Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

64e589ec7b...ab.exe

windows10-2004-x64

8

64e589ec7b...ab.exe

windows7-x64

8

64e589ec7b...ab.exe

windows10-1703-x64

7

64e589ec7b...ab.exe

windows10-2004-x64

8

64e589ec7b...ab.exe

windows11-21h2-x64

1

Resubmissions

17/04/2024, 12:37

240417-pths4afc45 8

17/04/2024, 12:37

240417-ptg7kafc43 8

17/04/2024, 12:36

240417-ptcbbafc34 8

17/04/2024, 12:36

240417-ptbpsafc29 8

17/04/2024, 12:36

240417-pta39afc28 8

16/04/2024, 13:44

240416-q1vxnsda7z 8

Analysis

  • max time kernel
    300s
  • max time network
    299s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64e589ec7bd006671b3192241c36ab7d87c9f4e93fd0b0d6f5f327de1b9a59ab.exe

  • Size

    5.3MB

  • MD5

    63552c60caeefe5f2d0e4028b3cc65d3

  • SHA1

    dbed3040d53495a6afda01bfb8399376792eb48c

  • SHA256

    64e589ec7bd006671b3192241c36ab7d87c9f4e93fd0b0d6f5f327de1b9a59ab

  • SHA512

    caf92a581afd25daaf9763a382b47fc87141773a8879c24ed855dfe1186b86ed7269b0cf17e8c1caee983eb85008f1161f4df07aabe0e1bb719514b41c365ba0

  • SSDEEP

    98304:vwrOjNr08jQxkFg97Nw76XgfqCPa1AQy2cmw:YC5r0wQxKg97Nw76XgyC6

Score
8/10
evasion

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 6 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 8 IoCs
  • Drops file in Windows directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\64e589ec7bd006671b3192241c36ab7d87c9f4e93fd0b0d6f5f327de1b9a59ab.exe
    "C:\Users\Admin\AppData\Local\Temp\64e589ec7bd006671b3192241c36ab7d87c9f4e93fd0b0d6f5f327de1b9a59ab.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2176
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2556
    • C:\Windows\system32\schtasks.exe
      schtasks /create /sc minute /ED "11/02/2024" /mo 7 /tn "Timer" /tr c:\windows\system\svchost.exe /ru SYSTEM
      2⤵
      • Creates scheduled task(s)
      PID:1984
    • C:\Windows\System\svchost.exe
      "C:\Windows\System\svchost.exe" formal
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1988
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2748
      • C:\Users\Admin\AppData\Local\Temp\~tl24A0.tmp
        C:\Users\Admin\AppData\Local\Temp\~tl24A0.tmp
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2216
        • C:\Windows\system32\netsh.exe
          netsh int ipv4 set dynamicport tcp start=1025 num=64511
          4⤵
            PID:2488
          • C:\Windows\System32\netsh.exe
            "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
            4⤵
            • Modifies Windows Firewall
            PID:1168
          • C:\Windows\System32\netsh.exe
            "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
            4⤵
            • Modifies Windows Firewall
            PID:2784
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2956
          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
            "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2844
          • C:\Windows\system32\schtasks.exe
            schtasks /delete /TN "Timer"
            4⤵
              PID:2788
            • C:\Windows\system32\schtasks.exe
              schtasks /create /sc minute /ED "11/02/2024" /mo 7 /tn "Timer" /tr c:\windows\system\svchost.exe /ru SYSTEM
              4⤵
              • Creates scheduled task(s)
              PID:2272
            • C:\Windows\System\svchost.exe
              "C:\Windows\System\svchost.exe" formal
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Windows directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:1768
              • C:\Windows\system32\netsh.exe
                netsh int ipv4 set dynamicport tcp start=1025 num=64511
                5⤵
                  PID:2948
                • C:\Windows\System32\netsh.exe
                  "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
                  5⤵
                  • Modifies Windows Firewall
                  PID:2424
                • C:\Windows\System32\netsh.exe
                  "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
                  5⤵
                  • Modifies Windows Firewall
                  PID:812
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
                  5⤵
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1108
                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
                  5⤵
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1832
                • C:\Users\Admin\AppData\Local\Temp\~tlF95C.tmp
                  C:\Users\Admin\AppData\Local\Temp\~tlF95C.tmp
                  5⤵
                  • Executes dropped EXE
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of WriteProcessMemory
                  PID:3048
                  • C:\Windows\system32\netsh.exe
                    netsh int ipv4 set dynamicport tcp start=1025 num=64511
                    6⤵
                      PID:2196
                    • C:\Windows\System32\netsh.exe
                      "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=in action=allow program="C:\Windows\System\svchost.exe" enable=yes
                      6⤵
                      • Modifies Windows Firewall
                      PID:704
                    • C:\Windows\System32\netsh.exe
                      "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="SvcHostX" dir=out action=allow program="C:\Windows\System\svchost.exe" enable=yes
                      6⤵
                      • Modifies Windows Firewall
                      PID:2612
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\windows\
                      6⤵
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2324
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath \\?\C:\Windows \
                      6⤵
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2264

