Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

ZagreuS.Ra...in.exe

windows7-x64

10

ZagreuS.Ra...in.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    128s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2023, 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ZagreuS.Ransom_se.bin.exe

  • Size

    803KB

  • MD5

    99885a3cd64212e5d210c9db4bcae5b1

  • SHA1

    806d2c572e6b247a6d899ad4af840ecbf1f968f6

  • SHA256

    537a2fd4d214a212df06fb73b19ba945672eaf18d64cc30d8e99ab6a0d7cb9ba

  • SHA512

    f6b5ad9d4bd9c797a1b27c6c078d2a605cd24be6fbcb30016a0b81d00081d6695b29b0ab4bc9e66438eb3769c51df9920d9da8d6260cbc45c52cfb140fea0ab0

  • SSDEEP

    12288:bDCpAivL03RuebsXkA4uHP/LoyP2VNp6DHpeH+vJxbLWXKy1ypdQhjE+FwSoh:n2ghuebsYuHP/syP+WpeH+zLuBhQSoh

Score
10/10
evasionransomwaretrojan

Malware Config

Extracted

Path

C:\Users\Admin\Videos\HELP_DECRYPT_YOUR_FILES.txt

Ransom Note
Oops All Of your important files were encrypted Like document pictures videos etc.. Don't worry, you can return all your files! All your files, documents, photos, databases and other important files are encrypted by a strong encryption. How to recover files? RSA is a asymmetric cryptographic algorithm, you need one key for encryption and one key for decryption so you need private key to recover your files. It’s not possible to recover your files without private key. The only method of recovering files is to purchase an unique private key.Only we can give you this key and only we can recover your files. What guarantees you have? As evidence, you can send us 1 file to decrypt by email We will send you a recovery file Prove that we can decrypt your file Please You must follow these steps carefully to decrypt your files: Send $980 worth of bitcoin to wallet: bc1qzpa3j6qse5xfxft2xy7h2phq04wq9pk66lllz5 after payment,we will send you Decryptor software contact email: [email protected] Your personal ID: l9rsxWQ4FQj+KtDUMBLxCV3reEul4MJnpemRj1HM1dM8LYtOqfb5G3vuZQTz8NIMD3Qi5VD1o2nos69sHnCZiYw/ZMYwd47k/BDHsXN1o0KxjaulXWd4aL8M4hpIn6TG3z/ms4zA3Y+0h92tSeW3FfKFRsA2nZKVUZkXvCBe9kw=

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies extensions of user files 2 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Interacts with shadow copies 2 TTPs 2 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\ZagreuS.Ransom_se.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\ZagreuS.Ransom_se.bin.exe"
    1⤵
    • Modifies extensions of user files
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Enumerates system info in registry
    • Suspicious use of WriteProcessMemory
    PID:928
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1416
      • C:\Windows\SysWOW64\reg.exe
        C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
        3⤵
        • UAC bypass
        • Modifies registry key
        PID:1432
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c vssadmin.exe delete shadows /all /quiet
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:680
      • C:\Windows\SysWOW64\vssadmin.exe
        vssadmin.exe delete shadows /all /quiet
        3⤵
        • Interacts with shadow copies
        PID:2024
    • C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /c vssadmin.exe delete shadows /all /quiet
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1908
      • C:\Windows\SysWOW64\vssadmin.exe
        vssadmin.exe delete shadows /all /quiet
        3⤵
        • Interacts with shadow copies
        PID:1732
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.com/2De1W6
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:452
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:452 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1888
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:824

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e72c51e895c4ca15379ec633b113fed5

    SHA1

    3d6ea4aa891f56269664203c317565225663570b

    SHA256

    9f1a9f7bc9118e32a3879fbbd4d298ef4df0643bf12b82285dfde80a3b80db79

    SHA512

    4fadf0e024407fc92d9dcdb8c892d3ff1d5477a903b877717640a4990d292dbf35a10503970c5dda1b09970a07cb6d58a620b1f92620e84314a1b83eb6593c1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ad5190ab7f088448fe9334dea5bbe9d

    SHA1

    8a104232aa4d3bd0b5c80d9370d647efad96b6b1

    SHA256

    04f646f3b9f3968d744f3b50f74a7354ed9141e33c8066bd3427c51df4cc94e2

    SHA512

    602975fe017a2ef08a3f2cb7cd0d8c11f9e7489dc0b90f1d74b9360fdde2026311e5a653e18f1aede1ca4491ccab9efad2f6c8c11ff862d947db5c72a2054359

