82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150

Resubmissions

24/11/2022, 00:47

221124-a5b3csgb32 8

23/11/2022, 22:18

221123-17x1qahb48 8

Analysis

max time kernel
290s
max time network
198s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
23/11/2022, 22:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
Size

5.2MB
MD5

65bc10aa24d76ec1b02a151a16d053c0
SHA1

81bfa89a47ef789ea1cc5c98f02df2bc2a038a4e
SHA256

82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150
SHA512

b0e22e0050090d6f8bc9ae8291005e406d3ab3ea60976aa9394f2c37f59645d8df0ddca7dfe927b0f604428092778da3a3a968da11bc73ea042dfc87d7b9d298
SSDEEP

98304:VXISESTXsUp7ZcjxlqSs/eAFe6WgdLzjnezZED:Vr5sjjxcz20pz6zZm

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
3792	quegego fatilila voy boji.exe
1392	IaXkWQxCbj.exe
2200	IaXkWQxCbj.exe
2616	IaXkWQxCbj.exe
5044	IaXkWQxCbj.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3792 set thread context of 348	3792	quegego fatilila voy boji.exe	73

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
1348	schtasks.exe
508	schtasks.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4448	PING.EXE

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
3792	quegego fatilila voy boji.exe
3792	quegego fatilila voy boji.exe
3792	quegego fatilila voy boji.exe
3792	quegego fatilila voy boji.exe
3792	quegego fatilila voy boji.exe
3792	quegego fatilila voy boji.exe
3792	quegego fatilila voy boji.exe
3792	quegego fatilila voy boji.exe
3792	quegego fatilila voy boji.exe
3792	quegego fatilila voy boji.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 1348	1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe	66
PID 1940 wrote to memory of 1348	1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe	66
PID 1940 wrote to memory of 1348	1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe	66
PID 1940 wrote to memory of 3792	1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe	67
PID 1940 wrote to memory of 3792	1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe	67
PID 1940 wrote to memory of 3792	1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe	67
PID 1940 wrote to memory of 4696	1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe	69
PID 1940 wrote to memory of 4696	1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe	69
PID 1940 wrote to memory of 4696	1940	82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe	69
PID 4696 wrote to memory of 4228	4696	cmd.exe	71
PID 4696 wrote to memory of 4228	4696	cmd.exe	71
PID 4696 wrote to memory of 4228	4696	cmd.exe	71
PID 4696 wrote to memory of 4448	4696	cmd.exe	72
PID 4696 wrote to memory of 4448	4696	cmd.exe	72
PID 4696 wrote to memory of 4448	4696	cmd.exe	72
PID 3792 wrote to memory of 348	3792	quegego fatilila voy boji.exe	73
PID 3792 wrote to memory of 348	3792	quegego fatilila voy boji.exe	73
PID 3792 wrote to memory of 348	3792	quegego fatilila voy boji.exe	73
PID 3792 wrote to memory of 348	3792	quegego fatilila voy boji.exe	73
PID 3792 wrote to memory of 348	3792	quegego fatilila voy boji.exe	73
PID 348 wrote to memory of 4804	348	ngentask.exe	74
PID 348 wrote to memory of 4804	348	ngentask.exe	74
PID 348 wrote to memory of 4804	348	ngentask.exe	74
PID 4804 wrote to memory of 508	4804	cmd.exe	76
PID 4804 wrote to memory of 508	4804	cmd.exe	76
PID 4804 wrote to memory of 508	4804	cmd.exe	76

C:\Users\Admin\AppData\Local\Temp\82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe
"C:\Users\Admin\AppData\Local\Temp\82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\system32\schtasks.exe" /create /tn COMSurrogate /f /sc onlogon /rl highest /tr "C:\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe"
  2⤵
  - Creates scheduled task(s)
  PID:1348
- C:\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe
  "C:\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3792
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:348
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C schtasks /create /tn kqZiVKBcGO /tr C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe /st 00:00 /du 9999:59 /sc once /ri 1 /f
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4804
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn kqZiVKBcGO /tr C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe /st 00:00 /du 9999:59 /sc once /ri 1 /f
        5⤵
        Creates scheduled task(s)
        
