Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

Launcher.bat

windows10-1703-x64

6

compiler.exe

windows10-1703-x64

3

lua51.dll

windows10-1703-x64

3

Resubmissions

13/10/2024, 20:30 UTC

241013-zalezs1fmn 6

13/10/2024, 20:28 UTC

241013-y86cdaxalb 6

Analysis

  • max time kernel
    55s
  • max time network
    59s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    13/10/2024, 20:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Launcher.bat

  • Size

    5KB

  • MD5

    79e427676f790a73c7eace4401235a43

  • SHA1

    522b5b923e6711bbdeff463f95b863c724a16593

  • SHA256

    199066e589da3542f2540d91dccdb512561d2241ecc1199ca9fe4131566954f3

  • SHA512

    5e8383871e2397ee4eccf11f2494f9196655961ddb941681e8574158dcfa19d11f42ffc97f418f5129479fddb2570e7bf3347eb8aff1d8657ea6d3b61804b804

  • SSDEEP

    3:LjdIV9ZbLRJFFaR2/+ZFBW6:FIRI9FV

Score
6/10
discovery

Malware Config

Signatures

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Windows directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Launcher.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Users\Admin\AppData\Local\Temp\compiler.exe
      compiler.exe conf.txt
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:64
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /sc daily /st 11:20 /f /tn ApplicationExperienceAnalysis_ODA3 /tr ""C:\Users\Admin\AppData\Local\ODA3\ODA3.exe" "C:\Users\Admin\AppData\Local\ODA3\conf.txt""
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:3564
      • C:\Windows\SysWOW64\schtasks.exe
        schtasks /create /sc daily /st 11:20 /f /tn Setup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest
        3⤵
        • System Location Discovery: System Language Discovery
        • Scheduled Task/Job: Scheduled Task
        PID:3080
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\DisconnectFind.mht
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4608
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4608 CREDAT:82945 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1408
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1932
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4844

