Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

bd9d6d2a93...7N.exe

windows7-x64

10

bd9d6d2a93...7N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2025, 23:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd9d6d2a93d654cc0df5c71864b5018ad618048f1992673ddbc6562e01dd5007N.exe

  • Size

    65KB

  • MD5

    494ae3247c743693517233156ce2b500

  • SHA1

    4381c79d157d6a144f41c4e764620ff814013cec

  • SHA256

    bd9d6d2a93d654cc0df5c71864b5018ad618048f1992673ddbc6562e01dd5007

  • SHA512

    e40f965cd7fa4bf5a005e4bbd3c68a11fa325f8fc7e7360e38ac45ebb03e51cb6c22ccc2adfb35ec0a1d2b2b783835fa92ace9351fc01955f37b702ca422bde7

  • SSDEEP

    1536:Am+WZd0NqxCiwPxrZmulp44QI7e9X3tBQbAmf:FZiUxfwPNZxvQI7mX3obpf

Score
10/10
salitybackdoordefense_evasiondiscoverytrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Modifies firewall policy service 3 TTPs 3 IoCs
    defense_evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • Sality family
    sality
  • UAC bypass 3 TTPs 1 IoCs
    defense_evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    defense_evasiontrojan
  • Windows security modification 2 TTPs 7 IoCs
    defense_evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Enumerates connected drives 3 TTPs 15 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 32 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs
  • System policy modification 1 TTPs 1 IoCs
    defense_evasion

Processes

  • C:\Windows\system32\fontdrvhost.exe
    "fontdrvhost.exe"
    1⤵
      PID:776
    • C:\Windows\system32\fontdrvhost.exe
      "fontdrvhost.exe"
      1⤵
        PID:784
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        1⤵
          PID:60
        • C:\Windows\system32\sihost.exe
          sihost.exe
          1⤵
            PID:2676
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
            1⤵
              PID:2748
            • C:\Windows\system32\taskhostw.exe
              taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
              1⤵
                PID:3008
              • C:\Windows\Explorer.EXE
                C:\Windows\Explorer.EXE
                1⤵
                  PID:3400
                  • C:\Users\Admin\AppData\Local\Temp\bd9d6d2a93d654cc0df5c71864b5018ad618048f1992673ddbc6562e01dd5007N.exe
                    "C:\Users\Admin\AppData\Local\Temp\bd9d6d2a93d654cc0df5c71864b5018ad618048f1992673ddbc6562e01dd5007N.exe"
                    2⤵
                    • Modifies firewall policy service
                    • UAC bypass
                    • Windows security bypass
                    • Windows security modification
                    • Checks whether UAC is enabled
                    • Enumerates connected drives
                    • Drops file in Program Files directory
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    • System policy modification
                    PID:968
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                  1⤵
                    PID:3532
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                    1⤵
                      PID:3724
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3816
                      • C:\Windows\System32\RuntimeBroker.exe
                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                        1⤵
                          PID:3884
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:3972
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            1⤵
                              PID:3432
                            • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                              "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                              1⤵
                                PID:2492
                              • C:\Windows\System32\RuntimeBroker.exe
                                C:\Windows\System32\RuntimeBroker.exe -Embedding
                                1⤵
                                  PID:4216
                                • C:\Windows\system32\backgroundTaskHost.exe
                                  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                                  1⤵
                                    PID:2320
                                  • C:\Windows\system32\backgroundTaskHost.exe
                                    "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca
                                    1⤵
                                      PID:2116
                                    • C:\Windows\System32\RuntimeBroker.exe
                                      C:\Windows\System32\RuntimeBroker.exe -Embedding
                                      1⤵
                                        PID:4728
                                      • C:\Windows\System32\RuntimeBroker.exe
                                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                                        1⤵
                                          PID:4400

