99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe
Size

713KB
MD5

c4f45ca67af2e0e0948a158240be3302
SHA1

b77bfff9b8d969267552500b555fb5948df49c47
SHA256

99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709
SHA512

dc83d507aa676d16119f55555886c975bd137931d478ae162fea08c71b71755f269ed14cb540c1d7a8f098347860aeedf5621547b6956f2a8e13af0bb7e8dc8d
SSDEEP

12288:YtgfC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:AMLOS2opPIXV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2564	Logo1_.exe
4420	99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-CA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreRating\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\125.0.2535.92\PdfPreview\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.41\MicrosoftEdgeUpdateBroker.exe	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\edge_feedback\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MLModels\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\en-gb\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe
File created	C:\Windows\Logo1_.exe	99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe
2564	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 4444	4476	99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe	83
PID 4476 wrote to memory of 4444	4476	99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe	83
PID 4476 wrote to memory of 4444	4476	99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe	83
PID 4476 wrote to memory of 2564	4476	99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe	84
PID 4476 wrote to memory of 2564	4476	99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe	84
PID 4476 wrote to memory of 2564	4476	99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe	84
PID 2564 wrote to memory of 872	2564	Logo1_.exe	85
PID 2564 wrote to memory of 872	2564	Logo1_.exe	85
PID 2564 wrote to memory of 872	2564	Logo1_.exe	85
PID 872 wrote to memory of 944	872	net.exe	88
PID 872 wrote to memory of 944	872	net.exe	88
PID 872 wrote to memory of 944	872	net.exe	88
PID 4444 wrote to memory of 4420	4444	cmd.exe	89
PID 4444 wrote to memory of 4420	4444	cmd.exe	89
PID 2564 wrote to memory of 3496	2564	Logo1_.exe	56
PID 2564 wrote to memory of 3496	2564	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3496
- C:\Users\Admin\AppData\Local\Temp\99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe
  "C:\Users\Admin\AppData\Local\Temp\99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4476
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3529.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe
      "C:\Users\Admin\AppData\Local\Temp\99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe"
      4⤵
      Executes dropped EXE
      PID:4420
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:872
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
11ec27109dff3973235bae78403e564e

SHA1
74a733e0355009c9c6c4677bbd131f538a3bc630

SHA256
c8f5974ca2b34c1b053df21acf584a370efbde4a28dc18369273ee6782630161

SHA512
8fda95e7ef1377d3db367ebfa5dcc527b974226e62db3af7565d000dd0d3e201440574ebd096207e47554f902f09a8ee5bec6a9b7dca6614f2a540d247c5776d

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
488f503d34cfc8f11631fcd8703ec4f0

SHA1
479faf147fd9cd1bd7e381b40f327a1408d98b7c

SHA256
ecc75edfde40294d28921bf0d53dd2f7e62a8fd140b684886d48f4f2271821a4

SHA512
600f5a67cb1d39e401f53da2f5ed9b9165468c82fff4db77c9e9a678d49cc8e0aa3dd4c13536250ae2051326298a3f1195530fcb987c1cebf94c7684e38e9c44

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
10b7e02b3c11aad5839d900ca07755bd

SHA1
e31a4d8424f15b25cf2e5528ddb916bb9114ab05

SHA256
6731abc4ab42abbacdf4b0723146ff9725e131cfc601c5d4cb1d18cbd284345a

SHA512
f81438b5143b8328531307debda9b4ed3f856eac155f7a7890ee3b47b425e3f91d4536279782b9a70112afd3c54d0b4841e27cb5d20e828fec9b77f482c771e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3529.bat

Filesize
722B

MD5
ad736c86d251ef706c7d9b1e88998c55

SHA1
655b3ab4ba2b5b18d6da65d70ab7216e06e4d846

SHA256
7c4688613ace3cf5c0c74d48b5c4ab8eca5dd46ec160b230c48a9dd18821ad06

SHA512
7742d6e078f3bc729522c594d77fdb14be2b2512e1236e524e590515b9a14b705d48b34e4163f8daf15aedf52a749c896f21e0c6dcb4598092999b1e1c6cacb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\99d4c7c7f3a799405071e38558df27d3f7f48da579ea0de0f45fab32c5bf7709.exe.exe

Filesize
684KB

MD5
50f289df0c19484e970849aac4e6f977

SHA1
3dc77c8830836ab844975eb002149b66da2e10be

SHA256
b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305

SHA512
877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
35aadf4fd8a8b22ea5a43bf4394e477f

SHA1
45abaa1e7195e55333ff4f6dfab498f756ee8b6f

SHA256
80dfcfdbc38b8274c0b096274f5d9e2a4a4ca42a242b0ce27d03cadd0ba37d63

SHA512
f78a7322e77854720495da6da7ed446b27e360036f25fb93b80f7a73f7e75f6dc7dc2e599c69fe447f2a38ac98648864bd8dee2b273f5f3afb22a6c804aaf4eb

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4204450073-1267028356-951339405-1000\_desktop.ini

Filesize
9B

MD5
f0a92d08416cb87dc153ea387c708411

SHA1
37c1e98506bdb3d5ea2e7fcb62bb91c9bf5b4fb1

SHA256
478ccf01e44e5bd446e37007b199568a73c0452e34ce917945fd820710107464

SHA512
1dd7d96307c01abb2985ed1d39617787563174f5b90df9786106259ea12a08bdf39662c440bdc4b3ac4f6bb499a4aaf058ed18e06ef72be5f82f01b7150ec9a5

Download Submit
memory/2564-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2564-34-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2564-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2564-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2564-1238-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2564-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2564-4966-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2564-5405-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4476-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4476-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download