Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Tiktok_video-1.mp4

windows7-x64

1

Tiktok_video-1.mp4

windows10-2004-x64

8

Analysis

  • max time kernel
    494s
  • max time network
    497s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    29/06/2023, 05:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Tiktok_video-1.mp4

  • Size

    695KB

  • MD5

    69db621989058b35f1e055df8f31b9a7

  • SHA1

    70d1dd38ee50469a775ef398d426d16bafeb2116

  • SHA256

    9f5cffa8b530875eeca2df6da13fe208d184033bbce7e81a316365c8de009cbe

  • SHA512

    7e9eeaa1dbe461dbf677c78582b5ca7c02bbb84a324341e24dc5b051f4314618089c8df34ff4ac7e000a9660c7c8c3ddd2c0bd12dc5959f78d554df9829e3470

  • SSDEEP

    12288:qsK8N6eOTsuu10YmejS17vtbqXdm5Cv1qWQPzQNJX1QDOEeZ:q2ROT8100jS17VmXZvQzbQNJX13EeZ

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Drops desktop.ini file(s) 8 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Tiktok_video-1.mp4"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3272
    • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
      "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Tiktok_video-1.mp4"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Windows\SysWOW64\unregmp2.exe
        C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1456
        • C:\Windows\system32\unregmp2.exe
          "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
          4⤵
          • Modifies Installed Components in the registry
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          PID:3812
      • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
        "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\Tiktok_video-1.mp4"
        3⤵
        • Drops desktop.ini file(s)
        • Enumerates connected drives
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:3864
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4460
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:4464
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:2912
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3f4 0x458
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4540

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    64KB

    MD5

    329037e3483efcb4f917cbad8f766c0a

    SHA1

    098289ab84cc3fbd349ccea0af3ee266a85e3a13

    SHA256

    06b87bd19a78940bd78f8dc44e7197d2f439447258557505fe3b69932ada1d74

    SHA512

    f8573284ec8b83fbe7ee0cb87b11f55432a5dc5dd5f78dd58d8cc54809c1d389570a7938b2853b24558b9bad5cc29ba0078dfe9b9a80a0f68336e8db02d19d74

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    05ef6589bc89c8ad30256f4f832786e4

    SHA1

    97e4ed57c023d245f87f29d1ed4e7c5e232abe27

    SHA256

    9f11f7ee43b4c98cbf3520780194889cfb3ddfe1a31948392a38c53592e38d65

    SHA512

    764b7c7843b4dd267b7c99e9e1d36b390b30d3fd17aaf4853030636508e7266413948dbfdf390345d61c98083fa9544e3fe995c9ea29f0a4376cf74f266f7c10

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000188A3\02_Music_added_in_the_last_month.wpl
    Filesize

    1KB

    MD5

    907bfc98ce854ae312127c952d8be0f2

    SHA1

    02defe8c5f9cc85742e45ba55e4fcfe326fd960c

    SHA256

    c475dc7423c2ad60f25adaac754cd8b68b57ff04f26ecef78f3e5961b986a324

    SHA512

    db4045f992bad6ad660769a22345c5e0d965ae521d6828d612b15f0163622c629992c313a41bc9e381f9b0f098117eef840d33100af4c6a3634eb0013a7fe1c7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000188A3\03_Music_rated_at_4_or_5_stars.wpl
    Filesize

    1KB

    MD5

    6d791b697af46d6777182af7f18c2955

    SHA1

    d73e8b5f4ee646c1c4ab6d23f3cb3394cb833ca8

    SHA256

    4825eb90140f6b2f4f7ed0df66b24e10ff5d0da70af53ea495fd30b3aa791870

    SHA512

    268cf327a9f471d547ad1dae47833cf6d722c08f9cbf5e7867a422282ce52dc320340ded93473a598903bfee9bf6a1a3393779468dbeb27d3390dbd59e6d20ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000188A3\05_Pictures_taken_in_the_last_month.wpl
    Filesize

    797B

    MD5

    821d2be672f05514127c117cef460c6e

    SHA1

    1c75f314e7658a3dcdcad315e301f2bae6d47b31

    SHA256

    3abdb6cbd88ad1557054ece3f10dd1a8494ed32f423b3cf8321b18decc489474

    SHA512

    146d6293173b80ffe3721ae6e61293cc1d838e8a72713be8b859ce33c69ef753408057be9ce15a78d573e253548ee674ca3fea77efa3d330ce8c8a50f8a8a988

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000188A3\07_TV_recorded_in_the_last_week.wpl
    Filesize