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6912120027de9376e192f79466030609

    SHA1

    aa0a84cee3495c01ad484346736ee3831b206f5f

    SHA256

    3c9034a154d1098b0b2be05ac1bc252c8c4599ee4a0d233f9b315059470b1792

    SHA512

    56fce0f07c5fa918029707cd518000b3c16511db66da1cbf7e4ae9c595a4f3eb53bdd66957a232ade8af3441bbadbf40331a0537d28965594b40376f2763ad5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa3a889c8076d17c42e4e777ddd0f4cb

    SHA1

    d5f24a641ee4e5b525088ffb5f824a75d1143178

    SHA256

    e57b7ff671dafdbbb099c0078d826edecdf19a9a9da98ab9764e198b0ad369f9

    SHA512

    1fcea558e8851ff2b236d562656b16b27d19e29de0a201326868503d8951a01beef3c7a418490f85682b6cf966c5e128ca6de6daeafbebe1cc965a06cc6c4de0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb66bf8c38d4cac7b9709a6c2af609f9

    SHA1

    9a1bc8955d242f3813c49784ad2d9ce6179acafb

    SHA256

    541bf5b1cb02133873bc47d8a26223e0b414ea773e9b32578e3917d7a029300c

    SHA512

    bfc57914f670e4949d2ba34aae036f2eaee31e4ab8d6b53606c60445aa5594e864fae04e17ec8c4b556a3aa7bfa52f6ada1d9aaa4e95c583d5bd82ebadc0ee5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1847d8f750ef37d69280670bff05f22e

    SHA1

    82c43035ff8ac15c02e25ad2da7ffb2d88859f35

    SHA256

    e4103b6ad9315dae03f4baf6a792a4413f4e5cd0c1b4c20e8d6145c54654f2f1

    SHA512

    6434cbfc126db95f42172d564d8ced532957ebdd83ffe540fc1379cb65d6a8cb5f5d856cdad0822b99eea0f2a0e88919d1abd0524ed8a60c62c728586c5afe97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17630b68a618ab119cbe22affe2c5ecd

    SHA1

    902eb026219549fb2e251b0f205d8c2276d81fd1

    SHA256

    49aee8287b1e04be0e105533a63977c1f047d8f91434659031ced3ce8d939998

    SHA512

    362f121745f01f8f1238b6c4855dd8931cb4adbaf6a7b72a2e20904b8270fb2d1e8aeec8f3054e67df2835a7111bcc033aa50591e6c4e934c0897781a2972837

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8fc93334141943c1e2f8577004ed5b2

    SHA1

    72e2cbd459bdff8091bd4a113936a8fa84ee1714

    SHA256

    5eb31807d316d5dc308827396e85a59c36add073e861aa93a8dbc084cf4fb85b

    SHA512

    46d43da71a79d59ba22b59bfc0562c8868240e8a51a9d256fdc71a8fcc0dc25343ece9c1703a8dcd7cec668318a610206fa1e50198592549d888b7fff524fb6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ad8775550d8467c4114e345f2f93739

    SHA1

    97d8d1a8130ca0334195f9288cba0a13f850569a

    SHA256

    9bba576dea39b7f99f6d145546164a66481e0f04b93d4c993f47bda86e5ebfd6

    SHA512

    aa75a86fc2b1b9fb8ead3e2564f342684364b939f1f528d55aa808b2c6d63e1f4f65bc9d8bb3007863618635903bb056b60d3ca43908d508c6a17ab334cb3c84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8533f5d10ec4fccd1d0710e23116e221

    SHA1

    767647ddaa48876678d71d08d32ef5a2a90dc3f4

    SHA256

    13466cfdf376f9599eb438b3a836f34ea68d8be34303524b49cfcf19e5844b77

    SHA512

    22ca016515d2e2edeb228bbe3aba1cfa93c2f158c46f73f7835e8f56e051f2c5567469888931a57081ce228c16e2fb5d29e3c43323b07a4681b4623d06a2251b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ad1b6ed1984b0559e940c4bbc301702

