Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

DFC.530.msi

windows7-x64

6

DFC.530.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    594s
  • max time network
    451s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    31/05/2024, 16:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DFC.530.msi

  • Size

    21.6MB

  • MD5

    29bd31f6b73955c2d4891c80b57cdc38

  • SHA1

    dd5b1caa91025f847377bcbcd15e537649e605e4

  • SHA256

    132b407090ee6245110b77bee17447e2c700a3b06deffa55a0fd1605691cd17b

  • SHA512

    f2160db5ed7138de7b50dbc0e71b07741a443abb10f55213053fa3fa7c0b388065f064b6e78b179f38a1738c44a878df444c04da40c655977e4d307f73dd416b

  • SSDEEP

    196608:Snv1sPXIIh4hez5nU65YEdrZU0n/34c2p1SFWZ+fMh5AQeF:SnvHIqhi5nd2Arj34fbCWZ+fMDze

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 4 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 12 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\DFC.530.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1072
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 953A0D265EDF8D726EC7F66A7698B431
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1032
      • C:\rieg2g4e\STEAL.exe
        "C:\rieg2g4e\STEAL.exe"
        3⤵
        • Adds Run key to start application
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2616

Network

  • flag-us
    DNS
    203.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.197.79.204.in-addr.arpa
    IN PTR
    Response
    203.197.79.204.in-addr.arpa
    IN PTR
    a-0003a-msedgenet
  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    80.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    80.90.14.23.in-addr.arpa
    IN PTR
    Response
    80.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-80deploystaticakamaitechnologiescom
  • flag-us
    DNS
    226.21.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.21.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-lu
    GET
    http://172.86.77.40/rells/3005.zip?Admin
    MsiExec.exe
    Remote address:
    172.86.77.40:80
    Request
    GET /rells/3005.zip?Admin HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Embarcadero URI Client/1.0
    Host: 172.86.77.40
    Response
    HTTP/1.1 200 OK
    Date: Fri, 31 May 2024 16:14:38 GMT
    Server: Apache/2.4.41 (Ubuntu)
    Last-Modified: Thu, 30 May 2024 20:08:42 GMT
    ETag: "1894e90-619b16ef94680"
    Accept-Ranges: bytes
    Content-Length: 25775760
    Keep-Alive: timeout=5, max=100
    Connection: Keep-Alive
    Content-Type: application/zip
  • flag-us
    DNS
    40.77.86.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    40.77.86.172.in-addr.arpa
    IN PTR
    Response
    40.77.86.172.in-addr.arpa
    IN PTR
    407786172staticcloudzycom
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-lu
    GET
    http://172.86.77.40/index.php?Admin
    MsiExec.exe
    Remote address:
    172.86.77.40:80
    Request
    GET /index.php?Admin HTTP/1.1
    Host: 172.86.77.40
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    User-Agent: Mozilla/3.0 (compatible; Indy Library)
    Response
    HTTP/1.1 200 OK
    Date: Fri, 31 May 2024 16:14:58 GMT
    Server: Apache/2.4.41 (Ubuntu)
    Content-Length: 0
    Content-Type: text/html; charset=UTF-8
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    98.56.20.217.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    98.56.20.217.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    112.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    112.90.14.23.in-addr.arpa
    IN PTR
    Response
    112.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-112deploystaticakamaitechnologiescom
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 449656
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E5D42FF9505541458D094EC259E71DFB Ref B: AMS04EDGE1109 Ref C: 2024-05-31T16:16:19Z
    date: Fri, 31 May 2024 16:16:18 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 468637
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7FEAEE5F894044B78DA8868054F7B802 Ref B: AMS04EDGE1109 Ref C: 2024-05-31T16:16:19Z
    date: Fri, 31 May 2024 16:16:18 GMT
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    170.117.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    170.117.168.52.in-addr.arpa
    IN PTR
    Response
  • 172.86.77.40:80
    http://172.86.77.40/rells/3005.zip?Admin
    http
    MsiExec.exe
    475.0kB
     26.5MB
     10130
    19001

    HTTP Request

    GET http://172.86.77.40/rells/3005.zip?Admin

    HTTP Response

    200
  • 172.86.77.40:80
    http://172.86.77.40/index.php?Admin
    http
    MsiExec.exe
    408 B
     319 B
     5
    4

    HTTP Request

    GET http://172.86.77.40/index.php?Admin

    HTTP Response

    200
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    34.5kB
     957.6kB
     701
    696

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 8.8.8.8:53
    203.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    203.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    80.90.14.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    80.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    226.21.18.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    226.21.18.104.in-addr.arpa

  • 8.8.8.8:53
    0.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    0.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    40.77.86.172.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    40.77.86.172.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    98.56.20.217.in-addr.arpa
    dns
    71 B
     131 B
     1
    1

    DNS Request

    98.56.20.217.in-addr.arpa

  • 8.8.8.8:53
    112.90.14.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    112.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    22.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    170.117.168.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    170.117.168.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_09B37B1D13D68619FD5280E35214FE13
    Filesize

    1KB

    MD5

    a63ccc56969df215c0be54ab9a06c413

    SHA1

    cac2af454324025d0c4d86814978e8e7d50a5a30

    SHA256

    d5db8956789150f7c3424d0271f1356600a91819453f8666b882a736190f1641

    SHA512

    30c2bd0414d673b98ebe35c0ac25281bdac206b7e528efe5f8446f5c93eaf4aadfa27c95a2f5494f876dd6ca3954c482a93b6431df98dcaa53113bc09d65ad38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
    Filesize