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
            Filesize

            7KB

            MD5

            baa8daf16628b5bdd48d79b0b40cea35

            SHA1

            78465e2b4decd3e3d51f149db40194f0f70af774

            SHA256

            a5412945fafe281bdd45ae9b98c450c86b11f8c9e7feb1d4f6b52f33f4d0cf25

            SHA512

            42102ca403104d44060ee9673620f0b99ba869da7164968ecf4edf89e380f9bc52bd5d67caebfe91f37d5145d5299c0c830d973e605f4b17e5faeff18b4242c7

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CC3TRGFPXOLZSC1RQMNA.temp
            Filesize

            7KB

            MD5

            8d6e07044df3815a0056fadb1fc7b0fc

            SHA1

            84ab6628539e2ace8ed1481897d866485415ada5

            SHA256

            0bbed98d0a69545531e198aee86ea655bf8eeb8177d24050813bfdda232f7224

            SHA512

            109388d62c88170868fa687539448bbbb25c31c9a6179adae2ffd42f994d2f0c563cd0be389f3e5bc242c9bb0d771c0bebc3722d82bb4749c8281e9718714dc0

            Download Submit

          • C:\Users\Admin\AppData\Roaming\tor\cached-microdesc-consensus.tmp
            Filesize

            2.6MB

            MD5

            8c29dca81612f559ac2e9aa5012896e4

            SHA1

            e7b504c8be6ae987ced54380dc2a34d03c613ef7

            SHA256

            b8ac5707fb24e123ee2bb53e97cfb166b3e86f1ee46b36bef7c41cf0f58047fd

            SHA512

            7c910b5c97dc3f556d35c9b48dd5ea4c4b55827bb66b508347c63650ad744f3992280df808a187f06daede1895347c46787fd110ba2015f92a927ab1f650a98c

            Download Submit

          • C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
            Filesize

            7.9MB

            MD5

            c54ae82300295cd9bbc28c2977381bd6

            SHA1

            335b9c7954dd44bc4dafd77e2b511417a912d75a

            SHA256

            8cbaf45e77b9fa4edaf9742ffcfe06570cea77d022bf0d0bcb620a11814d5067

            SHA512

            dcf5cff43c18f9e1816cdc7c7865f3ae510f442cad75c80e56e9923f33f9894457f822811dd278cc5b1bbea4352c0e3d8ea9fb56e05ed3f9538d14eb46d4c0ce

            Download Submit

          • C:\Windows\System\svchost.exe
            Filesize

            385KB

            MD5

            afca213ee0321f46e8bde639ae2de3e2

            SHA1

            4dc7621667b7cdb544c03c4b756cd0193b9d74f9

            SHA256

            664200ddc8a80df3122556faae95263e64a5affe4d086982e690aec7d1bae7dc

            SHA512

            a075fbb1648b87768ab7973ff8ba97d658dd1f5c8b07e3ba4e535d7f318ded08aab4714eff38becf61cbc2d68cb5a6bc7011b6e7cdc2ea47ecd2d143ea7cb843

            Download Submit

          • C:\Windows\system\svchost.exe
            Filesize

            5.3MB

            MD5

            63552c60caeefe5f2d0e4028b3cc65d3

            SHA1

            dbed3040d53495a6afda01bfb8399376792eb48c

            SHA256

            64e589ec7bd006671b3192241c36ab7d87c9f4e93fd0b0d6f5f327de1b9a59ab

            SHA512

            caf92a581afd25daaf9763a382b47fc87141773a8879c24ed855dfe1186b86ed7269b0cf17e8c1caee983eb85008f1161f4df07aabe0e1bb719514b41c365ba0

            Download Submit

          • \Users\Admin\AppData\Local\Temp\~tl24A0.tmp
            Filesize

            385KB

            MD5

            e802c96760e48c5139995ffb2d891f90

            SHA1

            bba3d278c0eb1094a26e5d2f4c099ad685371578

            SHA256

            cb82ea45a37f8f79d10726a7c165aa5b392b68d5ac954141129c1762a539722c

            SHA512

            97300ac501be6b6ea3ac1915361dd472824fe612801cab8561a02c7df071b1534190d2d5ef872d89d24c8c915b88101e7315f948f53215c2538d661181e3a5f0

            Download Submit

          • \Users\Admin\AppData\Local\Temp\~tlF95C.tmp
            Filesize

            393KB

            MD5

            9dbdd43a2e0b032604943c252eaf634a

            SHA1

            9584dc66f3c1cce4210fdf827a1b4e2bb22263af

            SHA256

            33c53cd5265502e7b62432dba0e1b5ed702b5007cc79973ccd1e71b2acc01e86

            SHA512

            b7b20b06dac952a96eda254bad29966fe7a4f827912beb0bc66d5af5b302d7c0282d70c1b01ff782507dd03a1d58706f05cb157521c7f2887a43085ffe5f94d1

