Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

WindowsFormsApp4.exe

windows7-x64

4

WindowsFormsApp4.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    1797s
  • max time network
    1176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WindowsFormsApp4.exe

  • Size

    13KB

  • MD5

    b91f900258fa7c606d0f8ebebf576690

  • SHA1

    c9a141b4c3bccfd4248e9071963e726a35c817e6

  • SHA256

    a6f2b8885c4afacbbbf2e26fa24642a53e9e53ea96a134abae1581df0473ef0d

  • SHA512

    82a667fff3a8b79daf4084aadd9ce28c711e1896a39f9d3b6543246ad79f1c34092b2d378d9f2945f0605588fe7451491b1f54094ad0c65a47bff1b0274cd304

  • SSDEEP

    384:gEQd5Ek/gLt/DLjLR9zEs1LULxLPnkOhYVMfrnuHNptYcFwVc03K:Qd+LdXhJYlPkaYQnuH/tYcFwVc6K

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 11 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of SetWindowsHookEx 35 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WindowsFormsApp4.exe
    "C:\Users\Admin\AppData\Local\Temp\WindowsFormsApp4.exe"
    1⤵
      PID:4260
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4912
    • C:\Windows\system32\mspaint.exe
      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\SyncAdd.png" /ForceBootstrapPaint3D
      1⤵
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4012
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
      1⤵
      • Drops file in System32 directory
      PID:1300
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4080
    • C:\Windows\system32\mspaint.exe
      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\SyncAdd.png" /ForceBootstrapPaint3D
      1⤵
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1672
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2316
    • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\DismountSkip.xltx"
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:448
    • C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\DisconnectWatch.ps1"
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:5032
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\ConvertToSuspend.pdf"
      1⤵
      • Checks processor information in registry
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1820
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3904
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A069F6FB2F2F847AFF08502813EDF938 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
            PID:4872
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3EB6DA4FDE0CFC1734282F89C9CC3337 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3EB6DA4FDE0CFC1734282F89C9CC3337 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:3564
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D1B68DC6B00A5F2EDEEE5DBA914E9AD3 --mojo-platform-channel-handle=2196 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:4136
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D6AB1B8DB651B184B7AA12E69F2DF97A --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:4968
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9E854C95D8AB4E1E2F1FE071E1F352E9 --mojo-platform-channel-handle=2504 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:2884
                  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D82F5C284ACA657A90238F32F15409A0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D82F5C284ACA657A90238F32F15409A0 --renderer-client-id=8 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job /prefetch:1
                    3⤵
                      PID:3976
                • C:\Windows\System32\rundll32.exe
                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                  1⤵
                    PID:1636
                  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\CopyUse.doc" /o ""
                    1⤵
                    • Checks processor information in registry
                    • Enumerates system info in registry
                    • Suspicious behavior: AddClipboardFormatListener
                    • Suspicious use of SetWindowsHookEx
                    PID:4336
                  • C:\Windows\System32\CScript.exe
                    "C:\Windows\System32\CScript.exe" "C:\Users\Admin\Downloads\ConfirmPop.vbs"
                    1⤵
                      PID:2672

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                      Filesize

                      36KB

                      MD5

                      b30d3becc8731792523d599d949e63f5

                      SHA1

                      19350257e42d7aee17fb3bf139a9d3adb330fad4

                      SHA256

                      b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                      SHA512

                      523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                      Download Submit

                    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                      Filesize

                      56KB

                      MD5

                      752a1f26b18748311b691c7d8fc20633

                      SHA1

                      c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                      SHA256

                      111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                      SHA512

                      a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                      Download Submit

                    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                      Filesize

                      64KB

                      MD5

                      7fdb4c7c398cfc992d47d5fe9b740a49

                      SHA1

                      6827145877f21372cf44353fc018c018a6a5cc8c

                      SHA256

                      6ca3dd00e4062dff60628d38578086fbc03e2b848ab13b845e7044387a825e99

                      SHA512

                      1280c5d7f99bf1fdf4f06d13ec1fe262e413279ca6250b7286be22eaa117257065c2d9caa5a5152bed6560416cf50d8ebadecffe0728adf635ffd6f076e53704

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\802B6BE7-2C7F-4DFF-860D-334F2F2BCC8E
                      Filesize

                      160KB

                      MD5

                      77893d5aa65e1769f06164f636d6d0da

                      SHA1

                      936a44e6e8f8ef870bc5a89dd77d0d805041bf31

                      SHA256

                      13ab7a61b9aa4f57a549dfe23f1c772a84a0f3e075d5a98f279591b658b4965b

                      SHA512

                      307f23c6b51ffd055fa8c3eee6e9716bbc03eb3f8b1d7ace3d4298541b4a43ddf82eb2f885def289a22f6b72497087d545ed9b3124e7ab2c603c11223e0c40c6

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
                      Filesize

                      2KB

                      MD5

                      3c5a8f37d40794e67c6aa9c0c9297496

                      SHA1

                      a1c1597c659c27f2c7623e9d89fcda7cc1888eb2

                      SHA256

                      4f3fe5d53096f2023da21d8ebddd9ab8986cc03351fcf9c803ec5da21fb012a7

                      SHA512

                      6d73b7f85d01995f8c10e247bc2a785c9fa6edc67d836d69fad54efa5ccbe5d4d64a73d927d2de4a69c65f40c4b6b4cfc82664bfbd304de046ab20b9718345d5

