play | 7bc87a26137cc07cabf31e6e4bcd0e514846b5dd727a29132919f2e6b317cde8

Resubmissions

12/06/2024, 22:11

240612-135j1asekc 10

12/06/2024, 20:56

240612-zq6qvstekp 10

28/05/2024, 13:15

240528-qg9aysfh38 10

27/05/2024, 20:52

240527-zn2dcshf8x 10

Analysis

max time kernel
81s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2TXt7S.exe
Size

326KB
MD5

21413e789eea9d581d047df32fad7fa7
SHA1

c361103da37aff0216281781dff09fa5c079864b
SHA256

7bc87a26137cc07cabf31e6e4bcd0e514846b5dd727a29132919f2e6b317cde8
SHA512

cd6bd0f43b0385a392395add3108134d8aeb62cea3ed470ddfeea66ac096cc6de5e85bc2dda3798a13437ae4b6c38580a3b2e24143db1835c88d268b2ec570c4
SSDEEP

6144:fXqpIW/yostkBUPSuLWT9Dj4IByRuE3AzJNxRGI20JE:/q2W/7+kBuqjKuE6NxAn0JE

Score

10^/10

play ransomware

Malware Config

Signatures

PLAY Ransomware, PlayCrypt
Ransomware family first seen in mid 2022.
ransomware play
Renames multiple (4674) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini	2TXt7S.exe
File opened for modification	C:\Program Files\desktop.ini	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2TXt7S.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	2TXt7S.exe
File opened (read-only)	\??\P:	2TXt7S.exe
File opened (read-only)	\??\T:	2TXt7S.exe
File opened (read-only)	\??\A:	2TXt7S.exe
File opened (read-only)	\??\B:	2TXt7S.exe
File opened (read-only)	\??\H:	2TXt7S.exe
File opened (read-only)	\??\J:	2TXt7S.exe
File opened (read-only)	\??\K:	2TXt7S.exe
File opened (read-only)	\??\U:	2TXt7S.exe
File opened (read-only)	\??\V:	2TXt7S.exe
File opened (read-only)	\??\X:	2TXt7S.exe
File opened (read-only)	\??\G:	2TXt7S.exe
File opened (read-only)	\??\L:	2TXt7S.exe
File opened (read-only)	\??\M:	2TXt7S.exe
File opened (read-only)	\??\O:	2TXt7S.exe
File opened (read-only)	\??\R:	2TXt7S.exe
File opened (read-only)	\??\Y:	2TXt7S.exe
File opened (read-only)	\??\W:	2TXt7S.exe
File opened (read-only)	\??\Z:	2TXt7S.exe
File opened (read-only)	\??\E:	2TXt7S.exe
File opened (read-only)	\??\I:	2TXt7S.exe
File opened (read-only)	\??\Q:	2TXt7S.exe
File opened (read-only)	\??\S:	2TXt7S.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\WideTile.scale-125.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\13.jpg	2TXt7S.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\TimerWideTile.contrast-white_scale-100.png	2TXt7S.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\convertpdf-rna-tool-view.js	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSWORD.OLB	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-150_contrast-white.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedStoreLogo.scale-100_contrast-white.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-256.png	2TXt7S.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\PeopleMedTile.scale-100.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-16_contrast-white.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailBadge.scale-150.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-150.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\WideTile.scale-100_contrast-black.png	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ppd.xrm-ms	2TXt7S.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_nothumbnail_34.svg	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-96_altform-unplated.png	2TXt7S.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-down-pressed.gif	2TXt7S.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fa.pak	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-200_contrast-white.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\canvas_light.jpg	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderWideTile.contrast-white_scale-100.png	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ul-oob.xrm-ms	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelFluent.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-80.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.scale-100.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-72_altform-unplated.png	2TXt7S.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\cs-cz\ui-strings.js	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionLargeTile.scale-100.png	2TXt7S.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\pdf.gif	2TXt7S.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\ui-strings.js	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOIDCLIL.DLL	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-96.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-100_contrast-black.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\151.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hi-IN\View3d\3DViewerProductDescription-universal.xml	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeMediumTile.scale-150.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN097.XML	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteWideTile.scale-400.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-72_altform-colorize.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\MemMDL2.1.85.ttf	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxSmallTile.scale-400.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-16_altform-unplated.png	2TXt7S.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\IETAG.DLL	2TXt7S.exe
File opened for modification	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\images\PayWide310x150Logo.scale-200.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptySearch.scale-150.png	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Outlook.scale-300.png	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OCLTINT.DLL	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\LockScreenLogo.scale-125.png	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms	2TXt7S.exe
File opened for modification	C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui	2TXt7S.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\Example3B.Diagnostics.Tests.ps1	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms	2TXt7S.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms	2TXt7S.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	8072	taskmgr.exe
Token: SeSystemProfilePrivilege	8072	taskmgr.exe
Token: SeCreateGlobalPrivilege	8072	taskmgr.exe

