9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe
Size

2.8MB
MD5

81c4c08e604df85f6a86f49d97ec68f2
SHA1

a08edbfdca35126abdc9c668c10e9b8378c71089
SHA256

9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8
SHA512

142c56b027a13a2a357b9e8c3cc7ae99f61290938f54d20e1e4c4d61f7dd100742b18cee06abb3156bda8118e853549281e6a0134917d19766347060a8d739cc
SSDEEP

49152:B6gLKJuMarhVnMFwTH8/giBiBcbk4ZxZ2DqFeVMhuxcPh:Ed1XdhBiiMa7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
112	Logo1_.exe
4156	9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Wide310x150\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\themeless\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eo\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\iadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Text\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-MX\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\32BitMAPIBroker.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\MEIPreload\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\en-US\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe
112	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 312	1268	9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe	84
PID 1268 wrote to memory of 312	1268	9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe	84
PID 1268 wrote to memory of 312	1268	9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe	84
PID 1268 wrote to memory of 112	1268	9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe	86
PID 1268 wrote to memory of 112	1268	9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe	86
PID 1268 wrote to memory of 112	1268	9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe	86
PID 112 wrote to memory of 2756	112	Logo1_.exe	87
PID 112 wrote to memory of 2756	112	Logo1_.exe	87
PID 112 wrote to memory of 2756	112	Logo1_.exe	87
PID 2756 wrote to memory of 1216	2756	net.exe	89
PID 2756 wrote to memory of 1216	2756	net.exe	89
PID 2756 wrote to memory of 1216	2756	net.exe	89
PID 112 wrote to memory of 3448	112	Logo1_.exe	56
PID 112 wrote to memory of 3448	112	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3448
- C:\Users\Admin\AppData\Local\Temp\9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe
  "C:\Users\Admin\AppData\Local\Temp\9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1268
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4825.bat
    3⤵
    PID:312
  - - C:\Users\Admin\AppData\Local\Temp\9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe
      "C:\Users\Admin\AppData\Local\Temp\9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe"
      4⤵
      Executes dropped EXE
      PID:4156
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:112
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2756
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
247KB

MD5
39f77f4bf41f3d1062fa8fe88ae0ac96

SHA1
28c26ed527b667140444e78da9aa28ac701c4655

SHA256
83ee7a1787cd3d526fce9c190f60de08f690b87a311640a3edd96f0c20d4f52a

SHA512
bd75b82865d35661deda19c09ae68b62aa738095088ca01fb38ac2dfe87ef36f5d88e4155b50ff9ff7105c0f608a46d7fe4fc058e945f2fed28ca0f07cb98220

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
74036ee8dd1468e4a02e9ba986d953aa

SHA1
a048d1986d6f5c53e20754ce7d0089ae87ac376d

SHA256
5e332d3d8d36e524d661a8832ad7576e6dfa3150df9e055d797524c5a475190f

SHA512
a285b9bddc153d3aa6204030f8a3020b5c577fd2c1ce6450429cdd073fb9c2c14d420bb93112aa9fe8bc9a212a086f166e4313b3f781173b03ba2f4ad60cb966

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
c8d281da4c32df16eef470c27c8cb459

SHA1
00efc9f6844bfaa37c264b6452c6a7356638ab10

SHA256
058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

SHA512
e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4825.bat

Filesize
722B

MD5
ae0f85d28cdc81a8628cad0c327c7eb8

SHA1
5b5c8699333ca947bb5089c73e87b9f46d825aa6

SHA256
86adfae73bf7f6ab905ccdb4656f63578774c60287f216362c23b0ba52249ac4

SHA512
7f7f67c62aaa1c460eb071042bfb4dccfd5ab7b369c337cf4f50d1a92115d30199c3a3f159a31e059afa097ab5720ade940797dcba84b42d865ec0f2055dc654

Download Submit
C:\Users\Admin\AppData\Local\Temp\9186e3e27692c763463421ba74e58bc843655237ef37759c5688a393d902ffb8.exe.exe

Filesize
2.8MB

MD5
095092f4e746810c5829038d48afd55a

SHA1
246eb3d41194dddc826049bbafeb6fc522ec044a

SHA256
2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588

SHA512
7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
bc2827244a10f2d501da2a3835d316e4

SHA1
09d1f0df0cd9e0205bc7b3cdddf7441d08a9dd85

SHA256
c09672cfa112faa6c94d69a9b213d9dd1585c64250059fb9b8109e0dad8d5601

SHA512
d1bedcfdc699a513ed46dbf2c54c464fcb247771c20d503084a36a5c1561eb85d7e040fe42bee2a2b7408b98da8714040c199013d3bae9276fbb6e8fa382e56f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2860750803-256193626-1801997576-1000\_desktop.ini

Filesize
9B

MD5
73b8aef84e892e3f77d41747dce253db

SHA1
d642a92c96e4ed570d998a73e42fc24fafe8caf9

SHA256
a81f7465f537233bbd4b8fa9034e52a8ceffcdf97bf36244c4d404ebec14eb24

SHA512
9b0690efee220355932375db333b5487c369ca9fdcf8497bcb5283d78d21fb4fefb7c06bbe533fb1f18fd3b32256a013090af6dd957b9d09cc373d0d5b89cf6d

Download Submit
memory/112-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/112-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/112-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/112-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/112-1237-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/112-4801-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/112-13-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/112-5264-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1268-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1268-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download