Overview

overview

10

Static

static

10

LbsClient.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    500s
  • max time network
    588s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23-03-2023 10:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LbsClient.exe

  • Size

    63KB

  • MD5

    762f2fc17465058d27010124bb425202

  • SHA1

    1b6b701c9c09128886e4676c4f1e534c7db39ad9

  • SHA256

    ae045f8e36db8f38af35258127ff43a71d522ae6ad15b7aad527bf75dd7a7666

  • SHA512

    329eacc85396f176fb30989f8d85fbeea097388ab37edecf22c3f4f368c1b0b0106cc7ec5c5ad06abbe488868ce4a5731ab04e4e7852a3d37bb1bdc42bb4e932

  • SSDEEP

    768:8FfQVS7rGOe01ZDKMFiw7qyignMEOoCenkHubK23vuEBXKZ7ifudOPJhsAjDOep:Yfo/mKM1qrgnqebKivpaV0udOR3us

Score
10/10
xwormevasionpersistenceransomwarerattrojan

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Modifies extensions of user files 13 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 15 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 17 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LbsClient.exe
    "C:\Users\Admin\AppData\Local\Temp\LbsClient.exe"
    1⤵
    • Modifies extensions of user files
    • Checks computer location settings
    • Drops startup file
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Sets desktop wallpaper using registry
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Windows\System32\netsh.exe
      "C:\Windows\System32\netsh.exe" advfirewall set allprofiles state off
      2⤵
      • Modifies Windows Firewall
      PID:2992
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x350
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5004
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3820
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:4504
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4884
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2360
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:4348
  • \??\c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3696
    • C:\Windows\system32\dashost.exe
      dashost.exe {7e837cab-881e-4582-aa457097fafb8a1a}
      2⤵
        PID:4512

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Modify Existing Service

    1
    T1031

    Registry Run Keys / Startup Folder

    1
    T1060

    Privilege Escalation

    Defense Evasion

    Modify Registry

    3
    T1112

    Credential Access

    Discovery

    Query Registry

    3
    T1012

    System Information Discovery

    4
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Defacement

    1
    T1491

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Desktop\AssertSearch.midi
      Filesize

      724KB

      MD5

      234d1b4b9730194b2db27e198d187b2c

      SHA1

      5902b25ccbcb70a0fbed78aac940ad9813d6abcd

      SHA256

      7c8cc4053ab4e02f5417b15b57ae277a5729c9a4a25862861be5e961cddfc412

      SHA512

      dfeed01e1f5219f6aa3410734b45f3941e5756c7a7a5afb345e11b7eeba41d91f9fe11f92362cf22a1b7394caafdfd2d9ad7593dd4c2f13a87e702922006aa3c

      Download Submit
    • C:\Users\Admin\Desktop\CheckpointCompress.potx
      Filesize

      872KB

      MD5

      f1a9854351a1b3e4e7fc1f34507f859b

      SHA1

      254746e79fb6a158d5f0535ecc8df0b202c634d4

      SHA256

      e6be574da8419dd1f5d616d0ae542f6740b37f3a73021ed600c7eb3caadcb3f7

      SHA512

      34a5190d8afd84891b3e6786866c256eb0ce5a62a92ab4c4520b5bed418a1a83b5fe07b5d94ac6fd91ea8a4ef8b9f3a3e9db19a2e60151f62382ca7765fac351

      Download Submit
    • C:\Users\Admin\Desktop\ConnectMerge.hta
      Filesize

      1.2MB

      MD5

      f6916d773eefa6d524671534721b2ffe

      SHA1

      11a937738336e19305d83d593a208e1ec5b1e8dd

      SHA256

      c63fb5b8400f5242b8747d66d8fcae0cb67f229fdd1b7d62bbec37996fd7c038

      SHA512

      3e0a4094e9aec259ccdbe3e78e2ca810de0fb6878bd786092db464f5b809887c738048547a78f23b8d8c83f0966b1be38f45edd5fae8e5762716934a5f4efe58

      Download Submit
    • C:\Users\Admin\Desktop\DisconnectExport.DVR
      Filesize

      331KB

      MD5

      c24d56c5d9ddce078ef64e914f603ee2

      SHA1

      b8ea138b7e1edf42f69c07e92819af78d509df35

      SHA256

      03c3d4b8937483db5d953b8fc59e9441b9e50e37763a4b10a3b3b98d6cd6d7a5

      SHA512

      eac85552f98e046e58e2486a7915109f5dab22428567839e79fc7b0d1d3b10ba0583fcd8a56f8a455ae15a7e124b8217da5a5e0bc9877f8e9ec912d38df6bb7a

