c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 12:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe
Size

227KB
MD5

b5e9e2854cabad5be4a84f502122460f
SHA1

c96b4c27b43de10ac8f6bd4e64cc8a289b529437
SHA256

c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3
SHA512

3e79d0d3d4a2f3adf445f23429747f1d87652e8d4347fb80b4f0f351329a9fd4ef93225fbd71b786d8851678f89722b2e6d689dc75a198327f45063195f6592f
SSDEEP

3072:pJkuJVLUdeKzC/lzMPySe8DnpeIPipoHbKvXWXz9LRnsaJUS+6wPXD3fxNW7gq5n:0uJWdeKzC/leySe8AIqpoHbnDns1ND9m

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4256	Logo1_.exe
2044	c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\cs-CZ\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\themeless\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\tr-TR\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\identity_proxy\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Security\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Network Sharing\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Retail\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe
File created	C:\Windows\Logo1_.exe	c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe
4256	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 1448	224	c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe	83
PID 224 wrote to memory of 1448	224	c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe	83
PID 224 wrote to memory of 1448	224	c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe	83
PID 224 wrote to memory of 4256	224	c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe	84
PID 224 wrote to memory of 4256	224	c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe	84
PID 224 wrote to memory of 4256	224	c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe	84
PID 4256 wrote to memory of 3292	4256	Logo1_.exe	85
PID 4256 wrote to memory of 3292	4256	Logo1_.exe	85
PID 4256 wrote to memory of 3292	4256	Logo1_.exe	85
PID 3292 wrote to memory of 5048	3292	net.exe	88
PID 3292 wrote to memory of 5048	3292	net.exe	88
PID 3292 wrote to memory of 5048	3292	net.exe	88
PID 1448 wrote to memory of 2044	1448	cmd.exe	89
PID 1448 wrote to memory of 2044	1448	cmd.exe	89
PID 1448 wrote to memory of 2044	1448	cmd.exe	89
PID 4256 wrote to memory of 3532	4256	Logo1_.exe	56
PID 4256 wrote to memory of 3532	4256	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3532
- C:\Users\Admin\AppData\Local\Temp\c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe
  "C:\Users\Admin\AppData\Local\Temp\c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:224
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4527.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe
      "C:\Users\Admin\AppData\Local\Temp\c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe"
      4⤵
      Executes dropped EXE
      PID:2044
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4256
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3292
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
718ed8e50cd6a9b60f9a1d8305b11efb

SHA1
6e71bd55eeaefdfc552b347b12ca6e2f9cc2b9e1

SHA256
e24a8183943084ef1f324e550ed4cedaae0924065b8768695bab729b442f1437

SHA512
0f654e2e3c8c5234a656ea03f065ec03bce44e95930d78d20a390d3469679ea3c633527ba59e56c09565f54f724fdb1b79ceae540b35a4ced43c83a80f567911

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
c982f440bcb23e1ee20932fa9960a292

SHA1
f0103d90c50fe8cf02315242a12b79910211a0bd

SHA256
effda427302a3a98c3defadb7b83b10d48f92eed5e70218f346998d8d451d72c

SHA512
a3c6fe254a44f391d1e16850ff5f02167442c56735c3004c99232e04fad2d7efeeae815a32b2083f684a23f4089653dbd19bec2ab64513aac1aba9d885cff43a

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
1010b22672d60223d3449e34e742de82

SHA1
d2b0717b5d13bce7540ef284eaaaaec0d43e54ff

SHA256
63d148b4110e4050b82cacdb7be0a004eba84c33c971f56873998ec59ac354fc

SHA512
1fb0fffed9f5de2551f8fb7821588f7c7773bb89f34bf8708833888cdbcd3da7c8b0301599aad129774ab272b7fd8cfb39ea361c23491aaa8bdbf6ccb1333e1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4527.bat

Filesize
722B

MD5
424d805bcd3d3b979f686f4721d4a4c1

SHA1
6c98a95ab858fdb5b6f9c8438265094de77f2beb

SHA256
e8d804aeab113b65da149bbe3b0e5ec0c4d11939f0015f58384f4f8c819ccf45

SHA512
161c41df675d4d3ddb98202578e4b75d68d3eb38f241b343f068d2d9071318636be997a6484c5a3ed65efcf65a36ed048fd88dfc6180bf8d5feae3dbeb575e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\c02c986889adaa967cd88458bafba94cefeeba690795695285a0808282d27fd3.exe.exe

Filesize
198KB

MD5
e133c2d85cff4edd7fe8e8f0f8be6cdb

SHA1
b8269209ebb6fe44bc50dab35f97b0ae244701b4

SHA256
6c5e7d9c81a409e67c143cd3aed33bddc3967fa4c9ab3b98560b7d3bf57d093d

SHA512
701b7d1c7e154519d77043f7de09d60c1ff76c95f820fc1c9afca19724efb0847d646686053354156fd4e8a9dab1f29a79d3223f939a3ff1b3613770dc8603b1

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
fe2713eee7d8390845722164bf4393e3

SHA1
8108fbfd41927823a795f84721b73b8b073fd9c9

SHA256
c2a79838f6b99689d1ffaf5b5bb10e17f49ff1ec7c6ebc82c0c50a41d644ba2b

SHA512
3111a45214ecf52fb6f2e93ad68dbfb0b086836606c98ccc13c8f190a66a8597f5b8628eff0fc75f27df0be40aada66c96dea0b737aac2b5dd1ff3eecbbb8ea8

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini

Filesize
9B

MD5
e850d9ceb7ebcc619d731dc2f1377b2b

SHA1
a45553c9057075c02e28f90d5e8ea57a0dddbacc

SHA256
b682a6e85069777ca22f84b99607acd09640eaa80029d74363c0a5aabddead4c

SHA512
be92bd8393d0fe69559ec55e1068fcd77ccc699361a9cb98d467bd51a029c371852b7a1196ad53fa8865e956582e6a4d35f6ac6fea3832058b7a427133b0048c

Download Submit
memory/224-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/224-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4256-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4256-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4256-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4256-1155-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4256-1232-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4256-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4256-4797-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4256-13-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4256-5236-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download