Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

d611f6e0b6...94.exe

windows7-x64

10

d611f6e0b6...94.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d611f6e0b64547ac953189aac476717cb49fd097b139d1a905c03430f3315294.exe

  • Size

    520KB

  • MD5

    4bd214f6e1ec31266a50459fd7034fab

  • SHA1

    00ce038bfb49bb58c5545f445fa06929aa9ff22d

  • SHA256

    d611f6e0b64547ac953189aac476717cb49fd097b139d1a905c03430f3315294

  • SHA512

    9bd885a29d3564c4219f4e7b17e0f77dfb0c0a74954fc19f6cacd3ea44d504c01633ff32ed4588571f7af03cfc9ad5e2b3f6f1c53ba3999ba6acdf16864806ec

  • SSDEEP

    12288:jQ5GA6wigctwxaJOri8KuMhEAF/Lc0CTbkwnj3Zz:k5KwTIzJSPK/hHjXoBj3Zz

Score
10/10
evasionpersistenceupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 11 IoCs
  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Deletes itself 1 IoCs
  • Loads dropped DLL 10 IoCs
  • Unexpected DNS network traffic destination 5 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates processes with tasklist 1 TTPs 2 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\csrss.exe
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    1⤵
    • Executes dropped EXE
    • Suspicious use of UnmapMainImage
    PID:332
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1344
    • C:\Users\Admin\AppData\Local\Temp\d611f6e0b64547ac953189aac476717cb49fd097b139d1a905c03430f3315294.exe
      "C:\Users\Admin\AppData\Local\Temp\d611f6e0b64547ac953189aac476717cb49fd097b139d1a905c03430f3315294.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1500
      • C:\Users\Admin\jdFfFL.exe
        C:\Users\Admin\jdFfFL.exe
        3⤵
        • Modifies visiblity of hidden/system files in Explorer
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1404
        • C:\Users\Admin\ciujo.exe
          "C:\Users\Admin\ciujo.exe"
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          PID:1292
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c tasklist&&del jdFfFL.exe
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1676
          • C:\Windows\SysWOW64\tasklist.exe
            tasklist
            5⤵
            • Enumerates processes with tasklist
            • Suspicious use of AdjustPrivilegeToken
            PID:892
      • C:\Users\Admin\2sag.exe
        C:\Users\Admin\2sag.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1544
        • C:\Users\Admin\2sag.exe
          "C:\Users\Admin\2sag.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:728
        • C:\Users\Admin\2sag.exe
          "C:\Users\Admin\2sag.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:1116
        • C:\Users\Admin\2sag.exe
          "C:\Users\Admin\2sag.exe"
          4⤵
          • Executes dropped EXE
          • Maps connected drives based on registry
          • Suspicious behavior: EnumeratesProcesses
          PID:812
        • C:\Users\Admin\2sag.exe
          "C:\Users\Admin\2sag.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:268
        • C:\Users\Admin\2sag.exe
          "C:\Users\Admin\2sag.exe"
          4⤵
          • Executes dropped EXE
          PID:1112
      • C:\Users\Admin\3sag.exe
        C:\Users\Admin\3sag.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1900
        • C:\Users\Admin\AppData\Local\5116369f\X
          *0*bc*dd43b551*31.193.3.240:53
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:1680
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe"
          4⤵
            PID:1704
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c tasklist&&del d611f6e0b64547ac953189aac476717cb49fd097b139d1a905c03430f3315294.exe
          3⤵
          • Deletes itself
          PID:948
          • C:\Windows\SysWOW64\tasklist.exe
            tasklist
            4⤵
            • Enumerates processes with tasklist
            • Suspicious use of AdjustPrivilegeToken
            PID:1916
    • C:\Windows\system32\DllHost.exe
      C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
      1⤵
        PID:1516

