Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

JaffaCakes...26.exe

windows7-x64

10

JaffaCakes...26.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2024, 13:07 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe

  • Size

    336.4MB

  • MD5

    876f5de542386abdc4699b77687e279e

  • SHA1

    24c0161a3968a97443be2cd1d1d96181285947bd

  • SHA256

    324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26

  • SHA512

    d1f12d0611093008d707d04c58dbae510dc84dfeb738a8052c174e2d2b5225226b398417ae918bb64792e41cec69eec4cc7ad66d7c15de0e6c664d3baa897f5b

  • SSDEEP

    98304:3QHpw7wLHY5E5ThVOTYheiqTBODGm/RygXAWVWCwi+1j7:AHpw7v5EPuBxeIhWVJw/1P

Score
10/10
vidar670discoveryevasionstealertrojan

Malware Config

Extracted

Family

vidar

Version

51.9

Botnet

670

C2

https://t.me/btc20220425

https://ieji.de/@ronxik213
Attributes
  • profile_id

    670

Signatures

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Vidar Stealer 19 IoCs
    stealer
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:4816

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    17.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    17.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    t.me
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    Remote address:
    8.8.8.8:53
    Request
    t.me
    IN A
    Response
    t.me
    IN A
    149.154.167.99
  • flag-nl
    GET
    https://t.me/btc20220425
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    Remote address:
    149.154.167.99:443
    Request
    GET /btc20220425 HTTP/1.1
    Host: t.me
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 24 Dec 2024 13:08:00 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 9608
    Connection: keep-alive
    Set-Cookie: stel_ssid=48841ef17ac3af9f9e_6070817319675319472; expires=Wed, 25 Dec 2024 13:08:00 GMT; path=/; samesite=None; secure; HttpOnly
    Pragma: no-cache
    Cache-control: no-store
    X-Frame-Options: ALLOW-FROM https://web.telegram.org
    Content-Security-Policy: frame-ancestors https://web.telegram.org
    Strict-Transport-Security: max-age=35768000
  • flag-us
    DNS
    ieji.de
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    Remote address:
    8.8.8.8:53
    Request
    ieji.de
    IN A
    Response
    ieji.de
    IN A
    45.135.201.222
  • flag-de
    GET
    https://ieji.de/@ronxik213
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    Remote address:
    45.135.201.222:443
    Request
    GET /@ronxik213 HTTP/1.1
    Host: ieji.de
    Response
    HTTP/1.1 410 Gone
    Connection: keep-alive
    Content-Length: 1270
    Server: kazu.host
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 0
    Referrer-Policy: same-origin
    Date: Tue, 24 Dec 2024 13:08:01 GMT
    Content-Type: text/html; charset=utf-8
    Cache-Control: max-age=180, public
    Content-Security-Policy: base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ieji.de; img-src 'self' data: blob: https://ieji.de https://ftp.ieji.de; style-src 'self' https://ieji.de 'nonce-NJ7+Juxog1rM5VWwg/k0dA=='; media-src 'self' data: https://ieji.de https://ftp.ieji.de; manifest-src 'self' https://ieji.de; form-action 'none'; child-src 'self' blob: https://ieji.de; worker-src 'self' blob: https://ieji.de; connect-src 'self' data: blob: https://ieji.de https://ftp.ieji.de wss://ieji.de; script-src 'self' https://ieji.de 'wasm-unsafe-eval'; frame-src 'self' https:
    X-Request-Id: 82bf3787-54f9-4f6b-b7a1-7aa92f4c749e
    X-Runtime: 0.004128
    vary: Accept, Accept-Language, Cookie, Origin
    content-security-policy: upgrade-insecure-requests
    cache-control: max-age=0, public, immutable, no-transform
    feature-policy: camera 'none'; microphone 'none'; payment 'none'
    strict-transport-security: max-age=63072000; includeSubDomains; preload
    alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
    x-clacks-overhead: GNU Terry Pratchett
    onion-location: https://iejideks5zu2v3zuthaxu5zz6m5o2j7vmbd24wh6dnuiyl7c6rfkcryd.onion/
  • flag-us
    DNS
    r10.o.lencr.org
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    Remote address:
    8.8.8.8:53
    Request
    r10.o.lencr.org
    IN A
    Response
    r10.o.lencr.org
    IN CNAME
    o.lencr.edgesuite.net
    o.lencr.edgesuite.net
    IN CNAME
    a1887.dscq.akamai.net
    a1887.dscq.akamai.net
    IN A
    88.221.134.137
    a1887.dscq.akamai.net
    IN A
    88.221.135.105
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    99.167.154.149.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    99.167.154.149.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.249.124.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.249.124.192.in-addr.arpa
