140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5

Analysis

max time kernel
149s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe
Size

1.1MB
MD5

428b1a78cf9ae408468398b6c6cbae4b
SHA1

f5cae101643e2cd348df438e7873ccabfd84d9b6
SHA256

140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5
SHA512

1feaf4cab113007ccee1f3f922cd61a85886324fa7c026d84d2c285ea8489def1769d79804ecf00468cc4606564e31cbd0b6ad59863cde97c3e6f7df9fc40868
SSDEEP

12288:a7+f2n+KJ0X2B63rzBVif2nIqEKJdHgGZI27BbRjUJon6toxDTho:a7xJ0X2BomIREKHI27VFn6tkho

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3320	Logo1_.exe
2108	140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_2019.904.1644.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBridge\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe
File created	C:\Windows\Logo1_.exe	140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe
3320	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 2404	4228	140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe	84
PID 4228 wrote to memory of 2404	4228	140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe	84
PID 4228 wrote to memory of 2404	4228	140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe	84
PID 4228 wrote to memory of 3320	4228	140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe	85
PID 4228 wrote to memory of 3320	4228	140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe	85
PID 4228 wrote to memory of 3320	4228	140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe	85
PID 3320 wrote to memory of 2644	3320	Logo1_.exe	87
PID 3320 wrote to memory of 2644	3320	Logo1_.exe	87
PID 3320 wrote to memory of 2644	3320	Logo1_.exe	87
PID 2644 wrote to memory of 4528	2644	net.exe	89
PID 2644 wrote to memory of 4528	2644	net.exe	89
PID 2644 wrote to memory of 4528	2644	net.exe	89
PID 3320 wrote to memory of 3448	3320	Logo1_.exe	55
PID 3320 wrote to memory of 3448	3320	Logo1_.exe	55

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3448
- C:\Users\Admin\AppData\Local\Temp\140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe
  "C:\Users\Admin\AppData\Local\Temp\140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4228
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a376B.bat
    3⤵
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe
      "C:\Users\Admin\AppData\Local\Temp\140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe"
      4⤵
      Executes dropped EXE
      PID:2108
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3320
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
548ddcade423bdb543717d8073ac88d5

SHA1
0210f769b1b16ae5e569e65e20fafbd12f2d0e04

SHA256
052524488f71bf143183bbf817657f609e226b2830071e8dea7fcede4c0ec052

SHA512
8576336e7eb0b1132dc5c4eef772ba5f9b57844173f17d9c5cf1fbb09afa443313a1675fcd03e028c592ecc59d0f52ea44529c58f721ccfc2bc958ae292bb0b0

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
a25ee3592c8e217cde1b3017a57c80c9

SHA1
635e8cedf6e233206d6f261cd70723f2fd06b0c5

SHA256
514daca39828d42cfdbb9bd266895407710979b10cc7eb8d792a7721d2b6cab8

SHA512
457b88f8d4390db5c6212733dcb9aacf0d98862652be4e8e8cc92706eaefe8c0ccbb7b1eaaa7d2b56274978f151f92a14ae6c0de8d2289d1070644d9aa819510

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
53ee62011469b286a2a1b5658c86b9bf

SHA1
9bdac0b23b0a965947c780c6a6b48fc7122f9ade

SHA256
7125735e4e8595f1c17ff3235bc65dacabc2ec874b29ac7ba8eddd80ad10b3c0

SHA512
c9c24e578da0a38048e71548fac66465bcb624e971f745bba559e8c49fd621752e718d4c983a90a97277407bb23348ca109436e1eeebef030c3b599c712ff236

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a376B.bat

Filesize
722B

MD5
a4fd183de5ea0a2245acfb64f037101a

SHA1
961a5f53d117456c5bdf85015bfb840e97871c03

SHA256
f7823479ce4b6650b64b65489103d689265042b85f04d18dc495109dc3a4894c

SHA512
9a1427059b0114d55a0d40c67ca836731a082ed0fb3e85b9901d602ec30ced91c421d0aee61b48031055ff6776edad7045cd3734ae0d664748869e818862db61

Download Submit
C:\Users\Admin\AppData\Local\Temp\140a543496006d5d294dc72aea4597a62e2bbcd01e137af023170b54029949f5.exe.exe

Filesize
1.1MB

MD5
a46666fde570be900639c2e0247eb233

SHA1
c287e6d260f7f5cfd118de3711a8dfa18f01cbfc

SHA256
87128d205f43d47ea9d3a7ec2fc5b8f46420a9f9de604f4a98d37afaf01f1677

SHA512
9fb0e4e99d0f3e761c1d0290d3d4e881fb9f3d1998cc34fc1b3ef4a2ed86df96a1ccacb81baf0e8a76e6d15429b98bcf936b9f7ffcfc2762c37119ccd8189654

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
bf432bacde0b936f7fd20c466ec0bfc9

SHA1
aff70b2cb9c409e3b63e7fc33f132441edad86db

SHA256
5d2e80c8e42ad3cf43ca754fb4597753ec8d80fc7d027e11f43536dd2f88d39e

SHA512
c134428f8da55038acf63eaae12357060574e2f062befc57c6a69c6833ab10a4eb08c6f36cd6433de1538f2b5b09ef8bb74acb8235856a5aac024914165c1a1a

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-355664440-2199602304-1223909400-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/3320-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3320-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3320-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3320-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3320-838-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3320-1227-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3320-1695-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3320-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3320-4792-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3320-5231-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4228-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4228-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download