Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

acaef7a4ed...bf.exe

windows7-x64

10

acaef7a4ed...bf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2024, 19:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    acaef7a4ed87dc90ff181955ea7a2bbf.exe

  • Size

    1.4MB

  • MD5

    acaef7a4ed87dc90ff181955ea7a2bbf

  • SHA1

    e0292a9243be088f673b151ddb9d81d34ed50c1e

  • SHA256

    555279cf7c7064b32bd5595f490702dba5c5aec6a0b58db22410880ad42b7106

  • SHA512

    b1383930888c5effe283617964cfad0753619863e3a9865c174a3dcaabf8e224fdf1ab6d69d7c3d41b2ebfc9d4fa8e2d8c15f10b68cd13a2bff3e0a4e7721536

  • SSDEEP

    24576:slbRUyb2oyZ1rdHgCu4oK1I+zZMZaPKLQXuXujAnO6eWe0LjlEQfARoac:UUybE3RHgCud+I++p8XuXJq8l9Fac

Score
10/10
lummaevasionstealerthemida

Malware Config

Signatures

  • Detect Lumma Stealer payload V4 17 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Modifies security service 2 TTPs 22 IoCs
    evasion
  • Executes dropped EXE 10 IoCs
  • Identifies Wine through registry keys 2 TTPs 11 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 20 IoCs
  • Themida packer 29 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Drops file in System32 directory 22 IoCs
  • Runs .reg file with regedit 11 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\acaef7a4ed87dc90ff181955ea7a2bbf.exe
    "C:\Users\Admin\AppData\Local\Temp\acaef7a4ed87dc90ff181955ea7a2bbf.exe"
    1⤵
    • Identifies Wine through registry keys
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\a.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1608
      • C:\Windows\SysWOW64\regedit.exe
        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
        3⤵
        • Modifies security service
        • Runs .reg file with regedit
        PID:2532
    • C:\Windows\SysWOW64\nodf64.exe
      C:\Windows\system32\nodf64.exe 632 "C:\Users\Admin\AppData\Local\Temp\acaef7a4ed87dc90ff181955ea7a2bbf.exe"
      2⤵
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2640
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\a.bat
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2928
        • C:\Windows\SysWOW64\regedit.exe
          REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
          4⤵
          • Modifies security service
          • Runs .reg file with regedit
          PID:2148
      • C:\Windows\SysWOW64\nodf64.exe
        C:\Windows\system32\nodf64.exe 720 "C:\Windows\SysWOW64\nodf64.exe"
        3⤵
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:772
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c c:\a.bat
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2616
          • C:\Windows\SysWOW64\regedit.exe
            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
            5⤵
            • Modifies security service
            • Runs .reg file with regedit
            PID:2668
        • C:\Windows\SysWOW64\nodf64.exe
          C:\Windows\system32\nodf64.exe 716 "C:\Windows\SysWOW64\nodf64.exe"
          4⤵
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2924
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c c:\a.bat
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:1404
            • C:\Windows\SysWOW64\regedit.exe
              REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
              6⤵
              • Modifies security service
              • Runs .reg file with regedit
              PID:2280
          • C:\Windows\SysWOW64\nodf64.exe
            C:\Windows\system32\nodf64.exe 724 "C:\Windows\SysWOW64\nodf64.exe"
            5⤵
            • Executes dropped EXE
            • Identifies Wine through registry keys
            • Loads dropped DLL
            • Drops file in System32 directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2900
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c c:\a.bat
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:1260
              • C:\Windows\SysWOW64\regedit.exe
                REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                7⤵
                • Modifies security service
                • Runs .reg file with regedit
                PID:2364
            • C:\Windows\SysWOW64\nodf64.exe
              C:\Windows\system32\nodf64.exe 732 "C:\Windows\SysWOW64\nodf64.exe"
              6⤵
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Loads dropped DLL
              • Drops file in System32 directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:1160
              • C:\Windows\SysWOW64\cmd.exe
                cmd /c c:\a.bat
                7⤵
                  PID:1032
                  • C:\Windows\SysWOW64\regedit.exe
                    REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                    8⤵
                    • Modifies security service
                    • Runs .reg file with regedit
                    PID:2100
                • C:\Windows\SysWOW64\nodf64.exe
                  C:\Windows\system32\nodf64.exe 728 "C:\Windows\SysWOW64\nodf64.exe"
                  7⤵
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Loads dropped DLL
                  • Drops file in System32 directory
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2996
                  • C:\Windows\SysWOW64\cmd.exe
                    cmd /c c:\a.bat
