Overview

overview

10

Static

static

3

4f4cefde78...8f.exe

windows7-x64

10

4f4cefde78...8f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    11s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 02:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f4cefde786d2d2fe0f061cfcceca68f.exe

  • Size

    4.1MB

  • MD5

    4f4cefde786d2d2fe0f061cfcceca68f

  • SHA1

    1f1371328250d3857500b5c8a727aa676e1c95f5

  • SHA256

    d8450b72d767c68655bc4e8482f3b887f3e68b5643127a6836e84a11e4082161

  • SHA512

    313b48009362960ce9745021006ddbdaacd9b3699f0289bc7bf124d74b0a9cd7571d10d7dce5677dda494ea6f476a82f73f72d3c2657e22894797b00f3ea790d

  • SSDEEP

    49152:ISlNHydXboE+2pKWTvP6p9kB/GS0fsXCFzSlNHydXboE+2pKWTvP6p9kB/GS0fsR:ISjydNCYn0+WSjydNCYn0+B

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 5 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 10 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 4 IoCs
  • Identifies Wine through registry keys 2 TTPs 5 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Drops file in Windows directory 3 IoCs
  • Creates scheduled task(s) 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f4cefde786d2d2fe0f061cfcceca68f.exe
    "C:\Users\Admin\AppData\Local\Temp\4f4cefde786d2d2fe0f061cfcceca68f.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1108
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2608
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Loads dropped DLL
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2088
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Loads dropped DLL
          • Adds Run key to start application
          • Drops file in System32 directory
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2696
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Suspicious use of NtSetInformationThreadHideFromDebugger
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            PID:2312
          • C:\Windows\SysWOW64\schtasks.exe
            schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 02:11 /f
            5⤵
            • Creates scheduled task(s)
            PID:988
          • C:\Windows\SysWOW64\schtasks.exe
            schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 02:12 /f
            5⤵
            • Creates scheduled task(s)
            PID:1936
          • C:\Windows\SysWOW64\schtasks.exe
            schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 02:13 /f
            5⤵
            • Creates scheduled task(s)
            PID:704
      • C:\Windows\Explorer.exe
        C:\Windows\Explorer.exe
        3⤵
          PID:2404

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Resources\Themes\explorer.exe
      Filesize

      80KB

      MD5

      24eb110d2bf5eafb85b718dbbc6309de

      SHA1

      e0c47730604c1cbe6582934e9cae1ca426156aea

      SHA256

      7b0a41b258cdd46867db0340b469fb3b74ec53dedf11a79fd43c238406a3eb27

      SHA512

      609e890be8039e08b5fa1093939d21645b224d31a0fa589f99f2c2eb057dd6a13d9851e2536a65c1d4d3e7729f312054412c81142ecf7c078be26bea47aaa7e8

      Download Submit

    • C:\Windows\Resources\Themes\explorer.exe
      Filesize

      132KB

      MD5

      5d0944d23fbfe0c4420aa4e09215ee8c

      SHA1

      14d367f301940c0c8c4d445ceffd2ad3cab9d237

      SHA256

      f9f2875032d1920e55de755bfc3f19d61ecbec42cc9caa0616a6e3d32f0e72df

      SHA512

      e49f0209dd69f409d79d1c116320b44221a1228176313822d8b6f49abb0f4b24c07ee0022d41e808d45c879bfc6fdcd34032b5255995a2895c59e4ecd2b60666

      Download Submit

    • C:\Windows\Resources\spoolsv.exe
      Filesize

      40KB

      MD5

      ae9a51a205eab49b42c523d1009f2058

      SHA1

      697b93160bcd76793bc75b8158e307b960d92ac3

      SHA256

      ccd87c30269d41e36683f0aefe8bf479e6a21c40e85fc8a777b40e201e8e1487

      SHA512

      efd06a924267e3a996e6f93f5c3c68785b378ab54b8a29effab7ddd4c067e21953b09f991fc8668218fce809217bfeb3104725b25d41c91c57b70165a1e37540

