Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

493eda0e24...f7.exe

windows7-x64

10

493eda0e24...f7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2024, 22:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    493eda0e24cea8fa7eb424854094f31b2381deb4ebca7a7a4c5195ebca3354f7.exe

  • Size

    255KB

  • MD5

    cd2cfda14fdebc2474a5cf7c4d1524df

  • SHA1

    87feb6ac2070ccb2dcd9e44584e3ecedcabb270a

  • SHA256

    493eda0e24cea8fa7eb424854094f31b2381deb4ebca7a7a4c5195ebca3354f7

  • SHA512

    3b23f50bf703a30813cad819ec428786ca9a55654174fbd287c188e81ecd2fef1aae17c7e80cf1941e68a5a7984ae8f3ade1f0e78c6567f75fc2f124d9cf5933

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJL:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIQ

Score
10/10
discoveryevasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 60 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 12 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\493eda0e24cea8fa7eb424854094f31b2381deb4ebca7a7a4c5195ebca3354f7.exe
    "C:\Users\Admin\AppData\Local\Temp\493eda0e24cea8fa7eb424854094f31b2381deb4ebca7a7a4c5195ebca3354f7.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3600
    • C:\Windows\SysWOW64\kswehankll.exe
      kswehankll.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4788
      • C:\Windows\SysWOW64\mckaqnvm.exe
        C:\Windows\system32\mckaqnvm.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4644
    • C:\Windows\SysWOW64\sehqsexnbudhmte.exe
      sehqsexnbudhmte.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3672
    • C:\Windows\SysWOW64\mckaqnvm.exe
      mckaqnvm.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4628
    • C:\Windows\SysWOW64\gieqjqtoecnwe.exe
      gieqjqtoecnwe.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3004
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

2
T1562

Disable or Modify Tools

2
T1562.001

Modify Registry

6
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

4
T1012

System Information Discovery

5
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
    Filesize

    255KB

    MD5

    7d7394a0adbc551151ffbdd7a13d9d53

    SHA1

    bd9bf4ae294b03903f2027a0e50761825a5c681a

    SHA256

    b36d2c7ed23f3f43fa860bf561ba8b988de064fe436728014bcc216f4ec81ac0

    SHA512

    2509438e2010b455854a4da9b5aa66d3daa7419a0d89c92c0a221fb15bd5dcf810f248a9947d377de6ba25b84f29ac0e724d900a5a03fcd1b7fefbe7bdaeec8c

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
    Filesize

    255KB

    MD5

    f79ca211dd49e73a268550f4e8b0bf68

    SHA1

    7fc725e3769a3101aef508336fbe3e310c91482e

    SHA256

    1ff36e44621618c16038acd96012ff9aff0e0553559aed8ed16158045974bec6

    SHA512

    16cd35e3b0e90235667b565a87d0505cb54ebcd307a93b6d3d07bec3b3d9d4aa2694a0476e27b11d07e2aac368ce8388c1e731260f6070cae14577bb5faac64b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TCD10BD.tmp\gb.xsl
    Filesize

    262KB

    MD5

    51d32ee5bc7ab811041f799652d26e04

    SHA1

    412193006aa3ef19e0a57e16acf86b830993024a

    SHA256

    6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

    SHA512

    5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    319B

    MD5

    7d01ba83c94f1151efef6324db548168

    SHA1

    f23b1fb289b534c893e6226a9fe66dedae0e1f52

    SHA256

    c370f944ed01523702ee9f65892722fa13d2a3f2e12ea837a29791bd1c9b062c

    SHA512

    5a2862def751200f85ecedd97bdaf619be061220100b614d0f13dd37d1495dfb1e327c5b3250bff9f4c55caf5a53b0b98197f9b256cd52f71c0c12af96d4379b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    1KB

    MD5

    0fd4031d6490d49c645d7bbdb9ce805a

    SHA1

    c3df871484f9a21744d04bf214d86a8a560c6524

    SHA256

    a672787d473d3960d227abb4d3014756f0d47e8b39c270b711a99fb7949c20dd

    SHA512

    ed9d55cbddeffdb412453cca98ad543429206d78fa1854e7baaf359f44db70ae5b7184af9751d2a5379f98b7b5c403ec7cb4f70ee4dc10d2c2c25b502665ca06

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    1KB

    MD5

    eef53bf3ba27e8d0d913f616d012dfa6

    SHA1

    c7b21ca198ad9b012094951b865cace2bff4947d

    SHA256

    7f910a7ac48bf17c10e8e191a57bb2d8a18ab472385032a0d07bc60a1aec3f2a

    SHA512

    0738ad55da9aa1abb6a89705f8c92f5343f86f2338769bbd0f1238c5e625545245fe0308d9a5b33432afeab02a8e9f77a469e393bfe0d046b2ed1de2905456ec