                    8⤵
                      PID:840
                      • C:\Windows\SysWOW64\regedit.exe
                        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                        9⤵
                        • Modifies security service
                        • Runs .reg file with regedit
                        PID:1692
                    • C:\Windows\SysWOW64\nodf64.exe
                      C:\Windows\system32\nodf64.exe 740 "C:\Windows\SysWOW64\nodf64.exe"
                      8⤵
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Loads dropped DLL
                      • Drops file in System32 directory
                      • Suspicious behavior: EnumeratesProcesses
                      PID:464
                      • C:\Windows\SysWOW64\cmd.exe
                        cmd /c c:\a.bat
                        9⤵
                          PID:3040
                          • C:\Windows\SysWOW64\regedit.exe
                            REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                            10⤵
                            • Modifies security service
                            • Runs .reg file with regedit
                            PID:1636
                        • C:\Windows\SysWOW64\nodf64.exe
                          C:\Windows\system32\nodf64.exe 736 "C:\Windows\SysWOW64\nodf64.exe"
                          9⤵
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          • Loads dropped DLL
                          • Drops file in System32 directory
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3068
                          • C:\Windows\SysWOW64\cmd.exe
                            cmd /c c:\a.bat
                            10⤵
                              PID:596
                              • C:\Windows\SysWOW64\regedit.exe
                                REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                                11⤵
                                • Modifies security service
                                • Runs .reg file with regedit
                                PID:1976
                            • C:\Windows\SysWOW64\nodf64.exe
                              C:\Windows\system32\nodf64.exe 748 "C:\Windows\SysWOW64\nodf64.exe"
                              10⤵
                              • Executes dropped EXE
                              • Identifies Wine through registry keys
                              • Loads dropped DLL
                              • Drops file in System32 directory
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1872
                              • C:\Windows\SysWOW64\cmd.exe
                                cmd /c c:\a.bat
                                11⤵
                                  PID:980
                                  • C:\Windows\SysWOW64\regedit.exe
                                    REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                                    12⤵
                                    • Modifies security service
                                    • Runs .reg file with regedit
                                    PID:2276
                                • C:\Windows\SysWOW64\nodf64.exe
                                  C:\Windows\system32\nodf64.exe 744 "C:\Windows\SysWOW64\nodf64.exe"
                                  11⤵
                                  • Executes dropped EXE
                                  • Identifies Wine through registry keys
                                  • Drops file in System32 directory
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1896
                                  • C:\Windows\SysWOW64\cmd.exe
                                    cmd /c c:\a.bat
                                    12⤵
                                      PID:1432
                                      • C:\Windows\SysWOW64\regedit.exe
                                        REGEDIT /S C:\Users\Admin\AppData\Local\Temp\1.reg
                                        13⤵
                                        • Modifies security service
                                        • Runs .reg file with regedit
                                        PID:2176

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\1.reg
                Filesize

                3KB

                MD5

                9e5db93bd3302c217b15561d8f1e299d

                SHA1

                95a5579b336d16213909beda75589fd0a2091f30

                SHA256

                f360fb5740172b6b4dd59c1ac30b480511665ae991196f833167e275d91f943e

                SHA512

                b5547e5047a3c43397ee846ff9d5979cba45ba44671db5c5df5536d9dc26262e27a8645a08e0cf35960a3601dc0f6f5fe8d47ae232c9ca44d6899e97d36fb25a

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\1.reg
                Filesize

                1KB

                MD5

                5002319f56002f8d7ceacecf8672ce25

                SHA1

                3b26b6801be4768cc7582e29bc93facdf2a74be3

                SHA256

                f23f4854d17525744e8028db6dde6eb7d5d664b0ee1b08870c9c01b639e0124c

                SHA512

                8eae0fabc7f5a7e452abacf988a3632874c556af409da5e60c5e529524732b40f22d4e1d860ccceae87642875c819fc8a8120eceaabd25861f920c8c066a9aef

