Analysis

  • max time kernel
    120s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2024, 09:23 UTC

General

  • Target

    d0df03735eb50a56a91ed7788869cc9cee7e74be534020875b65f591e51aab19N.exe

  • Size

    80KB

  • MD5

    3f4e8158b0a9e0b499a71da3d77dcf60

  • SHA1

    ed37aad513db7d3a2598a42a2094f568b2b72b15

  • SHA256

    d0df03735eb50a56a91ed7788869cc9cee7e74be534020875b65f591e51aab19

  • SHA512

    69601cf8695f1d58453bf5b3126900bf9b7d5f8fb6e30b41f1790896ed80c640d83152821f0d0fa909bd42515850eedee47e5e995b9673fe40f81624f58a073a

  • SSDEEP

    1536:QPvK/3zvzVJJicVLhilofshQjzJxuOmb54vHTL+lf:Qi5ikFSofdzVmb5uHv+lf

Score
10/10

Malware Config

Signatures

  • BlackNET

    BlackNET is an open source remote access tool written in VB.NET.

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0df03735eb50a56a91ed7788869cc9cee7e74be534020875b65f591e51aab19N.exe
    "C:\Users\Admin\AppData\Local\Temp\d0df03735eb50a56a91ed7788869cc9cee7e74be534020875b65f591e51aab19N.exe"
    1⤵
    • Modifies Windows Defender Real-time Protection settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3316
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" Get-MpPreference -verbose
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2336

Network

  • flag-us
    DNS
    13.86.106.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.86.106.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    99.209.201.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    99.209.201.84.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    www.gunnylaumienphi2017.com
    d0df03735eb50a56a91ed7788869cc9cee7e74be534020875b65f591e51aab19N.exe
    Remote address:
    8.8.8.8:53
    Request
    www.gunnylaumienphi2017.com
    IN A
    Response
    www.gunnylaumienphi2017.com
    IN A
    103.92.25.194
  • flag-us
    DNS
    72.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.25.92.103.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.25.92.103.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    53.210.109.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    53.210.109.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388155_1D0BH5IJGCW4E5I58&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388155_1D0BH5IJGCW4E5I58&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 538654
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 20B806A33FFD49919C84480E984FFEC1 Ref B: LON601060102054 Ref C: 2024-10-19T09:25:14Z
    date: Sat, 19 Oct 2024 09:25:14 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418605_1YZ6O1QX1RJB3B5MZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418605_1YZ6O1QX1RJB3B5MZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 697659
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D74C5A7A6D814FA7B2DC2A7F505D469B Ref B: LON601060102054 Ref C: 2024-10-19T09:25:14Z
    date: Sat, 19 Oct 2024 09:25:14 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 645633
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 109E65ABA8B64577A8AE3400EA753FF8 Ref B: LON601060102054 Ref C: 2024-10-19T09:25:14Z
    date: Sat, 19 Oct 2024 09:25:14 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418606_136U7G6Z7CWHAJN4L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418606_136U7G6Z7CWHAJN4L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 617294
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 2AC6408F77C545349F66166E33589870 Ref B: LON601060102054 Ref C: 2024-10-19T09:25:14Z
    date: Sat, 19 Oct 2024 09:25:14 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 679925
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7DF8891187E348A6892667AC9DA45DC6 Ref B: LON601060102054 Ref C: 2024-10-19T09:25:14Z
    date: Sat, 19 Oct 2024 09:25:14 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388156_1Z2O2J8YHL5HTDB24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388156_1Z2O2J8YHL5HTDB24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 624243
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 99EE826943F04C8C9EE74F8BEE1991FC Ref B: LON601060102054 Ref C: 2024-10-19T09:25:15Z
    date: Sat, 19 Oct 2024 09:25:14 GMT
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • 103.92.25.194:443
    www.gunnylaumienphi2017.com
    tls
    d0df03735eb50a56a91ed7788869cc9cee7e74be534020875b65f591e51aab19N.exe
    2.3kB
    49.7kB
    27
    39
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239339388156_1Z2O2J8YHL5HTDB24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    137.0kB
    3.9MB
    2853
    2850