      Download Submit
    • C:\Users\Admin\Desktop\DismountUnpublish.dxf
      Filesize

      700KB

      MD5

      dc94e713cf1e806c004c730c88726e37

      SHA1

      f2b1f162bbf9e155a9dcc7b5c4b02880d34a8e2d

      SHA256

      74ffd4b83c0e6a636e2f4259a7fc55aeb782c13c53c62c9b6f37dca8bcec07b3

      SHA512

      0dc32b6f63c686d7b7562fb91319ceabf5e5f2480daa0035ca193858a5b0d3b2e7aba6343697924d23644241a277f86029ed9b844b49aea9780b75ed785ecab0

      Download Submit
    • C:\Users\Admin\Desktop\EditResolve.xml
      Filesize

      798KB

      MD5

      abfbec10e7a45af207308f9007c58ca4

      SHA1

      418cb1b5ddc4f677280755457bb665f7c0997b09

      SHA256

      6d624f65b562a19be2543fe91ca1c863b9bdebc3ee36c31812d9c4242119d2e4

      SHA512

      d34c88c5977e501bde390e02aa7d7667eccc12827847a23dbef78c10831045894e0331971432404b963074a195fbe4edd2146e687d094e682d90c3fc5221bf1d

      Download Submit
    • C:\Users\Admin\Desktop\EditSubmit.wdp
      Filesize

      454KB

      MD5

      05e142adbbf7879438020ba23db75deb

      SHA1

      c49ead53bc7809bd65709bced29d558eeb1148f2

      SHA256

      52d24995ffa520450ceacc62be9c4cfb7ba93834b40ce728dab93fc63d543333

      SHA512

      88aac8625b2debb664d5bef5a8be108a541ac9ab9084d94f5f26602cb9ee54d0b8d0d9a5456eadf4617c2be33d3c5e0c5a00f8daa79de510a6178b5e7cdf7fc3

      Download Submit
    • C:\Users\Admin\Desktop\GrantUninstall.m4v
      Filesize

      823KB

      MD5

      d0d291625a802bb418061bde6cc82e80

      SHA1

      1253a99853b3db3b26b0e4e4c0df48c99baf03fb

      SHA256

      b6d6f9e10a08f4a4911121c5d67ca32afa665d9fdfc8705715d4e10a5fdfb963

      SHA512

      f89ec41806aab1e6011b70c0467c51a8dbc3a6d34bcb8cf53f0ae9c1c625eff97dec7786e7e5d56a789a7b222afa64df6ea9c76b7cf9240a4559558c9908e904

      Download Submit
    • C:\Users\Admin\Desktop\HideComplete.M2TS
      Filesize

      602KB

      MD5

      cf1ddff7ac7750c8a89099947ccb7e7c

      SHA1

      de0239fb8faa2557ef88a4cf6d17d69cf6dd4ad5

      SHA256

      b6321c26934f1580f8701f5a4b37309075923fc304e5ceba2ea636a11e240c18

      SHA512

      613d764102f204b1866e3625e8107732aa09ab94d9205fcd2f66c9c1c7a8a44cb5bf1d96a31410d1499d20b3048fb72570c7cfc8c37cd35cb0a5d90d6a33c6b9

      Download Submit
    • C:\Users\Admin\Desktop\How To Decrypt My Files.html
      Filesize

      723B

      MD5

      553cf6c7e10d1c701098d7e1d0a01839

      SHA1

      3cbdf41c6d02de51754a2696a382485be5175771

      SHA256

      bfbb59fa451071b37088b6286c3e5941f2536c4d9a1b77c1c6e987da9545b6ae

      SHA512

      591ace58027c743e663598f29857e3fa52e47e5a015dfb5e46570fcc563b623306b6e9de5df0aed2f5242c7ae88178aced6c909ec3b8c075b5d7239922d3183c

