Overview

overview

10

Static

static

3

44cf010551...6b.exe

windows7-x64

3

44cf010551...6b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    104s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 21:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44cf0105511bc68e5d9c74bc85709b368f8764bf8ef1960053604ca24b28576b.exe

  • Size

    3.0MB

  • MD5

    0dace88da76e7a671567fd65a4049eb4

  • SHA1

    47e98c1451f0da5b7870c851828bddf5b077a3d1

  • SHA256

    44cf0105511bc68e5d9c74bc85709b368f8764bf8ef1960053604ca24b28576b

  • SHA512

    be7746fd7db3c775c5e132164e8074c50a9b00164e2e44478551cb2e50e06bdec6d4be89038eea2b4c4e69a86c30fea14483399494a9cfff58819c7bb534e976

  • SSDEEP

    49152:TZ4rujE/CLlVl80CdSI3LdmLgWtAjkhAC86LqmQKzeFH/LNqAznwCH:T+ruj+CLflabdSgGhI6OFGUwc

Score
10/10
salitybackdoordefense_evasiondiscoverytrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

Signatures

  • Modifies firewall policy service 3 TTPs 3 IoCs
    defense_evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • Sality family
    sality
  • UAC bypass 3 TTPs 1 IoCs
    defense_evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    defense_evasiontrojan
  • Windows security modification 2 TTPs 7 IoCs
    defense_evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 54 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • System policy modification 1 TTPs 1 IoCs
    defense_evasion

Processes

  • C:\Windows\system32\fontdrvhost.exe
    "fontdrvhost.exe"
    1⤵
      PID:788
    • C:\Windows\system32\fontdrvhost.exe
      "fontdrvhost.exe"
      1⤵
        PID:792
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        1⤵
          PID:1020
        • C:\Windows\system32\sihost.exe
          sihost.exe
          1⤵
            PID:2548
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
            1⤵
              PID:2592
            • C:\Windows\system32\taskhostw.exe
              taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
              1⤵
                PID:2744
              • C:\Windows\Explorer.EXE
                C:\Windows\Explorer.EXE
                1⤵
                  PID:3520
                  • C:\Users\Admin\AppData\Local\Temp\44cf0105511bc68e5d9c74bc85709b368f8764bf8ef1960053604ca24b28576b.exe
                    "C:\Users\Admin\AppData\Local\Temp\44cf0105511bc68e5d9c74bc85709b368f8764bf8ef1960053604ca24b28576b.exe"
                    2⤵
                    • Modifies firewall policy service
                    • UAC bypass
                    • Windows security bypass
                    • Windows security modification
                    • Checks whether UAC is enabled
                    • Drops file in Windows directory
                    • System Location Discovery: System Language Discovery
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    • System policy modification
                    PID:5424
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                  1⤵
                    PID:3672
                  • C:\Windows\system32\DllHost.exe
                    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                    1⤵
                      PID:3860
                    • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                      "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                      1⤵
                        PID:3952
                      • C:\Windows\System32\RuntimeBroker.exe
                        C:\Windows\System32\RuntimeBroker.exe -Embedding
                        1⤵
                          PID:4016
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                            PID:916
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            1⤵
                              PID:3892
                            • C:\Windows\System32\RuntimeBroker.exe
                              C:\Windows\System32\RuntimeBroker.exe -Embedding
                              1⤵
                                PID:5132