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\1.reg
                Filesize

                1KB

                MD5

                8a84d46ef81c793a90a80bc806cffdcf

                SHA1

                02fac9db9330040ffc613a325686ddca2678a7c5

                SHA256

                201891985252489d470c08e66c42a4cf5f9220be3051b9a167936c8f80a606c4

                SHA512

                b198b32fd9be872968644641248d4e3794aa095f446bab4e1c5a54b2c109df166bbdfb54d4fd8912d202f92ac69b1685ed0c30256e40f30d72e433ee987cc374

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\1.reg
                Filesize

                2KB

                MD5

                d8be0d42e512d922804552250f01eb90

                SHA1

                cda2fd8fc9c4cdf15d5e2f07a4c633e21d11c9d3

                SHA256

                901619f668fe541b53d809cd550460f579985c3d2f3d899a557997e778eb1d82

                SHA512

                f53619e1ec3c9abc833f9fca1174529fb4a4723b64f7560059cd3147d74ea8fe945a7bd0034f6fb68c0e61b6782a26908d30a749a256e019031b5a6ac088eb97

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\1.reg
                Filesize

                538B

                MD5

                d67d51b859c99a46a906a4c3a6ff6560

                SHA1

                b685cc703a1c86ba8ad681b545a6f3014b80d585

                SHA256

                33d0a27d49cd3cfa5a4ef5027d3defe60a3f7be1a3914870390b9829d360937a

                SHA512

                c986416a115ca162ee28d5dfd1159538d81a751e4961340415718c0d1f0ffa4d80675b4b698ed039eef86cbe1b2c0b01a0004dea39111056013d3e0a0179cedd

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\1.reg
                Filesize

                784B

                MD5

                5a466127fedf6dbcd99adc917bd74581

                SHA1

                a2e60b101c8789b59360d95a64ec07d0723c4d38

                SHA256

                8cd3b8dd28ac014cf973d9ab4b03af1c274bbc9b5ee0ee4ab8af0bdb01573b84

                SHA512

                695cafc932bc8f0a514bc515860cb275297665de63ca3394b55f42c457761ebf654d29d504674681a77b34e3356a469e8c5b97ff7efc24de330d5375f025cba5

                Download Submit

              • C:\Windows\SysWOW64\nodf64.exe
                Filesize

                910KB

                MD5

                206f381696e1eb40fd1016f6cd5ea5fc

                SHA1

                12776abe7ac6360cc1fa69e9c6f28eb88dd46c3f

                SHA256

                5bed48c409bbca372d2dad0bbc827616b450b28a9fc365a36839ec04d7f053c3

                SHA512

                a8d30fc22bbc36e6bfafa09de09bf2930821ea25e44092e0f39407ffbd959adfbb2ff961f1d92d27b01128d34701987b50cb840186d73c7d09710abbca889da8

                Download Submit

              • C:\Windows\SysWOW64\nodf64.exe
                Filesize

                556KB

                MD5

                87073dd9390665b126d8251370d72b6d

                SHA1

                a6dfb58a27f7c39eb8b259d45044456d5520e267

                SHA256

                9f89b7a73a4e9be7f3c1b549f7cd485985a09b4bd4e0e6c373e0a4dfcea6d0a7

                SHA512

                9370f8b2af99a7892ff44cadf9aeba0508ce2587cdc040825c13a7ad9e890526064c56d3c2de117a0e05ec02b631762e9843497f667617a4e0b6702321a5f738

                Download Submit

              • C:\Windows\SysWOW64\nodf64.exe
                Filesize

                1.4MB

                MD5

                acaef7a4ed87dc90ff181955ea7a2bbf

                SHA1

                e0292a9243be088f673b151ddb9d81d34ed50c1e

                SHA256

                555279cf7c7064b32bd5595f490702dba5c5aec6a0b58db22410880ad42b7106

                SHA512

                b1383930888c5effe283617964cfad0753619863e3a9865c174a3dcaabf8e224fdf1ab6d69d7c3d41b2ebfc9d4fa8e2d8c15f10b68cd13a2bff3e0a4e7721536

