5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4

Analysis

max time kernel
150s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe
Size

573KB
MD5

83a99a4f97d76fe249db977ea776e7ea
SHA1

44879e1ab8ab46e0ac6adf31ae18dc87289aa66f
SHA256

5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4
SHA512

bc8024fc0b299314cd38851d89b5861cea5ba00758cf3145e2f08fe42f81390767d6d312b02ff0f42a0425fc817cd64eb474d71af22c89a839922746a4860e16
SSDEEP

6144:OuJpE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BHQQfu:G7a3iwbihym2g7XO3LWUQfh4Co

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4964	Logo1_.exe
2740	5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxOutlook.exe	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe
4964	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 2624	3672	5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe	85
PID 3672 wrote to memory of 2624	3672	5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe	85
PID 3672 wrote to memory of 2624	3672	5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe	85
PID 3672 wrote to memory of 4964	3672	5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe	86
PID 3672 wrote to memory of 4964	3672	5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe	86
PID 3672 wrote to memory of 4964	3672	5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe	86
PID 4964 wrote to memory of 388	4964	Logo1_.exe	87
PID 4964 wrote to memory of 388	4964	Logo1_.exe	87
PID 4964 wrote to memory of 388	4964	Logo1_.exe	87
PID 388 wrote to memory of 4996	388	net.exe	89
PID 388 wrote to memory of 4996	388	net.exe	89
PID 388 wrote to memory of 4996	388	net.exe	89
PID 2624 wrote to memory of 2740	2624	cmd.exe	91
PID 2624 wrote to memory of 2740	2624	cmd.exe	91
PID 4964 wrote to memory of 3484	4964	Logo1_.exe	56
PID 4964 wrote to memory of 3484	4964	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3484
- C:\Users\Admin\AppData\Local\Temp\5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe
  "C:\Users\Admin\AppData\Local\Temp\5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3672
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5F27.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe
      "C:\Users\Admin\AppData\Local\Temp\5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe"
      4⤵
      Executes dropped EXE
      PID:2740
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4964
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:388
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
8dff5b606e028bbb0a756dc3cbfcee14

SHA1
1058ce726974305327c138a09ef4828da78bf8d0

SHA256
9d86b08d939cda9423a4cc3c4d041ad82478d23d6322202aa0bf1d05f42cc95e

SHA512
9496806722b18b67f9de28048cc499be4ddb4eebf38bedec11136f67aabcf79315e34bcb993f5a4cb31e9e22cc6ca3f6ddc17b7a8c26044e4df7e8cb7e25e72d

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
83a99a4f97d76fe249db977ea776e7ea

SHA1
44879e1ab8ab46e0ac6adf31ae18dc87289aa66f

SHA256
5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4

SHA512
bc8024fc0b299314cd38851d89b5861cea5ba00758cf3145e2f08fe42f81390767d6d312b02ff0f42a0425fc817cd64eb474d71af22c89a839922746a4860e16

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
cda7714d2ec36fbd5dfd358b3cc885ce

SHA1
410c57ed71630d168738f40cea3ccc65529b0ae1

SHA256
d2c7832ddb52cfbb750dfffae048fd9c6a9cf06a52b7de91a0be255dffadef4e

SHA512
89cc9f52ae02711a9f90f2ba8e6b62c8ac442b967903067e1f3c5c12ff3ca012b62b8af4e4e7c3762b4c3ee255826b509fdb064c0d2861a2c2953a02c4fc1714

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5F27.bat

Filesize
722B

MD5
fcbe809d4fb7ea88fc15781de75a7a98

SHA1
b9f4618fd0fcf809d3f5837ed06e7143291e98ea

SHA256
d48e129083ecc74d39a05fd8320b0b05e4b1c7a8e8d4c47d31a40ba31ab90d19

SHA512
ee90f7dfe75cc42d1d3c17c221bd7c7351636b612833399d7c70a4613b5fa6a42a015583e516134432f416a1c850a9edc94a55bafa00cc6cbf62e667b9edecc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\5a791f38a56c6a41be7217b7a53ce336ad06165cf977104ce856fb76b84474f4.exe.exe

Filesize
544KB

MD5
9a1dd1d96481d61934dcc2d568971d06

SHA1
f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

SHA256
8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

SHA512
7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
7930575fdfa898eda75149d939e08dc1

SHA1
0afed67d2a96979145d4711ec67e97e579187da4

SHA256
2dac1f581c4c037775ae430fd54fe5b266689764ec46818877ca1e657fd288ff

SHA512
f398fb83be0aa8a48181b6a9025876aaf440f80d35af4c32ffa7175be39cd26128275d5ddcfadc02a53b620b2b6549bc0924d3b49375d54cf0f2f9e4003d5e98

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2288054676-1871194608-3559553667-1000\_desktop.ini

Filesize
9B

MD5
02ced53ce3f5b175c3bbec378047e7a7

SHA1
dafdf07efa697ec99b3d7b9f7512439a52ea618d

SHA256
485bb2341321a2837fd015a36963ea549c7c6f40985e165fd56c8a1e89b3f331

SHA512
669dde3ea8628704d40681a7f8974cf52985385c92a61a540c97c18c13eb4d451207ae171b2a56cd061cadbc90e672a84eb55111b1f5016846918d73fb075c99

Download Submit
memory/3672-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3672-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4964-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4964-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4964-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4964-1112-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4964-1227-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4964-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4964-4792-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4964-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4964-5231-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download