Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

ATRAL PROF...23.pdf

windows10-1703-x64

4

Analysis

  • max time kernel
    299s
  • max time network
    295s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/07/2023, 08:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ATRAL PROFORMA INV no. 19052023.pdf

  • Size

    235KB

  • MD5

    1818b406695075088c482ac3b2bb38d7

  • SHA1

    371e64db2086fdc89ed0b710914f76b0fdd3d5bc

  • SHA256

    80daee94b7a624a64b84c68bf04394ab2dfa2af8cad0bbffd48a922c4de4861e

  • SHA512

    e19432a2969f80987b45b84dbda5e5b8aef19b8f2ee8eb5fc1a8f1ebe754e770e8f828e5eab4546897c9e0dca7c2431e3a152188f35082f43dd508ff62026612

  • SSDEEP

    6144:KH5Si9h45NcekqDfBgUaLXvUZNUUdAdFy:KZSu45NceLBgUQMZWUd4Fy

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ATRAL PROFORMA INV no. 19052023.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4840
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1184
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=408448534252A78C19069FB928D67583 --mojo-platform-channel-handle=1620 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:4268
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3416A4DF951AEDAD01580A035D69F4E3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3416A4DF951AEDAD01580A035D69F4E3 --renderer-client-id=2 --mojo-platform-channel-handle=1632 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:348
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9A9636A00CC385B730D527E8B091AF11 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9A9636A00CC385B730D527E8B091AF11 --renderer-client-id=4 --mojo-platform-channel-handle=2236 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:3996
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=64C1F9A6FF720D37848B39AE48CE27F0 --mojo-platform-channel-handle=2240 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:2628
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E4955F2753922EE0EF6BFCE0ED884DCF --mojo-platform-channel-handle=2576 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:164
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=780F5D623427756BBA2E0B5DCB253373 --mojo-platform-channel-handle=2740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:3236
                • C:\Windows\SysWOW64\LaunchWinApp.exe
                  "C:\Windows\system32\LaunchWinApp.exe" "https://atralpt.com/"
                  2⤵
                    PID:4024
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                  1⤵
                  • Drops file in Windows directory
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:4072
                • C:\Windows\system32\browser_broker.exe
                  C:\Windows\system32\browser_broker.exe -Embedding
                  1⤵
                  • Modifies Internet Explorer settings
                  PID:1160
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Suspicious behavior: MapViewOfSection
                  • Suspicious use of SetWindowsHookEx
                  PID:4944
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Drops file in Windows directory
                  • Modifies Internet Explorer settings
                  • Modifies registry class
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of SetWindowsHookEx
                  PID:1576
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Drops file in Windows directory
                  • Modifies registry class
                  PID:4432
                • C:\Windows\system32\WerFault.exe
                  C:\Windows\system32\WerFault.exe -u -p 2948 -s 600
                  1⤵
                  • Program crash
                  PID:3276
                • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                  "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                  1⤵
                  • Modifies registry class
                  • Suspicious use of AdjustPrivilegeToken
                  PID:2684

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  36KB

                  MD5

                  b30d3becc8731792523d599d949e63f5

                  SHA1

                  19350257e42d7aee17fb3bf139a9d3adb330fad4

                  SHA256

                  b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                  SHA512

                  523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  56KB

                  MD5

                  752a1f26b18748311b691c7d8fc20633

                  SHA1

                  c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                  SHA256

                  111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                  SHA512

                  a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                  Filesize

                  64KB

                  MD5

                  02810921324387571adbd3c18974dcd2

                  SHA1

                  e67c2f2b769fee86ad4a8bbc25ceb3f48822c237

                  SHA256

                  1d74437f13333b342ca474960cb93dbcf0eb29e1a294e73cc696a2b4c11b5bd6

                  SHA512

                  fcb09733b12bf3518952a84e9ff10b8250cef3f6ba89101736631d81dbfd871104dccd98af916392310217a7d0002093df3743631bbc1a6501f22454828f26c1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KFR0RUGG\edgecompatviewlist[1].xml
                  Filesize