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\2sag.exe
        Filesize

        128KB

        MD5

        924fe045ea0c544f82d322b9e370da60

        SHA1

        68ef8b8426fc7f53318cfbf648803aec7429e352

        SHA256

        480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d

        SHA512

        0d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2

        Download Submit

      • C:\Users\Admin\2sag.exe
        Filesize

        128KB

        MD5

        924fe045ea0c544f82d322b9e370da60

        SHA1

        68ef8b8426fc7f53318cfbf648803aec7429e352

        SHA256

        480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d

        SHA512

        0d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2

        Download Submit

      • C:\Users\Admin\2sag.exe
        Filesize

        128KB

        MD5

        924fe045ea0c544f82d322b9e370da60

        SHA1

        68ef8b8426fc7f53318cfbf648803aec7429e352

        SHA256

        480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d

        SHA512

        0d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2

        Download Submit

      • C:\Users\Admin\2sag.exe
        Filesize

        128KB

        MD5

        924fe045ea0c544f82d322b9e370da60

        SHA1

        68ef8b8426fc7f53318cfbf648803aec7429e352

        SHA256

        480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d

        SHA512

        0d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2

        Download Submit

      • C:\Users\Admin\2sag.exe
        Filesize

        128KB

        MD5

        924fe045ea0c544f82d322b9e370da60

        SHA1

        68ef8b8426fc7f53318cfbf648803aec7429e352

        SHA256

        480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d

        SHA512

        0d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2

        Download Submit

      • C:\Users\Admin\2sag.exe
        Filesize

        128KB

        MD5

        924fe045ea0c544f82d322b9e370da60

        SHA1

        68ef8b8426fc7f53318cfbf648803aec7429e352

        SHA256

        480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d

        SHA512

        0d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2

        Download Submit

      • C:\Users\Admin\2sag.exe
        Filesize

        128KB

        MD5

        924fe045ea0c544f82d322b9e370da60

        SHA1

        68ef8b8426fc7f53318cfbf648803aec7429e352

        SHA256

        480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d

        SHA512

        0d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2

        Download Submit

      • C:\Users\Admin\3sag.exe
        Filesize

        279KB

        MD5

        bc605c3a569330b1b08106d694366d7c

        SHA1

        71ee2d38c8da32dea44ad2c254a1499b98333a92

        SHA256

        84205e9b8a9ed3bc40be0cb2fb17d8ab16de65c01c282bdb664846940749661d

        SHA512

        b70fc535e7638d326e852ab79e5d328d4c5f111b8a8af4b58da01754ecb77465f5c62c3f68c72573a1e4b6345393862f5e6e3b269754fe1feaf5ba8b86c17d4c

        Download Submit

      • C:\Users\Admin\3sag.exe
        Filesize

        279KB

        MD5

        bc605c3a569330b1b08106d694366d7c

        SHA1

        71ee2d38c8da32dea44ad2c254a1499b98333a92

        SHA256

        84205e9b8a9ed3bc40be0cb2fb17d8ab16de65c01c282bdb664846940749661d

        SHA512

        b70fc535e7638d326e852ab79e5d328d4c5f111b8a8af4b58da01754ecb77465f5c62c3f68c72573a1e4b6345393862f5e6e3b269754fe1feaf5ba8b86c17d4c

        Download Submit

      • C:\Users\Admin\AppData\Local\5116369f\X
        Filesize

        38KB

        MD5

        72de2dadaf875e2fd7614e100419033c

        SHA1

        5f17c5330e91a42daa9ff24c4aa602bd1a72bf6e

        SHA256

        c44993768a4dc5a58ddbfc9cb05ce2a7d3a0a56be45643d70a72bcf811b6c381

        SHA512

        e2520a53326a7d3b056e65d0cf60e9d823ffb34ca026cdddc7ea3a714f8396c53c37e13a887fc86a7dd7076c97fdfad53c3f5a68342ebc1bdec948c76bda8df3