    1KB

    MD5

    11c76a11be5d4ec1511e15632be0039e

    SHA1

    9fad5a136d3e69a72d287287617efecc36794b27

    SHA256

    0347669871aa1458839c5d2053df261ed75be9c04a72896b76e8e535339735f8

    SHA512

    60b6b1b6e8fa22af55824b44e6877d0fdf45d70dc8bb1e7edab0c664d61feb7c1710a59d76a01ebfb5474b1211525ce4727ee639f165bc6132466485f5c1c117

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_09B37B1D13D68619FD5280E35214FE13
    Filesize

    536B

    MD5

    59eae3b5581353a4a7c40d6846296292

    SHA1

    24fd99d8d97bb6803fb1b33d60148dc8f729de85

    SHA256

    4e6c3f7aaf0cf2bc31a2ed5b0b23c69fae99ac1f20a7d102ceed8acf545358e0

    SHA512

    7f446046d95bbbd59fd2db94845abea97f007e0b43f61e4b1defd0e6b07e78eae5baa45d6142de406a7b379d361f5f2a88be1a33ef0f91507eb71562b0ac68ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
    Filesize

    536B

    MD5

    5f3cf40f88232a4dec7b1987e3473d4b

    SHA1

    34cf6d57f568fc4819146357f6b3cfc05e7bb570

    SHA256

    a347410a804787fcaf99157fc7aa250b9a12c2c6f3bd7381df266d57a8df80b5

    SHA512

    31802ecbe899e5848e8703ba37e16edff9a1cb2d82c0a4fb9e2c8ed42481f670e4ce944200d42cb2d58f2f025fe7d3c4c8a2ddd37a2bf7f09c3b36f1c4672abe

    Download Submit

  • C:\Windows\Installer\MSI663C.tmp
    Filesize

    554KB

    MD5

    3b171ce087bb799aafcbbd93bab27f71

    SHA1

    7bd69efbc7797bdff5510830ca2cc817c8b86d08

    SHA256

    bb9a3c8972d89ad03c1dee3e91f03a13aca8d370185ac521b8c48040cc285ef4

    SHA512

    7700d86f6f2c6798bed1be6cd651805376d545f48f0a89c08f7032066431cb4df980688a360c44275b8d7f8010769dc236fbdaa0184125d016acdf158989ee38

    Download Submit

  • C:\Windows\Installer\MSI697D.tmp
    Filesize

    20.4MB

    MD5

    82ae9c41bde2721eeac6b6a945793bd6

    SHA1

    edc21041c456116c63074adc0ff35697a032e1b1

    SHA256

    a8e34860b9d3e0b66504616984a17e2a3bb125bc11bad04e148dead9577b9954

    SHA512

    e02793e2d7db73a9202690c8f6d66a75098c6fa2ca9c9a10fdb48d954f845882422d515161575e6c6005603ea736f00c2850b5cc4ec8d4d5dfcb58ecb2c010b1

    Download Submit

  • C:\rieg2g4e\HumbillQT5.dll
    Filesize

    1.5MB

    MD5

    9e5aa15a31eb279cc89aa4aab29e5611

    SHA1

    8534d576fa9e9b1b5d4cfe697b71d0a87a379381

    SHA256

    d76c62368c4460ba683893adea061652900ba9cc923fe30585b8a169f58baa8a

    SHA512

    2c0fdd5170ba82a47884ceefa0c83d9cd9d740eb7fb18a7ec3baec76c8c6f890e2397dff65baf6197e1690e2e8765bb081c6a1d91bcc7f4ea2a34616832a9ea6

    Download Submit

  • C:\rieg2g4e\STEAL.exe
    Filesize

    9.1MB

    MD5

    74d3f521a38b23cd25ed61e4f8d99f16

    SHA1

    c4cd0e519aeca41e94665f2c5ea60a322deb3680

    SHA256

    1d822b3faabb8f65fc30076d32a95757a2c369ccb64ae54572e9f562280ae845

    SHA512

    ec1c8b0eb895fd8947cad6126abc5bca3a712e42475228b9dcb3496098e720abb83d4cba4621edbd8d3ad7f306a5f57ced9c2c98fe2c2d0c8ebbbf99d7faf0f1

    Download Submit

  • C:\rieg2g4e\unrar.dll
    Filesize

    174KB

    MD5

    4289541be75e95bcfff04857f7144d87

    SHA1

    5ec8085e30d75ec18b8b1e193b3d5aa1648b0d2e

    SHA256

    2631fcdf920610557736549e27939b9c760743a2cddec0b2c2254cfa40003fb0

    SHA512

    3137a7790de74a6413aca6c80fd57288bcc30a7df3a416f3c6e8666041cd47a9609136c91405eee23224c4ae67c9aebbba4dd9c4e5786b09b83318755b4a55fd

    Download Submit

  • memory/1032-40-0x00000000732A0000-0x00000000747CA000-memory.dmp

    Filesize

    21.2MB

    Download

  • memory/1032-56-0x00000000732A0000-0x00000000747CA000-memory.dmp

    Filesize

    21.2MB

    Download

  • memory/2616-92-0x000000000A500000-0x000000000A684000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2616-110-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-88-0x000000000A500000-0x000000000A684000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2616-89-0x000000000A500000-0x000000000A684000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2616-90-0x000000000A500000-0x000000000A684000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2616-94-0x000000000A500000-0x000000000A684000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2616-93-0x000000000A500000-0x000000000A684000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2616-85-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-91-0x000000000A500000-0x000000000A684000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2616-95-0x0000000000400000-0x0000000000D36000-memory.dmp

    Filesize

    9.2MB

    Download

  • memory/2616-96-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-98-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-103-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-87-0x000000000A500000-0x000000000A684000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2616-114-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-118-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-120-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-122-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-124-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-130-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-134-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-136-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-140-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-146-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

  • memory/2616-148-0x0000000005490000-0x0000000007078000-memory.dmp

    Filesize

    27.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.