                Download Submit

              • C:\Windows\SysWOW64\nodf64.exe
                Filesize

                1.1MB

                MD5

                9d3c610a9349666a48ceb6a115656896

                SHA1

                ccb483b2b03719d756827146f1eac110ce9700f0

                SHA256

                21aa461efd55afe4d68a8c2594030a42422c61934da17118fd42fd9eca79824a

                SHA512

                14fc0def3455f0bcd544a32ed67bd3750d36af5d206944374a20c31b64caa827c82c48a50f76df01331dc9486e3a39316181caf8aea08573742b3b1dcb671f38

                Download Submit

              • C:\a.bat
                Filesize

                5KB

                MD5

                0019a0451cc6b9659762c3e274bc04fb

                SHA1

                5259e256cc0908f2846e532161b989f1295f479b

                SHA256

                ce4674afd978d1401596d22a0961f90c8fb53c5bd55649684e1a999c8cf77876

                SHA512

                314c23ec37cb0cd4443213c019c4541df968447353b422ef6fff1e7ddf6c983c80778787408b7ca9b81e580a6a7f1589ca7f43c022e6fc16182973580ed4d904

                Download Submit

              • \Windows\SysWOW64\nodf64.exe
                Filesize

                1.3MB

                MD5

                79d8cac956fef5a64bf0b826ddafdfae

                SHA1

                a24685b8eae89955440fed541b2298b40a8fb026

                SHA256

                f84ae172a21ebf5bcb1fe3086aa899c8c7252d989c652f67a59412276f529aef

                SHA512

                1c328200a1cad4cddc01c05a4cc4b012f8c32a40fa6e5aa23f755a60e435c6a5d831e506ce2463ec14d47de60d3472244d8e067edff1828de5e812f5eb6caa02

                Download Submit

              • \Windows\SysWOW64\nodf64.exe
                Filesize

                1.1MB

                MD5

                c8634aae6f8564a2f7f37d113f154239

                SHA1

                f2d05800bb926ad741e9ae393e8d5d1c1158477a

                SHA256

                199fe6ad4c65851b6ee6012832abb2de93123a90f2ee3c38a933154ae6854f80

                SHA512

                e641cd193574e6204f810f05d07792c72d87a1698866e0b94ef791cd85eaf05c936a867576db7fd94007ee308a053a41be4ef9c8bd57ebc57958bc5475057181

                Download Submit

              • \Windows\SysWOW64\nodf64.exe
                Filesize

                776KB

                MD5

                f42a840f264e9267931b4034b511ef02

                SHA1

                629c998934fd7e56cf51e3d2ce20cd5055d14f2f

                SHA256

                304e8acb1061db91d3980dbdb47677fbe962e16dc4506c7f452420571a15367a

                SHA512

                16697d9d814ccab0a1173ddc7c9a67d17a5092468bcc7ffa40c53f0889374ea0cea66b5ab0080dce8db87f40ad47ae4baa455c99335b7fd2b254998b9e2efc8e

                Download Submit

              • \Windows\SysWOW64\nodf64.exe
                Filesize

                764KB

                MD5

                bbc19778f7f1fd71fffcb94d18b2d7b4

                SHA1

                8beda72b59013f076b17e3a63aed9ca7734f0dfe

                SHA256

                3134ec921f164811a89e069f0f2e9c4a40be1ec3cfb0fc5fc6821db3faeead05

                SHA512

                925f1805a3d29d9f330e40f04245121e1d116d62834cff4001e7d6d4afe4e563eb8dc956b23b66db322a40316e44a2c7b540b0940be0cf60a7c72138e2bde98e

                Download Submit

              • \Windows\SysWOW64\nodf64.exe
                Filesize

                192KB

                MD5

                a1af673b0245ce311e8ffeb2b607cdc9

                SHA1

                6e47c5c9dbbdce2410d70c42422e3380b929deb9

                SHA256

                392f3ee58c9aa4d5830f4ee5dd08e5decd700c07054023097e6da3361dc5c9be

                SHA512

                fe60a8c78b1a6fb5067c9c18db520e20b9ff2d88d89203db7ac587b136539bc0633c8e9a91b0510499b31891bca997fc149d58e7a1036d1191dd4e3313eb533c

