Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/09/2024, 03:29 UTC

General

  • Target

    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe

  • Size

    422KB

  • MD5

    6033e7a30bae3bf5950789361921c795

  • SHA1

    f3dfad41c52bad70e6afb92864dca1132963a95e

  • SHA256

    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e

  • SHA512

    2a5d0c723cbd7a968881d55faaefef6138d3566d29f9191a1d26ec131a5585a89f395921e08457d21f749e6824a63e2e6ab58099639d88854260dd8659c30ce8

  • SSDEEP

    6144:1EPt4XFZoFd1JuB90/vTRrJgDKVJaoHSF68pXzHP6B:4tpFRecrV6oqHi

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Signatures

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 8 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Kills process with taskkill 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
    "C:\Users\Admin\AppData\Local\Temp\7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 772
      2⤵
      • Program crash
      PID:124
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 816
      2⤵
      • Program crash
      PID:1084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 772
      2⤵
      • Program crash
      PID:3020
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 844
      2⤵
      • Program crash
      PID:4604
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 952
      2⤵
      • Program crash
      PID:788
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 1060
      2⤵
      • Program crash
      PID:1660
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 1428
      2⤵
      • Program crash
      PID:2944
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c taskkill /im "7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe" & exit
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1668
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /im "7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe" /f
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 1480
      2⤵
      • Program crash
      PID:1664
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 952 -ip 952
    1⤵
      PID:388
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 952 -ip 952
      1⤵
        PID:5008
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 952 -ip 952
        1⤵
          PID:1384
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 952 -ip 952
          1⤵
            PID:3936
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 952 -ip 952
            1⤵
              PID:840
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 952 -ip 952
              1⤵
                PID:1224
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 952 -ip 952
                1⤵
                  PID:3328
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 952 -ip 952
                  1⤵
                    PID:1488

                  Network

                  • flag-ru
                    GET
                    http://80.66.75.114/add?substr=one&s=two
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /add?substr=one&s=two HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: 1
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:39 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:39 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=99
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:42 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=98
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:44 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=97
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:46 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=96
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:48 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=95
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:50 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=94
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:52 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=93
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:54 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=92
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:56 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=91
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:29:58 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=90
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-ru
                    GET
                    http://80.66.75.114/files/download
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    Remote address:
                    80.66.75.114:80
                    Request
                    GET /files/download HTTP/1.1
                    Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
                    Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
                    Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
                    Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
                    User-Agent: B
                    Host: 80.66.75.114
                    Connection: Keep-Alive
                    Cache-Control: no-cache
                    Response
                    HTTP/1.1 200 OK
                    Date: Thu, 12 Sep 2024 03:30:01 GMT
                    Server: Apache/2.4.52 (Ubuntu)
                    Content-Length: 1
                    Keep-Alive: timeout=5, max=89
                    Connection: Keep-Alive
                    Content-Type: text/html; charset=UTF-8
                  • flag-us
                    DNS
                    114.75.66.80.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    114.75.66.80.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    8.8.8.8.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    8.8.8.8.in-addr.arpa
                    IN PTR
                    Response
                    8.8.8.8.in-addr.arpa
                    IN PTR
                    dnsgoogle
                  • flag-us
                    DNS
                    nexusrules.officeapps.live.com
                    Remote address:
                    8.8.8.8:53
                    Request
                    nexusrules.officeapps.live.com
                    IN A
                    Response
                    nexusrules.officeapps.live.com
                    IN CNAME
                    prod.nexusrules.live.com.akadns.net
                    prod.nexusrules.live.com.akadns.net
                    IN A
                    52.111.227.11
                  • flag-us
                    DNS
                    11.227.111.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    11.227.111.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    self.events.data.microsoft.com
                    Remote address:
                    8.8.8.8:53
                    Request
                    self.events.data.microsoft.com
                    IN A
                    Response
                    self.events.data.microsoft.com
                    IN CNAME
                    self-events-data.trafficmanager.net
                    self-events-data.trafficmanager.net
                    IN CNAME
                    onedscolprdweu08.westeurope.cloudapp.azure.com
                    onedscolprdweu08.westeurope.cloudapp.azure.com
                    IN A
                    52.178.17.233
                  • flag-us
                    DNS
                    233.17.178.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    233.17.178.52.in-addr.arpa
                    IN PTR
                    Response
                  • 80.66.75.114:80
                    http://80.66.75.114/files/download
                    http
                    7047b08b0091eecbc20b8f213dc446650befe900b586ac51ae2b3a5ebba44f4e.exe
                    5.9kB
                    3.1kB
                    27
                    17

                    HTTP Request

                    GET http://80.66.75.114/add?substr=one&s=two

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200

                    HTTP Request

                    GET http://80.66.75.114/files/download

                    HTTP Response

                    200
                  • 8.8.8.8:53
                    114.75.66.80.in-addr.arpa
                    dns
                    433 B
                    862 B
                    6
                    6

                    DNS Request

                    114.75.66.80.in-addr.arpa

                    DNS Request

                    8.8.8.8.in-addr.arpa

                    DNS Request

                    nexusrules.officeapps.live.com

                    DNS Response

                    52.111.227.11

                    DNS Request

                    11.227.111.52.in-addr.arpa

                    DNS Request

                    self.events.data.microsoft.com

                    DNS Response

                    52.178.17.233

                    DNS Request

                    233.17.178.52.in-addr.arpa

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\N0IA4YT0\download[1].htm

                    Filesize

                    1B

                    MD5

                    cfcd208495d565ef66e7dff9f98764da

                    SHA1

                    b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

                    SHA256

                    5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

                    SHA512

                    31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

                  • memory/952-1-0x00000000025B0000-0x00000000026B0000-memory.dmp

                    Filesize

                    1024KB

                  • memory/952-2-0x00000000042E0000-0x000000000430D000-memory.dmp

                    Filesize

                    180KB

                  • memory/952-3-0x0000000000400000-0x000000000042F000-memory.dmp

                    Filesize

                    188KB

                  • memory/952-8-0x00000000025B0000-0x00000000026B0000-memory.dmp

                    Filesize

                    1024KB

                  • memory/952-10-0x00000000042E0000-0x000000000430D000-memory.dmp

                    Filesize

                    180KB

                  • memory/952-13-0x0000000000400000-0x000000000042F000-memory.dmp

                    Filesize

                    188KB

                  • memory/952-11-0x0000000000400000-0x0000000002483000-memory.dmp

                    Filesize

                    32.5MB

                  • memory/952-22-0x0000000000400000-0x000000000042F000-memory.dmp

                    Filesize

                    188KB

                  • memory/952-21-0x0000000000400000-0x0000000002483000-memory.dmp

                    Filesize

                    32.5MB

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.