d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f

Analysis

max time kernel
153s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe
Size

326KB
MD5

4ecbc7d829651586a8c83450a14b1ee3
SHA1

d34347487b01eba6f4f13651bd94d5ae2ae43fa1
SHA256

d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f
SHA512

ad8131e7d61d52ad381afff9e3fd1ef3f34ef42a17501ea3660e307447fb162a45971cec20ad8d7bca0ebac2c8cec76de5b1a31c072022851ebfc111bb428865
SSDEEP

6144:YVfjmNDZ6v5Ss3aXXDRfivkuIETBXbD4IbEMMcDN7Y7tcqGn63oFl:C7+xtXzRf2GETNbD461Mcp7YJhGnZFl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2512	Logo1_.exe
4688	d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\my\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.81\pwahelper.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Sounds\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\ScreenSketchAppService\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe
File created	C:\Windows\Logo1_.exe	d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe
2512	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 2944	4388	d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe	92
PID 4388 wrote to memory of 2944	4388	d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe	92
PID 4388 wrote to memory of 2944	4388	d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe	92
PID 4388 wrote to memory of 2512	4388	d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe	93
PID 4388 wrote to memory of 2512	4388	d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe	93
PID 4388 wrote to memory of 2512	4388	d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe	93
PID 2512 wrote to memory of 2024	2512	Logo1_.exe	94
PID 2512 wrote to memory of 2024	2512	Logo1_.exe	94
PID 2512 wrote to memory of 2024	2512	Logo1_.exe	94
PID 2024 wrote to memory of 4356	2024	net.exe	97
PID 2024 wrote to memory of 4356	2024	net.exe	97
PID 2024 wrote to memory of 4356	2024	net.exe	97
PID 2944 wrote to memory of 4688	2944	cmd.exe	98
PID 2944 wrote to memory of 4688	2944	cmd.exe	98
PID 2944 wrote to memory of 4688	2944	cmd.exe	98
PID 2512 wrote to memory of 3492	2512	Logo1_.exe	56
PID 2512 wrote to memory of 3492	2512	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3492
- C:\Users\Admin\AppData\Local\Temp\d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe
  "C:\Users\Admin\AppData\Local\Temp\d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4388
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2B03.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe
      "C:\Users\Admin\AppData\Local\Temp\d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe"
      4⤵
      Executes dropped EXE
      PID:4688
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2024
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5148,i,39144156904280355,15417980039713258782,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:8
1⤵
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
b00440d6bd7b7056c3aed427243db648

SHA1
7f050fe9842b51432dc9dd8c6c6fd0bdc7e01d22

SHA256
4482a95202b4fdf65ff0eb2393263c0a279beb3b2daadfe5e5587d68d0d13531

SHA512
0faad1642e0074df2d6d19b36fdbd248bea2b34e770eaccc580ae69cdc39c1c6eb910966d0560225825ecc9d0fe482becb2266772c71d3f95c40967713031c07

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
e89cddb916d76d17531c8d84b7dd4653

SHA1
4c184ed9920871eb1f810f4ce9ae5e03db53663e

SHA256
49d49aeb0c03a3d9229a2c7f0fcc405a971c7782c912611def0650579ecb6f61

SHA512
64d42991469cf1683931153f9da7f506551e32ecd8afa187c474719cb539dbd688505fd78b5533267d1d560209cb929f366825f1874dc314ba1ca9efb71a95f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a2B03.bat

Filesize
722B

MD5
d19f0e211354bbe5e7c6768ece0532be

SHA1
9b5f401b62b87f8530dd0efb4901ef80c1ad174d

SHA256
8896309f2dc4047f405f3bdc9b40f2a569d797ff92b8e6c8f2b0b08cc2347b1d

SHA512
7969278a3bdc76307618fa9fc380d5b5ceaec1442be68e4dda6cbb1267ba99522cbc3ed605208b4c5a7928a312617873e8ff7b6bba3295f8d9fae8eef26accec

Download Submit
C:\Users\Admin\AppData\Local\Temp\d8991767fbdd012e67ff0fb97f0aa62cc8aa6993a3eb532061c39b742861891f.exe.exe

Filesize
300KB

MD5
9b2a965815c5d8bdd6fd11233a76dfa5

SHA1
ee9660c990108e467b420384b513825f00cbebb9

SHA256
da65b87e6ca3899cb9fc08bec37197d407f476b6aa788d789e9c633e6e702097

SHA512
93d25c05d145f2ec11add5996edf78423f122b6693b3a25bf4512dfeca6aaa66196d3fcef24e0ce4b50e4d8f869014c8178429055665c1969df21b0aace36df6

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
46e5336e3ad9242352c0c3d72b6efb6d

SHA1
d825c1883bafe2ac98918da291276dadd1a2f41f

SHA256
1acd6390b27823123eb5e7e86dbf654aed0cb37362c1e72dc768fa404aa628d3

SHA512
df93feae99900e6876df0b6e8cccf798ecbcb88267f76b3d4a9626c7ce400bcfc86b7d2838747087b7860f2eb254464f177be2e7386f4176cdf0f9e40e01c0a4

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1230272463-3683322193-511842230-1000\_desktop.ini

Filesize
9B

MD5
2be02af4dacf3254e321ffba77f0b1c6

SHA1
d8349307ec08d45f2db9c9735bde8f13e27a551d

SHA256
766fe9c47ca710d9a00c08965550ee7de9cba2d32d67e4901e8cec7e33151d16

SHA512
57f61e1b939ed98e6db460ccdbc36a1460b727a99baac0e3b041666dedcef11fcd72a486d91ec7f0ee6e1aec40465719a6a5c22820c28be1066fe12fcd47ddd0

Download Submit
memory/2512-28-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-1233-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-2170-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-4167-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2512-4872-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4388-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4388-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download