory.dmp

                                      Filesize

                                      596KB

                                      Download

                                    • memory/4724-4-0x00000000023D0000-0x00000000023D1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/4724-5-0x0000000002B30000-0x0000000002B31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/4724-2-0x0000000002230000-0x0000000002232000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/4724-3-0x0000000002220000-0x0000000002222000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/4724-1-0x0000000002240000-0x0000000002270000-memory.dmp

                                      Filesize

                                      192KB

                                      Download

                                    • memory/4904-8-0x0000000000400000-0x000000000040A000-memory.dmp

                                      Filesize

                                      40KB

                                      Download