Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

07302e8a25...18.exe

windows7-x64

10

07302e8a25...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2024, 19:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07302e8a2533fd1b255a1e7ffa67e1f0_JaffaCakes118.exe

  • Size

    255KB

  • MD5

    07302e8a2533fd1b255a1e7ffa67e1f0

  • SHA1

    1fc108bcfee2c334545241be97b7db200342437d

  • SHA256

    4a58739beb97d2a3dc4d5d8c58157c16a80d486121292a96204beb72abbbaae6

  • SHA512

    159a0b9fa62d37c6d3e789df679c44324333046d4f25883b82a1a4b20c59ad01f76bd82ef2f3717fd95c6ed89302d0bee50e5e62b06fdd0a16cb35f223e4cbf5

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJw:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIx

Score
10/10
discoveryevasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 60 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 13 IoCs
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07302e8a2533fd1b255a1e7ffa67e1f0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\07302e8a2533fd1b255a1e7ffa67e1f0_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3468
    • C:\Windows\SysWOW64\pmulnvyvco.exe
      pmulnvyvco.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3380
      • C:\Windows\SysWOW64\plshmjob.exe
        C:\Windows\system32\plshmjob.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1804
    • C:\Windows\SysWOW64\zbmdcnvhtztycdj.exe
      zbmdcnvhtztycdj.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2808
    • C:\Windows\SysWOW64\plshmjob.exe
      plshmjob.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1648
    • C:\Windows\SysWOW64\lasjdswuopdvs.exe
      lasjdswuopdvs.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4272
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

6
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
    Filesize

    255KB

    MD5

    2f245fb5a087da491a79eb2d18b2fe0b

    SHA1

    9cc8a36ba747be09d185444da4da8daf407d8d50

    SHA256

    501c71c6162d19b89652448e7160409e96da013274c0cc4aae25415a1f74d804

    SHA512

    cad25f745f0f5bcca8887318d8a078e293c48e0c598e7a36a0d7ff211971c0888d0b083c60ecb4f654e1a7d5da1137c4c3127fa3992fce31e75c413de8e19e97

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
    Filesize

    255KB

    MD5

    3c1812b0f44eedab4dea494096f19169

    SHA1

    a8e63f7d8664e166bc8838eb07784b6e9ff5aa1f

    SHA256

    5e3294d61cb18dd15ccfee3371a28a78d2a732f0ff8e4504d2ee02af6cae6240

    SHA512

    76fbe1a011526ef6e3604074839367ac216c8c163f9e8c3b0d2d4343b768eaa3b11744835a1c4288a41fb0b90f639787ac58a2a6cc721559eb86a537b6bbc0f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TCDC0E1.tmp\sist02.xsl
    Filesize

    245KB

    MD5

    f883b260a8d67082ea895c14bf56dd56

    SHA1

    7954565c1f243d46ad3b1e2f1baf3281451fc14b

    SHA256

    ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

    SHA512

    d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    327B

    MD5

    f6e9124567924c6efcb0042d87971722

    SHA1

    299f7f9820c613a5422d687686efefb0f329a444

    SHA256

    ba1ad5c1496d6178c12fff875b208b0b2c0ea68d3d3635304c29c4903e2d6c9d

    SHA512

    c2a375a5cab7c81c87607d1629c5ecea2b3e504d47ae6a22247b9f227f8bfc4760b615d2ce8b91a4fcc93b619106c9062c22407377b19faa8fc7a61872c6dd9f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    1KB

    MD5

    2841fa0b0451404b9372c67e40387929

    SHA1

    3981488ebd35a6fe1b28d2fb339eebda953967c9

    SHA256

    8f3627fc13617d5711186dfdf996cfa01fb485232d8ae94a325bd2fb331aeddc

    SHA512

    b487d7e157df63fc3309c2993b83d2808ed5e53dca495380a7f5d6431d136978d703d44b57a667bd4f53d9f7c2699b03da36d2f74e7780ef11d8829cc53e4e52

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    1KB

    MD5

    ca8acd755b2c675c86ab06f5e574a029

    SHA1

    84b2e014761c4f2b0d8dca65beaf5beb03dbb7b9

    SHA256

    76b9c582c5bb2e070460a44ea13e4813e9841fab3dc23fce31696e65992b74dd

    SHA512

    f377fb4a5ec8b547ac03c2b25c49cf9d704204fd369069926ecea1d986afb36695b5b7ec4ddba0a2fd98a83c6613bc7b009fea34f5457116a1157aa41f360c44

