db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe
Size

297KB
MD5

2d2fd82cf3a3bc026aa320530352b1d1
SHA1

fc42c5f1f01792885e149de31e7570fa853b671e
SHA256

db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff
SHA512

dd57584dd2f42c56c51b495597bd43c2eb904685319960f1ad9cd04bb270edf98844ed1dddc1e45a40037cc7066a7dc175056fa0547fc42ee1be3eb517f8cdde
SSDEEP

6144:5VfjmNTXEsQ8sX8DohN09wzABEtot5AOxdsJapJ9Q:P7+Be8CN0QIfryJapJ9Q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4872	Logo1_.exe
4932	db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Security\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files-select\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\HelpAndFeedback\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CoreEngine\Data\BrushProfile\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_2019.904.1644.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\amd64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-Toolkit\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\8.0.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Configuration\Schema\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Services\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe
4872	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 444 wrote to memory of 4364	444	db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe	95
PID 444 wrote to memory of 4364	444	db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe	95
PID 444 wrote to memory of 4364	444	db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe	95
PID 444 wrote to memory of 4872	444	db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe	96
PID 444 wrote to memory of 4872	444	db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe	96
PID 444 wrote to memory of 4872	444	db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe	96
PID 4872 wrote to memory of 1712	4872	Logo1_.exe	97
PID 4872 wrote to memory of 1712	4872	Logo1_.exe	97
PID 4872 wrote to memory of 1712	4872	Logo1_.exe	97
PID 1712 wrote to memory of 3320	1712	net.exe	100
PID 1712 wrote to memory of 3320	1712	net.exe	100
PID 1712 wrote to memory of 3320	1712	net.exe	100
PID 4364 wrote to memory of 4932	4364	cmd.exe	101
PID 4364 wrote to memory of 4932	4364	cmd.exe	101
PID 4364 wrote to memory of 4932	4364	cmd.exe	101
PID 4872 wrote to memory of 3376	4872	Logo1_.exe	56
PID 4872 wrote to memory of 3376	4872	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3376
- C:\Users\Admin\AppData\Local\Temp\db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe
  "C:\Users\Admin\AppData\Local\Temp\db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:444
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5DEF.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe
      "C:\Users\Admin\AppData\Local\Temp\db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe"
      4⤵
      Executes dropped EXE
      PID:4932
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4872
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1712
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4416 --field-trial-handle=2264,i,7010714054498059916,1862725710331979271,262144 --variations-seed-version /prefetch:8
1⤵
PID:444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
15de3119354bf2f7ada1ae847042a205

SHA1
332314350f2e545988ab7b1c3e8cc68788fdff1b

SHA256
86bcacef389ea0f42219d11c4e9494971f2cb8ba7d7f414b70976a905ce13583

SHA512
ac803936cc1e993bcf5e855a7441fe323bbe543d6092bb4951251afd8ae28932c966dd034cf774f1b66362183b071a7ce42653c8cfac4a8a241bc11a62215ce8

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
bee890240c8a47c9a8d17e438b4b62c0

SHA1
d44c6e46f65a3c807590aae1706ff5f895de7d9e

SHA256
92767fc0daf64b82b6f4cca7cd8f5bb4375446638777c9f3aa7c7511861e68aa

SHA512
dcd7b0788af61b0a03cdc005df19b510d11d7c1f08ad652fe1c33401e042dc36df623c74cac305b7bd36a4cdd631b15cca00524fcb5ab860ae2a4f0b617b0642

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5DEF.bat

Filesize
722B

MD5
3db26d5f43ac360d78bf9b1de0406f04

SHA1
f345d93da954019aaf70bd67cff06ae39d1175ce

SHA256
579c181e254b10ddc7f35b8455146dc5a567d26900b58b32d396406b9e45784d

SHA512
34c581c0d765bc6df546ce70c514113988df4d22c650e744ee48f9def1913a2b3624dd65a0684bcc738220e8e31ded49b1d3e6f98198d895bb23e00d627239b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\db90ba0c6d918ff7913344d42e1c64faab7d636dc19fe237499b44c2bcd661ff.exe.exe

Filesize
270KB

MD5
394d109e7c282ed7fecfc78ea0da9dcf

SHA1
aadf25ede61ba501a380a3959b7eba196a675999

SHA256
5c1c9968df0af2cc56a85ac592389f82d053a74e884e2117e019fb72798ca54a

SHA512
924e7b2136b89fcf3e991031beef6c4acb79a14f8a36ddc312e3409325aa287e836cc832cd040727281d265bd978e396369cff2bcc2532aff54c4ca7ee62accd

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
bd5889d3899d3d107d129b64afca9d88

SHA1
77ea9915b9a4b30d24b4a31909a2ff49ac2e242e

SHA256
b811cc0e46ee95219f6345fb788e7639fcb76d29c855a9886f66cbbcc123c2ee

SHA512
31c60690421f54b0ac57067c31003f523f5df12d55e98cc6f5ba7b906120215e4cac7a5d7a6f996a45907289ceca1a6123826ebfaa688e18b753a8364998191e

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1904519900-954640453-4250331663-1000\_desktop.ini

Filesize
9B

MD5
6304f6cd23949a0e203abd81fc93bcfd

SHA1
260299dcdd7b9af6298e036322e7493d3598ab44

SHA256
6e249dd60655637cf4a7f940b41cfc3b70dc36b986a37babad9180d29d22adb8

SHA512
ce9d77f19554bdfdf7bc99adc9a9cdbc79c3d30f901b9f47ffb8e2d737c7a3fceb059de56993f9092c4ba0276b9d6ebc035fd48298dc62e11a9ef05bb9e00ab5

Download Submit
memory/444-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/444-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-38-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-1015-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-1182-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-1414-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4872-4813-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download