      Download Submit
    • C:\Users\Admin\Desktop\ImportResize.3gpp
      Filesize

      577KB

      MD5

      249181f695e38e985bec2469f8f76420

      SHA1

      739762a4b201be3af0a731184381316048cbd030

      SHA256

      965c34ff9dc550204123e14c6bae56cec74a2771b8eefb2db0f4df6e602858a9

      SHA512

      6dec0266730741a4a32be9605543f38e4ab59ea907d0ce79a2cbad291995d84b73fffd42f0635a76b3c38c63a361f2d8ee56032e1c9e131d5f9064afa80e1866

      Download Submit
    • C:\Users\Admin\Desktop\NewWatch.potm
      Filesize

      552KB

      MD5

      c04416a26bbf574ea7bb183c81ca0fa6

      SHA1

      238e2ee7372303763b2e82389b848abf7cfbfa7b

      SHA256

      43b40d2549df6d092646e58de25a8b84d7f44968af2fad19b32bbac9eee1a7ed

      SHA512

      f06d03a43257618f706f2e40f8230b77f642830d6c836fe04782359a317212a5c725ce4e1f0b285a4e0974423ae72fef98eafafd4e95f7b2d00b452d92f733c5

      Download Submit
    • C:\Users\Admin\Desktop\PushAdd.hta
      Filesize

      675KB

      MD5

      7d9220ecdf025734c659cffa2872b431

      SHA1

      c689f2f76ea65849fbe29597bde4c6caf11cf7e0

      SHA256

      589f7393107679b9a0f0eb7a1d7141e8911d8bfa0da825e4c57d250b6aaf8302

      SHA512

      538b8f22a248813b532885012b8e104dcb68a581c876fc84aa769e1500a24bcdd31eab00825395ec15e2658d1a1a4ae33719bb09e652a86cb5d30208c1870ad1

      Download Submit
    • C:\Users\Admin\Desktop\ReceiveUnlock.wmv
      Filesize

      479KB

      MD5

      b0b5bd4181e60977ce54975685c3ee23

      SHA1

      14317a71458ec7bc1386956b0c680758096696d8

      SHA256

      cb570ec7dfac6308492a8488d6a8296af999b35fd728156a4627c9bc94be19f0

      SHA512

      cd88cf93c3471917456ff9a9028c5319aee28128661e54f3baadbe39f4e44dc5c51b9351d6c1981ad3cced36faf944177cad0830f7c3782c9e4f87c451136a12

      Download Submit
    • C:\Users\Admin\Desktop\RepairPublish.js
      Filesize

      847KB

      MD5

      d61dea54d0107d0fc0b13a68eaef05cc

      SHA1

      f9badc10788939426510a8ee3360ecf8891a2e26

      SHA256

      60ec68a3920ad8d1b0eab3812a4c7b6c519ff7f5e229bf756edd085ee56b0a2e

      SHA512

      48647c90214a729481bebbe0a1ad45a4450b12c0b97112a9ee86a850b4e183b375400d03df6e213272c974a49d87e2df198067c1167e5209f8a61a2ff98dfa03

      Download Submit
    • C:\Users\Admin\Desktop\RestartReceive.inf
      Filesize

      503KB

      MD5

      2a1a647bf0531e6b58f911b8f9b99526

      SHA1

      4e23e7e73d59c21250a587c850d698c1e7a3d1a5

      SHA256

      dfbee2030031a79466f492db272ae8a2b331a393385234a6cb3c6c7bea46ccf0

      SHA512

      c9a0d1f1af337ba43627f2ff02ad53b0f7d15c55a744ac31e47590384a200ca87ee787c22ec00cef3ebc242cbf8b838fbed67100f2dc0092ccb956b4e3d29249

      Download Submit
    • C:\Users\Admin\Desktop\SetTrace.css
      Filesize

      405KB

      MD5

      10b3381f6c898dfb611f57a74d4b386f

      SHA1

      8a0a62bac7369bbfa059877e0fce4def5954fe98

      SHA256

      50b28bc375e46ed16ef8874ccc50c2d60a2ad3d78a30d642bdb18c9f9e259189

      SHA512

      a09bbe21692a0f76f3fc2c95249096be67295ba9092eb7d5879c08684e6216f15bd1c4451e2ed913df09fde8f1213ac065e6f72bfb1ed15831f6ebae37b10098

