e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 22:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
Size

26KB
MD5

32dcbcffa3eaabe014c6d568ed7e2ef0
SHA1

9bd046d5e96c04a23b049e870bd2aad6f19ad85a
SHA256

e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3
SHA512

958cc39113acca31be66368691ba09593c27eacb4bff67de47f628a909b6100ebb18b45bd91c0a2ff3fb164dc0521a5b847ec9729fe8eb2f97efb2dc2eecd8c2
SSDEEP

768:xZ1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:9fgLdQAQfcfymN

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\X:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\V:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\Q:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\M:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\G:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\Y:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\U:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\P:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\N:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\W:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\O:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\L:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\J:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\I:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\H:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\E:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\T:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\S:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\R:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened (read-only)	\??\K:	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javacpl.exe	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uk\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Antarctica\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Windows Mail\de-DE\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Windows Mail\wab.exe	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ms\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Windows Mail\WinMail.exe	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\Windows Photo Viewer\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\Java\jre7\lib\amd64\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Filters\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\v1.0\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\_desktop.ini	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2680	1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe	28
PID 1992 wrote to memory of 2680	1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe	28
PID 1992 wrote to memory of 2680	1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe	28
PID 1992 wrote to memory of 2680	1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe	28
PID 2680 wrote to memory of 2156	2680	net.exe	30
PID 2680 wrote to memory of 2156	2680	net.exe	30
PID 2680 wrote to memory of 2156	2680	net.exe	30
PID 2680 wrote to memory of 2156	2680	net.exe	30
PID 1992 wrote to memory of 1136	1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe	20
PID 1992 wrote to memory of 1136	1992	e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe	20

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1136
- C:\Users\Admin\AppData\Local\Temp\e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe
  "C:\Users\Admin\AppData\Local\Temp\e9063b566b527355e2147a6685476bfe939b5b3678e538191bd8b912583466b3.exe"
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1992
- - C:\Windows\SysWOW64\net.exe
    net stop "Kingsoft AntiVirus Service"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      4⤵
      PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
af27d328d8575df97663bd0a3150a5b0

SHA1
0755ce241baa85a180f22b3cacc8f25343ffb751

SHA256
39a8853eeabad681a08eaae3c0ec1ba72ee9eb09a42ca3e0780bff5d0129a085

SHA512
2bf3e8271a1c8727f4a41319a6b79796050654b4a27e87c724055089251b18bb0de24a42a3243590400e2a93105c5498fd7d0dd926e55930784678a736a8be3c

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
809KB

MD5
591ae9b3be85fe0aabcba155f2fe21a1

SHA1
9564350845e5e3be369aaf4f4afb4f6c5355950d

SHA256
be3d8f7972575c7051b038b5c4cd67fc84e5cd05a60d67f23b121f211fd0bfea

SHA512
5d7fa1e0292ce1d43f917ae633891c30406207877e66bf7edafcfef472dbe0b9bda70f115fdbf3914a74babe20990976c964752a890efbb49df62bab7868ce2f

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2721934792-624042501-2768869379-1000\_desktop.ini

Filesize
9B

MD5
108fdf573744a59e277323996400c0f6

SHA1
ef2455daeb8ca0208cae55e098524ee5a28db101

SHA256
cf34ef479883d417c78d4e5b3a1f7ed5d238644a5f27c7bf316cc8c3d00f2d15

SHA512
39da2234e2fcfe7cc622c810829f204f83b7f82cfc23c95edd38d82383e90e5005958689bcd0ec55dc51bb3e056293a2975fdf917bbbdedbcceedb9975648715

Download Submit
memory/1136-5-0x0000000002D20000-0x0000000002D21000-memory.dmp

Filesize
4KB

Download
memory/1992-66-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1992-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1992-72-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1992-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1992-545-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1992-1825-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1992-14-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1992-2405-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1992-3285-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1992-7-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download