57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
Size

29KB
MD5

058e737598a723c5ee233a21dea44bfa
SHA1

6ac91238ab02d5c905988b79631e4a4fb66c25c7
SHA256

57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64
SHA512

499b0a7204465ac3fd15156375a7bc980b3e4603891420489107f7308c1ac2a3834c3fe3247934bbcca10e3eafbd3a0aa32bc6bfbfdad412a5a3319261195e54
SSDEEP

384:NbbXh21Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzGOnJh:pT416GVRu1yK9fMnJG2V9dHS8

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\N:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\Q:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\U:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\T:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\M:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\I:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\E:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\Y:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\O:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\L:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\J:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\G:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\S:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\X:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\W:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\V:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\R:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\K:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\H:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened (read-only)	\??\Z:	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Windows Journal\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Mozilla Firefox\browser\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VGX\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Java\jre7\bin\keytool.exe	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\vsta_ep32.exe	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\skins\fonts\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.7\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Microsoft Games\More Games\es-ES\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\my\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\Presentation Designs\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ckb\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\_desktop.ini	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2044	2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe	28
PID 2452 wrote to memory of 2044	2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe	28
PID 2452 wrote to memory of 2044	2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe	28
PID 2452 wrote to memory of 2044	2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe	28
PID 2044 wrote to memory of 2620	2044	net.exe	30
PID 2044 wrote to memory of 2620	2044	net.exe	30
PID 2044 wrote to memory of 2620	2044	net.exe	30
PID 2044 wrote to memory of 2620	2044	net.exe	30
PID 2452 wrote to memory of 1204	2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe	15
PID 2452 wrote to memory of 1204	2452	57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe	15

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1204
- C:\Users\Admin\AppData\Local\Temp\57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe
  "C:\Users\Admin\AppData\Local\Temp\57780d93c601dab0af2262315048d2f4338e2fd4673b27431aad2994df235e64.exe"
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Windows\SysWOW64\net.exe
    net stop "Kingsoft AntiVirus Service"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2044
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      4⤵
      PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
a063fcec3d12e4b574ff0fcebb94d8ee

SHA1
5276dc1a49587121f61a1c413d2d680c2f2c800a

SHA256
3e36b16fa5f7f0056288c949d5679d0efba5b5aeea9ea229d7dec524b3e30832

SHA512
a4f98d9c2227723c7df7a1bc03fe9d3503218e8fc1bb5765bb0f326386d8d2c5c998260b55553033812a077dbccac9601206343057abf8018c9cfb24b56b8c6c

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
876KB

MD5
3ae698e003be987820f94f71e432caa2

SHA1
9e1af1c6b8560b452088604bac45e5328d1cc3df

SHA256
b8fe11638c4372251ff458a9f7ae0f67ad548f7ec4b658cb22b9ad57587917aa

SHA512
1939623bda2494af02eafb6b8fd80e8bb7ba54efee79072a599dadd64340e535d817f4efb2abaa1e792102d6f867417259665fc8e129101072f30b102cab3f9e

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
474KB

MD5
d31877eef7e561fbb55a7fb91d6d6d05

SHA1
a631ce13116e5a4854d17b9b9615cb38f0c62b21

SHA256
424bbd6dee004b2ac4592123e35297c3e03745c9e9f76c1a102686f7b2f630a0

SHA512
0efb6acb91de8b8d26e453856a3b80a61b2e9be79abc1af0073ad3f4dd57302251da9307ff4556351ac4b0e050bace38078081ac9d885b07fbdb055e541846da

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3849525425-30183055-657688904-1000\_desktop.ini

Filesize
10B

MD5
a2f55d4dd0965430ceab2e112f7ee0a8

SHA1
d5e114f97985141a73b1e325728e5fd21e432f60

SHA256
f905d8a1cc369898067bdb4538843b91eb17d0d84032e2b5766ef438e25f807f

SHA512
8bce44ff59da58c0f9a3fdec7edb997a6781cd8f6aa4bc8ef0945c0a4dcde1db93092b88d2e114cd29d58931265b2aa1055dab677716cf75f1482faaa4c9bcdc

Download Submit
memory/1204-5-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/2452-68-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2452-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2452-75-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2452-22-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2452-1827-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2452-17-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2452-3287-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2452-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download