    Network

    • flag-us
      DNS
      ip-api.com
      compiler.exe
      Remote address:
      8.8.8.8:53
      Request
      ip-api.com
      IN A
      Response
      ip-api.com
      IN A
      208.95.112.1
    • flag-us
      GET
      http://ip-api.com/json/
      compiler.exe
      Remote address:
      208.95.112.1:80
      Request
      GET /json/ HTTP/1.1
      User-Agent: suysf5izyxr9sxo631xv9xwroxnjw0tzkuy73h40rytqqfp8uj8aq7h4j31vs38553f3opfbmqsxitr4
      Host: ip-api.com
      Response
      HTTP/1.1 200 OK
      Date: Sun, 13 Oct 2024 20:28:35 GMT
      Content-Type: application/json; charset=utf-8
      Content-Length: 289
      Access-Control-Allow-Origin: *
      X-Ttl: 60
      X-Rl: 44
    • flag-us
      DNS
      www.microsoft.com
      compiler.exe
      Remote address:
      8.8.8.8:53
      Request
      www.microsoft.com
      IN A
      Response
      www.microsoft.com
      IN CNAME
      www.microsoft.com-c-3.edgekey.net
      www.microsoft.com-c-3.edgekey.net
      IN CNAME
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
      IN CNAME
      e13678.dscb.akamaiedge.net
      e13678.dscb.akamaiedge.net
      IN A
      2.23.205.233
    • flag-gb
      GET
      https://www.microsoft.com/
      compiler.exe
      Remote address:
      2.23.205.233:443
      Request
      GET / HTTP/1.1
      Host: www.microsoft.com
      Cache-Control: no-cache
      Cookie: MUID=2C6FA802A1F9683F1A02BC55A055697D; _EDGE_V=1
      Response
      HTTP/1.1 302 Moved Temporarily
      Content-Length: 0
      Location: https://www.microsoft.com/en-gb/
      Date: Sun, 13 Oct 2024 20:28:37 GMT
      Connection: keep-alive
      TLS_version: tls1.2
      Strict-Transport-Security: max-age=31536000
      ms-cv: CASMicrosoftCV228602ef.0
      ms-cv-esi: CASMicrosoftCV228602ef.0
      X-RTag: ARRPrd
    • flag-ru
      PUT
      http://89.169.13.169/api/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
      compiler.exe
      Remote address:
      89.169.13.169:80
      Request
      PUT /api/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms HTTP/1.1
      Content-Type: multipart/form-data; boundary=m3imgimbp1oj7qszjf33osrgnbtoyvt5gn7nzmov
      User-Agent: suysf5izyxr9sxo631xv9xwroxnjw0tzkuy73h40rytqqfp8uj8aq7h4j31vs38553f3opfbmqsxitr4
      Host: 89.169.13.169
      Content-Length: 2765898
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Server: nginx/1.24.0 (Ubuntu)
      Date: Sun, 13 Oct 2024 20:28:40 GMT
      Content-Type: application/json
      Content-Length: 696
      Connection: keep-alive
      cf-cache-status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4DaW3UlyZq9qwwcShIPVavqKJwjvDb3MVEWiTWqkFleY7cL6o5s2xQW15uQ8KwzLhvHUOc98j0jbHu9dcNGTxcRFM%2FWwkmfrwzB8fAfgWBr1yJ%2FPs5dZe4fWW%2Fi2COLWPpbN"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      CF-RAY: 8d2213cbaf4e71c7-FRA
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      1.112.95.208.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      1.112.95.208.in-addr.arpa
      IN PTR
      Response
      1.112.95.208.in-addr.arpa
      IN PTR
      ip-apicom
    • flag-us
      DNS
      233.205.23.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      233.205.23.2.in-addr.arpa
      IN PTR
      Response
      233.205.23.2.in-addr.arpa
      IN PTR
      a2-23-205-233deploystaticakamaitechnologiescom
    • flag-us
      DNS
      169.13.169.89.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      169.13.169.89.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      roaming.officeapps.live.com
      WINWORD.EXE
      Remote address:
      8.8.8.8:53
      Request
      roaming.officeapps.live.com
      IN A
      Response
      roaming.officeapps.live.com
      IN CNAME
      prod.roaming1.live.com.akadns.net
      prod.roaming1.live.com.akadns.net
      IN CNAME
      eur.roaming1.live.com.akadns.net
      eur.roaming1.live.com.akadns.net
      IN CNAME
      frc-azsc-000.roaming.officeapps.live.com
      frc-azsc-000.roaming.officeapps.live.com
      IN CNAME
      osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com
      osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com
      IN A
      52.109.68.129
    • flag-fr
      POST
      https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
      WINWORD.EXE
      Remote address:
      52.109.68.129:443
      Request
      POST /rs/RoamingSoapService.svc HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      Content-Type: text/xml; charset=utf-8
      User-Agent: MS-WebServices/1.0
      SOAPAction: "http://tempuri.org/IRoamingSettingsService/GetConfig"
      Content-Length: 511
      Host: roaming.officeapps.live.com
      Response
      HTTP/1.1 200 OK
      Cache-Control: private
      Content-Type: text/xml; charset=utf-8
      Server: Microsoft-IIS/10.0
      X-OfficeFE: RoamingFE_IN_220
      X-OfficeVersion: 16.0.18130.30575
      X-OfficeCluster: frc-000.roaming.officeapps.live.com
      X-CorrelationId: 275f5d79-bace-406e-9718-64f85fb60ac3
      X-Powered-By: ASP.NET
      Date: Sun, 13 Oct 2024 20:29:18 GMT
      Content-Length: 654
    • flag-us
      DNS
      240.76.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.76.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      129.68.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      129.68.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      73.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      73.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      73.159.190.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      27.73.42.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      27.73.42.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      161.19.199.152.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      161.19.199.152.in-addr.arpa
      IN PTR
      Response
    • 208.95.112.1:80
      http://ip-api.com/json/
      http
      compiler.exe
      365 B
       558 B
       5
      2