    1KB

    MD5

    b9987b1f9df6d0afc01558b907e62a16

    SHA1

    ef202d5d6f90b37c71cb757f3babb0857ce54d86

    SHA256

    0892efdb8459d81d4c5e1085239734d9910b9c6a1debd7189cf385141f0b19d1

    SHA512

    6bc86075632c3e56ffe1d371f4178299e93e014f5c5c83dfdca2dc9efd1155633409c79ec87cfe2afd4374b83771ae56a3eb7fac00f83921b433cb49216037f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000188A3\08_Video_rated_at_4_or_5_stars.wpl
    Filesize

    1020B

    MD5

    a3787a42b81fce0e448976ad158edd93

    SHA1

    45ff275c0c32eab1f0b56e8b61e8ead18cfd1675

    SHA256

    94bc17ac59bde92fbca00fcc69aed68fcbfe2c1754dd45f4810765f5fdf774ff

    SHA512

    b36ca10f580ec9d455fb57149bce1897fe48fda6023b2fb55b6b4b80a91f1754311b91edd72c13103e0da9ed90b696c28d6904ea91984ade69ed50791f4065ae

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000188A3\09_Music_played_the_most.wpl
    Filesize

    1KB

    MD5

    467e71aa2fd951eb0a1af3d6bb8378e8

    SHA1

    fb654c0b2663d4fa5fd0f1658097d936dd0429ed

    SHA256

    a54bc2cad63ced4fd9ff2a3a094a26e264e8a5ce8139193896d13236f494e2ee

    SHA512

    f9242a4925b910f4a114652967a6e2f49444a3f0d9f35402fef28cc8d39c58720930084112baf92eb6716af541fd76e3803ccc1e742cec07f1d4fb6abc13a42c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000188A3\10_All_Music.wpl
    Filesize

    1KB

    MD5

    51aeed11707741118e0706c1259df22e

    SHA1

    6434e915b018c6d15898fe0a4d006bbe3e1edb60

    SHA256

    ec286113e5ad77ac34063589a137a6dc4b4cab8845cd9c5386519983fa3b48f0

    SHA512

    a674487f9cabe1fb2809cd98958dce696f7f066d3738bfb30317201ed804df3c72f2d24d6f9c0832cf446c8a965e21f3ea50aada1c69860a12340d6eca88e942

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000188A3\11_All_Pictures.wpl
    Filesize

    585B

    MD5

    74294ef495559ed32731f19096d70312

    SHA1

    fdc6cc849270016d2a382d7d0daabf44a4556cd9

    SHA256

    db34d82f2cd23e6e55a64e12d2a0a9c27ac2ded156483238f22a336ca6825110

    SHA512

    b068d903b83945f146abd4cf384da99af608643c62b647ea65db33c3b0e0face4727a74be3210a9c6469bbc403d1f5c59d92cbd57722737e992b0e4f5e66662a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000188A3\12_All_Video.wpl
    Filesize

    1KB

    MD5

    372d0beebea5460409a6a1c53ac52a18

    SHA1

    1b5a925e00f9a4cc3a18feb8f74a2e39ef11eeb6

    SHA256

    5b8b62b35e5dd8a46ccccaf3fc3743be9e0965d24cbcd20da2681065eeb37ef3

    SHA512

    efb412e3a17f4eab84fb9f99b9e420d18e23610a9a66bcd7298c3ba68fd24abe0c1f2e58faa411e059788d34f4cede45f9e25c6578d13faefb8ee79acd50f2e0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    24588f19bdd604b7dbba35b436b289ba

    SHA1

    8c45869289e2e668474acdc5bf1c66ae15233c7d

    SHA256

    baf8e118581328249337d623fce39018a9ef24d5ab6237b3e3c79de26a39cc2c

    SHA512

    48f88daca946a2b6e0f14cfa32d360459b458a22fd60a5c034333769ac317f3695dde631e4123fe9b640b6acb2b0afcc1b525ae9f2352845d24f283b6014b6c7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    2KB

    MD5

    04f01e9899f37774d634b58370948b25

    SHA1

    f6781d8a037a8a34e4773e91ab4a3932d2c6c19e

    SHA256

    9fc7542890ec7466eb5ed736f0266a4f2d300d0fb5066d381566251d6f827cc9

    SHA512

    e98d682c45cb192905b533c46cef6fa657e58fe479d4e049060117563ff1dca6b374214eb1c5f0d9e7b0163f52ac617e8a5a74ebe6c1496f1c050e468363e858

