Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/04/2024, 23:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c2a928300805c6f772128556ec39f4152172ff9757e22e23bf0b89f91f0e101.exe

  • Size

    172KB

  • MD5

    af2027f509b6f4b269a7249c2cd5ae4d

  • SHA1

    63d66ab967e4d1a8aea1273f694e4fcafb8699d1

  • SHA256

    5c2a928300805c6f772128556ec39f4152172ff9757e22e23bf0b89f91f0e101

  • SHA512

    73bba08e07b58ad3ebb200133a1435bccee8978afad315a3b1adb2f28fbd72e3dd9f7ced998e3477f52bac619ccab9b2089facfd62c51c4991cc6c2da3172fa5

  • SSDEEP

    3072:8or9nIoq91dwPfb4Z3EtqpAQVjnHF3egebZNn7+KX:lRnIoO1d2D4ZUtqpXllugen+0

Score
10/10
djvulummasmokeloaderpub1backdoordiscoverypersistenceransomwarespywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Botnet

pub1

Extracted

Family

smokeloader

Version

2022

C2

http://trad-einmyus.com/index.php

http://tradein-myus.com/index.php

http://trade-inmyus.com/index.php
rc4.i32
rc4.i32

Extracted

Family

djvu

C2

http://sajdfue.com/test1/get.php

Attributes
  • extension

    .uajs

  • offline_id

    Jx0i3k2ogR5cKxX1evmz0Ex7TUxOUlnbh2dvnIt1

  • payload_url

    http://sdfjhuz.com/dl/build2.exe

    http://sajdfue.com/files/1/build3.exe

  • ransomnote

    ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. Do not ask assistants from youtube and recovery data sites for help in recovering your data. They can use your free decryption quota and scam you. Our contact is emails in this text document only. You can get and look video overview decrypt tool: https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0 Price of private key and decrypt software is $999. Discount 50% available if you contact us first 72 hours, that's price for you is $499. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0859PsawqS

rsa_pubkey.plain

Extracted

Family

lumma

C2

https://resergvearyinitiani.shop/api

Signatures

  • Detected Djvu ransomware 9 IoCs
  • Djvu Ransomware

    Ransomware which is a variant of the STOP family.

    ransomwaredjvu
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Modifies Installed Components in the registry 2 TTPs 5 IoCs
    persistence
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 5 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c2a928300805c6f772128556ec39f4152172ff9757e22e23bf0b89f91f0e101.exe
    "C:\Users\Admin\AppData\Local\Temp\5c2a928300805c6f772128556ec39f4152172ff9757e22e23bf0b89f91f0e101.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4776
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F0F7.bat" "
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4012
    • C:\Windows\system32\reg.exe
      reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
      2⤵
        PID:4816
    • C:\Users\Admin\AppData\Local\Temp\FE37.exe
      C:\Users\Admin\AppData\Local\Temp\FE37.exe
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3148
      • C:\Users\Admin\AppData\Local\Temp\FE37.exe
        C:\Users\Admin\AppData\Local\Temp\FE37.exe
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:4616
        • C:\Windows\SysWOW64\icacls.exe
          icacls "C:\Users\Admin\AppData\Local\66b27694-12f5-47e0-a349-38f40b359b5c" /deny *S-1-1-0:(OI)(CI)(DE,DC)
          3⤵
          • Modifies file permissions
          PID:3444
        • C:\Users\Admin\AppData\Local\Temp\FE37.exe
          "C:\Users\Admin\AppData\Local\Temp\FE37.exe" --Admin IsNotAutoStart IsNotTask
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:1840
          • C:\Users\Admin\AppData\Local\Temp\FE37.exe
            "C:\Users\Admin\AppData\Local\Temp\FE37.exe" --Admin IsNotAutoStart IsNotTask
            4⤵
            • Executes dropped EXE
            PID:2668
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 568
              5⤵
              • Program crash
              PID:1680
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2668 -ip 2668
      1⤵
        PID:3200
      • C:\Users\Admin\AppData\Local\Temp\2E50.exe
        C:\Users\Admin\AppData\Local\Temp\2E50.exe
        1⤵
        • Executes dropped EXE
        PID:3256
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\315F.bat" "
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2164
        • C:\Windows\system32\reg.exe
          reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
          2⤵
            PID:4436
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1720
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:1912
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:748
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Suspicious use of SetWindowsHookEx
          PID:4112
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:776
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:4576
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:3760
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          • Suspicious use of SendNotifyMessage
          PID:4260
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:4444
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:224
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
          • Modifies Installed Components in the registry
          • Enumerates connected drives
          • Checks SCSI registry key(s)
          • Modifies registry class
          PID:1344
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
          • Suspicious use of SetWindowsHookEx
          PID:3924
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:3740
        • C:\Windows\explorer.exe
          explorer.exe
          1⤵
            PID:4116
          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
            1⤵
              PID:2860
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
                PID:3212
              • C:\Windows\explorer.exe
                explorer.exe
                1⤵
                  PID:3624
                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                  1⤵
                    PID:3608
                  • C:\Windows\explorer.exe
                    explorer.exe
                    1⤵
                      PID:4024
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:5048
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        1⤵
                          PID:5036
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                            PID:4948
                          • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                            "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                            1⤵
                              PID:3728
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                                PID:812
                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                1⤵
                                  PID:3520
                                • C:\Windows\explorer.exe
                                  explorer.exe
                                  1⤵
                                    PID:4100
                                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                    1⤵
                                      PID:1200
                                    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                      1⤵
                                        PID:4964