    IN PTR
    Response
    23.249.124.192.in-addr.arpa
    IN PTR
    cloudproxy10023sucurinet
  • flag-us
    DNS
    222.201.135.45.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    222.201.135.45.in-addr.arpa
    IN PTR
    Response
    222.201.135.45.in-addr.arpa
    IN PTR
    iejide
  • flag-us
    DNS
    168.245.100.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    168.245.100.95.in-addr.arpa
    IN PTR
    Response
    168.245.100.95.in-addr.arpa
    IN PTR
    a95-100-245-168deploystaticakamaitechnologiescom
  • flag-gb
    GET
    http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgMPX%2FJP1kwSvK1699N7ZWR4Ow%3D%3D
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    Remote address:
    88.221.134.137:80
    Request
    GET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgMPX%2FJP1kwSvK1699N7ZWR4Ow%3D%3D HTTP/1.1
    Connection: Keep-Alive
    Accept: */*
    User-Agent: Microsoft-CryptoAPI/10.0
    Host: r10.o.lencr.org
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: application/ocsp-response
    Content-Length: 504
    ETag: "D96543E5AF17E9B64F6DF261AE4651A8BB6BE7AF3274F31CA9613E0B710641F8"
    Last-Modified: Tue, 24 Dec 2024 13:08:00 UTC
    Cache-Control: public, no-transform, must-revalidate, max-age=21600
    Expires: Tue, 24 Dec 2024 19:08:00 GMT
    Date: Tue, 24 Dec 2024 13:08:00 GMT
    Connection: keep-alive
  • flag-us
    DNS
    137.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    137.134.221.88.in-addr.arpa
    IN PTR
    Response
    137.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-137deploystaticakamaitechnologiescom
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
  • flag-nl
    GET
    https://t.me/btc20220425
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    Remote address:
    149.154.167.99:443
    Request
    GET /btc20220425 HTTP/1.1
    Host: t.me
    Cookie: stel_ssid=48841ef17ac3af9f9e_6070817319675319472
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.18.0
    Date: Tue, 24 Dec 2024 13:10:01 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 9608
    Connection: keep-alive
    Pragma: no-cache
    Cache-control: no-store
    X-Frame-Options: ALLOW-FROM https://web.telegram.org
    Content-Security-Policy: frame-ancestors https://web.telegram.org
    Strict-Transport-Security: max-age=35768000
  • flag-de
    GET
    https://ieji.de/@ronxik213
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    Remote address:
    45.135.201.222:443
    Request
    GET /@ronxik213 HTTP/1.1
    Host: ieji.de
    Response
    HTTP/1.1 410 Gone
    Connection: keep-alive
    Content-Length: 1270
    Server: kazu.host
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 0
    Referrer-Policy: same-origin
    Date: Tue, 24 Dec 2024 13:10:01 GMT
    Content-Type: text/html; charset=utf-8
    Cache-Control: max-age=180, public
    Content-Security-Policy: base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ieji.de; img-src 'self' data: blob: https://ieji.de https://ftp.ieji.de; style-src 'self' https://ieji.de 'nonce-JDNP2GFU2PnieXCBEQmTew=='; media-src 'self' data: https://ieji.de https://ftp.ieji.de; manifest-src 'self' https://ieji.de; form-action 'none'; child-src 'self' blob: https://ieji.de; worker-src 'self' blob: https://ieji.de; connect-src 'self' data: blob: https://ieji.de https://ftp.ieji.de wss://ieji.de; script-src 'self' https://ieji.de 'wasm-unsafe-eval'; frame-src 'self' https:
    X-Request-Id: 6cee5b67-088a-4086-b3e0-ce068db13def
    X-Runtime: 0.004516
    vary: Accept, Accept-Language, Cookie, Origin
    content-security-policy: upgrade-insecure-requests
    cache-control: max-age=0, public, immutable, no-transform
    feature-policy: camera 'none'; microphone 'none'; payment 'none'
    strict-transport-security: max-age=63072000; includeSubDomains; preload
    alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
    x-clacks-overhead: GNU Terry Pratchett
    onion-location: https://iejideks5zu2v3zuthaxu5zz6m5o2j7vmbd24wh6dnuiyl7c6rfkcryd.onion/
  • flag-us
    DNS
    153.141.79.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    153.141.79.40.in-addr.arpa
    IN PTR
    Response
  • 149.154.167.99:443
    https://t.me/btc20220425
    tls, http
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    1.4kB
     16.7kB
     23
    19

    HTTP Request

    GET https://t.me/btc20220425

    HTTP Response

    200
  • 45.135.201.222:443
    https://ieji.de/@ronxik213
    tls, http
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    971 B
     7.2kB
     14
    11