        PID:508
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c chcp 65001 && ping 127.0.0.1 && DEL /F /S /Q /A "C:\Users\Admin\AppData\Local\Temp\82126fc4fd73e4fea6ee032f156572af9986acdc8c22f1f69253289a3b39b150.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4696
- - C:\Windows\SysWOW64\chcp.com
    chcp 65001
    3⤵
    PID:4228
- - C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1
    3⤵
    - Runs ping.exe
    PID:4448

C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe
C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe
1⤵
- Executes dropped EXE
PID:1392

C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe
C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe
1⤵
- Executes dropped EXE
PID:2200

C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe
C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe
1⤵
- Executes dropped EXE
PID:2616

C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe
C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe
1⤵
- Executes dropped EXE
PID:5044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\IaXkWQxCbj.exe.log

Filesize
425B

MD5
605f809fab8c19729d39d075f7ffdb53

SHA1
c546f877c9bd53563174a90312a8337fdfc5fdd9

SHA256
6904d540649e76c55f99530b81be17e099184bb4cad415aa9b9b39cc3677f556

SHA512
82cc12c3186ae23884b8d5c104638c8206272c4389ade56b926dfc1d437b03888159b3c790b188b54d277a262e731927e703e680ea642e1417faee27443fd5b3

Download Submit
C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe

Filesize
469.5MB

MD5
6eb80f37d4fda87a7120810ea42f500b

SHA1
5054b96b8bffe2a53936a0559105d2b0a5a071ba

SHA256
fb597ffcc4cf22c4b4597aa642b6ffcc823fb834404cf509f6f09e462de26682

SHA512
b1365a73fdf3bede04304fbfc1b0a85468c3c315691bffcefe031122ce2fa085324f5bc9d87cec7a9fefa129542cf9f66dbc26e7bbbd1e3ba653a66f5c9cb416

Download Submit
C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe

Filesize
469.5MB

MD5
6eb80f37d4fda87a7120810ea42f500b

SHA1
5054b96b8bffe2a53936a0559105d2b0a5a071ba

SHA256
fb597ffcc4cf22c4b4597aa642b6ffcc823fb834404cf509f6f09e462de26682

SHA512
b1365a73fdf3bede04304fbfc1b0a85468c3c315691bffcefe031122ce2fa085324f5bc9d87cec7a9fefa129542cf9f66dbc26e7bbbd1e3ba653a66f5c9cb416

Download Submit
C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe

Filesize
469.5MB

MD5
6eb80f37d4fda87a7120810ea42f500b

SHA1
5054b96b8bffe2a53936a0559105d2b0a5a071ba

SHA256
fb597ffcc4cf22c4b4597aa642b6ffcc823fb834404cf509f6f09e462de26682

SHA512
b1365a73fdf3bede04304fbfc1b0a85468c3c315691bffcefe031122ce2fa085324f5bc9d87cec7a9fefa129542cf9f66dbc26e7bbbd1e3ba653a66f5c9cb416

Download Submit
C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe

Filesize
469.5MB

MD5
6eb80f37d4fda87a7120810ea42f500b

SHA1
5054b96b8bffe2a53936a0559105d2b0a5a071ba

SHA256
fb597ffcc4cf22c4b4597aa642b6ffcc823fb834404cf509f6f09e462de26682

SHA512
b1365a73fdf3bede04304fbfc1b0a85468c3c315691bffcefe031122ce2fa085324f5bc9d87cec7a9fefa129542cf9f66dbc26e7bbbd1e3ba653a66f5c9cb416

