Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e04e60efc4...18.exe

windows7-x64

10

e04e60efc4...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2024, 06:47 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe

  • Size

    632KB

  • MD5

    e04e60efc406faefb13b0fd319e2251f

  • SHA1

    9e0f221915f81e639a52eeaf76dc96f95ab05e4d

  • SHA256

    61cb3345fb32835c6be148fbcd92812c80cc168affea782936055ff62ca4dd4b

  • SHA512

    07b848691b0976b40411672b98030de36b4f10f1181f248f3150600a336cf3461ba1a2af2484399d2c43faeb5c474146edb206430990ca90f36684444cb77485

  • SSDEEP

    12288:0pacPt3R/dbmXv4k8OIpLaNrv/TFUVo6QyPa+DAB3YWLSiRw3K:K1KXL8hYFv/TmnibBzdp

Score
10/10
asyncratnanocorediscoveryevasionkeyloggerpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

sys2021.linkpc.net:11940

23.94.82.41:11940
Mutex

de7e01ad-963b-4e14-81aa-08dfb351f0fe

Attributes
  • activate_away_mode

    false

  • backup_connection_host

    23.94.82.41

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2021-04-24T08:14:59.254967636Z

  • bypass_user_account_control

    true

  • bypass_user_account_control_data

  • clear_access_control

    true

  • clear_zone_identifier

    false

  • connect_delay

    4000

  • connection_port

    11940

  • default_group

    Do

  • enable_debug_mode

    true

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    30000

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    de7e01ad-963b-4e14-81aa-08dfb351f0fe

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    sys2021.linkpc.net

  • primary_dns_server

    8.8.8.8

  • request_elevation

    true

  • restart_delay

    5000

  • run_delay

    0

  • run_on_startup

    false

  • set_critical_process

    true

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Extracted

Family

asyncrat

Version

0.5.2

C2

sys2021.linkpc.net:6606

Mutex

cd6-c2e0e3fbeef6

Attributes
  • delay

    0

  • install

    true

  • install_file

    notepad.exe

  • install_folder

    %AppData%

aes.plain
1
rB3EmmqsMf04PB56NZgAql32ERFSUs00

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Contains code to disable Windows Defender 2 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Nanocore family
    nanocore
  • Async RAT payload 1 IoCs
    rat
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Checks computer location settings
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2972
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4148
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Vzvcyragywwvopuhbwi.vbs"
      2⤵
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5220
      • C:\Users\Admin\AppData\Local\Temp\Edthlzkghxuafibmavvextdclient startup.exe
        "C:\Users\Admin\AppData\Local\Temp\Edthlzkghxuafibmavvextdclient startup.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:6212
        • C:\Windows\System32\WScript.exe
          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\tmp7B36.tmp.vbs"
          4⤵
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:5376
          • C:\Windows\System32\schtasks.exe
            "C:\Windows\System32\schtasks.exe" /create /sc onlogon /rl highest /tn notepad.exe /tr "C:\Users\Admin\AppData\Roaming\notepad.exe
            5⤵
            • Scheduled Task/Job: Scheduled Task
            PID:5316
        • C:\Users\Admin\AppData\Roaming\notepad.exe
          "C:\Users\Admin\AppData\Roaming\notepad.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:5468
    • C:\Users\Admin\AppData\Local\Temp\e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe
      2⤵
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1700
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:5784
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
        PID:620

      Network

      • flag-us
        DNS
        217.106.137.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        217.106.137.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        172.210.232.199.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        172.210.232.199.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        134.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        134.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        dns.google
        powershell.exe
        Remote address:
        8.8.8.8:53
        Request
        dns.google
        IN A
        Response
        dns.google
        IN A
        8.8.8.8
        dns.google
        IN A
        8.8.4.4
      • flag-us
        DNS
        28.118.140.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        28.118.140.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        50.23.12.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        50.23.12.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        198.187.3.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        198.187.3.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        sys2021.linkpc.net
        notepad.exe
        Remote address:
        8.8.8.8:53
        Request
        sys2021.linkpc.net
        IN A
        Response
        sys2021.linkpc.net
        IN CNAME
        linkpc.net
        linkpc.net
        IN A
        139.99.66.103
      • flag-us
        DNS
        sys2021.linkpc.net
        notepad.exe
        Remote address:
        8.8.8.8:53
        Request
        sys2021.linkpc.net
        IN A
        Response
        sys2021.linkpc.net
        IN CNAME
        linkpc.net
        linkpc.net
        IN A
        139.99.66.103
      • flag-us
        DNS
        sys2021.linkpc.net
        notepad.exe
        Remote address:
        8.8.8.8:53
        Request
        sys2021.linkpc.net
        IN A
        Response
        sys2021.linkpc.net
        IN CNAME
        linkpc.net
        linkpc.net
        IN A
        139.99.66.103
      • flag-us
        DNS
        180.129.81.91.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        180.129.81.91.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        sys2021.linkpc.net
        notepad.exe
        Remote address:
        8.8.8.8:53
        Request
        sys2021.linkpc.net
        IN A
        Response
        sys2021.linkpc.net
        IN CNAME
        linkpc.net
        linkpc.net
        IN A
        139.99.66.103
      • 139.99.66.103:11940
        sys2021.linkpc.net
        e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe
        208 B
         4
      • 139.99.66.103:6606
        sys2021.linkpc.net
        notepad.exe
        260 B
         5
      • 139.99.66.103:11940
        sys2021.linkpc.net
        e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe
        208 B
         4
      • 139.99.66.103:11940
        sys2021.linkpc.net
        e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe
        208 B
         4
      • 139.99.66.103:6606
        sys2021.linkpc.net
        notepad.exe
        260 B
         5
      • 23.94.82.41:11940
        e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe
        208 B
         4
      • 139.99.66.103:6606
        sys2021.linkpc.net
        notepad.exe
        260 B
         5
      • 23.94.82.41:11940
        e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe
        208 B
         4
      • 139.99.66.103:6606
        sys2021.linkpc.net
        notepad.exe
        156 B
         3
      • 23.94.82.41:11940
        e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe
        156 B
         3
      • 8.8.8.8:53
        217.106.137.52.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        217.106.137.52.in-addr.arpa