      Download Submit

    • C:\Windows\Resources\spoolsv.exe
      Filesize

      85KB

      MD5

      7f8d45ad2b5ea0073bb8ba16acc0db00

      SHA1

      9a2cbdc664bbfcd950b9bc74d7d9a146309e7fa5

      SHA256

      93eb64b0e8a01e36ee6107d77900995c606ed580c99ce09f7dc8fc589379bff1

      SHA512

      f7d649a950ffca34c862383a1ebdc31375a790a12146e94dda6f0ba40ecf08fcbaf91a9759856868e5a61a98bf3cf4ae5f8f2738f1f0f749ba0f3eaca07ed003

      Download Submit

    • C:\Windows\Resources\svchost.exe
      Filesize

      50KB

      MD5

      c1d273dcdc9a69b7667810df16166a23

      SHA1

      034a8d1a9160ce5635edc4675fdc0537e46e728e

      SHA256

      c8a3122c69deadca5b4fb94f3fbef0d52ddf428bdc134dc66d7a30495c023611

      SHA512

      65e0fd2b75a2526344286052243e1407d0fb2fd5a3106823e82fa6fa5164c956f19086611457624b9656a59b0d17e5bb94dd26e3723085a500c076db3d00acf5

      Download Submit

    • \??\c:\windows\resources\spoolsv.exe
      Filesize

      152KB

      MD5

      badf9d93158b89f4182ac949abf2ec85

      SHA1

      77f29d1767dd4926b8bf28356ac28fec49feed05

      SHA256

      18df3601fcf279717719f312dac0565fa7c086546011208207adc8ddbba19fca

      SHA512

      d27054452d3a317e57650e12db1015e93da15b2c85a640a26e44038d80179fabfade6f0862e0b42db4dfa4f8f7bd313d798703894536652f9f1975aeaed8edd3

      Download Submit

    • \??\c:\windows\resources\svchost.exe
      Filesize

      99KB

      MD5

      b227fdc28a304b5486cfa021835cfcfe

      SHA1

      92bc99f9134574ad97a41d57b72bdcced9c19f60

      SHA256

      ed9ac2c8eacd47afa1a47f9429cdee3bc473b4c690f97f8c82e2ffcc1a894db9

      SHA512

      3d04b86db7822ecc0bbd2a9b0f50731e83ff6064dab5ae3d00340511fdfd25788d61bbf21cec9fd579200f6069b8ac92da6d0ac8f4ad3968d4133aebd547429a

      Download Submit

    • \??\c:\windows\resources\themes\explorer.exe
      Filesize

      25KB

      MD5

      39b9be702cbe1275f6b5a22650b798a3

      SHA1

      8338a51152eaa7e6ce728aea087863182172b591

      SHA256

      43d9f01bfef7383f97c2e3e657efb9a5b2a7dabd5b816cd0ec07d808f9d64402

      SHA512

      b886aae10f70447fafdcdace56aa80610f52bf8ccbe32d8f1f0475a35e096dfce19551168140d6fe9040b2b47427fb6818a1824b55b54fe8a849281d8cce871e

      Download Submit

    • \Windows\Resources\Themes\explorer.exe
      Filesize

      89KB

      MD5

      7a0dcb69d869adb17dbacdcb6d2283a4

      SHA1

      23dec13e1af7b4e985c15779decb4f280b4d18e5

      SHA256

      9b89547c068f75be12abce23160ee22b81dcb93b08e1d9eac365534faef4c975

      SHA512

      a494f0d43efd83f9a8893d2d3237b25781abca4c5167a8c1fa9851394f28c179dc6cd23dec39b9d44718aced2b205aebae6a2926ee3ab905d1ed5e26d1d41652

