d2482ad6f78127753ae2a35e3c8739b65d5c7f7c845b91e68f33c0947d830ece

Resubmissions

03-08-2024 09:11

240803-k5xdeayemm 6

19-07-2024 12:47

240719-p1n9fs1hrn 10

Analysis

max time kernel
181s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KinitoPET - woody walk.mp3
Size

4.0MB
MD5

b6524d72afc8a3bdaadb00b4f9e12d6c
SHA1

03e803e40ffe8ce7482e463457ea45385a871a63
SHA256

d2482ad6f78127753ae2a35e3c8739b65d5c7f7c845b91e68f33c0947d830ece
SHA512

8178e2c4dc7aaa901dc2fbafff038ffcf41fd241a5ac7303cf05c14b2cd2b453c3cc60af7dd2e920d891e6a49742d18e732324d34ccdd436b92bb641c4b5e70b
SSDEEP

98304:fpB5VOwk/domBm5otse/wMD7W4TViR+5hUKka:fqGmYe/wMOJRMT

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2684	5560	WerFault.exe	89

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{EAC96E6D-3F52-41BE-864F-1FB0CC9E58E7}	wmplayer.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4836	vlc.exe
4328	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4836	vlc.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2996	unregmp2.exe
Token: SeCreatePagefilePrivilege	2996	unregmp2.exe
Token: SeShutdownPrivilege	5560	wmplayer.exe
Token: SeCreatePagefilePrivilege	5560	wmplayer.exe
Token: 33	1048	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1048	AUDIODG.EXE
Token: SeShutdownPrivilege	5560	wmplayer.exe
Token: SeCreatePagefilePrivilege	5560	wmplayer.exe
Token: 33	4836	vlc.exe
Token: SeIncBasePriorityPrivilege	4836	vlc.exe
Token: 33	4328	vlc.exe
Token: SeIncBasePriorityPrivilege	4328	vlc.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5560	wmplayer.exe
5560	wmplayer.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe

Suspicious use of SendNotifyMessage 23 IoCs

pid	Process
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe
4328	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4836	vlc.exe
4328	vlc.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 5560 wrote to memory of 948	5560	wmplayer.exe	92
PID 5560 wrote to memory of 948	5560	wmplayer.exe	92
PID 5560 wrote to memory of 948	5560	wmplayer.exe	92
PID 948 wrote to memory of 2996	948	unregmp2.exe	93
PID 948 wrote to memory of 2996	948	unregmp2.exe	93

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\KinitoPET - woody walk.mp3"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5560
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:948
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:2996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 2332
  2⤵
  - Program crash
  PID:2684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:1976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x534 0x530
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4768,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=948 /prefetch:8
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5560 -ip 5560
1⤵
PID:4572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5924

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\KinitoPET - woody walk.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4836

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\KinitoPET - woody walk.mp3"
1⤵
PID:3596

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\KinitoPET - woody walk.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
c7ca2711d80cd052da0d98ce7e6dec6b

SHA1
b051f0425224cf70e3a10636c21bf113bd1cd301

SHA256
a0c1147d7f6adb99735dc3fa370ef6fb8e6ddd3687eb7afd677af5c71df6957f

SHA512
487b985fe8a4fb9a0cb59ffb0b485133e0b089115e36b9bc3f0cbb64babd899daf1b282a9554b45874a59a4c7d9c07db370650c28a5731bde50f52e66a0fc0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
01e43a5998f6c4526404a5561d37eb77

SHA1
8b71760056dbcf997825f1b9331c491f85c5db25

SHA256
e129c17aa3dbfcfed6109a5481d3109970b06bda09c815538aa05045adde8a0a

SHA512
a4446269e1b13fa6ee84db6e77443dc95c5cdb2b3b54ecd1e3f8b7eecf515f7fe41998a234cd6ffa1e7ad62223437d807ebddb43bc09d67739ffc6347b86b129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
681fb1c68b4b79452a85326d1ba50117

