940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
Size

29KB
MD5

53b7b9dbae85663874034b1c82c3608d
SHA1

942bb8cfab593a29022999b7e48c5821270da47f
SHA256

940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65
SHA512

f9633ccab72a6eeffde6854f6a81f74be8af332846ea6681e96454314b60b93faf71af9b6c5ecf9f3961a7643b5232b5182982da0b01cdb12829086f4203d9b5
SSDEEP

384:Nbbiojr1Gt5M0zhIV/DZ3KZp7JcTO4yf9Knuf2MqlUV2V9wVfUnfRqOzGOnJh:peoP16GVRu1yK9fMnJG2V9dHS8

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\S:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\E:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\Y:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\X:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\T:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\O:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\Q:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\I:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\H:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\G:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\P:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\N:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\M:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\L:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\Z:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\W:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\U:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\R:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\K:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened (read-only)	\??\J:	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Windows Mail\it-IT\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ICE\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Windows Sidebar\sidebar.exe	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Windows Journal\es-ES\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\fr-FR\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\_desktop.ini	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 496	2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe	28
PID 2952 wrote to memory of 496	2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe	28
PID 2952 wrote to memory of 496	2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe	28
PID 2952 wrote to memory of 496	2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe	28
PID 496 wrote to memory of 1388	496	net.exe	30
PID 496 wrote to memory of 1388	496	net.exe	30
PID 496 wrote to memory of 1388	496	net.exe	30
PID 496 wrote to memory of 1388	496	net.exe	30
PID 2952 wrote to memory of 1244	2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe	21
PID 2952 wrote to memory of 1244	2952	940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1244
- C:\Users\Admin\AppData\Local\Temp\940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe
  "C:\Users\Admin\AppData\Local\Temp\940be1b618d00efb2a70ab051da414ad4123faa6413c8277cd28145368660c65.exe"
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2952
- - C:\Windows\SysWOW64\net.exe
    net stop "Kingsoft AntiVirus Service"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:496
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      4⤵
      PID:1388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
24d7d7e6aaa81c6d4cb3c09032e5634e

SHA1
2288226d9121ad83c63e03e58f19741ff2dfe1a2

SHA256
74b8d93b615255c1800d0c92b06bca8ebcec1d8070a26efa290ba8e9cb7179c3

SHA512
704ca131a8194d0a7f3dda4fa0c0c323c4bab3fea109f406a11b7546d05928c5cc6590bdc43313e2e12cc21d95475261a4d367b2d9e6253be4fe6cef887cbe45

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
959KB

MD5
29389cd5ba8cb9c0a7a8910632d28b23

SHA1
207aa87c8154aa0ac03c65fcc1fc18cb586e4cad

SHA256
e26324706b8e17547a7771790f980f383380ead9dfbd7ab05c3c85b63b6b6f51

SHA512
67f5782f6555b549a8b329228978e159dc1626d8a68160f5d936e4bb3faed2ada8a256ac12c4344f58e70b957eb56c94e35536e55d07cd46415960a8e387f1aa

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
474KB

MD5
1ca79e3c2539763b0aaac5de49795afe

SHA1
2d240aef9a2cce22578f42ebecd3058e37a404a8

SHA256
e3e49eceb810b34fc826d70c6556d927a363f29c90b347ee4cfd61d7ba3ff2d9

SHA512
4e24d3ebcefa6545d85517bbc5bff3285f85a5967da1642a6e4e53bc2c41efc8b9092a3bbb56c1670b215d623ff5c320bcb06f654ac97482a5dff0da208349e6

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-268080393-3149932598-1824759070-1000\_desktop.ini

Filesize
8B

MD5
9bf5ad0e8bbf0ba1630c244358e5c6dd

SHA1
25918532222a7063195beeb76980b6ec9e59e19a

SHA256
551cc5b618f0fa78108dd2388d9136893adb10499e4836e9728f4e96530bf02f

SHA512
7fdce76bb191d4988d92e3d97ce8db4cae1b5c1f93198bffc4e863d324d814246353200d32ea730f83345fcb7ad82213c2bcd31351e905e473d9596bc7b43ad3

Download Submit
memory/1244-5-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2952-66-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2952-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2952-72-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2952-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2952-557-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2952-1849-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2952-2249-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2952-14-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2952-3309-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2952-7-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download