    Download Submit

  • C:\Windows\SysWOW64\gieqjqtoecnwe.exe
    Filesize

    255KB

    MD5

    81ba7b193c990a6b259c533c727fc8e4

    SHA1

    cd296a4794ea2ddb489445b6b6eab8bad8639097

    SHA256

    e0aab0c08c13ccb87875e8eaa2cd180085f6e8666d6a2bb59361eb90da2ff0da

    SHA512

    16ddfa5bc4543bc72d95d32766a141fb1e202abf7d2ac656267887478a72773238ea5c01e0b3b49f0a7eabd1c8887a8120603efe2107cfcf5884a7c84dea8ced

    Download Submit

  • C:\Windows\SysWOW64\kswehankll.exe
    Filesize

    255KB

    MD5

    e7e2cd29be2d719abb7954597ade0995

    SHA1

    eff5f29d83a28753843a101911fde27d7160cf86

    SHA256

    67c4ef5ca33c90a94eb41c146611ea15c8f392d36d0f8fc7be795e8a2d295dd7

    SHA512

    22f243ebf07cd35258c9ac9b015367974944772de7ee42e5536b9940b92bd506c9e0ca345f6b0f79b376d287d8b9c0634062d48040664ef9799dff1525e0fdc8

    Download Submit

  • C:\Windows\SysWOW64\mckaqnvm.exe
    Filesize

    255KB

    MD5

    5ae44c67aaad172e83e0a5163667a7c7

    SHA1

    b8d3fec7c1e70dbccc074e1363127f4e403ae817

    SHA256

    c89642fb19107bc3ec033f34bc96d0c840571dd6bba879f6ec063f89ecc95553

    SHA512

    5402b480bf3d636e42d7826da3ea26fee36439eb8c33ef7a820a117d1939517f4438e0b607180a5e5ca5ad37ad24f879293af0078d4414ada06251b43a4781b2

    Download Submit

  • C:\Windows\SysWOW64\sehqsexnbudhmte.exe
    Filesize

    255KB

    MD5

    25c96c1018af3616f70bbd38731fe4fa

    SHA1

    37a9288079dcc39824249d52bf62527391761980

    SHA256

    3bc9c9e3fbe37bf5ed12a728e848cb28c293ea47c11f773e38d509f953a2d0a2

    SHA512

    a50429e3ea08012800b42705e4b68b7285c21aad01a1dfe4edb060b73c703992c83f83768a17dcc3123c51db2c9923db3a7451d6f599fc4fb54dfcda537a096c

    Download Submit

  • C:\Windows\mydoc.rtf
    Filesize

    223B

    MD5

    06604e5941c126e2e7be02c5cd9f62ec

    SHA1

    4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

    SHA256

    85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

    SHA512

    803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    255KB

    MD5

    0901580ec6a6872593631721fc11e85a

    SHA1

    89e532babfdab2ae2c9d1d6598ec7d150f6e20b7

    SHA256

    f146b37583d5bfe3f061a975202899b7e1f1889c37f8c0670ce7116f60916fad

    SHA512

    38ab25679e51135b8a087c26dc9c7ef94a8b49bd35946dcd969fc024f07d2a852c79396cbf1c0a855fcd40c42b42d47deab3662cbd3affbd9ba047aa1ecb427a

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    255KB

    MD5

    7626f169167362fa42200fa7e37c6a9f

    SHA1

    510e50db16b86a3d1c94b8a7438022a415877e5e

    SHA256

    a5ce6c309b33738c4f6247523c159205801d1244c7ff86641003cfbe4fde2cd4

    SHA512

    03bfdf3e2bc15d43e59f6a9c0d4f37fa5515420855a7622283830d3a661739a72ebc644e7f504119f690a3c62146189b244a84f9c4c43008ea24abecd452868f

    Download Submit

  • memory/1716-42-0x00007FFF20A10000-0x00007FFF20A20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-655-0x00007FFF20A10000-0x00007FFF20A20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-43-0x00007FFF1E650000-0x00007FFF1E660000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-44-0x00007FFF1E650000-0x00007FFF1E660000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-37-0x00007FFF20A10000-0x00007FFF20A20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-38-0x00007FFF20A10000-0x00007FFF20A20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-39-0x00007FFF20A10000-0x00007FFF20A20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-41-0x00007FFF20A10000-0x00007FFF20A20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-652-0x00007FFF20A10000-0x00007FFF20A20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-653-0x00007FFF20A10000-0x00007FFF20A20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-654-0x00007FFF20A10000-0x00007FFF20A20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3004-634-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-32-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-658-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-631-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-628-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-85-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-604-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-599-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-664-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-81-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-661-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-625-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-617-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-609-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3004-490-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3600-35-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3600-0-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-624-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-607-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-630-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-597-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-663-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-83-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-660-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-633-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-602-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-26-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-657-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-627-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-79-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-488-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/3672-616-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4628-613-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4628-80-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4628-608-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4628-603-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4628-489-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4628-27-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4628-598-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4628-84-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4644-610-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4644-614-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4644-87-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4644-600-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4644-86-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4644-568-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4644-605-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4644-40-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-596-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-623-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-615-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-626-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-78-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-656-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-606-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-82-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-659-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-632-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-487-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-662-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-601-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download

  • memory/4788-629-0x0000000000400000-0x00000000004A0000-memory.dmp

    Filesize

    640KB

    Download