996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334

Analysis

max time kernel
149s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe
Size

43KB
MD5

ec472ea21659c69224b1109d26e98b63
SHA1

88dbe3034006da80c43c2d8da2f3440ee4b7efec
SHA256

996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334
SHA512

7c55ae6f1dae3a126f30bc873ab1b33a4ae55eeb95bdbc36af85ef8ab2a0d7ba160bfe7f02fa29d161bf79403937a777f10d7f6f4ccc0d8e40a067f2372dd7b0
SSDEEP

768:p3KT16GVRu1yK9fMnJG2V9dHS8/WQ3655Kv1X/qY1MSd:p6J3SHuJV9NDHqaNrFd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2604	Logo1_.exe
4764	996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleAppAssets\Videos\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hr-HR\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ps\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\uk-UA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sl-SI\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gd\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-fr\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe
File created	C:\Windows\Logo1_.exe	996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe
2604	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4652 wrote to memory of 2752	4652	996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe	89
PID 4652 wrote to memory of 2752	4652	996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe	89
PID 4652 wrote to memory of 2752	4652	996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe	89
PID 4652 wrote to memory of 2604	4652	996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe	90
PID 4652 wrote to memory of 2604	4652	996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe	90
PID 4652 wrote to memory of 2604	4652	996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe	90
PID 2604 wrote to memory of 3416	2604	Logo1_.exe	91
PID 2604 wrote to memory of 3416	2604	Logo1_.exe	91
PID 2604 wrote to memory of 3416	2604	Logo1_.exe	91
PID 3416 wrote to memory of 448	3416	net.exe	94
PID 3416 wrote to memory of 448	3416	net.exe	94
PID 3416 wrote to memory of 448	3416	net.exe	94
PID 2752 wrote to memory of 4764	2752	cmd.exe	95
PID 2752 wrote to memory of 4764	2752	cmd.exe	95
PID 2752 wrote to memory of 4764	2752	cmd.exe	95
PID 2604 wrote to memory of 3516	2604	Logo1_.exe	56
PID 2604 wrote to memory of 3516	2604	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3516
- C:\Users\Admin\AppData\Local\Temp\996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe
  "C:\Users\Admin\AppData\Local\Temp\996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4652
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aFC23.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe
      "C:\Users\Admin\AppData\Local\Temp\996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe"
      4⤵
      Executes dropped EXE
      PID:4764
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3416
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
35c50162c24e761ad0549fa11015086c

SHA1
7a0fb869ba47515165e9b169f62b17884f612288

SHA256
f5ad8b7ec85e0179ff31b2e81f9e5b87a1709bbf43477cb8ecbc26d240af6ba8

SHA512
8d4ea51c1c78737d68ec2474a39c794582a06d6e1d6a7afed0d2e91d98ebfeaffe0c9c74de5befe1cc7304f9deb7bd445e83ba716099ed7ff5957abe693b531e

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
c1b90a76ff359a8f7f9495a6edfe7167

SHA1
c9c49bb9b8f0f70e60f9f28b006bb119cae28d4a

SHA256
b0d12ec354ceae33755a508eaac20f43d3dae62a3eeffe41a38ff658a06212a4

SHA512
39229afc94112efaeb37521ad1062e1433ebb0102bc07fb292413dc61642f38d4712d55054f274b61794c74a9ebe22f1de73046ed72b7aec1cc53345ba58322a

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
ad5a7e5eb1a1cdd791957e07c93748ae

SHA1
6e4f8c5f4d791327e11d0d68ca6f514554af8481

SHA256
cfee92d916fbbb95d8282c3264d3708ad1ddfdd9db4daaf00e0c96a22854c4dc

SHA512
a8acd191aec48dac8d5808a93ee973ea52793140e318b4d870fb10e4e8ba0756fe95654134dd1c175168375a0f7caebfd8a7d46a9b3dc71006f830b53dd9fefe

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aFC23.bat

Filesize
722B

MD5
a3a2da34c74bb3feec2321df8d0f81ab

SHA1
7ed2f34072c1e67f313bad10165f6ce63ec36c64

SHA256
abb8948ba6c768e3a7536b2fffaf673dc08655cd595cb4d99efdb115e81e5fd0

SHA512
c3a6ff3579060a121117661622f4ee4495602df153d573885278153e329699ee18c6720ea33c86865fce3f7d2abcfe84123d413c8887c1ed6804abad77284f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\996e392337632ecb6f33cfd8d0d494b019402f17443b03e242cfd8b623d74334.exe.exe

Filesize
14KB

MD5
ad782ffac62e14e2269bf1379bccbaae

SHA1
9539773b550e902a35764574a2be2d05bc0d8afc

SHA256
1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

SHA512
a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
8c6b85febc7553f8c09cbfeff36d858c

SHA1
67c9a9b4889f4fbfb42b86c58db4b1363b3fd8c7

SHA256
d21ab0f12887db876a7dd11b3bccbae582c84625947539c04cba611990bb39d7

SHA512
d7eb118f384316fa81306f8d8689ccd925a934f7984470873c2e9e304cc6f18e67c32b7b12509ca07e0eade2016f2909c1cc64914548c1ac835242f35e6c0aba

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-200405930-3877336739-3533750831-1000\_desktop.ini

Filesize
9B

MD5
2822854d33e24347f613c750df46b810

SHA1
c2ea2529c032aa552d5a8301900cf27fc0f6045c

SHA256
73f2f888bdeaf9427c7aa3355fbe711e6570fb5e9e48c3f64cd229198ce85ad2

SHA512
21fff5d14e03a0420d9242a095c2e93ac2b7e6b9e49d12da907394ac9725bb746896721ceded88411895e9630a8ffbface168f0c02630b33300647d3d9e3326c

Download Submit
memory/2604-34-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-31-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-69-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-1238-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-4966-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2604-5405-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4652-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4652-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download