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
    Filesize

    3KB

    MD5

    845913635bb2259319db3d2cb19d69c6

    SHA1

    a7fbe172459f40cd8f58f16227074648e9acea4f

    SHA256

    bb6d47b7ed94c84394a4c7d1220eb50e173439fa3f99f60a005952ceebaef4a8

    SHA512

    441eb4eb288a9f59b4e13dd928d94a00fbb838e6db4dc0168b3c4d8067a0ab5f8fd4b0f5ed349c3fcaf2764e67b432a6035be769c60b35496d1cd747ec69c905

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms
    Filesize

    1KB

    MD5

    25950471955958d24ea3c450e2f4e4e2

    SHA1

    31aaf93fce85260da341eb0fd33febaacd7fd676

    SHA256

    520820bdf2c6920d5d7ce2c906e9b67ab938aa040d79a586dd03f790df5e8339

    SHA512

    875543bc9c059cf10358447b55caaf76de1ded520e26bcac6e3d233ed1f720df237d9fea11750d03ad28b7c93c8359dc75b14acca4bb84bc35de1ea3398d4df2

    Download Submit

  • memory/3864-312-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-191-0x00000000079D0000-0x00000000079E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-194-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-195-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-196-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-197-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-198-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-199-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-201-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-200-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-203-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-204-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-202-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-205-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-207-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-208-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-210-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-211-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-212-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-209-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-213-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-214-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-215-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-216-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-217-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-218-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-219-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-220-0x00000000079D0000-0x00000000079E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-221-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-222-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-223-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-224-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-225-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-226-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-227-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-228-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-231-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-230-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-229-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-232-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-314-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-234-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-237-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-236-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-235-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-239-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-241-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-238-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-242-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-243-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-244-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-246-0x00000000079D0000-0x00000000079E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-245-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-247-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-248-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-249-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-187-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-313-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-316-0x0000000004EA0000-0x0000000004EAE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3864-317-0x0000000004EA0000-0x0000000004EAE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3864-315-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-318-0x0000000004EA0000-0x0000000004EAE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3864-417-0x0000000004EF0000-0x0000000004EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-311-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-233-0x0000000007E50000-0x0000000007E60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-515-0x0000000004EF0000-0x0000000004EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-516-0x0000000004EF0000-0x0000000004EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-518-0x0000000004EF0000-0x0000000004EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-519-0x0000000004EF0000-0x0000000004EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-517-0x0000000004EF0000-0x0000000004EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-520-0x0000000004EF0000-0x0000000004EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-521-0x0000000004EF0000-0x0000000004EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-620-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-724-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-725-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-726-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-727-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-728-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-729-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-828-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-829-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-830-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-831-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-832-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-833-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-186-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-185-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-946-0x0000000004EF0000-0x0000000004EFD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3864-184-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-183-0x0000000007A80000-0x0000000007A90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-182-0x0000000005520000-0x0000000005530000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-181-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1039-0x0000000004EF0000-0x0000000004EFD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3864-1040-0x0000000004EF0000-0x0000000004EFD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3864-1034-0x0000000004EF0000-0x0000000004EFD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3864-180-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-176-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-177-0x0000000004D90000-0x0000000004DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1116-0x0000000004EA0000-0x0000000004EAD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3864-1115-0x0000000004EA0000-0x0000000004EAD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3864-1114-0x0000000004EA0000-0x0000000004EAD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/3864-1211-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1213-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1214-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1212-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1215-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1216-0x0000000007E60000-0x0000000007E62000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1217-0x0000000004EA0000-0x0000000004EAE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3864-1220-0x0000000004EA0000-0x0000000004EAE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3864-1221-0x0000000000700000-0x0000000000710000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1219-0x0000000004EA0000-0x0000000004EAE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3864-1271-0x0000000000700000-0x0000000000710000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1272-0x0000000000700000-0x0000000000710000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1320-0x0000000000700000-0x0000000000702000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1324-0x0000000000700000-0x0000000000702000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1375-0x0000000000700000-0x0000000000702000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1376-0x0000000000700000-0x0000000000702000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1377-0x0000000000700000-0x0000000000702000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1378-0x0000000000700000-0x0000000000702000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1379-0x0000000000700000-0x0000000000702000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1431-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1432-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1433-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1434-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1438-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1437-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3864-1439-0x0000000000700000-0x0000000000702000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3864-1487-0x0000000004EF0000-0x0000000004F00000-memory.dmp

    Filesize

    64KB

    Download