      Download Submit

    • \Windows\Resources\Themes\explorer.exe
      Filesize

      95KB

      MD5

      039fdf3c7350d5d69629c44e43210864

      SHA1

      b2ef22881e2be86a44200c7c262f15fdf08da4bf

      SHA256

      de8b4bf807d1605c9602677ae092e46e3ea63c084e43828a9f83edb8cd02acda

      SHA512

      2e112f37650899cb6dd364a835e613b2351f8c4a08aa69f363b3046971bf9b4767846b6a29957abafb3ba8829ac2d145e7fd19bfd7c5dcbe0fb43214ce489ffb

      Download Submit

    • \Windows\Resources\spoolsv.exe
      Filesize

      62KB

      MD5

      095478407cf7a1ad158d99aebe2f674a

      SHA1

      7182998e29e3be8677bf69dd8c4a5e6728abc135

      SHA256

      7591639f2d505a720e0d03cf65b7570218443ba041a23193aae7b0055886e32a

      SHA512

      55c497ad3a1cc497a9d1a19fb5fad84290248a9b64092fce9fda0011816418021724c79d56e217c54ae8b76cf9297c3287b4c173e77f9ebdafa7cf9d04ccf230

      Download Submit

    • \Windows\Resources\spoolsv.exe
      Filesize

      34KB

      MD5

      d150bb1afcf0349202aedc28e2cbf656

      SHA1

      ee7d277027284b18c36c111ba1aed896021c9f24

      SHA256

      d06a6f871168e44cbfbd1514d059f1872dc214578c5e15d880a07c3b0d3c8ba0

      SHA512

      463325027eeb016e3c9376c78520d9fe3929420123519f18b2513fa79bc4ecbd8292f2694658b2f0ddc01f6372f5683205ef8654f56765a223f8aac08f112757

      Download Submit

    • \Windows\Resources\spoolsv.exe
      Filesize

      97KB

      MD5

      83d5311695ccf4f87b908dc6639dea6e

      SHA1

      7e002b246a54e43df3c944ab118d570c6af358cc

      SHA256

      10806c5f4475b47064531a0b2e78787aec077803934f306befd899ab084e55ab

      SHA512

      7db64ac31c1dd7176819f8e677ed0d421e6e18ce76158571e0f3e74736eb0495eb506878bf436106b6ef6d40578c36a9d063773869cc55052fb3d72372ddee17

      Download Submit

    • \Windows\Resources\spoolsv.exe
      Filesize

      64KB

      MD5

      64797ea8bc15bdae155eb950d934bc30

      SHA1

      18f9096dee8276ecd1d71602df0812271083fe8f

      SHA256

      18f5b7b5c9452d4842701caf19354654933cae4ec382a169a5f78de77546b866

      SHA512

      de89cb03f798c03c1db9cbc99161fcb56c4e4a161fedecbf7c545553a10278945b62351abd4561cf5f2d50143f69e12f038a7398caba9237611e377924fc72b4

      Download Submit

    • \Windows\Resources\svchost.exe
      Filesize

      77KB

      MD5

      881f118cc76e536bb661c1d0339b8822

      SHA1

      690ae4d5980e19c782b742d3d231ca9117a9d713

      SHA256

      3dbc21544bf9b907a93fec05b0dbf183e431ca3af0e647ba87c1cb1e470991ae

      SHA512

      c52c133dd7f58eb2e65196b55140735850317f7f4857021ed688ea010726a38d0798a7f0801b24a710e8baa86b22ffb8e199a309398bf6532d2a94973a0d45d5

      Download Submit

    • \Windows\Resources\svchost.exe
      Filesize

      102KB

      MD5

      289db0047e92f6591af32b311c3c1097

      SHA1

      777038e6ac601b02b16311bb398dcd48d61b5b3b

      SHA256

      080c50282288b9a05aa4bf8ee3ab6c4ef83407ee81a157e9bdf89e26ea24e8da

      SHA512

      ecaeb0b2335580e876ea7e96eb7bb77478d76da602af9577ae189393e50909c1d09b9f81801e25905f4402de8a89bf20509f4697c3b38aec2ab30f484ee1874c