      • 8.8.8.8:53
        172.210.232.199.in-addr.arpa
        dns
        74 B
         128 B
         1
        1

        DNS Request

        172.210.232.199.in-addr.arpa

      • 8.8.8.8:53
        134.32.126.40.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        134.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        dns.google
        dns
        powershell.exe
        56 B
         88 B
         1
        1

        DNS Request

        dns.google

        DNS Response

        8.8.8.8
        8.8.4.4

      • 8.8.8.8:53
        28.118.140.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        28.118.140.52.in-addr.arpa

      • 8.8.8.8:53
        50.23.12.20.in-addr.arpa
        dns
        70 B
         156 B
         1
        1

        DNS Request

        50.23.12.20.in-addr.arpa

      • 8.8.8.8:53
        198.187.3.20.in-addr.arpa
        dns
        71 B
         157 B
         1
        1

        DNS Request

        198.187.3.20.in-addr.arpa

      • 8.8.8.8:53
        sys2021.linkpc.net
        dns
        notepad.exe
        64 B
         94 B
         1
        1

        DNS Request

        sys2021.linkpc.net

        DNS Response

        139.99.66.103

      • 8.8.8.8:53
        sys2021.linkpc.net
        dns
        notepad.exe
        64 B
         94 B
         1
        1

        DNS Request

        sys2021.linkpc.net

        DNS Response

        139.99.66.103

      • 8.8.8.8:53
        sys2021.linkpc.net
        dns
        notepad.exe
        64 B
         94 B
         1
        1

        DNS Request

        sys2021.linkpc.net

        DNS Response

        139.99.66.103

      • 8.8.8.8:53
        180.129.81.91.in-addr.arpa
        dns
        72 B
         147 B
         1
        1

        DNS Request

        180.129.81.91.in-addr.arpa

      • 8.8.8.8:53
        sys2021.linkpc.net
        dns
        notepad.exe
        64 B
         94 B
         1
        1

        DNS Request

        sys2021.linkpc.net

        DNS Response

        139.99.66.103

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\e04e60efc406faefb13b0fd319e2251f_JaffaCakes118.exe.log
        Filesize

        1KB

        MD5

        7ebe314bf617dc3e48b995a6c352740c

        SHA1

        538f643b7b30f9231a3035c448607f767527a870

        SHA256

        48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8

        SHA512

        0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
        Filesize

        2KB

        MD5

        0774a05ce5ee4c1af7097353c9296c62

        SHA1

        658ff96b111c21c39d7ad5f510fb72f9762114bb

        SHA256

        d9c5347ed06755feeb0615f1671f6b91e2718703da0dbc4b0bd205cbd2896dd4

        SHA512

        104d69fc4f4aaa5070b78ada130228939c7e01436351166fe51fe2da8a02f9948e6d92dd676f62820da1813872b91411e2f863c9a98a760581ec34d4aa354994

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
        Filesize

        19KB

        MD5

        cd56fba410186fe87b4c93c78d23d5d1

        SHA1

        b2dfabb33a6145b34a9b8b9b702773999e5bf2fb

        SHA256

        396351b7f9244b6bed568b31437a88b9f10ec106fc7663e30a98ec72e42fab31

        SHA512

        dab05d18784529fb9590c59c98b58980921ffcfd6c8ab78422ad30d5046b5194d707af8d514d9a5000e343bd0d5bfc8861cb046b38c522e3a11b37606f7b0dee

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Edthlzkghxuafibmavvextdclient startup.exe
        Filesize