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                        Filesize

                                        471B

                                        MD5

                                        03841c05d79b7bb141bad92b534e015d

                                        SHA1

                                        dc9b0f5bfcef8ea240a3f8dcc20cb87cbf223c20

                                        SHA256

                                        c1f98ce373a59a9653605710b8e7aa7592c4f4adfed4d79394bd2ada6fa8a065

                                        SHA512

                                        d85bc55b171b5f110efcfc94578ab4ddd371af0d32820739e6024a4f04cd06cda53d16a0629e3f3263ad4920f259ddc20bd043fca50e9d25df18b52daf037708

                                        Download Submit

                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
                                        Filesize

                                        412B

                                        MD5

                                        3b72bbbe0eb87f953d6946e114e6b17a

                                        SHA1

                                        92c31f4c67bc413bc563735072c34639ed90aeed

                                        SHA256

                                        6e4d71cb0fbbd8d56fd31c710075afe2ea082d6c4225b9a17c3ac5b81198656b

                                        SHA512

                                        e770febf96fccfb765cc3b9cc424898d9a08a061928626ba4e985e5206e41bd63e24c731941ac58f589ff379253c037e1ec87ab95df4d0a6d7547bd04795bf74

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\TokenBroker\Cache\fbaf94e759052658216786bfbabcdced1b67a5c2.tbres
                                        Filesize

                                        2KB

                                        MD5

                                        42fa6a7d4df4fb3513ce3a73e13f0f57

                                        SHA1

                                        235aa57775873aae2012aff9088626db3389ce99

                                        SHA256

                                        49dd06fa50d5fb990cb0187e72ec6883d4390fd8af69c40ad0e8b96d52de64ac

                                        SHA512

                                        63906e70c3a7b3c760d239d18c90fc0f81e7980d214613b6b88af380080a509c9ba04d6b885ad0ab23305dfbb2c0e3bf3abd0871deee311072edd5087d83d5c4

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\Q5ROSPP2\microsoft.windows[1].xml
                                        Filesize

                                        97B

                                        MD5

                                        bdb8a591dda2dd9c96d20d4b44a5d041

                                        SHA1

                                        9e75f7deb9825c0cda7e25f66f0221f5c74c8d72

                                        SHA256

                                        7fcf82e6510873bad2d4687d21bc368fdc7e8576a8d54fc94284e1dbedda172f

                                        SHA512

                                        79166507556413e667d3bc7d5f24f1d87aed86d7b03e04b5591343cf307468b7b0446adfdf0452edbd657e97e840fa446314be0250d2b2966bff67d1261db439

