Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

856affc31c...18.exe

windows7-x64

8

856affc31c...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 08:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    856affc31c3958d297ea725b643655e7_JaffaCakes118.exe

  • Size

    556KB

  • MD5

    856affc31c3958d297ea725b643655e7

  • SHA1

    57c4b6013d8e17a14a4c696c688ba5de68144efe

  • SHA256

    dbfa62dbc4e6db7006009e5c59b7e7fb7665d918eadd2f5d73724c9e4f628160

  • SHA512

    da4b6de960b5ea975c417074a6aa29ae9a5679f0d5cd34f2752d9636571d2b378648db81d5d128b5acba725dd64388013205e87ecd21dce37b4d0d274cfccb9c

  • SSDEEP

    12288:0Z/db/+1xBFf1IfSKyiRVnuDCHFUcYnY/kjDx1anrpukz/niMFP60:0Rd21xB/0Mi/PHFUKcjXgpukeM9

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 42 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Executes dropped EXE 39 IoCs
  • Loads dropped DLL 21 IoCs
  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 62 IoCs
    persistence
  • Suspicious use of SetThreadContext 40 IoCs
  • Drops file in Windows directory 21 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 62 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 41 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\856affc31c3958d297ea725b643655e7_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\856affc31c3958d297ea725b643655e7_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Users\Admin\AppData\Local\Temp\856affc31c3958d297ea725b643655e7_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\856affc31c3958d297ea725b643655e7_JaffaCakes118.exe
      2⤵
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Windows\SysWOW64\svchost.exe
        svchost.exe
        3⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Adds Run key to start application
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2808
        • C:\Windows\SysWOW64\svchost.exe
          svchost.exe
          4⤵
          • Boot or Logon Autostart Execution: Active Setup
          • Loads dropped DLL
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2828
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2096
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:2704
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2736
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2688
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:2556
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:1924
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:3064
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:2764
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2920
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:796
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:332
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2260
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2092
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:1108
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2508
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:1656
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:1900
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:1644
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:884
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:2600
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2144
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:868
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:1968
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:1568
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2972
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:2264
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2336
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2340
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:1140
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2500
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:1856
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:2152
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:916
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2912
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:3060
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2492
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:1744
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:2236
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2416
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:1796
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:280
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2596
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2680
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:1500
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2536
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:1008
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:324
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:1552
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:1632
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:868
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2372
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:1636
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:3000
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2832
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2840
            • C:\Windows\New\Newr.exe
              C:\Windows\New\Newr.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • System Location Discovery: System Language Discovery
              PID:2752
              • C:\Windows\SysWOW64\svchost.exe
                svchost.exe
                7⤵
                • Boot or Logon Autostart Execution: Active Setup
                • Adds Run key to start application
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of SetWindowsHookEx
                PID:2336
          • C:\Windows\New\Newr.exe
            "C:\Windows\New\Newr.exe"
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\New\Newr.exe
    Filesize

    556KB

    MD5

    56d7aa988f8509e39604afa54d9cfbb4

    SHA1

    9a9d5e84b40d4d29ee0d25d0c36730e1789fd39e

    SHA256

    674c510f6bc3233ac0879b5d073b7fc38a642e861d6f9cadb3188bc4c1a69359

    SHA512

    7707278bc21f700c022b2edec88ee8d0b268310837350fb1997f48a4919c87d8a9ca5e8f6b28cc23341a0e73e6b4fbf3b2ab82648984f84d28c0f576aea40876

    Download Submit

  • C:\Users\Admin\AppData\Roaming\New\Newr.exe
    Filesize

    556KB

    MD5

    39dcd1a9131b83475945a2a06aea620a

    SHA1

    476c1456fb750a6317178471d5b40f497135eae1

    SHA256

    ea5ca7dc8a597f8afd3accc2691f729be01823f533b9e6a49bc4496ce4c290e9

    SHA512

    53530fd6329fa02611ceb3347bb7e68356b6bb5152eedf96cca43006b393dcaa1567dec26eed4da846dc8f0548915c43948b1039efc513c594308dbdaeb99ac7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\New\Newr.exe
    Filesize

    556KB

    MD5

    da1854ddf68bc2861e92963ec5df86c3

    SHA1

    0a906286463525d01cb3c669baf744bcbb7d187c

    SHA256

    3edfb01beec4ffad8c2a72609c58d8f93fe137f30cfc72513802e50e117abd94

    SHA512

    3922fe296c4bd39fed2e902707ed216e0934bb5511f2074ab165d318bf5a08b27c3a5c73afdb745a8174b8023d504fa13f7951e7dbc676825fd723ba90edd79f

    Download Submit

  • C:\Windows\New\Newr.exe
    Filesize

    556KB

    MD5

    856affc31c3958d297ea725b643655e7

    SHA1

    57c4b6013d8e17a14a4c696c688ba5de68144efe

    SHA256

    dbfa62dbc4e6db7006009e5c59b7e7fb7665d918eadd2f5d73724c9e4f628160

    SHA512

    da4b6de960b5ea975c417074a6aa29ae9a5679f0d5cd34f2752d9636571d2b378648db81d5d128b5acba725dd64388013205e87ecd21dce37b4d0d274cfccb9c

    Download Submit

  • memory/796-126-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/796-119-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/868-230-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/868-237-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/884-201-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/884-208-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1008-460-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1008-453-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1632-483-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1632-477-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1636-501-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1636-507-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1656-181-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1684-3-0x0000000002D00000-0x0000000002EA8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1684-0-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1684-8-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1744-375-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1744-368-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1796-402-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1796-395-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1856-313-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1856-320-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1924-85-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1924-86-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1924-81-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1924-80-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1924-82-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2092-147-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2092-154-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2096-37-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2096-43-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2340-286-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2340-293-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2344-548-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2556-79-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2680-424-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2680-431-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2688-70-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2688-63-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2704-53-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2736-56-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2736-54-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2736-55-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2736-58-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2736-59-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2796-4-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2796-9-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2796-7-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2796-6-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2796-20-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2808-13-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2808-23-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2808-10-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2808-11-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2808-15-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2808-16-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2808-22-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2808-21-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2808-29-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2808-30-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2828-90-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-116-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-312-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-34-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-28-0x0000000010000000-0x000000001031C000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2828-547-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-340-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-146-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-173-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-367-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-257-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-225-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-394-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-500-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-285-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-423-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-35-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-422-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-449-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-87-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-452-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-62-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-476-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2828-227-0x0000000002540000-0x00000000026E8000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2840-524-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2840-530-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2912-348-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2912-341-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2972-265-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2972-258-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3064-91-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3064-98-0x0000000000400000-0x00000000005A7150-memory.dmp

    Filesize

    1.7MB

    Download