    Download Submit

  • C:\Windows\SysWOW64\lasjdswuopdvs.exe
    Filesize

    255KB

    MD5

    1efae9a43574015843b6411ccdabec77

    SHA1

    a53e7ac3ff3d35cf075b529680f963094d333d61

    SHA256

    85c4bffbbded3de08b39a93ded99407f30c620ab07353514c5f2eeda816ac8b6

    SHA512

    1b62c2d983df9d08ea67b2209a636bbbb670bf86e9913ea96d9fd5e79f5ca03d5554ac8f2dc9a90c8726adb8dea811296700c09ad6ba75f8419f4843ab27fa93

    Download Submit

  • C:\Windows\SysWOW64\plshmjob.exe
    Filesize

    255KB

    MD5

    555c74dfa7a6d482d1dc70fe7c4de9db

    SHA1

    55956f7b74694002a7d025fbf165112ba0b59edf

    SHA256

    8067c2ca19a5c81b12d25bdd59d229366fb5cc1627fb84857147b9af700d8e35

    SHA512

    2c695c5f5468273c5ebd1f86e5b3b0afa025489f9ce9021156bcfed2420625719a50fa14e557ae13cb33857688c8d4938d0395f7313ce571e98631ea4f8f95e0

    Download Submit

  • C:\Windows\SysWOW64\pmulnvyvco.exe
    Filesize

    255KB

    MD5

    8bd34c14b4977d68fc2a99d3403937d9

    SHA1

    d03e829263330700e07afdd705ed4d37d6a707c5

    SHA256

    726c44c31a75650893c44363156c42ffc48939dd99b7bfb44d52b4ffc825dd5d

    SHA512

    92017d2302baeab6ab11a642d5e71fd10a4df999084538161715de1f7ff91caee946a209a514b7acfc0f5cad48f898fe210037caaff4dce06f9b0b2c70be0db8

    Download Submit

  • C:\Windows\SysWOW64\zbmdcnvhtztycdj.exe
    Filesize

    255KB

    MD5

    28c1b22ef8879b4ca841a86e4d6911ed

    SHA1

    b1e0cac7cffe3472067c904ee0ffcb093eac3182

    SHA256

    ec92935c04b1f9e07a5c2c05ab9a0183286632d06e46899532ef1ac4a88cc308

    SHA512

    f5a08809ca3ca9c5caa0bc5ba4a8bc230fd867374130fa0cbf2fa6bacae1b40869fc46921f274c4b128b23a7c03378b1543fcda12c785696338303b623d6d973

    Download Submit

  • C:\Windows\mydoc.rtf
    Filesize

    223B

    MD5

    06604e5941c126e2e7be02c5cd9f62ec

    SHA1

    4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

    SHA256

    85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

    SHA512

    803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    255KB

    MD5

    e9ebad333de4d41392c2a84b2b66048e

    SHA1

    2f5df2753ea1f1f4461d125db78e80fe1c757af3

    SHA256

    13def1048be94d955baea0b09dcc02e71154fdb7c38b9f0535230ad1b6146a5f

    SHA512

    353229d7db4dcb06f3ed7834917bd6d9d29644eb4580fa6273c416142d1b1d2fe8eb27821664994218fbb9cefcaeeafaec91a9b46790b45cbcec18dc97b5133c

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    255KB

    MD5

    5231b797ee76ca7153c8eb33fe2d8cef

    SHA1

    f069543ae3dbb8fba172c4818557c48046429d5c

    SHA256

    e87b3e13f1c61c78833aa0203536a988f72e0ec126f2515e1c34dbc94e2d39a4

    SHA512

    db466fe04c27c9ae2dafb9d34d684710791ae9180ef85e0fbd336c936dfa90a281c413a3b23f350c05c94d22b3a1314cd546f7fb2092c838b86b80c752ce6b7b

    Download Submit

  • memory/1648-601-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1648-92-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1648-616-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1648-88-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1648-606-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1648-611-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1648-27-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1804-95-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1804-613-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1804-608-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1804-603-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1804-617-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1804-94-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/1804-42-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-636-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-645-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-630-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-633-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-619-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-639-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-642-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-91-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-648-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-610-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-600-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-622-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-651-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-26-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-87-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2808-605-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-604-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-632-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-650-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-609-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-647-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-644-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-599-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-641-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-90-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-638-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-618-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-86-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-635-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-621-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3380-629-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3468-0-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3468-36-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4200-40-0x00007FF97C530000-0x00007FF97C540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4200-43-0x00007FF979E10000-0x00007FF979E20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4200-44-0x00007FF979E10000-0x00007FF979E20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4200-35-0x00007FF97C530000-0x00007FF97C540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4200-37-0x00007FF97C530000-0x00007FF97C540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4200-38-0x00007FF97C530000-0x00007FF97C540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4200-39-0x00007FF97C530000-0x00007FF97C540000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4272-640-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-602-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-89-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-623-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-620-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-643-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-93-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-637-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-634-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-646-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-607-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-649-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-612-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-631-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-32-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4272-652-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download