        Download Submit

      • C:\Users\Admin\ciujo.exe
        Filesize

        216KB

        MD5

        39e4d36c0b3ec3d35812156f41026ef5

        SHA1

        90d9f63190cfa38197f84fbefb27b3ef7b0ad1f9

        SHA256

        b27a3cb25d7c42f88b18667a50adfb8a7f146ed2f9a1975ecedb4b1ab9c32301

        SHA512

        a2a1dbcaa6df604996fdeed074b485da8add78444624c498dbbe9d727f0d4535f3b8b590b21873dfbfd1a07e6e4465d449e2aed7cdcc6437f789be988e972162

        Download Submit

      • C:\Users\Admin\ciujo.exe
        Filesize

        216KB

        MD5

        39e4d36c0b3ec3d35812156f41026ef5

        SHA1

        90d9f63190cfa38197f84fbefb27b3ef7b0ad1f9

        SHA256

        b27a3cb25d7c42f88b18667a50adfb8a7f146ed2f9a1975ecedb4b1ab9c32301

        SHA512

        a2a1dbcaa6df604996fdeed074b485da8add78444624c498dbbe9d727f0d4535f3b8b590b21873dfbfd1a07e6e4465d449e2aed7cdcc6437f789be988e972162

        Download Submit

      • C:\Users\Admin\jdFfFL.exe
        Filesize

        216KB

        MD5

        5a9281e62a888f4ea82402cec883292d

        SHA1

        b997d0f7f8aecd9730b03f5e5b6b63466890ae94

        SHA256

        cd3b178a6469ddb3bf95a7425a2dbf77a71cb83d813509dcbc2357263693cd23

        SHA512

        99f6248391a17417fe6ca166a72203e44e3ebd31d1fd25e5dc45513ebd7d974a73184854c79baaeba59becf702d3f248c33b69361d36f03647dce177c324678b

        Download Submit

      • C:\Users\Admin\jdFfFL.exe
        Filesize

        216KB

        MD5

        5a9281e62a888f4ea82402cec883292d

        SHA1

        b997d0f7f8aecd9730b03f5e5b6b63466890ae94

        SHA256

        cd3b178a6469ddb3bf95a7425a2dbf77a71cb83d813509dcbc2357263693cd23

        SHA512

        99f6248391a17417fe6ca166a72203e44e3ebd31d1fd25e5dc45513ebd7d974a73184854c79baaeba59becf702d3f248c33b69361d36f03647dce177c324678b

        Download Submit

      • C:\Windows\system32\consrv.dll
        Filesize

        29KB

        MD5

        1149c1bd71248a9d170e4568fb08df30

        SHA1

        6f77f183d65709901f476c5d6eebaed060a495f9

        SHA256

        c2dcf387cb4d218f50463338291e7db38afbdab9aab88fc54e7f9283df1792d1

        SHA512

        9e6eac8facb23b38552d37c9f3cb24098f871d2885ecb3630fcd0199c5600b12a42f095f9fbeb90e5632496491d46fd987660cdda695e92dc386bd482d3ff459

        Download Submit

      • \Users\Admin\2sag.exe
        Filesize

        128KB

        MD5

        924fe045ea0c544f82d322b9e370da60

        SHA1

        68ef8b8426fc7f53318cfbf648803aec7429e352

        SHA256

        480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d

        SHA512

        0d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2

        Download Submit

      • \Users\Admin\2sag.exe
        Filesize

        128KB

        MD5

        924fe045ea0c544f82d322b9e370da60

        SHA1

        68ef8b8426fc7f53318cfbf648803aec7429e352

        SHA256

        480074c9252e605d8d4f80f40cf9d5e50eec6ebe30f414694aaf6375f1884e6d

        SHA512

        0d29eb10e5a7ca297319943fc017790371f1ac6c419651a89822121c91dda7d137720a7d5d8ee67e0ec457e882b603dbfb9b4f8c755f43b58b1dce0c35490fa2

