62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe
Size

1.7MB
MD5

331e5d0e12e687832fef76d1d527088c
SHA1

5eafdc333a6920df355e2efa7264aef1a1d9bee2
SHA256

62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6
SHA512

283f0a4c593a0dc08b596be1695291b409b76417709827e551e16d1f130cb2a8e4824a4548317d520c4fd35be1ba19048e0cafa062a61f3f99ff2de40ec17026
SSDEEP

24576:f2FdZ65lIgDvLYNvxnngx1oZagmIjXIU6qOOF4N2RGSvlbstHXKi:f2FdZ6npCxnngx1oZ7zIFqrFG2RF9bA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1532	Logo1_.exe
3596	62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Validator\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\1.3.36.151\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bn-BD\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lv-LV\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\ENU\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\it-it\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe
File created	C:\Windows\Logo1_.exe	62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe
1532	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2600	3056	62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe	84
PID 3056 wrote to memory of 2600	3056	62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe	84
PID 3056 wrote to memory of 2600	3056	62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe	84
PID 3056 wrote to memory of 1532	3056	62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe	85
PID 3056 wrote to memory of 1532	3056	62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe	85
PID 3056 wrote to memory of 1532	3056	62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe	85
PID 1532 wrote to memory of 3548	1532	Logo1_.exe	86
PID 1532 wrote to memory of 3548	1532	Logo1_.exe	86
PID 1532 wrote to memory of 3548	1532	Logo1_.exe	86
PID 3548 wrote to memory of 2616	3548	net.exe	89
PID 3548 wrote to memory of 2616	3548	net.exe	89
PID 3548 wrote to memory of 2616	3548	net.exe	89
PID 2600 wrote to memory of 3596	2600	cmd.exe	90
PID 2600 wrote to memory of 3596	2600	cmd.exe	90
PID 1532 wrote to memory of 3308	1532	Logo1_.exe	30
PID 1532 wrote to memory of 3308	1532	Logo1_.exe	30

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3308
- C:\Users\Admin\AppData\Local\Temp\62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe
  "C:\Users\Admin\AppData\Local\Temp\62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7908.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe
      "C:\Users\Admin\AppData\Local\Temp\62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe"
      4⤵
      Executes dropped EXE
      PID:3596
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1532
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3548
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
568f17750238ab463c745953a303648a

SHA1
25e9de37d6edb52c584c442e4f93a0448b4b37d4

SHA256
5351b82387339c78b116a077f2ba633da2a6fef86a165d92bfe28c2c3770ac81

SHA512
9034bc060e8155e07009d2142830f03b29c50525232fa1719038eae4fc742d460c5dad7b7fdd6957264c338072fbe71193a23d994510dc809ae240023b9f1ed3

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
192KB

MD5
daf175819d96595185ea65efd6186842

SHA1
13fafc8f74c9ea176133ea03565682594aa52989

SHA256
d6e90a8707a530bcb51544f194bb9927b599c9d8ec14a080394e501c9e07fb22

SHA512
b2cab9526c03b7edfb08337e79b151fe3229a2ed06ec69145479722adaac681f979c9413e65c93ed47eb5991c88b187ab0fa8e7fc96c7951e8fa0041319dc48c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a7908.bat

Filesize
722B

MD5
fd4e1bbd1f0a15349edf41b5b8524134

SHA1
10819a56228b6b46498fae26dc4a1fcbe098a5d6

SHA256
28729c75c6446a51ffa480e6a222624d44d3a7f1b5f4c2837e9ff866360d96eb

SHA512
3a61613059580ec39a678e963ff1d93128dd7f9d979d385c04f8a033f67deefd26bd4886d81e0be0e316152178bdfab088047d55008db2297005ed783c0beab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\62f59c169d8e36a708ec0210c743c01933d190394936511efbf5611de09e86f6.exe.exe

Filesize
1.7MB

MD5
3bfea10ff3748a60378dab655d5276f6

SHA1
e61867576c5a69baae14b8e4fbeaaf5db3d451b1

SHA256
926c9cce80850e64a2efed8aed9406815c4a54d56a7f5d5125a426956496fc21

SHA512
70b44bd2655489a4e13c0c196f8632ab85920268f5378ce03a6080321e0df86ba3383718645c91b544f05eeb2ecf662a14fdaf9ff7f4726c94eea3db608bebfe

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
886eb3bf6157b45d4a041e1e32608c70

SHA1
f476a007366ac0349789b0e803ec46be523f457a

SHA256
a0e9eac517b54fe732db8bf9ceeb76c64a43e2e53bfd18b5a4ab0f8475f3873b

SHA512
6e978385b23d3054695eaf2209e92591a667ccbde747f69cb63ae28f2db3a362d136bf16afb41ceb8eb304161cc698853f9cb825a26cc683e9a693d07c190fca

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2398549320-3657759451-817663969-1000\_desktop.ini

Filesize
9B

MD5
b347a774e254ac3f0d6aaea35544ac50

SHA1
7f332d15a7648f7a698b3068a428811361f4e9ab

SHA256
1ebd1b85bb264260df3d9fb0a2062b29199c7b6137dcc98486874c1d257c73cd

SHA512
ce8615c90c8794f0aefeb0c6ce5da126732695e6be36b5e625f3a073d55c6f8cd88ca465b07e2c0e87355b5baad887a3f0b26c4eb262484a83d35565e72ba138

Download Submit
memory/1532-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-28-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-42-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-466-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-1165-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-4716-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3056-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3056-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download