                Download Submit

              • memory/464-1120-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/772-411-0x0000000004450000-0x0000000004451000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-416-0x00000000043F0000-0x00000000043F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-426-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/772-292-0x0000000000270000-0x0000000000271000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-414-0x00000000044F0000-0x00000000044F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-419-0x0000000004530000-0x0000000004531000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-291-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/772-420-0x00000000044E0000-0x00000000044E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-421-0x00000000044D0000-0x00000000044D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-422-0x0000000004400000-0x0000000004401000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-423-0x0000000004480000-0x0000000004481000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-425-0x0000000004430000-0x0000000004432000-memory.dmp

                Filesize

                8KB

                Download

              • memory/772-424-0x00000000044A0000-0x00000000044A1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-418-0x0000000004440000-0x0000000004441000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-413-0x0000000004510000-0x0000000004511000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-415-0x00000000044C0000-0x00000000044C2000-memory.dmp

                Filesize

                8KB

                Download

              • memory/772-432-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/772-417-0x0000000004410000-0x0000000004411000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-410-0x0000000004520000-0x0000000004522000-memory.dmp

                Filesize

                8KB

                Download

              • memory/772-346-0x0000000004490000-0x0000000004491000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-409-0x0000000004460000-0x0000000004461000-memory.dmp

                Filesize

                4KB

                Download

              • memory/772-311-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/1160-847-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/1872-1364-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2228-137-0x00000000044A0000-0x00000000044A1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-126-0x0000000004510000-0x0000000004511000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-2-0x0000000000260000-0x0000000000261000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-1-0x00000000007C0000-0x00000000008BA000-memory.dmp

                Filesize

                1000KB

                Download

              • memory/2228-10-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2228-119-0x0000000004320000-0x0000000004321000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-11-0x0000000004350000-0x0000000004351000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-120-0x0000000004520000-0x0000000004522000-memory.dmp

                Filesize

                8KB

                Download

              • memory/2228-121-0x0000000004310000-0x0000000004311000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-123-0x00000000044F0000-0x00000000044F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-122-0x0000000004500000-0x0000000004501000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-124-0x00000000044C0000-0x00000000044C2000-memory.dmp

                Filesize

                8KB

                Download

              • memory/2228-125-0x00000000003F0000-0x00000000003F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-127-0x00000000042D0000-0x00000000042D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-128-0x0000000004530000-0x0000000004531000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-129-0x00000000044E0000-0x00000000044E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-130-0x00000000044D0000-0x00000000044D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-132-0x0000000004340000-0x0000000004341000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-131-0x0000000000900000-0x0000000000901000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2228-136-0x00000000042F0000-0x00000000042F2000-memory.dmp

                Filesize

                8KB

                Download

              • memory/2228-0-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2228-147-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2228-146-0x0000000004BD0000-0x0000000004F8B000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2640-275-0x00000000044F0000-0x00000000044F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-290-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2640-158-0x0000000004490000-0x0000000004491000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-157-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2640-268-0x0000000004470000-0x0000000004471000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-269-0x0000000004530000-0x0000000004532000-memory.dmp

                Filesize

                8KB

                Download

              • memory/2640-271-0x0000000004510000-0x0000000004511000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-272-0x0000000004500000-0x0000000004501000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-270-0x0000000004460000-0x0000000004461000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-273-0x00000000044C0000-0x00000000044C2000-memory.dmp

                Filesize

                8KB

                Download

              • memory/2640-278-0x0000000004540000-0x0000000004541000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-274-0x0000000004520000-0x0000000004521000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-277-0x0000000004410000-0x0000000004411000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-276-0x00000000043F0000-0x00000000043F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-148-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2640-283-0x00000000044A0000-0x00000000044A1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-149-0x0000000000270000-0x0000000000271000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-284-0x0000000004440000-0x0000000004441000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-282-0x0000000004480000-0x0000000004481000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-279-0x00000000044E0000-0x00000000044E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-281-0x0000000004400000-0x0000000004401000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-280-0x00000000044D0000-0x00000000044D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2640-289-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2640-285-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2900-710-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2900-704-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2924-568-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/2996-991-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              • memory/3068-1245-0x0000000000400000-0x00000000007BB000-memory.dmp

                Filesize

                3.7MB

                Download

              We care about your privacy.

              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.