                              Network

                              • flag-us
                                DNS
                                tse1.mm.bing.net
                                Remote address:
                                8.8.8.8:53
                                Request
                                tse1.mm.bing.net
                                IN A
                                Response
                                tse1.mm.bing.net
                                IN CNAME
                                mm-mm.bing.net.trafficmanager.net
                                mm-mm.bing.net.trafficmanager.net
                                IN CNAME
                                ax-0001.ax-msedge.net
                                ax-0001.ax-msedge.net
                                IN A
                                150.171.28.10
                                ax-0001.ax-msedge.net
                                IN A
                                150.171.27.10
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301096_19QEA75LL3ZH4HJ9P&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                Remote address:
                                150.171.28.10:443
                                Request
                                GET /th?id=OADD2.10239317301096_19QEA75LL3ZH4HJ9P&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 892656
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: D18D57C1C3D64DFDB20BCBE99701EC96 Ref B: LON04EDGE0721 Ref C: 2025-03-28T21:14:19Z
                                date: Fri, 28 Mar 2025 21:14:18 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239355322803_1JLJ9TG11GYY1CXIR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                Remote address:
                                150.171.28.10:443
                                Request
                                GET /th?id=OADD2.10239355322803_1JLJ9TG11GYY1CXIR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 607034
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: FDA15F0FD5C040358DC1B9A350BE6D7B Ref B: LON04EDGE0721 Ref C: 2025-03-28T21:14:19Z
                                date: Fri, 28 Mar 2025 21:14:18 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                Remote address:
                                150.171.28.10:443
                                Request
                                GET /th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 671319
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: A739C251065F4377A77E93DB53648EC8 Ref B: LON04EDGE0721 Ref C: 2025-03-28T21:14:19Z
                                date: Fri, 28 Mar 2025 21:14:18 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                Remote address:
                                150.171.28.10:443
                                Request
                                GET /th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 866696
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 99A62E79EA5245059A52C4D6E5E0F356 Ref B: LON04EDGE0721 Ref C: 2025-03-28T21:14:19Z
                                date: Fri, 28 Mar 2025 21:14:18 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239355322789_1NJJE89Q6EOBYU560&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                Remote address:
                                150.171.28.10:443
                                Request
                                GET /th?id=OADD2.10239355322789_1NJJE89Q6EOBYU560&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 811239
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 91FA3D4416B64D7D848D213FAECD3986 Ref B: LON04EDGE0721 Ref C: 2025-03-28T21:14:19Z
                                date: Fri, 28 Mar 2025 21:14:18 GMT
                              • flag-us
                                GET
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301529_1DMPN0VMBUXDAYN7W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                Remote address:
                                150.171.28.10:443
                                Request
                                GET /th?id=OADD2.10239317301529_1DMPN0VMBUXDAYN7W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                host: tse1.mm.bing.net
                                accept: */*
                                accept-encoding: gzip, deflate, br
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                Response
                                HTTP/2.0 200
                                cache-control: public, max-age=2592000
                                content-length: 602397
                                content-type: image/jpeg
                                x-cache: TCP_HIT
                                access-control-allow-origin: *
                                access-control-allow-headers: *
                                access-control-allow-methods: GET, POST, OPTIONS
                                timing-allow-origin: *
                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: CC0CFBD806604835B55CFDC6FB98481C Ref B: LON04EDGE0721 Ref C: 2025-03-28T21:14:19Z
                                date: Fri, 28 Mar 2025 21:14:19 GMT
                              • flag-us
                                DNS
                                c.pki.goog
                                Remote address:
                                8.8.8.8:53
                                Request
                                c.pki.goog
                                IN A
                                Response
                                c.pki.goog
                                IN CNAME
                                pki-goog.l.google.com
                                pki-goog.l.google.com
                                IN A
                                142.250.187.195
                              • flag-gb
                                GET
                                http://c.pki.goog/r/r1.crl
                                Remote address:
                                142.250.187.195:80
                                Request
                                GET /r/r1.crl HTTP/1.1
                                Cache-Control: max-age = 3000
                                Connection: Keep-Alive
                                Accept: */*
                                If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                                User-Agent: Microsoft-CryptoAPI/10.0
                                Host: c.pki.goog
                                Response
                                HTTP/1.1 304 Not Modified
                                Date: Fri, 28 Mar 2025 20:31:00 GMT
                                Expires: Fri, 28 Mar 2025 21:21:00 GMT
                                Age: 2651
                                Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                Cache-Control: public, max-age=3000
                                Vary: Accept-Encoding
                              • 150.171.28.10:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                 6.9kB
                                 15
                                13
                              • 150.171.28.10:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                 6.9kB
                                 15
                                13
                              • 150.171.28.10:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                 6.9kB
                                 15
                                13
                              • 150.171.28.10:443
                                https://tse1.mm.bing.net/th?id=OADD2.10239317301529_1DMPN0VMBUXDAYN7W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                tls, http2
                                158.6kB
                                 4.6MB
                                 3350
                                3344

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301096_19QEA75LL3ZH4HJ9P&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239355322803_1JLJ9TG11GYY1CXIR&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239339388069_1LR6CG2CYQVB72KAZ&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239339388068_1L9UIL4HSMYJDR381&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239355322789_1NJJE89Q6EOBYU560&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Response

                                200

                                HTTP Request

                                GET https://tse1.mm.bing.net/th?id=OADD2.10239317301529_1DMPN0VMBUXDAYN7W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                HTTP Response

                                200
                              • 150.171.28.10:443
                                tse1.mm.bing.net
                                tls, http2
                                1.2kB
                                 6.9kB
                                 15
                                13
                              • 142.250.187.195:80
                                http://c.pki.goog/r/r1.crl
                                http
                                384 B
                                 355 B
                                 4
                                3

                                HTTP Request

                                GET http://c.pki.goog/r/r1.crl

                                HTTP Response

                                304
                              • 8.8.8.8:53
                                tse1.mm.bing.net
                                dns
                                62 B
                                 170 B
                                 1
                                1

                                DNS Request

                                tse1.mm.bing.net

                                DNS Response

                                150.171.28.10
                                150.171.27.10

                              • 8.8.8.8:53
                                c.pki.goog
                                dns
                                56 B
                                 107 B
                                 1
                                1

                                DNS Request

                                c.pki.goog

                                DNS Response

                                142.250.187.195

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • memory/5424-0-0x0000000000400000-0x000000000071E000-memory.dmp

                                Filesize

                                3.1MB

                                Download

                              • memory/5424-4-0x00000000026D0000-0x000000000378A000-memory.dmp

                                Filesize

                                16.7MB

                                Download

                              • memory/5424-5-0x00000000026D0000-0x000000000378A000-memory.dmp

                                Filesize

                                16.7MB

                                Download

                              • memory/5424-7-0x00000000026D0000-0x000000000378A000-memory.dmp

                                Filesize

                                16.7MB

                                Download

                              • memory/5424-9-0x00000000026D0000-0x000000000378A000-memory.dmp

                                Filesize

                                16.7MB

                                Download

                              • memory/5424-21-0x00000000026D0000-0x000000000378A000-memory.dmp

                                Filesize

                                16.7MB

                                Download

                              • memory/5424-15-0x00000000026D0000-0x000000000378A000-memory.dmp

                                Filesize

                                16.7MB

                                Download

                              • memory/5424-29-0x0000000000400000-0x000000000071E000-memory.dmp

                                Filesize

                                3.1MB

                                Download

                              • memory/5424-19-0x000000006E280000-0x000000006E290000-memory.dmp

                                Filesize

                                64KB

                                Download

                              • memory/5424-8-0x00000000026D0000-0x000000000378A000-memory.dmp

                                Filesize

                                16.7MB

                                Download

                              • memory/5424-3-0x00000000026D0000-0x000000000378A000-memory.dmp

                                Filesize

                                16.7MB

                                Download

                              • memory/5424-6-0x00000000026D0000-0x000000000378A000-memory.dmp

                                Filesize

                                16.7MB

                                Download

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.