0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3

Analysis

max time kernel
150s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe
Size

7.3MB
MD5

b280f0fcb19bccfcbc348fc71de043c8
SHA1

43f037f882a94b2238d09660d1ea0927e25f1a39
SHA256

0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3
SHA512

8ec32276ba9e4c0ef1c7067da89bc507596eadca157468d39d579a80fc9852364cc6441fc5e0d5ffafc11570eb1114d8d02b317df7cd1fdc32ca79e5613ff06a
SSDEEP

98304:mmB9OWBVClfcaA1oZeSajfztbVCGQX4bME4bP8nQgMVQNKe5AJbI8D:mg9OHi1oZepfxUGGNQNKe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4124	Logo1_.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\browser\features\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\he-IL\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\nb-NO\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kk-KZ\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmpshare.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\host\fxr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.181.5\MicrosoftEdgeComRegisterShellARM64.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\es-es\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe
4124	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 5264 wrote to memory of 3432	5264	0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe	84
PID 5264 wrote to memory of 3432	5264	0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe	84
PID 5264 wrote to memory of 3432	5264	0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe	84
PID 5264 wrote to memory of 4124	5264	0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe	85
PID 5264 wrote to memory of 4124	5264	0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe	85
PID 5264 wrote to memory of 4124	5264	0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe	85
PID 4124 wrote to memory of 3452	4124	Logo1_.exe	87
PID 4124 wrote to memory of 3452	4124	Logo1_.exe	87
PID 4124 wrote to memory of 3452	4124	Logo1_.exe	87
PID 3452 wrote to memory of 2292	3452	net.exe	89
PID 3452 wrote to memory of 2292	3452	net.exe	89
PID 3452 wrote to memory of 2292	3452	net.exe	89
PID 4124 wrote to memory of 3468	4124	Logo1_.exe	56
PID 4124 wrote to memory of 3468	4124	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3468
- C:\Users\Admin\AppData\Local\Temp\0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe
  "C:\Users\Admin\AppData\Local\Temp\0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:5264
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3E9F.bat
    3⤵
    PID:3432
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4124
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3452
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
fa083a8d2b6cb85c0085b8a9549c73ad

SHA1
ef1433b6454981b42881caad54e7448519dd272a

SHA256
ee7c084daf1a9ce345d913c436df6cf776a41df819dee31324c7158322d85325

SHA512
65da9dafac1cef3bde73ff70feb67f630da712d467f108717e357427edfdf8ee0bef452523e2a80ad2d00db2770d9e596a0117a50279959d329885ff4a40ca2d

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
623d6d0e4410cb16444e72a9ce88aef2

SHA1
624229b970f12a74c560b3e069d573c38631d9cc

SHA256
038a7710d08083252ee7f20b8c1b214776a3be82370f539af2046d726cf91311

SHA512
715be438e590774e5050886a927bc092ad5a04e667718a43db6aeb865d3af1fc1bd8c11fb8e13c559d4d3a52cf1d9a7b3eb6ae7173623aa974e0043904c14939

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
484KB

MD5
75915a03288eae4c2377f71af5ef4387

SHA1
e1ff856b3d343af476c80b6d4a17331ea043f571

SHA256
feb198ecc9a49ce38c6000a94f54319b81532b9c6bd0644031373d009a1dbb20

SHA512
f37e5e75164e4a110b2a186b67e8ec4c5b33a98c7dcdb663e53b5a96bb249fdb534b47ca6b276eb17eeb0fa4ab5e1de2875b007f899ea01eddab48d2478a05dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3E9F.bat

Filesize
722B

MD5
7ea2e5946d1b557424df69158ea4bdf5

SHA1
5f5660451e9a9e51c5a7e557471eb16dccf01f74

SHA256
a440b018932ec5478d44dc1be07fd3ce97fd923876ebcf8d6d0b3803266d392f

SHA512
01fd63bd9d0d4fffc325d77cf449c17b8a979623b18591f5d617f97c16ed91c32f4afec8ab9a5abbd8ebba27c47e88631e22d1b39c4c5baddfa32e9d674f1c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\0abeabbe6438b2e0bb52f753123d30f6d6a0b3a41fe4c072f5cc5f6288830dc3.exe.exe

Filesize
7.3MB

MD5
172b6d29b3cdcdf2b0b14332eb216161

SHA1
7534c39aecd8a968c8cdf34db4cb388d999a3065

SHA256
3bb1c042bf917e6577be28edce3243628e9ce4245e9abbc2cc0196ccca26630c

SHA512
71e4e14c689974821c0bb80637a53cd5234df0111b809612ac810846fe2ba9d288da20141455b984dd842c8343166f807f8da51e74b66fbe3aec181db72806ce

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
485cb5b83f27dbc59c722daa3caf858f

SHA1
faa7c3517969995a34897cc79236f85f2c01d59f

SHA256
6cc84f9f66a5928707b42d4e08e9eb603fef6a85e9308f9320f63003cf145f4b

SHA512
22a37e3368109cb6565d64070360fecf481bc71afd52a2b9a35cad42d33e35cea763795628cfa0fd7146b206e846a272200f91938705ee87b7bafde524082ecf

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1497073144-2389943819-3385106915-1000\_desktop.ini

Filesize
9B

MD5
95b3e5fe04e8423c49a7f69a5d13771f

SHA1
615b63fb8bf07dbb0565ffd492067309645064c9

SHA256
1663db9b496c87701f6c8f6721e92994ffdd747f949ab1070fd844c4d63fb916

SHA512
d9a0d342e84c32d4c0aee97be7b9a102963d1aeab7edd87b080548f7dd144d851c558e6706bec441534d8e188938655c2b551e358d342309677511404a34ce81

Download Submit
memory/4124-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4124-25-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4124-31-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4124-40-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4124-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4124-1001-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4124-1164-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4124-2262-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4124-4715-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4124-18-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5264-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5264-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download