ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 22:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe
Size

230KB
MD5

81a970035004f4d7bd21c4e0145816b3
SHA1

b122e48ec632de3ffdaeb0d3e19a6bb1ad25ab6e
SHA256

ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a
SHA512

2d9bbaf481e2301e5644e6921210f95a2d3268b32344feb23ee36938f865fbea40a7d52ec70cb66389cb7e5c344511278799e3070ab88ab038ed749d431fa8f2
SSDEEP

3072:psN9GkuJVL//rfzYs6X/D/24l/DFeodwgjf+FvC6C36lnWesuoB+yWPduoKt5Jbt:O9TuJKrZl/DFf3WC3as7B+mC0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4464	Logo1_.exe
2484	ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	Logo1_.exe
File created	C:\Program Files\Windows Defender\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.29\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\zh-CN\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe
File created	C:\Windows\Logo1_.exe	ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe
4464	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 732 wrote to memory of 3040	732	ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe	86
PID 732 wrote to memory of 3040	732	ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe	86
PID 732 wrote to memory of 3040	732	ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe	86
PID 732 wrote to memory of 4464	732	ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe	87
PID 732 wrote to memory of 4464	732	ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe	87
PID 732 wrote to memory of 4464	732	ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe	87
PID 4464 wrote to memory of 4580	4464	Logo1_.exe	88
PID 4464 wrote to memory of 4580	4464	Logo1_.exe	88
PID 4464 wrote to memory of 4580	4464	Logo1_.exe	88
PID 4580 wrote to memory of 1284	4580	net.exe	90
PID 4580 wrote to memory of 1284	4580	net.exe	90
PID 4580 wrote to memory of 1284	4580	net.exe	90
PID 3040 wrote to memory of 2484	3040	cmd.exe	92
PID 3040 wrote to memory of 2484	3040	cmd.exe	92
PID 3040 wrote to memory of 2484	3040	cmd.exe	92
PID 4464 wrote to memory of 3440	4464	Logo1_.exe	57
PID 4464 wrote to memory of 3440	4464	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3440
- C:\Users\Admin\AppData\Local\Temp\ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe
  "C:\Users\Admin\AppData\Local\Temp\ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:732
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a319F.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe
      "C:\Users\Admin\AppData\Local\Temp\ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe"
      4⤵
      Executes dropped EXE
      PID:2484
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4580
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
aef7575f51a64c02512faec6ec594b37

SHA1
a9cf714c2694fbc836478d291ac13e9c974376c8

SHA256
f1145beb3145c2f04bb0fb54cee283fa8a6fc3856d33de72d4ac765252eedd9e

SHA512
387e6bbff93933818e58a319f3c176476669eb75739e809984aee5f5931664066b60b50a14b774041c19e7d96c3a77c939a0f361369d9e9ee63cce8bdd6a2b95

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
1499355ed58dcd6d75ddfc4cbd8dc2ed

SHA1
4788faf684956befaef48b44c7f92f75a1e92b9b

SHA256
b73175163039dade2847d67580055784a519918302a0990d73989160dedb6273

SHA512
815a1aca257d08d81394f68c154a16152960909481d0b7e46c2facfa3d1bc0d58a425772fa223dd526869810da5b9451375c585897f4b45b1e770b063c8cee8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a319F.bat

Filesize
722B

MD5
a3b3386b99f5ada5f974b1fa5a38713a

SHA1
33c138397b4f71e5d53bee0cff4e49b8b5d43e44

SHA256
350be41ff10a9f31f62cbe0b64575ba6912d13c4a596a80325df7dd4b55412e9

SHA512
f8c68f0cf96819a5375e6b9aeb5137379b4f51b9b0ad10f54541e1534fa8f7dcd582f143e4ef6a990a9931b485be2bf8410679a88673317fb5fcda3a57897d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\ff2d44f67249bf7d450dc5c89e400ddea8028e6435a2f732205712f7b4fa043a.exe.exe

Filesize
201KB

MD5
24e62a7c8d7f60336e60c003af843a87

SHA1
9576d1924d37113c301cadfd36481586cdef870c

SHA256
43f7de9fae6b79a844d7da6056ac82beadf028a347e227c2bc33d503f7eb402c

SHA512
34f33015d3e7cabdea2ef39f7f149aaf39caa534b188a34021e577d68bbc48d1d99b7b13a1303d4ebaf5c29fda0bb573f3a6cb171aa2db67cc4b25292eac4a36

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
ebc04b68220fe42214f6e956dd0e11d7

SHA1
b2a08b56a5a3d14099dc5051cfc9982fb0928cbe

SHA256
e1da881d46f1a95a0d9feda9b101b4a8b4fb34ce88104b1c77e6fa8a1d521686

SHA512
de96196dafbb4f3eaf46778382fb6ecaacf16053e5d767ecc7be083db43e13a700e4fcc3dcb9c1b98d658bcce25af5d99b66565b0ac4d5907f5185fe2871e542

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1132431369-515282257-1998160155-1000\_desktop.ini

Filesize
9B

MD5
2be02af4dacf3254e321ffba77f0b1c6

SHA1
d8349307ec08d45f2db9c9735bde8f13e27a551d

SHA256
766fe9c47ca710d9a00c08965550ee7de9cba2d32d67e4901e8cec7e33151d16

SHA512
57f61e1b939ed98e6db460ccdbc36a1460b727a99baac0e3b041666dedcef11fcd72a486d91ec7f0ee6e1aec40465719a6a5c22820c28be1066fe12fcd47ddd0

Download Submit
memory/732-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/732-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4464-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4464-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4464-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4464-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4464-1226-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4464-4792-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4464-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4464-5231-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download