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\2E50.exe
                                        Filesize

                                        6.5MB

                                        MD5

                                        9e52aa572f0afc888c098db4c0f687ff

                                        SHA1

                                        ef7c2bb222e69ad0e10c8686eb03dcbee7933c2b

                                        SHA256

                                        4a40f9d491f09521f4b0c6076a0eb488f6d8e1cf4b67aa6569c2ccce13556443

                                        SHA512

                                        d0991e682ae8c954721e905753b56c01f91b85313beb9996331793c3efa8acc13d574ef5ba44853ecc3e05822931ed655bad1924fa11b774a43e015f42185f62

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\F0F7.bat
                                        Filesize

                                        77B

                                        MD5

                                        55cc761bf3429324e5a0095cab002113

                                        SHA1

                                        2cc1ef4542a4e92d4158ab3978425d517fafd16d

                                        SHA256

                                        d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a

                                        SHA512

                                        33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\FE37.exe
                                        Filesize

                                        702KB

                                        MD5

                                        d5569b38de8b1e6eb5dc66fb8e7b5efa

                                        SHA1

                                        a6f296fdf93ae56b038ef00a64d8522e838beee6

                                        SHA256

                                        b4612a454cf46728dce97daf3e26453995083fa403312f5c21fc87d8d3e9b4f5

                                        SHA512

                                        033f27adac98689ef4a8ed49130ac79ba522e04d189ef5d8431128820fa6338d9a357f9131c0877d9b64e2b32de88d5ea4dd193accfc22f152c8cf297d02bbb9

                                        Download Submit

                                      • memory/224-160-0x000002A43DC00000-0x000002A43DC20000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/224-158-0x000002A43D800000-0x000002A43D820000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/224-156-0x000002A43D840000-0x000002A43D860000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/776-124-0x0000000004480000-0x0000000004481000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/1344-172-0x00000000042E0000-0x00000000042E1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/1840-40-0x0000000004890000-0x000000000492F000-memory.dmp

                                        Filesize

                                        636KB

                                        Download

                                      • memory/2668-43-0x0000000000400000-0x0000000000537000-memory.dmp

                                        Filesize

                                        1.2MB

                                        Download

                                      • memory/2668-44-0x0000000000400000-0x0000000000537000-memory.dmp

                                        Filesize

                                        1.2MB

                                        Download

                                      • memory/2668-46-0x0000000000400000-0x0000000000537000-memory.dmp

                                        Filesize

                                        1.2MB

                                        Download

                                      • memory/3148-22-0x0000000004900000-0x0000000004A1B000-memory.dmp

                                        Filesize

                                        1.1MB

                                        Download

                                      • memory/3148-21-0x0000000004860000-0x00000000048F6000-memory.dmp

                                        Filesize

                                        600KB

                                        Download

                                      • memory/3212-203-0x00000247FF950000-0x00000247FF970000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/3212-205-0x00000247FF910000-0x00000247FF930000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/3212-207-0x00000247FFF20000-0x00000247FFF40000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/3256-66-0x0000000000B90000-0x0000000001875000-memory.dmp

                                        Filesize

                                        12.9MB

                                        Download

                                      • memory/3256-99-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-63-0x00000000018E0000-0x00000000018E1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3256-57-0x0000000000B90000-0x0000000001875000-memory.dmp

                                        Filesize

                                        12.9MB

                                        Download

                                      • memory/3256-67-0x0000000001C10000-0x0000000001C11000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3256-65-0x0000000001C00000-0x0000000001C01000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3256-68-0x0000000001C20000-0x0000000001C21000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3256-69-0x0000000000B90000-0x0000000001875000-memory.dmp

