50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 15:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe
Size

522KB
MD5

e17b6b6f7937580c8dc8d090142ef388
SHA1

73af51ecb513bf54607fac2f52c00977e8644744
SHA256

50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97
SHA512

a7a28596f253662dc52ac95ec961c05dee398832896707d5d177093bd61cb38d432aa2c005221c0edde4074d3b57160f82a206b6d1544c4c67374a1b4fc51120
SSDEEP

12288:GIpa5aalihAQVTZmMFvH/K1J7iaVe9891odTJv0Oi/IqpDLQ9D7310iPfhj6B/7Y:GIzxmJaTJM/Ikc10iHhj6BdAGbk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3292	Logo1_.exe
3012	50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe\ka-GE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe\nb-NO\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_CA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fur\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\af-ZA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe
File created	C:\Windows\Logo1_.exe	50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe
3292	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1792	2044	50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe	89
PID 2044 wrote to memory of 1792	2044	50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe	89
PID 2044 wrote to memory of 1792	2044	50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe	89
PID 2044 wrote to memory of 3292	2044	50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe	90
PID 2044 wrote to memory of 3292	2044	50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe	90
PID 2044 wrote to memory of 3292	2044	50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe	90
PID 3292 wrote to memory of 1808	3292	Logo1_.exe	91
PID 3292 wrote to memory of 1808	3292	Logo1_.exe	91
PID 3292 wrote to memory of 1808	3292	Logo1_.exe	91
PID 1808 wrote to memory of 2004	1808	net.exe	93
PID 1808 wrote to memory of 2004	1808	net.exe	93
PID 1808 wrote to memory of 2004	1808	net.exe	93
PID 1792 wrote to memory of 3012	1792	cmd.exe	95
PID 1792 wrote to memory of 3012	1792	cmd.exe	95
PID 1792 wrote to memory of 3012	1792	cmd.exe	95
PID 3292 wrote to memory of 3444	3292	Logo1_.exe	56
PID 3292 wrote to memory of 3444	3292	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3444
- C:\Users\Admin\AppData\Local\Temp\50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe
  "C:\Users\Admin\AppData\Local\Temp\50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a449A.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe
      "C:\Users\Admin\AppData\Local\Temp\50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe"
      4⤵
      Executes dropped EXE
      PID:3012
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3292
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1808
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
0ade624ff15070cf156e6ed6f017c8c8

SHA1
34bc8312a862e5712d2882174857cd7bf6cdaa27

SHA256
4a24bde816eee011a6ac9f397a89300b161eb1bce1905fb14128731d096ee8e0

SHA512
13c6afbc73b1f436bca8e15bf8c77fc26ef2df79b01f8c6937b6da7639d368f34064057a88d3261866eb06a7514412322fd093620c5931641ca3376cf0e9e02e

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
2b6d385d709ec59144a9469864eaf043

SHA1
e7c26a6e98078fabc6fdd9cc2ce266d09abd231d

SHA256
fca73fe5fecacf0c901994d36eab0abc4be509d8562002fe8bb429f04559121e

SHA512
67cd79856a07f983ab44ca2fc884889dbf8ebdc67de60afa15c1e4987dc46e5c4d249c529d100c93a80ecff5017c9ec3073559c9169d748a4fb885119d3e11cf

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
484KB

MD5
796e608e7d76ebea1efdb17e6b2c929c

SHA1
4053d83155f3eed6c3091e36457ae092f7db9261

SHA256
6e6da29ddc014c849a964eae72e70e7e7fdae41cde783f1655e5d7251efe56ef

SHA512
a0bc2809b0942009cffa2f40fa246ae4ba1ae093dc6e362506743982559bc70a98ffc409cdb5d7087aef411096588cab4a28503e23c95472f996058cad7b4b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a449A.bat

Filesize
722B

MD5
f88b76b38cd2ac28497412a3b91b1a11

SHA1
074951e3d7a28a56cd68db17fd9848898af6ed42

SHA256
15f9ff0d36c03563293dc85b9e07e50eb40c04a8cd8b116df085315fb3646966

SHA512
fc5dac2b912c7e7e7e882f09880a4302a123b95eeb784cdf27b877029141930aa4935fe4786ea0777fb1613385a7a44218f0a700a46fb2673e5dc0cc590147f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\50a9ef582dd6fea0c43b743f6f2544d96b2fbcccb5e575ccca0deff79a7bbf97.exe.exe

Filesize
492KB

MD5
d7d385f74966bfd5ee2214243aaa5b93

SHA1
67ff52e9e7b4e5c63c724a8a44c147fe27142a8e

SHA256
90a891221dfc24ca4531976b0454889d11f37480c52f279df3c9b58494eb7f3d

SHA512
6a29f29c28ff63f947a8ed30b2faa89cdb61662feac0138a411b2ad9184efef6091570146f0773ff23df671001d72665379871de1d102392537225b1800ce792

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
473711bbfb07bfa8d48f90ce5cd98722

SHA1
078cf218ab0c51df8df4bd794960076984f99a55

SHA256
b84f8bd547c5b90053c1f19ab8e22891910c386a8289b558e1a60690c3a09aa9

SHA512
d84f7bc7f264baa68751752f2f10ea3f15d9118e81b5035a346b23419e46287641f9bd026087181235be03314850d85aeb04a6106df8e02ddf2ada36644b5935

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3270530367-132075249-2153716227-1000\_desktop.ini

Filesize
9B

MD5
b2c5a70d0c0f7486eb7bcd691664669b

SHA1
0be0eb4afb44c300b16181ffb981db5d2e6563e8

SHA256
3369ac2d9926df9466c914d7bafae58764696319b1584f9f83202267db0f8799

SHA512
5d9ec62e9872989b928f4372fe35a4fec4ab6ae308a2d0191b487cfa1bdca276bb5ac54c7d3ba59d081128dcfb40252e40089e03ca4600ee428714a322628d14

Download Submit
memory/2044-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2044-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3292-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3292-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3292-39-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3292-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3292-1008-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3292-1175-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3292-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3292-4740-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3292-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download