                                        Network

                                        • flag-us
                                          DNS
                                          g.bing.com
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          g.bing.com
                                          IN A
                                          Response
                                          g.bing.com
                                          IN CNAME
                                          g-bing-com.ax-0001.ax-msedge.net
                                          g-bing-com.ax-0001.ax-msedge.net
                                          IN CNAME
                                          ax-0001.ax-msedge.net
                                          ax-0001.ax-msedge.net
                                          IN A
                                          150.171.27.10
                                          ax-0001.ax-msedge.net
                                          IN A
                                          150.171.28.10
                                        • flag-us
                                          GET
                                          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=
                                          backgroundTaskHost.exe
                                          Remote address:
                                          150.171.27.10:443
                                          Request
                                          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid= HTTP/2.0
                                          host: g.bing.com
                                          accept-encoding: gzip, deflate
                                          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                          Response
                                          HTTP/2.0 204
                                          cache-control: no-cache, must-revalidate
                                          pragma: no-cache
                                          expires: Fri, 01 Jan 1990 00:00:00 GMT
                                          set-cookie: MUID=2CAAE0D1861B67E73665F55787A06650; domain=.bing.com; expires=Thu, 26-Feb-2026 23:56:02 GMT; path=/; SameSite=None; Secure; Priority=High;
                                          strict-transport-security: max-age=31536000; includeSubDomains; preload
                                          access-control-allow-origin: *
                                          x-cache: CONFIG_NOCACHE
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 3906CC0E8B1741D1A2DA7A3540A0FE1B Ref B: LON04EDGE0921 Ref C: 2025-02-01T23:56:02Z
                                          date: Sat, 01 Feb 2025 23:56:01 GMT
                                        • flag-us
                                          GET
                                          https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=
                                          backgroundTaskHost.exe
                                          Remote address:
                                          150.171.27.10:443
                                          Request
                                          GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid= HTTP/2.0
                                          host: g.bing.com
                                          accept-encoding: gzip, deflate
                                          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                          cookie: MUID=2CAAE0D1861B67E73665F55787A06650
                                          Response
                                          HTTP/2.0 204
                                          cache-control: no-cache, must-revalidate
                                          pragma: no-cache
                                          expires: Fri, 01 Jan 1990 00:00:00 GMT
                                          set-cookie: MSPTC=oV2owzvJw7PgDpgqYQmhVuwxnoBgs057zp-ApGWnKKo; domain=.bing.com; expires=Thu, 26-Feb-2026 23:56:02 GMT; path=/; Partitioned; secure; SameSite=None
                                          strict-transport-security: max-age=31536000; includeSubDomains; preload
                                          access-control-allow-origin: *
                                          x-cache: CONFIG_NOCACHE
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 1EDE8A940C614D2C8434FA79F9C14F87 Ref B: LON04EDGE0921 Ref C: 2025-02-01T23:56:02Z
                                          date: Sat, 01 Feb 2025 23:56:01 GMT
                                        • flag-us
                                          GET
                                          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=
                                          backgroundTaskHost.exe
                                          Remote address:
                                          150.171.27.10:443
                                          Request
                                          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid= HTTP/2.0
                                          host: g.bing.com
                                          accept-encoding: gzip, deflate
                                          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                          cookie: MUID=2CAAE0D1861B67E73665F55787A06650; MSPTC=oV2owzvJw7PgDpgqYQmhVuwxnoBgs057zp-ApGWnKKo
                                          Response
                                          HTTP/2.0 204
                                          cache-control: no-cache, must-revalidate
                                          pragma: no-cache
                                          expires: Fri, 01 Jan 1990 00:00:00 GMT
                                          strict-transport-security: max-age=31536000; includeSubDomains; preload
                                          access-control-allow-origin: *
                                          x-cache: CONFIG_NOCACHE
                                          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          x-msedge-ref: Ref A: 738A5AE630DD4A18B67E1B84F345B5FA Ref B: LON04EDGE0921 Ref C: 2025-02-01T23:56:02Z
                                          date: Sat, 01 Feb 2025 23:56:01 GMT
                                        • flag-us
                                          DNS
                                          8.8.8.8.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          8.8.8.8.in-addr.arpa
                                          IN PTR
                                          Response
                                          8.8.8.8.in-addr.arpa
                                          IN PTR
                                          dnsgoogle
                                        • flag-us
                                          DNS
                                          140.32.126.40.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          140.32.126.40.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          172.214.232.199.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          172.214.232.199.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          167.173.78.104.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          167.173.78.104.in-addr.arpa
                                          IN PTR
                                          Response
                                          167.173.78.104.in-addr.arpa
                                          IN PTR
                                          a104-78-173-167deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          50.23.12.20.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          50.23.12.20.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          206.23.85.13.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          206.23.85.13.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          134.130.81.91.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          134.130.81.91.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          13.153.16.2.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          13.153.16.2.in-addr.arpa
                                          IN PTR
                                          Response
                                          13.153.16.2.in-addr.arpa
                                          IN PTR
                                          a2-16-153-13deploystaticakamaitechnologiescom
                                        • flag-us
                                          DNS
                                          172.210.232.199.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          172.210.232.199.in-addr.arpa
                                          IN PTR
                                          Response
                                        • flag-us
                                          DNS
                                          11.227.111.52.in-addr.arpa
                                          Remote address:
                                          8.8.8.8:53
                                          Request
                                          11.227.111.52.in-addr.arpa
                                          IN PTR
                                          Response
                                        • 150.171.27.10:443
                                          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=
                                          tls, http2
                                          backgroundTaskHost.exe
                                          2.0kB
                                           9.3kB
                                           21
                                          18