      Download Submit

    • memory/1108-8-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/1108-23-0x00000000048A0000-0x00000000048A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-16-0x0000000004870000-0x0000000004871000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-14-0x0000000004860000-0x0000000004861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-6-0x0000000072940000-0x0000000072A93000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1108-0-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/1108-21-0x00000000042B0000-0x00000000042B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-58-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/1108-9-0x0000000004850000-0x0000000004851000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-10-0x0000000004280000-0x0000000004281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-22-0x00000000042D0000-0x00000000042D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-32-0x0000000005710000-0x0000000005B83000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/1108-11-0x0000000004840000-0x0000000004841000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-12-0x00000000042A0000-0x00000000042A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-69-0x0000000072940000-0x0000000072A93000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1108-13-0x00000000042E0000-0x00000000042E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-68-0x0000000075AA0000-0x0000000075B6C000-memory.dmp

      Filesize

      816KB

      Download

    • memory/1108-33-0x0000000005710000-0x0000000005B83000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/1108-164-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/1108-19-0x0000000004290000-0x0000000004291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-1-0x00000000773C0000-0x00000000773C2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1108-2-0x0000000075D70000-0x0000000075E60000-memory.dmp

      Filesize

      960KB

      Download

    • memory/1108-5-0x0000000075AA0000-0x0000000075B6C000-memory.dmp

      Filesize

      816KB

      Download

    • memory/1108-15-0x00000000048D0000-0x00000000048D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-20-0x0000000004880000-0x0000000004881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1108-24-0x00000000048B0000-0x00000000048B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-71-0x0000000075D70000-0x0000000075E60000-memory.dmp

      Filesize

      960KB

      Download

    • memory/2088-83-0x00000000042C0000-0x00000000042C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-67-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2088-90-0x0000000004870000-0x0000000004871000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-101-0x0000000005530000-0x00000000059A3000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2088-92-0x0000000004850000-0x0000000004851000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-88-0x00000000048A0000-0x00000000048A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-87-0x00000000048D0000-0x00000000048D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-86-0x0000000004860000-0x0000000004861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-85-0x0000000004310000-0x0000000004311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-84-0x00000000042D0000-0x00000000042D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-72-0x0000000075AA0000-0x0000000075B6C000-memory.dmp

      Filesize

      816KB

      Download

    • memory/2088-82-0x00000000042E0000-0x00000000042E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-93-0x00000000042F0000-0x00000000042F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-91-0x0000000004880000-0x0000000004881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-73-0x0000000072940000-0x0000000072A93000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2088-89-0x00000000048B0000-0x00000000048B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-81-0x0000000004840000-0x0000000004841000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-78-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2088-155-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2312-144-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-70-0x0000000005720000-0x0000000005B93000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-180-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-51-0x0000000004860000-0x0000000004861000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-53-0x0000000004870000-0x0000000004871000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-50-0x00000000048D0000-0x00000000048D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-55-0x0000000004890000-0x0000000004891000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-49-0x0000000004820000-0x0000000004821000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-48-0x0000000004290000-0x0000000004291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-47-0x0000000004280000-0x0000000004281000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-46-0x00000000042A0000-0x00000000042A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-45-0x0000000004850000-0x0000000004851000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-44-0x0000000004840000-0x0000000004841000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-43-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-52-0x00000000047C0000-0x00000000047C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-34-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-66-0x0000000005720000-0x0000000005B93000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-56-0x00000000048B0000-0x00000000048B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-57-0x0000000004880000-0x0000000004881000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-35-0x0000000075AA0000-0x0000000075B6C000-memory.dmp

      Filesize

      816KB

      Download

    • memory/2608-36-0x0000000072940000-0x0000000072A93000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2608-178-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-204-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-202-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-54-0x00000000048A0000-0x00000000048A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2608-182-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-200-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-184-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-198-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-186-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-196-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-188-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-194-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-190-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2608-192-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-185-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-191-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-189-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-195-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-197-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-187-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-193-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-199-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-181-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-201-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-183-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-203-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-179-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/2696-205-0x0000000000400000-0x0000000000873000-memory.dmp

      Filesize

      4.4MB

      Download