    HTTP Request

    GET https://ieji.de/@ronxik213

    HTTP Response

    410
  • 88.221.134.137:80
    http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgMPX%2FJP1kwSvK1699N7ZWR4Ow%3D%3D
    http
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    518 B
     1.1kB
     6
    4

    HTTP Request

    GET http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgMPX%2FJP1kwSvK1699N7ZWR4Ow%3D%3D

    HTTP Response

    200
  • 149.154.167.99:443
    https://t.me/btc20220425
    tls, http
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    1.3kB
     10.7kB
     17
    14

    HTTP Request

    GET https://t.me/btc20220425

    HTTP Response

    200
  • 45.135.201.222:443
    https://ieji.de/@ronxik213
    tls, http
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    999 B
     3.5kB
     11
    9

    HTTP Request

    GET https://ieji.de/@ronxik213

    HTTP Response

    410
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    17.160.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    17.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    t.me
    dns
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    50 B
     66 B
     1
    1

    DNS Request

    t.me

    DNS Response

    149.154.167.99

  • 8.8.8.8:53
    ieji.de
    dns
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    53 B
     69 B
     1
    1

    DNS Request

    ieji.de

    DNS Response

    45.135.201.222

  • 8.8.8.8:53
    r10.o.lencr.org
    dns
    JaffaCakes118_324c6159854181351a28a38c3f38a00007f2f150ef0d1c77fcc30424a8de6b26.exe
    61 B
     160 B
     1
    1

    DNS Request

    r10.o.lencr.org

    DNS Response

    88.221.134.137
    88.221.135.105

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    99.167.154.149.in-addr.arpa
    dns
    73 B
     166 B
     1
    1

    DNS Request

    99.167.154.149.in-addr.arpa

  • 8.8.8.8:53
    23.249.124.192.in-addr.arpa
    dns
    73 B
     113 B
     1
    1

    DNS Request

    23.249.124.192.in-addr.arpa

  • 8.8.8.8:53
    222.201.135.45.in-addr.arpa
    dns
    73 B
     94 B
     1
    1

    DNS Request

    222.201.135.45.in-addr.arpa

  • 8.8.8.8:53
    168.245.100.95.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    168.245.100.95.in-addr.arpa

  • 8.8.8.8:53
    137.134.221.88.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    137.134.221.88.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    144 B
     158 B
     2
    1

    DNS Request

    13.227.111.52.in-addr.arpa

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    153.141.79.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    153.141.79.40.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4816-0-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-1-0x0000000003220000-0x0000000003266000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4816-3-0x00000000009B1000-0x00000000009E8000-memory.dmp

    Filesize

    220KB

    Download

  • memory/4816-8-0x0000000003220000-0x0000000003266000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4816-9-0x0000000003270000-0x0000000003271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4816-10-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-12-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-11-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-13-0x0000000075AC0000-0x0000000075CD5000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4816-15-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-14-0x0000000076BF0000-0x0000000076E71000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4816-7-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-4-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-5-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-16-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-21-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-20-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-22-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-24-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-25-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-29-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-28-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-27-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-26-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-23-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-19-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-18-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-17-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-2-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-32-0x0000000076890000-0x00000000768B4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/4816-31-0x0000000075AC0000-0x0000000075CD5000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4816-30-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-33-0x00000000768C0000-0x00000000769E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4816-35-0x0000000074EB0000-0x0000000074FAA000-memory.dmp

    Filesize

    1000KB

    Download

  • memory/4816-34-0x0000000075E70000-0x0000000075F2F000-memory.dmp

    Filesize

    764KB

    Download

  • memory/4816-38-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-36-0x0000000074B40000-0x0000000074CA9000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/4816-39-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-40-0x0000000003220000-0x0000000003266000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4816-41-0x00000000009B1000-0x00000000009E8000-memory.dmp

    Filesize

    220KB

    Download

  • memory/4816-42-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-43-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-63-0x0000000075E70000-0x0000000075F2F000-memory.dmp

    Filesize

    764KB

    Download

  • memory/4816-66-0x0000000076BF0000-0x0000000076E71000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/4816-67-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-64-0x0000000074EB0000-0x0000000074FAA000-memory.dmp

    Filesize

    1000KB

    Download

  • memory/4816-62-0x00000000768C0000-0x00000000769E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4816-60-0x0000000075AC0000-0x0000000075CD5000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4816-59-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-68-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-76-0x00000000009B0000-0x00000000010DE000-memory.dmp

    Filesize

    7.2MB

    Download

  • memory/4816-87-0x00000000768C0000-0x00000000769E0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4816-89-0x0000000074EB0000-0x0000000074FAA000-memory.dmp

    Filesize

    1000KB

    Download

  • memory/4816-88-0x0000000075E70000-0x0000000075F2F000-memory.dmp

    Filesize

    764KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.