195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 04:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe
Size

132KB
MD5

d6a2161f0f8bfc55efd2ad1ac72db0ea
SHA1

9aa9953256bbff14a039b846b7376ff211da95f9
SHA256

195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c
SHA512

67f997de91af8e76ade2b995fb1b3b55a96f2b4ba8cf1bc0d8bd1cd29877909d5c5efee3531eeb9336b67e67b49a1cf7ef18b76c57911ec1f2ed09b4cf964e65
SSDEEP

3072:qftffjmNpER5AhC48S1m2YPrh4qR8vdZksB+Dkdqg:qVfjmNpEXAe6QPGksB+QY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
516	Logo1_.exe
896	195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fa-IR\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ne\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\include\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\offer_cards\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Place\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pl-PL\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe
File created	C:\Windows\Logo1_.exe	195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe
516	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 3144	3156	195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe	87
PID 3156 wrote to memory of 3144	3156	195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe	87
PID 3156 wrote to memory of 3144	3156	195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe	87
PID 3156 wrote to memory of 516	3156	195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe	88
PID 3156 wrote to memory of 516	3156	195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe	88
PID 3156 wrote to memory of 516	3156	195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe	88
PID 516 wrote to memory of 2904	516	Logo1_.exe	89
PID 516 wrote to memory of 2904	516	Logo1_.exe	89
PID 516 wrote to memory of 2904	516	Logo1_.exe	89
PID 2904 wrote to memory of 4336	2904	net.exe	91
PID 2904 wrote to memory of 4336	2904	net.exe	91
PID 2904 wrote to memory of 4336	2904	net.exe	91
PID 3144 wrote to memory of 896	3144	cmd.exe	93
PID 3144 wrote to memory of 896	3144	cmd.exe	93
PID 3144 wrote to memory of 896	3144	cmd.exe	93
PID 516 wrote to memory of 3488	516	Logo1_.exe	57
PID 516 wrote to memory of 3488	516	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3488
- C:\Users\Admin\AppData\Local\Temp\195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe
  "C:\Users\Admin\AppData\Local\Temp\195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3156
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3321.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe
      "C:\Users\Admin\AppData\Local\Temp\195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe"
      4⤵
      Executes dropped EXE
      PID:896
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:516
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2904
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\LockAssert.exe

Filesize
333KB

MD5
f33cdbd25cf00680f9a0fdd3b603fd3d

SHA1
ec88ba24d5a8d74e3e42614b6f9e6f5d881ea6fc

SHA256
877aa8d9eeb253a4afe360bce8024032aaa59dadc600944463fd53254c8f1829

SHA512
e76437d66825f9c494ab9eda42bc6512d86da92c0952280be9031413327c50743b47e5f7b99a5791d91b22375cffa204faf1184b7219bbd4768284dcbeb0e404

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
53ee62011469b286a2a1b5658c86b9bf

SHA1
9bdac0b23b0a965947c780c6a6b48fc7122f9ade

SHA256
7125735e4e8595f1c17ff3235bc65dacabc2ec874b29ac7ba8eddd80ad10b3c0

SHA512
c9c24e578da0a38048e71548fac66465bcb624e971f745bba559e8c49fd621752e718d4c983a90a97277407bb23348ca109436e1eeebef030c3b599c712ff236

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3321.bat

Filesize
722B

MD5
91a61408239f552787f7f27b268a4272

SHA1
a691e87cc7abb41f1619773d3ea6d85dea459db6

SHA256
bac97771f72dff1ff54694229aa88b9d49782b68484fb6c4d0e8409f4a614e46

SHA512
d5f7e15f09ad349bb86df27e571cf8ad472b2f6aee81f548e5b84a9977e5d215397240a27c2b9ace55c8af6ed9ec9553c3c0a8e339c1eb703248e23488b245d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\195d3161d0106e8ff372d278078e013dd6edcbed72b8470b652866eba00d0a1c.exe.exe

Filesize
105KB

MD5
e24f800405cb03dea04dfeb65465d32f

SHA1
68ff4be8d0c056e7ac97ebc42b7001006e82ca5e

SHA256
a91d608f8d4bf2d735e4d4b91d08aa4e651a9ce1659ae07dc32670b28469f68d

SHA512
690cb26914aadad0e57c448562b787c6ba0207ffcaab92b53b471ca276249c95ab13c0d7eea36a4068f68ac92b74bdba934df8fb86c097d973e71e6c63a9d1cc

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
7c31a2ceea09538840d7e4d03167630e

SHA1
944270bb58eca79620740c83d7d654cbc12bbcd8

SHA256
30034ba2e0f9729d160f7ed8da4e89b631267647c5824b41624c301e112fb618

SHA512
227cfc84c6f089ab59950583d308b3e63dee47fe3d227f4fa8dc65ecc814c84ce21efc678d21ec087c311276b25d5ff28c44577b92693ff734ae7a6ebd5addad

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2177723727-746291240-1644359950-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/516-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/516-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/516-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/516-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/516-1228-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/516-4796-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/516-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/516-5235-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3156-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3156-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download