Suspicious use of FindShellTrayWindow 24 IoCs

pid	Process
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe
8072	taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\2TXt7S.exe
"C:\Users\Admin\AppData\Local\Temp\2TXt7S.exe"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
PID:688

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:8072

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:39180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini

Filesize
1KB

MD5
4e3d140ad66aebadb6306d222c74e4f2

SHA1
83f4e87c87f7fe2eb82e6a85439d01ccdc4020cb

SHA256
46f70abecce0f62d69fd25fb6aa2d364a3dd329866ef81e5358bb92e4b302331

SHA512
049657460db4240a0f6cf66a2a1fed8a2989d040e80fad74d1a143779592f5c258d5f883dff0c6be70527a740555d0016fe035e3b1d7ebdeed5a377cba6f3d5a

Download Submit
C:\$Recycle.Bin\S-1-5-21-4204450073-1267028356-951339405-1000\desktop.ini

Filesize
1KB

MD5
938a56fa0fdbbc62a899d3166a364471

SHA1
6e4d85f54e59a8c6b1e32673f485f99d4d3049b6

SHA256
840ee33e1e32a4bfba0699fdc86489c96ccf8c84a6014e42c3e79b85d4189bf9

SHA512
2df17cd280cd3d6809bee61fb477c44c8be89bf4001f8b04e4361e543cd5b698aa51820c93a1d04448502404eb9c440030f14bdc49ae3c5a2dca295bb8a4bb8f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
memory/688-0-0x0000000000B10000-0x0000000000B3C000-memory.dmp

Filesize
176KB

Download
memory/8072-6975-0x000002819A5E0000-0x000002819A5E1000-memory.dmp

Filesize
4KB

Download
memory/8072-6976-0x000002819A5E0000-0x000002819A5E1000-memory.dmp

Filesize
4KB

Download
memory/8072-6974-0x000002819A5E0000-0x000002819A5E1000-memory.dmp

Filesize
4KB

Download
memory/8072-6973-0x000002819A5E0000-0x000002819A5E1000-memory.dmp

Filesize
4KB

Download
memory/8072-6965-0x000002819A5E0000-0x000002819A5E1000-memory.dmp

Filesize
4KB

Download
memory/8072-6964-0x000002819A5E0000-0x000002819A5E1000-memory.dmp

Filesize
4KB

Download
memory/8072-6963-0x000002819A5E0000-0x000002819A5E1000-memory.dmp

Filesize
4KB

Download
memory/8072-6977-0x000002819A5E0000-0x000002819A5E1000-memory.dmp

Filesize
4KB

Download
memory/8072-6978-0x000002819A5E0000-0x000002819A5E1000-memory.dmp

Filesize
4KB

Download
memory/8072-6979-0x000002819A5E0000-0x000002819A5E1000-memory.dmp

Filesize
4KB

Download