    SHA1

    f641b50d73a738c45a9ac22cff38ec38e758011f

    SHA256

    aec92228f7e38b713c35b8ac13bacd5b239ac086cd397a8c1fff8468cb72a997

    SHA512

    3ca010273e3fab5463e9abebbbb7125c4c319a4a4554587b8e870e7383eb07fd8fd9adc571e7e37f050783933fd7913c721ed44535ff402d8ac9b5099ee9bdd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9f386b388d3cae3ff529174443ec07b

    SHA1

    85a41e33dba6d82b8a8158f28be7ec6d75caee11

    SHA256

    1cf8a6a4fca72bbd0798ae3c5adf22b8d017756f7445082f2675008a45925327

    SHA512

    6dacd1719088e037109c21ec6cad9c53fcd14b03f5356796ba9c99d2bb3fe66ca21a3580b460f611af1f55ec4b3d68d3455b4b7f80710627bd8732c7f47bece7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDC7D.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDFC0.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ROOSNQE8.txt
    Filesize

    600B

    MD5

    759f44e4e65b180f5d3c7b8fb92e7ea8

    SHA1

    7fbc5b380cd55ae721f61f367e630334118c5a79

    SHA256

    55ef92e62b12bef331ae4033832efb2be355eabadc12136d64d8b63d11997a2b

    SHA512

    b76ab697664eba3eaac14af80cf6b9bf4c011464e00398624011c432d71f1e22f661e8a182a8b4bfdf7c89728c85155888d4497e70a87f66e948ae8fa36ff1e3

    Download Submit

  • C:\Users\Admin\Videos\HELP_DECRYPT_YOUR_FILES.txt
    Filesize

    1KB

    MD5

    57287990c112b581a0733598681057f7

    SHA1

    fbb67b2ea29790b50c42312de59bb6bd0e9d3035

    SHA256

    a506c571621f3dedfef94b7b2b12b6ba6411d13e09aa334baaee62eee0842082

    SHA512

    bf41011dd29b7b7bd9bc874c163e9b6de43e7af76a9a6d3c3b87be015dc70eb1e8abc790d74b1188418cf02e37373bac674284f2a6ac2783d6398c3bb8e2cc3c

    Download Submit

  • C:\Users\Admin\Videos\HELP_DECRYPT_YOUR_FILES.txt.CMLOCKER
    Filesize

    1KB

    MD5

    ee5c1d9148bad2264030e3f3045085eb

    SHA1

    9b6e3ce4551376e826985cd25c4adc8a082c3b89

    SHA256

    ba97f07ead35684a04956a2f6151478a95e50e2d1c5996e180cce581585e326a

    SHA512

    e787516d7d8041cfe065cc687abdab8ddb4ec2b281d5beabebddcd9f2bd41840ebe9660a9d50975022ca5c090030c7372ca377e31e67ec746e63760c7f3c06dd

    Download Submit

  • memory/928-499-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-510-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-476-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-475-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-478-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-477-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-479-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-480-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-482-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-481-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-483-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-484-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-485-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-487-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-486-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-488-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-489-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-490-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-491-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-492-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-493-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-494-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-495-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-496-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-497-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-500-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-498-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-472-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-501-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-502-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-503-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-505-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-504-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-506-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-507-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-508-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-509-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-474-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-511-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-512-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-513-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-514-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-515-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-516-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-518-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-517-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-519-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-520-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-521-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-522-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-523-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-1463-0x00000000004D0000-0x00000000005D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/928-1464-0x0000000001FA0000-0x0000000002121000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/928-4805-0x0000000000400000-0x00000000004CE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/928-4806-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-4807-0x0000000002370000-0x0000000002471000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/928-4808-0x0000000002130000-0x00000000021D1000-memory.dmp

    Filesize

    644KB

    Download

  • memory/928-473-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-471-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-470-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-469-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-468-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-467-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-466-0x0000000000400000-0x00000000004CE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/928-465-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-463-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-464-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-462-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-460-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-461-0x0000000002250000-0x0000000002361000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/928-54-0x0000000077290000-0x00000000772D7000-memory.dmp

    Filesize

    284KB

    Download

  • memory/928-4831-0x00000000004D0000-0x00000000005D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/928-4834-0x00000000060E0000-0x0000000006120000-memory.dmp

    Filesize

    256KB

    Download

  • memory/928-4946-0x0000000000400000-0x00000000004CE000-memory.dmp

    Filesize

    824KB

    Download