046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193

Analysis

max time kernel
149s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe
Size

1.0MB
MD5

78e8386d1500e05d8917e862cbffc33f
SHA1

32c8e7c89b481463dabfe1de8a1eb8ea4a3781bd
SHA256

046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193
SHA512

dcb58d1b3d6c03bf5e4b9f4f9954acab8ca7c332481c86ef15abc4857574d41a07ff417d96567d930910c643117d7f11f399daccf61fa8268f0cf62966a49116
SSDEEP

24576:o7jYCKhqbBtr0ruiQqwu+A1j1zf5im5Q2EXVzpdl8GWBKlX+KkG:o7LK4bBR0SiQqwu+Ad1wmHEX1p+HG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4344	Logo1_.exe
3984	046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Media Renderer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VC\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kn-IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\GameBar.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\nb-NO\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ca\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\brx\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_~_kzf8qxf38zg5c\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe
File created	C:\Windows\Logo1_.exe	046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe
4344	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 3236	4984	046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe	85
PID 4984 wrote to memory of 3236	4984	046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe	85
PID 4984 wrote to memory of 3236	4984	046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe	85
PID 4984 wrote to memory of 4344	4984	046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe	86
PID 4984 wrote to memory of 4344	4984	046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe	86
PID 4984 wrote to memory of 4344	4984	046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe	86
PID 4344 wrote to memory of 1764	4344	Logo1_.exe	87
PID 4344 wrote to memory of 1764	4344	Logo1_.exe	87
PID 4344 wrote to memory of 1764	4344	Logo1_.exe	87
PID 1764 wrote to memory of 1564	1764	net.exe	90
PID 1764 wrote to memory of 1564	1764	net.exe	90
PID 1764 wrote to memory of 1564	1764	net.exe	90
PID 3236 wrote to memory of 3984	3236	cmd.exe	91
PID 3236 wrote to memory of 3984	3236	cmd.exe	91
PID 3236 wrote to memory of 3984	3236	cmd.exe	91
PID 4344 wrote to memory of 3348	4344	Logo1_.exe	55
PID 4344 wrote to memory of 3348	4344	Logo1_.exe	55

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3348
- C:\Users\Admin\AppData\Local\Temp\046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe
  "C:\Users\Admin\AppData\Local\Temp\046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4F68.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe
      "C:\Users\Admin\AppData\Local\Temp\046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe"
      4⤵
      Executes dropped EXE
      PID:3984
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4344
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1764
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
b1bb52c06c316416f76642ea4e2d17ea

SHA1
64f7a0f5a93d136ccf57010a5948e4120a30a66c

SHA256
0fb35de32beca37c3a81fb2c7ec2f60990cf9d22174f65928767ab5dbb1a778d

SHA512
8e7d1272e361c1b7c41c4516f9b81f96e54131e4abc1eeefab4ad3bce59757bdb71b1c0e8d583f19d46fa2fd10e5d7d914f3748ef2b9bf2d7781fb2796274562

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
a1f9025885bd5f3386eac3c1c9546474

SHA1
1c61980be9ee84cf4b68656e8c9292fab6cd1cf5

SHA256
aa31d5583d7153be95b90f7625fafab14aa17df8b69dbab4cb6b1cfe76bbf8ce

SHA512
1930304e629dc2ebdc5705a04e4faba413d15c8652416ecfc5181da073a2cb67f8efe87caf3ccfdffad81dcd6c30c682b5a1babb4961264718c9a9649e92fb81

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
53ee62011469b286a2a1b5658c86b9bf

SHA1
9bdac0b23b0a965947c780c6a6b48fc7122f9ade

SHA256
7125735e4e8595f1c17ff3235bc65dacabc2ec874b29ac7ba8eddd80ad10b3c0

SHA512
c9c24e578da0a38048e71548fac66465bcb624e971f745bba559e8c49fd621752e718d4c983a90a97277407bb23348ca109436e1eeebef030c3b599c712ff236

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4F68.bat

Filesize
722B

MD5
5b688fa2b7efc00e4bbb7afe3cb28ff5

SHA1
f135c3fbbd23f07d0aecb5088a1bbf231264ef2f

SHA256
36d16d1498a812ce96926cf0793e8c37a924677ea1290905b802af2a961a8a90

SHA512
820421341480a6b6bfb84b7b061d82fd034daa4142bc83cf4d0344fb2d20f89aba96d1f83532b19297774a1b704a9cc0cb5e6ef0eab8e7e200d16d68ba062399

Download Submit
C:\Users\Admin\AppData\Local\Temp\046cf01454cda20f36f4133cfcad87f1dd2a5cc52e42d9c3319435976b003193.exe.exe

Filesize
1.0MB

MD5
01e2d766a0c9f058befff9ff1054f265

SHA1
dcd81c4bc8276a4321ad9c99e65fc7cd622ba180

SHA256
2c2d45be774c179d1fbcbcc18812e446461bd740391638d2755fc6da87fcec66

SHA512
a560b95d83f49b8752db5b77aa9c61fce597482b655e87a9e5b422ed45295df64178e885fb1c0fbfd50ebd3aad41e13da072a8e1adcd80171281368dbf2a31b9

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
74e5b0db456a0798b7701075ee04dea9

SHA1
be5bc6a14e1abcd8d4326cf928eb44dad8fbfa6f

SHA256
e522e99c8ab2de83d2167cf86f03821415cea0a68bf58f73a5a30549ef759009

SHA512
d2808c1f881eca3211a5688390f89f01f8570c365880298ba246fce863716019c1be5b29b6c7674ba8938ec584de4a851611eb97408770ab150d3abdbc5a667b

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2288054676-1871194608-3559553667-1000\_desktop.ini

Filesize
9B

MD5
2be02af4dacf3254e321ffba77f0b1c6

SHA1
d8349307ec08d45f2db9c9735bde8f13e27a551d

SHA256
766fe9c47ca710d9a00c08965550ee7de9cba2d32d67e4901e8cec7e33151d16

SHA512
57f61e1b939ed98e6db460ccdbc36a1460b727a99baac0e3b041666dedcef11fcd72a486d91ec7f0ee6e1aec40465719a6a5c22820c28be1066fe12fcd47ddd0

Download Submit
memory/4344-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4344-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4344-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4344-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4344-74-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4344-1227-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4344-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4344-4792-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4344-5231-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4984-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4984-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download