      HTTP Request

      GET http://ip-api.com/json/

      HTTP Response

      200
    • 2.23.205.233:443
      https://www.microsoft.com/
      tls, http
      compiler.exe
      1.1kB
       7.1kB
       14
      12

      HTTP Request

      GET https://www.microsoft.com/

      HTTP Response

      302
    • 89.169.13.169:80
      http://89.169.13.169/api/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
      http
      compiler.exe
      2.9MB
       22.0kB
       2108
      490

      HTTP Request

      PUT http://89.169.13.169/api/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms

      HTTP Response

      200
    • 52.109.68.129:443
      https://roaming.officeapps.live.com/rs/RoamingSoapService.svc
      tls, http
      WINWORD.EXE
      1.7kB
       7.7kB
       11
      10

      HTTP Request

      POST https://roaming.officeapps.live.com/rs/RoamingSoapService.svc

      HTTP Response

      200
    • 8.8.8.8:53
      ip-api.com
      dns
      compiler.exe
      56 B
       72 B
       1
      1

      DNS Request

      ip-api.com

      DNS Response

      208.95.112.1

    • 8.8.8.8:53
      www.microsoft.com
      dns
      compiler.exe
      63 B
       230 B
       1
      1

      DNS Request

      www.microsoft.com

      DNS Response

      2.23.205.233

    • 8.8.8.8:53
      1.112.95.208.in-addr.arpa
      dns
      71 B
       95 B
       1
      1

      DNS Request

      1.112.95.208.in-addr.arpa

    • 8.8.8.8:53
      233.205.23.2.in-addr.arpa
      dns
      71 B
       135 B
       1
      1

      DNS Request

      233.205.23.2.in-addr.arpa

    • 8.8.8.8:53
      169.13.169.89.in-addr.arpa
      dns
      72 B
       132 B
       1
      1

      DNS Request

      169.13.169.89.in-addr.arpa

    • 8.8.8.8:53
      roaming.officeapps.live.com
      dns
      WINWORD.EXE
      73 B
       250 B
       1
      1

      DNS Request

      roaming.officeapps.live.com

      DNS Response

      52.109.68.129

    • 8.8.8.8:53
      240.76.109.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      240.76.109.52.in-addr.arpa

    • 8.8.8.8:53
      129.68.109.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      129.68.109.52.in-addr.arpa

    • 8.8.8.8:53
      73.159.190.20.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      73.159.190.20.in-addr.arpa

      DNS Request

      73.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      27.73.42.20.in-addr.arpa
      dns
      70 B
       156 B
       1
      1

      DNS Request

      27.73.42.20.in-addr.arpa

    • 8.8.8.8:53
      161.19.199.152.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      161.19.199.152.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/64-0-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-10-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-63-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-15-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-62-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-85-0x0000000000710000-0x0000000000711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/64-84-0x0000000000710000-0x0000000000711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/64-61-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-60-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-58-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-59-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-57-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-53-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-56-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-55-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-54-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-52-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-51-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-50-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-49-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-48-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-47-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-46-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-45-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-44-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-43-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-42-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-41-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-40-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-39-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-35-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-34-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-33-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-32-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-31-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-30-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-29-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-28-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-27-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-26-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-25-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-24-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-23-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-22-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-21-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-20-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-19-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-18-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-17-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-16-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-14-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-12-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-9-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-8-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-7-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-6-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-5-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-4-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-3-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-2-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-1-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-38-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-37-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-36-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-13-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-11-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/64-170-0x0000000000710000-0x0000000000711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1932-190-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-187-0x00007FFD6B1A5000-0x00007FFD6B1A6000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1932-191-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-193-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-195-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-194-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-198-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-197-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-196-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-199-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-204-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-207-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-208-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-206-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-203-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-202-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-205-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-449-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1932-465-0x00007FFD6B100000-0x00007FFD6B2DB000-memory.dmp

      Filesize

      1.9MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.