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388155_1D0BH5IJGCW4E5I58&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418605_1YZ6O1QX1RJB3B5MZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239353582481_1UFRZG7HSKJ6VOM8D&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418606_136U7G6Z7CWHAJN4L&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239353582480_11Y0WDW5HLDOO8GP5&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388156_1Z2O2J8YHL5HTDB24&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 8.8.8.8:53
    13.86.106.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    13.86.106.20.in-addr.arpa

  • 8.8.8.8:53
    99.209.201.84.in-addr.arpa
    dns
    72 B
    132 B
    1
    1

    DNS Request

    99.209.201.84.in-addr.arpa

  • 8.8.8.8:53
    www.gunnylaumienphi2017.com
    dns
    d0df03735eb50a56a91ed7788869cc9cee7e74be534020875b65f591e51aab19N.exe
    73 B
    89 B
    1
    1

    DNS Request

    www.gunnylaumienphi2017.com

    DNS Response

    103.92.25.194

  • 8.8.8.8:53
    72.32.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    72.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    194.25.92.103.in-addr.arpa
    dns
    72 B
    132 B
    1
    1

    DNS Request

    194.25.92.103.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    53.210.109.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    53.210.109.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
    144 B
    1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ejiht3jy.4t1.ps1

    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

  • memory/2336-17-0x00007FF8847E3000-0x00007FF8847E5000-memory.dmp

    Filesize

    8KB

  • memory/2336-18-0x000001E637310000-0x000001E637332000-memory.dmp

    Filesize

    136KB

  • memory/2336-28-0x00007FF8847E0000-0x00007FF8852A1000-memory.dmp

    Filesize

    10.8MB

  • memory/2336-33-0x00007FF8847E0000-0x00007FF8852A1000-memory.dmp

    Filesize

    10.8MB

  • memory/3316-58-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-70-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-2-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-3-0x000000001B780000-0x000000001BC4E000-memory.dmp

    Filesize

    4.8MB

  • memory/3316-4-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-5-0x000000001BD70000-0x000000001BE0C000-memory.dmp

    Filesize

    624KB

  • memory/3316-6-0x0000000000AF0000-0x0000000000AF8000-memory.dmp

    Filesize

    32KB

  • memory/3316-7-0x000000001BED0000-0x000000001BF1C000-memory.dmp

    Filesize

    304KB

  • memory/3316-8-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-9-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-10-0x000000001CB90000-0x000000001CBF2000-memory.dmp

    Filesize

    392KB

  • memory/3316-11-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-12-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-13-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-14-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-16-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-15-0x00007FF8880E5000-0x00007FF8880E6000-memory.dmp

    Filesize

    4KB

  • memory/3316-30-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-29-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-34-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-35-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-36-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-37-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-38-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-39-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-40-0x00007FF887E30000-0x00007FF8887D1000-memory.dmp

    Filesize

    9.6MB

  • memory/3316-41-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-42-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-59-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-44-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-45-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-46-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-47-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-49-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-48-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-50-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-61-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-53-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-52-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-54-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-55-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-56-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-57-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-0-0x00007FF8880E5000-0x00007FF8880E6000-memory.dmp

    Filesize

    4KB

  • memory/3316-43-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-1-0x000000001B1C0000-0x000000001B266000-memory.dmp

    Filesize

    664KB

  • memory/3316-51-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-63-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-62-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-65-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-64-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-67-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-66-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-69-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-68-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-60-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-71-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-73-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-72-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-75-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-74-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-77-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-76-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-79-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-78-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-81-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-80-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-82-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-83-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-85-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-84-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-87-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-86-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-89-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-88-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-91-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-90-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-93-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-92-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-94-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-96-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-95-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-98-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-97-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-99-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-101-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-100-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-102-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-103-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

  • memory/3316-104-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-105-0x0000000000B20000-0x0000000000B30000-memory.dmp

    Filesize

    64KB

  • memory/3316-106-0x000000001FC20000-0x000000001FD20000-memory.dmp

    Filesize

    1024KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.