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
                      Filesize

                      2KB

                      MD5

                      9b7303b932eafb0fb195f9e3407981e0

                      SHA1

                      c6eb0f4178d15c0250eca349edd9dc11ce643f70

                      SHA256

                      83978951efc67e0acd78c374e626087b30ac8cdc302a6b44441f05aaade498e8

                      SHA512

                      edf478006d08ff20daff59f66f6ed543d9cbf44ca8f7ab627a70329c63efbde4f778298985be05501e3bdd20d8b14709d01694c46cbf63172fc9bed41486842f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\TCD4AAC.tmp\gb.xsl
                      Filesize

                      262KB

                      MD5

                      51d32ee5bc7ab811041f799652d26e04

                      SHA1

                      412193006aa3ef19e0a57e16acf86b830993024a

                      SHA256

                      6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

                      SHA512

                      5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

                      Download Submit

                    • C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk
                      Filesize

                      8KB

                      MD5

                      0b89b0a9cfa71caa1d77eb929466ab62

                      SHA1

                      2efd6739b25c4a8ec580f621ca1f32b2db8b59f1

                      SHA256

                      9cd1aa985f780bf2c65b7a1f61555e2f630f67be413426ac06bcda3f2699cc9e

                      SHA512

                      97dced3e6a0da2d14d772176cce1c61a7dd692e452638885197fe102342f48d15ad7b7daa7104338a48dcd17b97afe5e34eb11505404e0af19c3cbf96db0cdc3

                      Download Submit

                    • memory/448-61-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-85-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-84-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/448-83-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/448-82-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/448-81-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/448-62-0x00007FF9CBA50000-0x00007FF9CBA60000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/448-60-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-48-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/448-58-0x00007FF9CBA50000-0x00007FF9CBA60000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/448-59-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-57-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-56-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-54-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-55-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-52-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/448-53-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-51-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-49-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-50-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/448-47-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-44-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/448-46-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/448-45-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1300-27-0x0000026DE2BA0000-0x0000026DE2BB0000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1300-42-0x0000026DEAF90000-0x0000026DEAF91000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/1300-41-0x0000026DEAF90000-0x0000026DEAF91000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/1300-40-0x0000026DEAF80000-0x0000026DEAF81000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/1300-39-0x0000026DEAF80000-0x0000026DEAF81000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/1300-38-0x0000026DEAEF0000-0x0000026DEAEF1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/1300-36-0x0000026DEAEF0000-0x0000026DEAEF1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/1300-34-0x0000026DEAE70000-0x0000026DEAE71000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/1300-926-0x0000026DEAFF0000-0x0000026DEAFF1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/1300-23-0x0000026DE2B60000-0x0000026DE2B70000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/1300-931-0x0000026DEAFE0000-0x0000026DEAFE1000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4260-21-0x0000000005580000-0x0000000005590000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4260-2-0x0000000005AB0000-0x0000000006054000-memory.dmp

                      Filesize

                      5.6MB

                      Download

                    • memory/4260-22-0x0000000075160000-0x0000000075910000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/4260-1-0x0000000000D20000-0x0000000000D28000-memory.dmp

                      Filesize

                      32KB

                      Download

                    • memory/4260-0-0x0000000075160000-0x0000000075910000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/4260-3-0x00000000055A0000-0x0000000005632000-memory.dmp

                      Filesize

                      584KB

                      Download

                    • memory/4260-4-0x0000000005580000-0x0000000005590000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4260-5-0x0000000005750000-0x000000000575A000-memory.dmp

                      Filesize

                      40KB

                      Download

                    • memory/4260-6-0x0000000075160000-0x0000000075910000-memory.dmp

                      Filesize

                      7.7MB

                      Download

                    • memory/4260-7-0x0000000005580000-0x0000000005590000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4336-131-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-132-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-119-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-121-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-120-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4336-123-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-124-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4336-122-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4336-125-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-126-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-127-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-128-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-129-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-130-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4336-133-0x00007FF9CBA50000-0x00007FF9CBA60000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4336-118-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4336-117-0x00007FF9CE270000-0x00007FF9CE280000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4336-135-0x00007FF9CBA50000-0x00007FF9CBA60000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/4336-264-0x00007FFA0BCB0000-0x00007FFA0BF79000-memory.dmp

                      Filesize

                      2.8MB

                      Download

                    • memory/4336-136-0x00007FFA0BCB0000-0x00007FFA0BF79000-memory.dmp

                      Filesize

                      2.8MB

                      Download

                    • memory/4336-263-0x00007FFA0E1F0000-0x00007FFA0E3E5000-memory.dmp

                      Filesize

                      2.0MB

                      Download

                    • memory/4912-15-0x000001F2A0930000-0x000001F2A0931000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4912-20-0x000001F2A0930000-0x000001F2A0931000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4912-19-0x000001F2A0930000-0x000001F2A0931000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4912-18-0x000001F2A0930000-0x000001F2A0931000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4912-10-0x000001F2A0930000-0x000001F2A0931000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4912-8-0x000001F2A0930000-0x000001F2A0931000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4912-17-0x000001F2A0930000-0x000001F2A0931000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4912-16-0x000001F2A0930000-0x000001F2A0931000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4912-14-0x000001F2A0930000-0x000001F2A0931000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4912-9-0x000001F2A0930000-0x000001F2A0931000-memory.dmp

                      Filesize

                      4KB

                      Download