            Download Submit

          • memory/1108-190-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1108-205-0x0000000002DC0000-0x0000000002E40000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1108-189-0x000000001B6F0000-0x000000001B9D2000-memory.dmp

            Filesize

            2.9MB

            Download

          • memory/1108-207-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1108-191-0x0000000002DC0000-0x0000000002E40000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1108-192-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1108-193-0x0000000002DC0000-0x0000000002E40000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1108-194-0x0000000002DC0000-0x0000000002E40000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1768-181-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1768-183-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1768-219-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1832-203-0x0000000002700000-0x0000000002780000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1832-201-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1832-206-0x0000000002700000-0x0000000002780000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1832-204-0x0000000002700000-0x0000000002780000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1832-202-0x000007FEF5410000-0x000007FEF5DAD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1988-71-0x000007FEF5390000-0x000007FEF5D2D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1988-58-0x000000001B870000-0x000000001BB52000-memory.dmp

            Filesize

            2.9MB

            Download

          • memory/1988-61-0x00000000029E0000-0x0000000002A60000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1988-60-0x0000000001D80000-0x0000000001D88000-memory.dmp

            Filesize

            32KB

            Download

          • memory/1988-62-0x000007FEF5390000-0x000007FEF5D2D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/1988-63-0x00000000029E0000-0x0000000002A60000-memory.dmp

            Filesize

            512KB

            Download

          • memory/1988-70-0x00000000029EB000-0x0000000002A52000-memory.dmp

            Filesize

            412KB

            Download

          • memory/1988-59-0x000007FEF5390000-0x000007FEF5D2D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2176-24-0x00000000021F0000-0x0000000002270000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2176-19-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2176-23-0x00000000021F0000-0x0000000002270000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2176-18-0x00000000021F0000-0x0000000002270000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2176-29-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2176-17-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2176-26-0x00000000021F0000-0x0000000002270000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2216-182-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2216-140-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2216-139-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2216-138-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2216-137-0x0000000140000000-0x000000014015E400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2496-125-0x0000000140000000-0x0000000140644400-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/2496-126-0x0000000140000000-0x0000000140644400-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/2496-136-0x0000000140000000-0x0000000140644400-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/2496-47-0x0000000140000000-0x0000000140644400-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/2496-88-0x0000000140000000-0x0000000140644400-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/2496-73-0x000000000BA30000-0x000000000BF2C000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/2556-20-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2556-16-0x0000000002810000-0x0000000002818000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2556-21-0x0000000002850000-0x00000000028D0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2556-22-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2556-25-0x0000000002850000-0x00000000028D0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2556-28-0x0000000002850000-0x00000000028D0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2556-30-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2556-27-0x0000000002850000-0x00000000028D0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2556-15-0x000000001B690000-0x000000001B972000-memory.dmp

            Filesize

            2.9MB

            Download

          • memory/2748-68-0x000007FEF5390000-0x000007FEF5D2D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2748-66-0x0000000002910000-0x0000000002990000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2748-72-0x000007FEF5390000-0x000007FEF5D2D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2748-69-0x0000000002910000-0x0000000002990000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2748-64-0x0000000002910000-0x0000000002990000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2748-65-0x000007FEF5390000-0x000007FEF5D2D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2748-67-0x0000000002910000-0x0000000002990000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2844-160-0x0000000002BF0000-0x0000000002C70000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2844-157-0x0000000002BF0000-0x0000000002C70000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2844-163-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2844-167-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2844-158-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2844-165-0x0000000002BF0000-0x0000000002C70000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2844-159-0x0000000002BF0000-0x0000000002C70000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2956-162-0x0000000001E20000-0x0000000001EA0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2956-166-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2956-147-0x000000001B780000-0x000000001BA62000-memory.dmp

            Filesize

            2.9MB

            Download

          • memory/2956-148-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2956-161-0x0000000001E20000-0x0000000001EA0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2956-156-0x000007FEF5BE0000-0x000007FEF657D000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2956-164-0x0000000001E20000-0x0000000001EA0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2956-149-0x0000000001E20000-0x0000000001EA0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/3028-0-0x0000000140000000-0x0000000140644400-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/3028-42-0x0000000140000000-0x0000000140644400-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/3028-5-0x0000000140000000-0x0000000140644400-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/3028-3-0x0000000140000000-0x0000000140644400-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/3028-4-0x0000000140000000-0x0000000140644400-memory.dmp

            Filesize

            6.3MB

            Download

          • memory/3048-220-0x0000000140000000-0x0000000140170400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/3048-222-0x0000000140000000-0x0000000140170400-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/3048-246-0x0000000140000000-0x0000000140170400-memory.dmp

            Filesize

            1.4MB

            Download