Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

2d480c7b69...eb.xls

windows7-x64

1

2d480c7b69...eb.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/05/2024, 06:40 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls

  • Size

    1.0MB

  • MD5

    8c545dd587fa71f85835f947e6d85b14

  • SHA1

    995f48353255ab855f43fa73cfac360a5e88fedf

  • SHA256

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb

  • SHA512

    1f1dd436b8432f1f6b839eaa260ad724bbc21478680d094fc000af9794e3b0f606c9250c1d94f77c684d89be1d82cd204c5c488ccca703eb9ddb86c178795b6f

  • SSDEEP

    12288:nDMduhqCSBkbYJ3KeJ5ZSbJMo4iW9HA5BuXvKB/FU/9v4RQ3l16WGZHHv7iMnCdn:DMm+sYJ3KaT8IiBO1vIQVoWGVYD

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1896

Network

  • flag-us
    DNS
    97.32.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.32.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    roaming.officeapps.live.com
    EXCEL.EXE
    Remote address:
    8.8.8.8:53
    Request
    roaming.officeapps.live.com
    IN A
    Response
    roaming.officeapps.live.com
    IN CNAME
    prod.roaming1.live.com.akadns.net
    prod.roaming1.live.com.akadns.net
    IN CNAME
    eur.roaming1.live.com.akadns.net
    eur.roaming1.live.com.akadns.net
    IN CNAME
    weu-azsc-000.roaming.officeapps.live.com
    weu-azsc-000.roaming.officeapps.live.com
    IN CNAME
    osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com
    osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com
    IN A
    52.109.89.19
  • flag-nl
    POST
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    EXCEL.EXE
    Remote address:
    52.109.89.19:443
    Request
    POST /rs/RoamingSoapService.svc HTTP/1.1
    Cache-Control: no-cache
    Connection: Keep-Alive
    Pragma: no-cache
    Content-Type: text/xml; charset=utf-8
    User-Agent: MS-WebServices/1.0
    SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
    Content-Length: 511
    Host: roaming.officeapps.live.com
    Response
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: text/xml; charset=utf-8
    Server: Microsoft-IIS/10.0
    X-OfficeFE: RoamingFE_IN_372
    X-OfficeVersion: 16.0.17711.30575
    X-OfficeCluster: weu-000.roaming.officeapps.live.com
    X-CorrelationId: 4bb26341-7d1d-4c3f-8eb6-b00e2821755e
    X-Powered-By: ASP.NET
    Date: Tue, 21 May 2024 06:40:41 GMT
    Content-Length: 654
  • flag-us
    DNS
    19.89.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.89.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    74.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    74.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.72:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Tue, 21 May 2024 06:40:45 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.443d3e17.1716273645.1ec63183
  • flag-us
    DNS
    72.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.61.62.23.in-addr.arpa
    IN PTR
    Response
    72.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-72deploystaticakamaitechnologiescom
  • flag-us
    DNS
    91.16.208.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    91.16.208.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    154.239.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    154.239.44.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.143.109.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.143.109.104.in-addr.arpa
    IN PTR
    Response
    28.143.109.104.in-addr.arpa
    IN PTR
    a104-109-143-28deploystaticakamaitechnologiescom
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 555746
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 158F6061F1914348ADDBE6A9A327E001 Ref B: LON04EDGE1114 Ref C: 2024-05-21T06:42:23Z
    date: Tue, 21 May 2024 06:42:23 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 659775
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C478890654AB4147B914C9FC3833CC5D Ref B: LON04EDGE1114 Ref C: 2024-05-21T06:42:23Z
    date: Tue, 21 May 2024 06:42:23 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 621794
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: CFE1E22D827F40879B75AD4ACBB9B2D2 Ref B: LON04EDGE1114 Ref C: 2024-05-21T06:42:23Z
    date: Tue, 21 May 2024 06:42:23 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 638730
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: AE39D629F980492AA2F23A0AF6F01F9D Ref B: LON04EDGE1114 Ref C: 2024-05-21T06:42:23Z
    date: Tue, 21 May 2024 06:42:23 GMT
  • 52.109.89.19:443
    https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
    tls, http
    EXCEL.EXE
    1.7kB
     7.7kB
     11
    10

    HTTP Request

    POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

    HTTP Response

    200
  • 23.62.61.72:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.4kB
     6.3kB
     16
    11

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    tls, http2
    114.9kB
     2.6MB
     1861
    1855

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931611_1SOG5TNNJKE1WH1R0&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931612_153L2SVWUYAQUME4E&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 8.8.8.8:53
    97.32.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.32.109.52.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    roaming.officeapps.live.com
    dns
    EXCEL.EXE
    73 B
     247 B
     1
    1

    DNS Request

    roaming.officeapps.live.com

    DNS Response

    52.109.89.19

  • 8.8.8.8:53
    19.89.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    19.89.109.52.in-addr.arpa

  • 8.8.8.8:53
    74.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    74.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    72.61.62.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    72.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    91.16.208.104.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    91.16.208.104.in-addr.arpa

  • 8.8.8.8:53
    154.239.44.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    154.239.44.20.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    28.143.109.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    28.143.109.104.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1896-0-0x00007FF986090000-0x00007FF9860A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1896-1-0x00007FF9C60AD000-0x00007FF9C60AE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1896-3-0x00007FF986090000-0x00007FF9860A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1896-4-0x00007FF986090000-0x00007FF9860A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1896-6-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-9-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-8-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-7-0x00007FF986090000-0x00007FF9860A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1896-5-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-2-0x00007FF986090000-0x00007FF9860A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1896-11-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-10-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-12-0x00007FF983F80000-0x00007FF983F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1896-13-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-14-0x00007FF983F80000-0x00007FF983F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1896-18-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-17-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-20-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-19-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-16-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-15-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-41-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-51-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-52-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-53-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-55-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-54-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-61-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-62-0x00007FF9C60AD000-0x00007FF9C60AE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1896-63-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-64-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-65-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-66-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1896-67-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.