a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe
Size

528KB
MD5

d5639252bec85e46d6a12eb34720e0c6
SHA1

9e28611c8d009e88d7493b0bce5cd37aab3aac24
SHA256

a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea
SHA512

a1e2d0bbc5b04dfe8e126898c159a33784bf8bb9343925ec395a32c61497e4e88829221a25230a3dd2bfdb371acfe38210cd7fb842ba64c4308ecfbffd5cb56a
SSDEEP

12288:u7+x/wEmXsjvqI0M5xJ3xdbdMcPM3aDQ8lfb:u7lLvM5xrdXPMGQ8D

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1792	Logo1_.exe
436	a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\ImmersiveVideoPlayback\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe\af-ZA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\applet\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Acrobat\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\d3d9\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_2019.904.1644.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe
File created	C:\Windows\Logo1_.exe	a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe
1792	Logo1_.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
436	a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2356	2076	a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe	89
PID 2076 wrote to memory of 2356	2076	a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe	89
PID 2076 wrote to memory of 2356	2076	a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe	89
PID 2076 wrote to memory of 1792	2076	a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe	90
PID 2076 wrote to memory of 1792	2076	a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe	90
PID 2076 wrote to memory of 1792	2076	a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe	90
PID 1792 wrote to memory of 2860	1792	Logo1_.exe	93
PID 1792 wrote to memory of 2860	1792	Logo1_.exe	93
PID 1792 wrote to memory of 2860	1792	Logo1_.exe	93
PID 2860 wrote to memory of 4572	2860	net.exe	95
PID 2860 wrote to memory of 4572	2860	net.exe	95
PID 2860 wrote to memory of 4572	2860	net.exe	95
PID 2356 wrote to memory of 436	2356	cmd.exe	96
PID 2356 wrote to memory of 436	2356	cmd.exe	96
PID 2356 wrote to memory of 436	2356	cmd.exe	96
PID 1792 wrote to memory of 3440	1792	Logo1_.exe	57
PID 1792 wrote to memory of 3440	1792	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3440
- C:\Users\Admin\AppData\Local\Temp\a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe
  "C:\Users\Admin\AppData\Local\Temp\a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5CA7.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe
      "C:\Users\Admin\AppData\Local\Temp\a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:436
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1792
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2860
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
68450d8378d4d3ae3f6e6643e4d6fccd

SHA1
f77cd0e32945d0bfda54b9660c9a257c752ca355

SHA256
b8fcef9b6d2ed0f3cbe722b56f145cfe38482c4d7294fbd4ca35f71fe3372db5

SHA512
f618950a57ca31731129be1b58f104c822a1704c369eb1cd1cb77c52d66b34c5d4ca9001250f2347c50a71c066e476adc219efc22bbc0c85bf96abb9d28e5ff4

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
a79bea7f085b5f6c74cc0c4265ff945c

SHA1
4f4aede9b7446e268e064f249037b52ab1bd1fc6

SHA256
bfcb5827760862363bb9dc23948e06a1b26dfa017e18c820409fa8582e57f8e9

SHA512
104c403b4dd9c6c74d5f82c18b70cb38cf247ca2fbe164e74cb8d0bc27a617d4033e4aa3677a3801ee556ba15cc528092b6540426105aea1d6a6318b95959d4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5CA7.bat

Filesize
722B

MD5
e44e3525494da59a6b829680d5f0cbab

SHA1
7aaff2f67e293273b6a5ee2de737fd9133e05d8e

SHA256
7512a53afa58a1070decb54f0aabcdf67e7ee314432e0e68163c776edc9cfff0

SHA512
9a364fc8bafb73cf8876b9dc5b0091fb781d120daf2198feca20864831fb36fd49a92f548076c8df8009d8b846a828653edc3010e8ecc82e285747c18ea7d37c

Download Submit
C:\Users\Admin\AppData\Local\Temp\a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe

Filesize
501KB

MD5
020f3b453cfb9f6279fb0f2cac0045fa

SHA1
732e27efbcd8542b94119cf39786b328cdb0bd25

SHA256
fc875d5ef4fccbb97b37ea4fe6cc5a291d02958af5c8efba37e0fdbd0b9e8c57

SHA512
ff188cac1dc476720670fa6ed3aae32ea7fffa44f26701733673e25e60faba0d98ee922c3bca25b1b01856df101a5d5d69561345ffc319efd01d70d703ca4f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\a7fde82080e401f7378d2c0f69f3abb498605412064c661826c964e3207602ea.exe.exe

Filesize
220KB

MD5
b566f2a41850bc1723e62fcfeff0bfe2

SHA1
a134e6c3292c90ae085947d8ef1c2cfa2ef9425b

SHA256
0bc679bc2967892d74ce6fe3bf6111dd5a799a7e13bdf15bd50fdba18e2afdaf

SHA512
6aa365af27abf2952914a53cd6aa17a32a9d118e8fafb5da968c0c0598aa0fe35add49295a09cbff2060eba51bd518ab8caa0c6e0650c6aa19c3366d4ee27372

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
aa28a1af77e8e4255d8e9e32c188b671

SHA1
f66e6ef87f2265e41bd1df64296ea2112867c901

SHA256
67f74a46b3d863897ae3b6686972e8d293e8e9b757cd88c22d3335c83bf09dda

SHA512
a2952bb68b687a8822e92e3ce8fd433b13b38dae28a6231685045f374f3f0f415209aa57964471ba16f1b5609abc9f104e7f879c5f51c3add709f6ae6543f4d7

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2727153400-192325109-1870347593-1000\_desktop.ini

Filesize
9B

MD5
54b7af1605eeb1f5569c4b61bc719660

SHA1
36ae9b4051c72b86fc5bad5d175acf9e9ed12076

SHA256
9b92406bdee720b5f88c329b99690d3721c7f917aa57c3febac6efcb7e938a2b

SHA512
83b77ba22dde00916a9be4d1e12d9ff8584c6e53c192107edca49ac6608fc82718a7d902e4143c2968e92cf53853d5b7a94f8b6d6a7c5d29c4add5ea04ae1704

Download Submit
memory/1792-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1792-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1792-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1792-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1792-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1792-441-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1792-1175-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1792-4148-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1792-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1792-4741-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2076-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2076-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download