        119KB

        MD5

        7c065aaedcccc8330d30dd098e2d080a

        SHA1

        d8e1a9251e02062264229d2b92366b33cba3615e

        SHA256

        8892f38077963d30d807e405177ca889e327e447473066ba7dbddacc58a5562c

        SHA512

        a193e0f337a16965726b0481324eda249e9f53ab0d24b48d63d736be35ff7208cab29fb6a5a6fc7c31dc34ddbba5423a2d4d4c1ecaf1f50c29f336c1fcb12469

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Vzvcyragywwvopuhbwi.vbs
        Filesize

        125B

        MD5

        e43caabb477eff9358b404c0658ea4b8

        SHA1

        ff9530a0a971b26d85323abe290427a32f135fe4

        SHA256

        796965acba70efdb0bc8d6633f5d35e745ce49d09f6600d8ff151545563c9430

        SHA512

        7eb32002d2a08d9342020bb0f073d21772f9569b9133a0f36334f3acaaefab2aab8c52f3b27ee4fc23148bab3ebd8cbdc15f7a1656ae9bf67997e3cc891383a8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_amzpmd21.4df.ps1
        Filesize

        60B

        MD5

        d17fe0a3f47be24a6453e9ef58c94641

        SHA1

        6ab83620379fc69f80c0242105ddffd7d98d5d9d

        SHA256

        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

        SHA512

        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\tmp7B36.tmp.vbs
        Filesize

        216B

        MD5

        3fd8d047dc23e8fe24f9cf58c7cd2b55

        SHA1

        57cf93639c8ed34f5bc06c4a7d795d712d3b8648

        SHA256

        4b207de241dc5c2ae5904d574fcccfbd2a85153c7b13f667055e96d15ad9eaec

        SHA512

        5d36a0ac43f312f8a6fc51e290aa56c687b1ff9a813f87a3f019452fc4db2a25ecb7596eda917db2748257c6d814eb14668b8ba16a1f630f0ae36723a6a35d8b

        Download Submit

      • memory/1700-1997-0x00000000063B0000-0x00000000063BA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1700-1996-0x00000000056F0000-0x000000000570E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/1700-1995-0x0000000005550000-0x000000000555A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1700-1989-0x0000000005560000-0x00000000055FC000-memory.dmp

        Filesize

        624KB

        Download

      • memory/1700-1988-0x0000000000400000-0x0000000000438000-memory.dmp

        Filesize

        224KB

        Download

      • memory/2384-67-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-57-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-1-0x00000000002A0000-0x0000000000344000-memory.dmp

        Filesize

        656KB

        Download

      • memory/2384-2-0x00000000051D0000-0x0000000005774000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/2384-3-0x0000000004D00000-0x0000000004D92000-memory.dmp

        Filesize

        584KB

        Download

      • memory/2384-4-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2384-5-0x0000000004EA0000-0x0000000004EAA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2384-1987-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2384-54-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-55-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-79-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-33-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2384-34-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2384-95-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-113-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-59-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-63-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-65-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-0-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2384-69-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-52-0x0000000005EF0000-0x0000000005F64000-memory.dmp

        Filesize

        464KB

        Download

      • memory/2384-53-0x0000000006A90000-0x0000000006B04000-memory.dmp

        Filesize

        464KB

        Download

      • memory/2384-61-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-71-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-117-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-115-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-111-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-109-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-107-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-105-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-103-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-101-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-99-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-97-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-93-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-91-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-89-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-87-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-85-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-83-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-81-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-77-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-75-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2384-73-0x0000000006A90000-0x0000000006AFE000-memory.dmp

        Filesize

        440KB

        Download

      • memory/2972-28-0x0000000006A20000-0x0000000006A42000-memory.dmp

        Filesize

        136KB

        Download

      • memory/2972-26-0x0000000006AA0000-0x0000000006B36000-memory.dmp

        Filesize

        600KB

        Download

      • memory/2972-13-0x0000000005640000-0x00000000056A6000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2972-12-0x00000000055D0000-0x0000000005636000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2972-23-0x0000000005DA0000-0x00000000060F4000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/2972-11-0x0000000005430000-0x0000000005452000-memory.dmp

        Filesize

        136KB

        Download

      • memory/2972-24-0x00000000064D0000-0x00000000064EE000-memory.dmp

        Filesize

        120KB

        Download

      • memory/2972-25-0x0000000006510000-0x000000000655C000-memory.dmp

        Filesize

        304KB

        Download

      • memory/2972-32-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2972-8-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2972-10-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2972-9-0x0000000005770000-0x0000000005D98000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/2972-29-0x00000000086E0000-0x0000000008D5A000-memory.dmp

        Filesize

        6.5MB

        Download

      • memory/2972-27-0x00000000069D0000-0x00000000069EA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/2972-7-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/2972-6-0x0000000002BD0000-0x0000000002C06000-memory.dmp

        Filesize

        216KB

        Download

      • memory/4148-51-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4148-36-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4148-37-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4148-38-0x0000000074EA0000-0x0000000075650000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/4148-39-0x0000000005AC0000-0x0000000005E14000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/6212-1992-0x0000000000A80000-0x0000000000AA4000-memory.dmp

        Filesize

        144KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.