SHA1
21ebc92b85ef78d10f6f2bd1767ae21950c4ab31

SHA256
ccf657f60f0964005d5acb7fb31bcd633a00df547a415078fc23fd4767179d74

SHA512
0e127b7e677654d95694198a7fe5977aaaf5c32d5a458c7318f57fcf463b3eefe793da66535089687cba94a7c9a8e665d152273be7bef9196e9d1a6977ee76d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
5433eab10c6b5c6d55b7cbd302426a39

SHA1
c5b1604b3350dab290d081eecd5389a895c58de5

SHA256
23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

SHA512
207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
908022d77b8e227fe082367741e536b5

SHA1
f8335fdc33af9b63efaf995cbe4b64d6c873b504

SHA256
61d2b8a01c819e54efe82636a8af0bb38cf1b9b838bb0e763c2c3bd0326f2b15

SHA512
861d37afc96e0fa27206ec39554ebcd8b0d25e70d57b8c6b0cf821ddfce0766c256939b2cc5ac9fc38ce2c2f4623523ed448be305560aa8b88db1d5675e2db94

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
548B

MD5
3aeb748077044734dd080d6f98f4e279

SHA1
5e79c78cb09d45832dc62f6f4e478e0a3706e2c9

SHA256
3d3b641ad075dc28e8e3910877d75081581fdaddc2be3accc98133c3b009d39a

SHA512
59eb57e7f258bb230c1a6f1543a53ab32ba0a88932bd624f6cf3fd8a30e9e77081ca8acf650913b472f854b2c4f4fb1769a34840d6af021467858166db0c4db0

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
588B

MD5
71527aacc17e3458f901e9c611aa7aab

SHA1
6cbe221b4a1dc82c60cf288c7e6a166f8333bc4c

SHA256
ac636634d84e27ec2a427f15b8fffe5a984fc67b60dc42a4dfbfb8c9678ba2de

SHA512
0e9ccd5c3024194ed2100157cd9a93bf795bf7d0b5511c8034445e824205c4a2f474c2d1d4a5221ad305e9da1a44042913a78253e1dde249829dbaa8290969d9

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
7b37c4f352a44c8246bf685258f75045

SHA1
817dacb245334f10de0297e69c98b4c9470f083e

SHA256
ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

SHA512
1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

Download Submit
memory/5560-70-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-82-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-43-0x0000000004D30000-0x0000000004D40000-memory.dmp

Filesize
64KB

Download
memory/5560-44-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-46-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-47-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-48-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-50-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-51-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-53-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-52-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-56-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-55-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-54-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-58-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-59-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-60-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-62-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-63-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-61-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-65-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-64-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-67-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-68-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-69-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-39-0x0000000006A50000-0x0000000006A60000-memory.dmp

Filesize
64KB

Download
memory/5560-71-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-72-0x0000000004D30000-0x0000000004D40000-memory.dmp

Filesize
64KB

Download
memory/5560-73-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-76-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-75-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-38-0x0000000006A50000-0x0000000006A60000-memory.dmp

Filesize
64KB

Download
memory/5560-83-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-81-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-80-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-79-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-78-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-77-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-74-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-84-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-90-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-91-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-89-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-88-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-87-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-92-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-94-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-93-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-95-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-98-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-97-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-99-0x0000000004D30000-0x0000000004D40000-memory.dmp

Filesize
64KB

Download
memory/5560-96-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-100-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-102-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-101-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-103-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-105-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-106-0x0000000004E60000-0x0000000004E70000-memory.dmp

Filesize
64KB

Download
memory/5560-104-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/5560-34-0x0000000006A50000-0x0000000006A60000-memory.dmp

Filesize
64KB

Download
memory/5560-36-0x0000000006A50000-0x0000000006A60000-memory.dmp

Filesize
64KB

Download
memory/5560-37-0x0000000006A50000-0x0000000006A60000-memory.dmp

Filesize
64KB

Download
memory/5560-35-0x0000000006A50000-0x0000000006A60000-memory.dmp

Filesize
64KB

Download