        Download Submit

      • \Users\Admin\3sag.exe
        Filesize

        279KB

        MD5

        bc605c3a569330b1b08106d694366d7c

        SHA1

        71ee2d38c8da32dea44ad2c254a1499b98333a92

        SHA256

        84205e9b8a9ed3bc40be0cb2fb17d8ab16de65c01c282bdb664846940749661d

        SHA512

        b70fc535e7638d326e852ab79e5d328d4c5f111b8a8af4b58da01754ecb77465f5c62c3f68c72573a1e4b6345393862f5e6e3b269754fe1feaf5ba8b86c17d4c

        Download Submit

      • \Users\Admin\3sag.exe
        Filesize

        279KB

        MD5

        bc605c3a569330b1b08106d694366d7c

        SHA1

        71ee2d38c8da32dea44ad2c254a1499b98333a92

        SHA256

        84205e9b8a9ed3bc40be0cb2fb17d8ab16de65c01c282bdb664846940749661d

        SHA512

        b70fc535e7638d326e852ab79e5d328d4c5f111b8a8af4b58da01754ecb77465f5c62c3f68c72573a1e4b6345393862f5e6e3b269754fe1feaf5ba8b86c17d4c

        Download Submit

      • \Users\Admin\AppData\Local\5116369f\X
        Filesize

        38KB

        MD5

        72de2dadaf875e2fd7614e100419033c

        SHA1

        5f17c5330e91a42daa9ff24c4aa602bd1a72bf6e

        SHA256

        c44993768a4dc5a58ddbfc9cb05ce2a7d3a0a56be45643d70a72bcf811b6c381

        SHA512

        e2520a53326a7d3b056e65d0cf60e9d823ffb34ca026cdddc7ea3a714f8396c53c37e13a887fc86a7dd7076c97fdfad53c3f5a68342ebc1bdec948c76bda8df3

        Download Submit

      • \Users\Admin\AppData\Local\5116369f\X
        Filesize

        38KB

        MD5

        72de2dadaf875e2fd7614e100419033c

        SHA1

        5f17c5330e91a42daa9ff24c4aa602bd1a72bf6e

        SHA256

        c44993768a4dc5a58ddbfc9cb05ce2a7d3a0a56be45643d70a72bcf811b6c381

        SHA512

        e2520a53326a7d3b056e65d0cf60e9d823ffb34ca026cdddc7ea3a714f8396c53c37e13a887fc86a7dd7076c97fdfad53c3f5a68342ebc1bdec948c76bda8df3

        Download Submit

      • \Users\Admin\ciujo.exe
        Filesize

        216KB

        MD5

        39e4d36c0b3ec3d35812156f41026ef5

        SHA1

        90d9f63190cfa38197f84fbefb27b3ef7b0ad1f9

        SHA256

        b27a3cb25d7c42f88b18667a50adfb8a7f146ed2f9a1975ecedb4b1ab9c32301

        SHA512

        a2a1dbcaa6df604996fdeed074b485da8add78444624c498dbbe9d727f0d4535f3b8b590b21873dfbfd1a07e6e4465d449e2aed7cdcc6437f789be988e972162

        Download Submit

      • \Users\Admin\ciujo.exe
        Filesize

        216KB

        MD5

        39e4d36c0b3ec3d35812156f41026ef5

        SHA1

        90d9f63190cfa38197f84fbefb27b3ef7b0ad1f9

        SHA256

        b27a3cb25d7c42f88b18667a50adfb8a7f146ed2f9a1975ecedb4b1ab9c32301

        SHA512

        a2a1dbcaa6df604996fdeed074b485da8add78444624c498dbbe9d727f0d4535f3b8b590b21873dfbfd1a07e6e4465d449e2aed7cdcc6437f789be988e972162

        Download Submit

      • \Users\Admin\jdFfFL.exe
        Filesize

        216KB

        MD5

        5a9281e62a888f4ea82402cec883292d

        SHA1

        b997d0f7f8aecd9730b03f5e5b6b63466890ae94

        SHA256

        cd3b178a6469ddb3bf95a7425a2dbf77a71cb83d813509dcbc2357263693cd23

        SHA512

        99f6248391a17417fe6ca166a72203e44e3ebd31d1fd25e5dc45513ebd7d974a73184854c79baaeba59becf702d3f248c33b69361d36f03647dce177c324678b