Download Submit
C:\Users\Admin\AppData\Roaming\kqZiVKBcGO\IaXkWQxCbj.exe

Filesize
176.3MB

MD5
0a6738f45b929d669646eb1b7013beef

SHA1
4474ff91cf324ded26088a058798a738f6600bb0

SHA256
2ae18caf8fe9045c0fa68ae9d8e1e32c16f2a7b6e88ea13ab7b47bea71a3595f

SHA512
f453fa757d1d181703df146c7db96a3cb7dd7f3d90feb46df0c299407929e7bff3e61df7f1bce65a59a52f3ecc0d3a05d14414103c4e370d64cd42f830546efc

Download Submit
C:\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe

Filesize
812.2MB

MD5
0a920aefbbc8f0dc132d9bc2ee5afbda

SHA1
00bc88bee75ccfc3aac8c3e08b729cca357d38ef

SHA256
3b4edc8100fee54626ddba05e398fad2c95401dc91bf39b3315680ff110d3bff

SHA512
dcb06c43237b17f2099656ab28ecde25ba6fffb103d5f43505726c77e18fdb85273e625b7edb83179f6e51dfb4728a7513e473dbd2087b843ebbd848bfb38e10

Download Submit
C:\Users\Admin\vivaca loc kevilena xatequij nocolok_gijafe meci dokinori kikojiyi\quegego fatilila voy boji.exe

Filesize
812.2MB

MD5
0a920aefbbc8f0dc132d9bc2ee5afbda

SHA1
00bc88bee75ccfc3aac8c3e08b729cca357d38ef

SHA256
3b4edc8100fee54626ddba05e398fad2c95401dc91bf39b3315680ff110d3bff

SHA512
dcb06c43237b17f2099656ab28ecde25ba6fffb103d5f43505726c77e18fdb85273e625b7edb83179f6e51dfb4728a7513e473dbd2087b843ebbd848bfb38e10

Download Submit
memory/348-358-0x0000000000400000-0x00000000008CB000-memory.dmp

Filesize
4.8MB

Download
memory/348-332-0x0000000000400000-0x00000000008CB000-memory.dmp

Filesize
4.8MB

Download
memory/1348-186-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1348-185-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1348-184-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1392-394-0x0000000000200000-0x0000000000216000-memory.dmp

Filesize
88KB

Download
memory/1940-140-0x0000000002B90000-0x0000000004488000-memory.dmp

Filesize
25.0MB

Download
memory/1940-171-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-134-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-136-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-135-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-137-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-138-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-116-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-142-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-143-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-144-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-145-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-146-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-148-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-147-0x0000000004490000-0x000000000499B000-memory.dmp

Filesize
5.0MB

Download
memory/1940-149-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-150-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-153-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-152-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-151-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-154-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-155-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-156-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-157-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-158-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-159-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-160-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-161-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-162-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-163-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-164-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-165-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-166-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-167-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-168-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-169-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-170-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-133-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-172-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-173-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-174-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-175-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-176-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-177-0x0000000002B90000-0x0000000004488000-memory.dmp

Filesize
25.0MB

Download
memory/1940-178-0x0000000004490000-0x000000000499B000-memory.dmp

Filesize
5.0MB

Download
memory/1940-179-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-180-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-181-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-182-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-132-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-131-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-130-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-129-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-128-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-117-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-127-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-119-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-118-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-120-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-121-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-122-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-123-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-124-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-125-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-126-0x00000000778F0000-0x0000000077A7E000-memory.dmp

Filesize
1.6MB

Download
memory/3792-301-0x000000000DEB0000-0x000000001074F000-memory.dmp

Filesize
40.6MB

Download
memory/3792-300-0x00000000045D0000-0x0000000004AD6000-memory.dmp

Filesize
5.0MB

Download
memory/3792-299-0x0000000002CD0000-0x00000000045C3000-memory.dmp

Filesize
24.9MB

Download
memory/3792-298-0x000000000DEB0000-0x000000001074F000-memory.dmp

Filesize
40.6MB

Download
memory/3792-285-0x00000000045D0000-0x0000000004AD6000-memory.dmp

Filesize
5.0MB

Download
memory/3792-263-0x0000000002CD0000-0x00000000045C3000-memory.dmp

Filesize
24.9MB

Download