                                          HTTP Request

                                          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=

                                          HTTP Response

                                          204

                                          HTTP Request

                                          GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=

                                          HTTP Response

                                          204

                                          HTTP Request

                                          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=90ed4d45472c4d5bb965d971b4f45c0b&localId=w:0E6DBFDF-A422-D12B-C993-83A8853F7845&deviceId=6966578605783440&anid=

                                          HTTP Response

                                          204
                                        • 8.8.8.8:53
                                          g.bing.com
                                          dns
                                          56 B
                                           148 B
                                           1
                                          1

                                          DNS Request

                                          g.bing.com

                                          DNS Response

                                          150.171.27.10
                                          150.171.28.10

                                        • 8.8.8.8:53
                                          8.8.8.8.in-addr.arpa
                                          dns
                                          66 B
                                           90 B
                                           1
                                          1

                                          DNS Request

                                          8.8.8.8.in-addr.arpa

                                        • 8.8.8.8:53
                                          140.32.126.40.in-addr.arpa
                                          dns
                                          72 B
                                           158 B
                                           1
                                          1

                                          DNS Request

                                          140.32.126.40.in-addr.arpa

                                        • 8.8.8.8:53
                                          172.214.232.199.in-addr.arpa
                                          dns
                                          74 B
                                           128 B
                                           1
                                          1

                                          DNS Request

                                          172.214.232.199.in-addr.arpa

                                        • 8.8.8.8:53
                                          167.173.78.104.in-addr.arpa
                                          dns
                                          73 B
                                           139 B
                                           1
                                          1

                                          DNS Request

                                          167.173.78.104.in-addr.arpa

                                        • 8.8.8.8:53
                                          50.23.12.20.in-addr.arpa
                                          dns
                                          70 B
                                           156 B
                                           1
                                          1

                                          DNS Request

                                          50.23.12.20.in-addr.arpa

                                        • 8.8.8.8:53
                                          206.23.85.13.in-addr.arpa
                                          dns
                                          71 B
                                           145 B
                                           1
                                          1

                                          DNS Request

                                          206.23.85.13.in-addr.arpa

                                        • 8.8.8.8:53
                                          134.130.81.91.in-addr.arpa
                                          dns
                                          72 B
                                           147 B
                                           1
                                          1

                                          DNS Request

                                          134.130.81.91.in-addr.arpa

                                        • 8.8.8.8:53
                                          13.153.16.2.in-addr.arpa
                                          dns
                                          70 B
                                           133 B
                                           1
                                          1

                                          DNS Request

                                          13.153.16.2.in-addr.arpa

                                        • 8.8.8.8:53
                                          172.210.232.199.in-addr.arpa
                                          dns
                                          74 B
                                           128 B
                                           1
                                          1

                                          DNS Request

                                          172.210.232.199.in-addr.arpa

                                        • 8.8.8.8:53
                                          11.227.111.52.in-addr.arpa
                                          dns
                                          72 B
                                           158 B
                                           1
                                          1

                                          DNS Request

                                          11.227.111.52.in-addr.arpa

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • memory/968-0-0x0000000000400000-0x0000000000412000-memory.dmp

                                          Filesize

                                          72KB

                                          Download

                                        • memory/968-3-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-6-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-5-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-4-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-7-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-14-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-19-0x00000000005F0000-0x00000000005F1000-memory.dmp

                                          Filesize

                                          4KB

                                          Download

                                        • memory/968-20-0x00000000005D0000-0x00000000005D2000-memory.dmp

                                          Filesize

                                          8KB

                                          Download

                                        • memory/968-21-0x00000000005D0000-0x00000000005D2000-memory.dmp

                                          Filesize

                                          8KB

                                          Download

                                        • memory/968-17-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-18-0x00000000005D0000-0x00000000005D2000-memory.dmp

                                          Filesize

                                          8KB

                                          Download

                                        • memory/968-8-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-15-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-16-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-22-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-23-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-24-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-25-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-26-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-28-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-29-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-30-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-32-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-33-0x00000000005D0000-0x00000000005D2000-memory.dmp

                                          Filesize

                                          8KB

                                          Download

                                        • memory/968-34-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-36-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-37-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-40-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-42-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-45-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-46-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-48-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-55-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-57-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-58-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-68-0x00000000005D0000-0x00000000005D2000-memory.dmp

                                          Filesize

                                          8KB

                                          Download

                                        • memory/968-64-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        • memory/968-80-0x0000000000400000-0x0000000000412000-memory.dmp

                                          Filesize

                                          72KB

                                          Download

                                        • memory/968-60-0x0000000000900000-0x00000000019BA000-memory.dmp

                                          Filesize

                                          16.7MB

                                          Download

                                        We care about your privacy.

                                        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.