      Download Submit
    • C:\Users\Admin\Desktop\ShowCompress.xls
      Filesize

      307KB

      MD5

      ce29c978ad8f4a58d4e2cbcc289ef464

      SHA1

      801fc21d62e2a7387b9855726a330216c588e222

      SHA256

      cfd6b1c5faab64d06b1604a0c55217eeb9872a91f8420f7ea5140a9904f64448

      SHA512

      1b9be7ef36bc24bd41602ff014db9f115b2f0110e449a47fc73c1e5bedf4e53d38a890186e8a01a528cbc3ead8b04f53c685160151683f18a5895a057762ae8d

      Download Submit
    • C:\Users\Admin\Desktop\SplitSave.vsw
      Filesize

      356KB

      MD5

      cae131b13d6f445e207e5c7ce3cc6951

      SHA1

      8fc0a6b1227d1a1344a3fe421e12080bf1c5a1cd

      SHA256

      fb1c48beed1e9a0ab6527760702462f749d8d91e4ffd7b4104e0a1acbba91074

      SHA512

      617955555f7910e01810b6ba033df54d92679b78737165845a6995d60f8ba0342d1ba4632ebd9b32c664cca8c6171fb0a6a64d19406338cb0597c2838f9daf2f

      Download Submit
    • C:\Users\Admin\Desktop\UnblockInstall.mpeg3
      Filesize

      749KB

      MD5

      106968dc46af50370accd3cca9b32ab6

      SHA1

      83de0a61e5858cee709b7525c9716b5d79b42765

      SHA256

      1403c192a1fbaf15e2c6ecad1c8d22ce3177328c123a010076c4185a11f3811b

      SHA512

      daa3ad522d2308ce5363f11a27fc6376243236c752e38a0c24cfdf7e872eeda563993703a61b136d48abf1d04177ebbc069ef332999786c8f5b6e15a65d4157e

      Download Submit
    • C:\Users\Admin\Desktop\UnpublishInstall.kix
      Filesize

      528KB

      MD5

      4041687817107e14909b09e623642071

      SHA1

      810b28d9b299e40706373b802eab4d44153ff2f3

      SHA256

      2d159ad41a5e19a4c0dd1e1702e38f3c63ea85bb74f9fbb71d0e500a036205a2

      SHA512

      fe218bc2c795df41c9ba16ca57320bf2952d31fbad9356a2957945c6485fe2360d5e18e37a94707bb580f7556072a930dbe0e0069d274b880b86c566ef352bbe

      Download Submit
    • C:\Users\Admin\Desktop\WaitGrant.M2V
      Filesize

      380KB

      MD5

      4c58a8e0ef42d2971b2165b0b8543e1a

      SHA1

      6322cd31db087ee70e4d23d1d5115b461a65208d

      SHA256

      437342a05cd05ad8899de8a79d48c65e8eb315ac054614df523568c5d955649b

      SHA512

      db196d4ca4bc20df755e8e420b047f311e2b07cbb331ad4eb95b896fe8d2cc3727dba615012d3746bc4a0e6746580dc17bc26c99e6b94a8e3044eaa1cb557553

      Download Submit
    • C:\Users\Admin\Desktop\desktop.ini
      Filesize

      282B

      MD5

      9e36cc3537ee9ee1e3b10fa4e761045b

      SHA1

      7726f55012e1e26cc762c9982e7c6c54ca7bb303

      SHA256

      4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026

      SHA512

      5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

      Download Submit
    • C:\Users\Admin\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms.ENC
      Filesize

      16B

      MD5

      8a1dc1dc99b3f1aa6976b25e1fec0148

      SHA1

      cd7526a9f1f9b612c485b4b003fd934858a04bfb

      SHA256

      26f2351a62a3c8e8e89c26d5deba97a5b24c96ae751de9dcaaf0c71c4bfb32f7

      SHA512

      0cb0737bb5aca792010e3f7ee8086f8d6a55c53c2ff2efc9c1a55b67a49e5993914702b6b46e18e8ee7d4b10160984aecd433fd14d0b78f585f089d91f11a1b6

      Download Submit
    • C:\Users\Public\Desktop\Acrobat Reader DC.lnk
      Filesize

      2KB

      MD5

      2c186964b9004c3b7d66525c8cae5d01

      SHA1

      8648b586d3a639573328ad66770424a32e3e7b42

      SHA256

      2af7f4e66fe20c9a30dcc0f85c8620e8b14c4f04891d2bcdbfa000d4cf109e98

      SHA512

      1381c18e206ff4ba48da01360d0a7bad3f5cc06233de4cb76978fff36690d820ec7685f18f599c74ef17cc5a71ed0c716f7c9a68baf78272562d6318b456a5ba