                                        Filesize

                                        12.9MB

                                        Download

                                      • memory/3256-72-0x0000000001C30000-0x0000000001C62000-memory.dmp

                                        Filesize

                                        200KB

                                        Download

                                      • memory/3256-71-0x0000000001C30000-0x0000000001C62000-memory.dmp

                                        Filesize

                                        200KB

                                        Download

                                      • memory/3256-70-0x0000000001C30000-0x0000000001C31000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3256-73-0x0000000001C30000-0x0000000001C62000-memory.dmp

                                        Filesize

                                        200KB

                                        Download

                                      • memory/3256-74-0x0000000001C30000-0x0000000001C62000-memory.dmp

                                        Filesize

                                        200KB

                                        Download

                                      • memory/3256-75-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-76-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-77-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-78-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-79-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-80-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-81-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-82-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-83-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-84-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-85-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-86-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-87-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-88-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-89-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-90-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-91-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-92-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-93-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-94-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-95-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-96-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-98-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-97-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-64-0x0000000001910000-0x0000000001911000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3256-100-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-101-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-102-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-103-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-104-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-105-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-106-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-107-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-108-0x0000000004440000-0x0000000004441000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3256-109-0x00000000046E0000-0x0000000004A64000-memory.dmp

                                        Filesize

                                        3.5MB

                                        Download

                                      • memory/3256-110-0x0000000004340000-0x0000000004440000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/3256-111-0x0000000000B90000-0x0000000001875000-memory.dmp

                                        Filesize

                                        12.9MB

                                        Download

                                      • memory/3256-62-0x00000000018D0000-0x00000000018D1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3504-4-0x0000000002EB0000-0x0000000002EC6000-memory.dmp

                                        Filesize

                                        88KB

                                        Download

                                      • memory/3504-115-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/3740-184-0x0000023E27A40000-0x0000023E27A60000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/3740-182-0x0000023E27630000-0x0000023E27650000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/3740-180-0x0000023E27670000-0x0000023E27690000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/3760-134-0x000001A06FA60000-0x000001A06FA80000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/3760-136-0x000001A871080000-0x000001A8710A0000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/3760-131-0x000001A06FAA0000-0x000001A06FAC0000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/4024-219-0x0000000004B60000-0x0000000004B61000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4116-195-0x00000000044B0000-0x00000000044B1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4260-148-0x00000000043E0000-0x00000000043E1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4616-27-0x0000000000400000-0x0000000000537000-memory.dmp

                                        Filesize

                                        1.2MB

                                        Download

                                      • memory/4616-26-0x0000000000400000-0x0000000000537000-memory.dmp

                                        Filesize

                                        1.2MB

                                        Download

                                      • memory/4616-25-0x0000000000400000-0x0000000000537000-memory.dmp

                                        Filesize

                                        1.2MB

                                        Download

                                      • memory/4616-23-0x0000000000400000-0x0000000000537000-memory.dmp

                                        Filesize

                                        1.2MB

                                        Download

                                      • memory/4616-37-0x0000000000400000-0x0000000000537000-memory.dmp

                                        Filesize

                                        1.2MB

                                        Download

                                      • memory/4776-5-0x0000000000400000-0x0000000002B54000-memory.dmp

                                        Filesize

                                        39.3MB

                                        Download

                                      • memory/4776-8-0x0000000002CC0000-0x0000000002CCB000-memory.dmp

                                        Filesize

                                        44KB

                                        Download

                                      • memory/4776-3-0x0000000000400000-0x0000000002B54000-memory.dmp

                                        Filesize

                                        39.3MB

                                        Download

                                      • memory/4776-2-0x0000000002CC0000-0x0000000002CCB000-memory.dmp

                                        Filesize

                                        44KB

                                        Download

                                      • memory/4776-1-0x0000000002D70000-0x0000000002E70000-memory.dmp

                                        Filesize

                                        1024KB

                                        Download

                                      • memory/5036-227-0x0000021619A40000-0x0000021619A60000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/5036-229-0x0000021619A00000-0x0000021619A20000-memory.dmp

                                        Filesize

                                        128KB

                                        Download

                                      • memory/5036-233-0x0000021619E10000-0x0000021619E30000-memory.dmp

                                        Filesize

                                        128KB

                                        Download