                  74KB

                  MD5

                  d4fc49dc14f63895d997fa4940f24378

                  SHA1

                  3efb1437a7c5e46034147cbbc8db017c69d02c31

                  SHA256

                  853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                  SHA512

                  cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DL8VG1D8\invisible[1].js
                  Filesize

                  6KB

                  MD5

                  36043abe38b0d6de3934477cc0b685c5

                  SHA1

                  fc9269da6fb55fa81fc11a8e22ffd73970149b92

                  SHA256

                  b75383fad12040e85870b1587febdb8f2723389b64a180f62fe7c7dee6e0cfa0

                  SHA512

                  3eeaf566fe7914bdc58b4dc5745885ccca83cc4a3e63524c9794c1b2a73f0b7277e0ae5aeef198547e47813f1ccde9217bb0808f1f1f78bd654fc8e10b8da345

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UX1TFJHC\suggestions[1].en-US
                  Filesize

                  17KB

                  MD5

                  5a34cb996293fde2cb7a4ac89587393a

                  SHA1

                  3c96c993500690d1a77873cd62bc639b3a10653f

                  SHA256

                  c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                  SHA512

                  e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Y5J9ITXS\favicon_a_eupayfgghqiai7k9sol6lg2[1].ico
                  Filesize

                  16KB

                  MD5

                  12e3dac858061d088023b2bd48e2fa96

                  SHA1

                  e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

                  SHA256

                  90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

                  SHA512

                  c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\rkt5wi5\imagestore.dat
                  Filesize

                  25KB

                  MD5

                  03565a5b57b9125bb9bf5ae8568dd04a

                  SHA1

                  d8d6df4f210383dbd7d7b4642dad657d74334c3c

                  SHA256

                  825cd4baa949191d3974c554d07d0af452afc6afe22ac8c7736c5d3c03756283

                  SHA512

                  8b46d7510e62987ddc300e19f8e07ee7a8e80365a7c3e79f87cab4b5923597497e1c240572821641351d06a220afe85c86020fa334c3b9eb219bec1991914e64

                  Download Submit

                • memory/4072-284-0x00000284A4460000-0x00000284A4462000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4072-513-0x00000284AA990000-0x00000284AA991000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4072-265-0x00000284A4B00000-0x00000284A4B10000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4072-511-0x00000284AA980000-0x00000284AA981000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4072-249-0x00000284A4320000-0x00000284A4330000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/4432-322-0x000001E528290000-0x000001E528292000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-365-0x000001E52AB50000-0x000001E52AC50000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/4432-441-0x000001E529380000-0x000001E5293A0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4432-472-0x000001E529CF0000-0x000001E529CF2000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-479-0x000001E52A480000-0x000001E52A482000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-487-0x000001E52A4C0000-0x000001E52A4C2000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-490-0x000001E52A610000-0x000001E52A612000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-494-0x000001E52A620000-0x000001E52A622000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-497-0x000001E52A630000-0x000001E52A632000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-501-0x000001E52A650000-0x000001E52A652000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-509-0x000001E52AA90000-0x000001E52AA92000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-376-0x000001E529160000-0x000001E529260000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/4432-516-0x000001E52AAA0000-0x000001E52AAA2000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-425-0x000001E529940000-0x000001E529960000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4432-364-0x000001E52A990000-0x000001E52AA90000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/4432-317-0x000001E528230000-0x000001E528232000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-541-0x000001E52A7A0000-0x000001E52A7A2000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-545-0x000001E52A7C0000-0x000001E52A7C2000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-548-0x000001E52A820000-0x000001E52A822000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-552-0x000001E52BCE0000-0x000001E52BCE2000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-556-0x000001E52BCF0000-0x000001E52BCF2000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4432-571-0x000001E52ACD0000-0x000001E52ADD0000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/4432-574-0x000001E5289B0000-0x000001E528AB0000-memory.dmp

                  Filesize

                  1024KB

                  Download

                • memory/4432-319-0x000001E528250000-0x000001E528252000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4840-149-0x0000000008C00000-0x0000000008C21000-memory.dmp

                  Filesize

                  132KB

                  Download