      Download Submit
    • C:\Users\Public\Desktop\Firefox.lnk
      Filesize

      1000B

      MD5

      b590d1d9934daf510bf07f49b96dafa4

      SHA1

      6a47d9e0adf7031330898e6385d9c3bbb375da3a

      SHA256

      3c20b0fd7e148d0d06aef0071a21aad01f793299648213fd084132fc8fa41809

      SHA512

      5646282c1d0127d83ad65700a5baf818827978db71c0b2f736ad99ca51e11bc5176f48495c3343d2889bf19911785639d7586455f51043b239bcae2b74972536

      Download Submit
    • C:\Users\Public\Desktop\Google Chrome.lnk
      Filesize

      2KB

      MD5

      375ee1bc825ac37a3efc7ee09d8e7b8a

      SHA1

      0a93a5e2cff8de4d4ad0693e9797e77d305550a2

      SHA256

      c7b3a0b40bd0a121345da626f88ceeeae571dee81705bce74e2aa8453d4d2785

      SHA512

      e15df75c79f5d1cfbc827b5420749737a63caf5576c1aa94ccc43b635d54cceb54f429350bda647510b536db2de7bc055a43da68d41bf73829b91ec62c2e658d

      Download Submit
    • C:\Users\Public\Desktop\VLC media player.lnk
      Filesize

      923B

      MD5

      0babb1f3acaf09fd3d342cb999e1e2df

      SHA1

      2bd664048653492e60a12d170e25e8d031656b27

      SHA256

      5afe5e8f41a1523ad95ef97a62fbc984503288fd5b79ae5fef29a8979f64df18

      SHA512

      bf780226c7474699bbf0f776064b7eac7ae146ec0a6dd2350253239b57192a684ca68b8a48858f9ae00f1abd89df1eae6faee256a85d96a0b1da0d60e12d8d99

      Download Submit
    • memory/2052-130-0x000000001EDD0000-0x000000001F2F6000-memory.dmp
      Filesize

      5.1MB

      Download
    • memory/2052-127-0x000000001BCA0000-0x000000001BCAC000-memory.dmp
      Filesize

      48KB

      Download
    • memory/2052-135-0x0000000000840000-0x000000000084C000-memory.dmp
      Filesize

      48KB

      Download
    • memory/2052-133-0x000000001B2C0000-0x000000001B2CA000-memory.dmp
      Filesize

      40KB

      Download
    • memory/2052-132-0x000000001B1F0000-0x000000001B1FC000-memory.dmp
      Filesize

      48KB

      Download
    • memory/2052-982-0x000000001B210000-0x000000001B21A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/2052-981-0x0000000000930000-0x000000000093A000-memory.dmp
      Filesize

      40KB

      Download
    • memory/2052-120-0x0000000000200000-0x0000000000216000-memory.dmp
      Filesize

      88KB

      Download
    • memory/2052-126-0x000000001E110000-0x000000001E19E000-memory.dmp
      Filesize

      568KB

      Download
    • memory/2052-125-0x000000001AD60000-0x000000001AD70000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2052-121-0x000000001AD60000-0x000000001AD70000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2360-383-0x000002C5E0530000-0x000002C5E0532000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2360-376-0x000002C5E0420000-0x000002C5E0422000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2360-379-0x000002C5E0450000-0x000002C5E0452000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2360-381-0x000002C5E0510000-0x000002C5E0512000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3820-368-0x000001B893F40000-0x000001B893F42000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3820-392-0x000001B88F600000-0x000001B88F601000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3820-389-0x000001B88F660000-0x000001B88F662000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3820-396-0x000001B88F3C0000-0x000001B88F3C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3820-367-0x000001B893E70000-0x000001B893E72000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3820-365-0x000001B88F640000-0x000001B88F642000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3820-363-0x000001B88F600000-0x000001B88F601000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3820-326-0x000001B88F220000-0x000001B88F230000-memory.dmp
      Filesize

      64KB

      Download
    • memory/3820-342-0x000001B88FB00000-0x000001B88FB10000-memory.dmp
      Filesize

      64KB

      Download