        Download Submit

      • \Users\Admin\jdFfFL.exe
        Filesize

        216KB

        MD5

        5a9281e62a888f4ea82402cec883292d

        SHA1

        b997d0f7f8aecd9730b03f5e5b6b63466890ae94

        SHA256

        cd3b178a6469ddb3bf95a7425a2dbf77a71cb83d813509dcbc2357263693cd23

        SHA512

        99f6248391a17417fe6ca166a72203e44e3ebd31d1fd25e5dc45513ebd7d974a73184854c79baaeba59becf702d3f248c33b69361d36f03647dce177c324678b

        Download Submit

      • \Windows\System32\consrv.dll
        Filesize

        29KB

        MD5

        1149c1bd71248a9d170e4568fb08df30

        SHA1

        6f77f183d65709901f476c5d6eebaed060a495f9

        SHA256

        c2dcf387cb4d218f50463338291e7db38afbdab9aab88fc54e7f9283df1792d1

        SHA512

        9e6eac8facb23b38552d37c9f3cb24098f871d2885ecb3630fcd0199c5600b12a42f095f9fbeb90e5632496491d46fd987660cdda695e92dc386bd482d3ff459

        Download Submit

      • \systemroot\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
        Filesize

        2KB

        MD5

        744bea559cde36e7dcfec62f1b4d1949

        SHA1

        ec14ff43bd1e63bb43e7df9ccaba3b76a0796c23

        SHA256

        719e5e253059c12a4784bdcbacceae6daf74a59d200e5679e9a92fe509d15a70

        SHA512

        f82d9cf9275139714db53c623a30695ad89aa19f479c4518e8a901d57aa91f421eda73389f7330dfeb99b2828d10c797b7d9b63db561254d2c46b42898ca0f04

        Download Submit

      • memory/268-130-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/268-122-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/268-123-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/268-118-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/268-117-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/268-116-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/332-159-0x0000000002140000-0x000000000214B000-memory.dmp

        Filesize

        44KB

        Download

      • memory/728-84-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/728-93-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/728-82-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/728-171-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/728-83-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/728-85-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/728-89-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/728-104-0x0000000000400000-0x0000000000407000-memory.dmp

        Filesize

        28KB

        Download

      • memory/812-174-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/812-108-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/812-110-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/812-173-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/812-111-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/812-107-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/812-175-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/1116-91-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1116-103-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1116-90-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1116-106-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1116-129-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1116-95-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1116-94-0x0000000000400000-0x000000000040E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/1344-152-0x0000000002740000-0x0000000002746000-memory.dmp

        Filesize

        24KB

        Download

      • memory/1344-153-0x0000000002740000-0x000000000274B000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1344-142-0x0000000002740000-0x0000000002746000-memory.dmp

        Filesize

        24KB

        Download

      • memory/1344-161-0x0000000002740000-0x000000000274B000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1344-160-0x0000000001C50000-0x0000000001C58000-memory.dmp

        Filesize

        32KB

        Download

      • memory/1344-138-0x0000000002740000-0x0000000002746000-memory.dmp

        Filesize

        24KB

        Download

      • memory/1344-165-0x0000000002740000-0x000000000274B000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1344-168-0x0000000002760000-0x000000000276B000-memory.dmp

        Filesize

        44KB

        Download

      • memory/1500-56-0x0000000075D71000-0x0000000075D73000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1900-166-0x0000000030670000-0x00000000306C2000-memory.dmp

        Filesize

        328KB

        Download

      • memory/1900-167-0x00000000003DC000-0x0000000000412000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1900-137-0x00000000003DC000-0x0000000000412000-memory.dmp

        Filesize

        216KB

        Download

      • memory/1900-136-0x0000000030670000-0x00000000306C2000-memory.dmp

        Filesize

        328KB

        Download