90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe
Size

297KB
MD5

9fa8a0d36ec0243a4bab2614ad612daf
SHA1

3a54246137a1c17bcc9d9257bae49e1b0af5f611
SHA256

90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418
SHA512

d8602e883fbe1daa760f24e104c5d561b315216a4e884b5fcc1f0b7fc0ad9865d2040d5dfe67910f16043b1f2d44bd6c980a633cd2d68b789f1dc0b6dcc8d510
SSDEEP

6144:KVfgPRXEsQ8sX8DohN09wzABEtot5AOxdsJapJ9Q:EY/e8CN0QIfryJapJ9Q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3620	Logo1_.exe
4272	90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\he-IL\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cgg\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_~_kzf8qxf38zg5c\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\NavigationIcons\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\swidtag\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\te-IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\messaging\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\be\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MLModels\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Portable Devices\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe
File created	C:\Windows\Logo1_.exe	90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe
3620	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 396	4844	90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe	89
PID 4844 wrote to memory of 396	4844	90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe	89
PID 4844 wrote to memory of 396	4844	90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe	89
PID 4844 wrote to memory of 3620	4844	90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe	90
PID 4844 wrote to memory of 3620	4844	90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe	90
PID 4844 wrote to memory of 3620	4844	90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe	90
PID 3620 wrote to memory of 460	3620	Logo1_.exe	91
PID 3620 wrote to memory of 460	3620	Logo1_.exe	91
PID 3620 wrote to memory of 460	3620	Logo1_.exe	91
PID 460 wrote to memory of 3968	460	net.exe	92
PID 460 wrote to memory of 3968	460	net.exe	92
PID 460 wrote to memory of 3968	460	net.exe	92
PID 396 wrote to memory of 4272	396	cmd.exe	95
PID 396 wrote to memory of 4272	396	cmd.exe	95
PID 396 wrote to memory of 4272	396	cmd.exe	95
PID 3620 wrote to memory of 3488	3620	Logo1_.exe	54
PID 3620 wrote to memory of 3488	3620	Logo1_.exe	54

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3488
- C:\Users\Admin\AppData\Local\Temp\90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe
  "C:\Users\Admin\AppData\Local\Temp\90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4844
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a398E.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe
      "C:\Users\Admin\AppData\Local\Temp\90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe"
      4⤵
      Executes dropped EXE
      PID:4272
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3620
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:460
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
ae8399e00f88d8db49267bff5a1026e2

SHA1
8658256e674531c17f4b85cabc445e10bebc0aff

SHA256
33b5a09066dbbec38026c1785cbc2c620e6405e7266a5608fc8021d07df4916d

SHA512
728eaabea7e7ad4dcd1e4c551bc0fa3ddb814e2df4e507a6e24e423662a5a947bb213584150b43c108edba15287ed049fe0922fe9d1c07bec36e97a550d94c57

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
cf3c4d58eeac4924c084c6cd664a8a52

SHA1
1632ac8d005b38b0fd52560b7f8f7a2d2b4cf423

SHA256
5f11f1b3bf01168be48be3d9567473d04b4dd630936de4669577e075ceb4fb9d

SHA512
f1246bdce79027edcfafd072062975c741eefe8865dd704b5d99e2306ecb5ae7ca0c91801df6f92b7a9892d51fccbbf0e4796fcf7fb0a9aa21dd0e471d9f8914

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
481KB

MD5
d9a20f38778ddec5c48e2acde4956248

SHA1
fe41d404f38c2d570cd55158524d450f5ed50da3

SHA256
f39c91803fd8d891849aa7b16cd6f82fa4a3b0eaf12d6699127206f48dbf9c63

SHA512
c879087690924c702a818643329c7c8c2fae5fae3d9a2c6b1c5eb608f3c899ba4bd4708cde9565e957b669c09fa8ab11ad289128bc5871dd85fe4fa90c31e4b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a398E.bat

Filesize
722B

MD5
48a779a6bbdd5fc1828a5d6f241c50ec

SHA1
ee5791aa53e038303c6be9dee11580bbda310a12

SHA256
79875b053a074842e6299f421b5f89cebaebc170ab80dae0c3010383451a3145

SHA512
ea0425b29fef3dc6af75b169995f84f20aace284bd1a4096fdcb4909d526e7a40de877a3a5220ef647442fe5617a7e584be0017867c2cb00e50b7ca97926c6dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\90c4572a83a696c7297bec4eb1aaad06e33082ffc27c3cafc4fd75dc357f0418.exe.exe

Filesize
270KB

MD5
394d109e7c282ed7fecfc78ea0da9dcf

SHA1
aadf25ede61ba501a380a3959b7eba196a675999

SHA256
5c1c9968df0af2cc56a85ac592389f82d053a74e884e2117e019fb72798ca54a

SHA512
924e7b2136b89fcf3e991031beef6c4acb79a14f8a36ddc312e3409325aa287e836cc832cd040727281d265bd978e396369cff2bcc2532aff54c4ca7ee62accd

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
082aa9e58c995f457b92039ee4349559

SHA1
fd179534fc4760abfef29b90b232f6d243d5eaa8

SHA256
2b554a74d02798d86d7f209fc90b39538a63f3e79ae1f351080e2718fef8e780

SHA512
0e83ef93ab9e726cf50d4e34f2ce820f6be98de3c8490b6ba354a8c8d2390d3535af23764dd30d0f415dddcdbb0bb6323742d4feefb86d7517e978fd7072c8f4

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1168293393-3419776239-306423207-1000\_desktop.ini

Filesize
9B

MD5
dee25c43c917307934bf50dd00d5b05b

SHA1
60a2c2bae4facebce85267e1824d9b4f088a36be

SHA256
63fd9c0290bbae6042276a04417049ff5b7bfd90a95b33df666e252b80001b6d

SHA512
cf67ba11732a6ed63789e272b783f66bcbddd78612e46372dc81c191dc9a07a8d264c4a397b74af8651e7d667bcea5f0c39bf4d9b074004b4bf469503df3dc6c

Download Submit
memory/3620-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3620-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3620-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3620-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3620-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3620-1002-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3620-1165-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3620-1919-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3620-4716-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3620-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4844-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4844-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download