16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 03:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe
Size

41KB
MD5

4626379585dea573d8474c80c39d824b
SHA1

6d35c00056b582d724da219e13f43757f4b6e899
SHA256

16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f
SHA512

3ed9f01a2558ecdb47cf1b38b9ca3693e6e14c0b78f21b848b98e05b71ad3f25f64255acb8c3c6476edf7c7e1f00add0c0c6d295cf72c11ea63efcef7850cbb6
SSDEEP

768:pJq16GVRu1yK9fMnJG2V9dHS8HI64LMP1wy:pJM3SHuJV9NUtLMP1wy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1556	Logo1_.exe
3004	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Configuration\Schema\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Configuration\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sk-SK\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\am\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Security\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppCore\Location\Shifter\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe
File created	C:\Windows\Logo1_.exe	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe
1556	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 3692	4084	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	80
PID 4084 wrote to memory of 3692	4084	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	80
PID 4084 wrote to memory of 3692	4084	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	80
PID 4084 wrote to memory of 1556	4084	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	81
PID 4084 wrote to memory of 1556	4084	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	81
PID 4084 wrote to memory of 1556	4084	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	81
PID 1556 wrote to memory of 4752	1556	Logo1_.exe	83
PID 1556 wrote to memory of 4752	1556	Logo1_.exe	83
PID 1556 wrote to memory of 4752	1556	Logo1_.exe	83
PID 4752 wrote to memory of 1116	4752	net.exe	85
PID 4752 wrote to memory of 1116	4752	net.exe	85
PID 4752 wrote to memory of 1116	4752	net.exe	85
PID 3692 wrote to memory of 3004	3692	cmd.exe	86
PID 3692 wrote to memory of 3004	3692	cmd.exe	86
PID 1556 wrote to memory of 3228	1556	Logo1_.exe	54
PID 1556 wrote to memory of 3228	1556	Logo1_.exe	54

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3228
- C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe
  "C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4084
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6B1E.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe
      "C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe"
      4⤵
      Executes dropped EXE
      PID:3004
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1556
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4752
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
fc5abdf84041898d0611e82ddfaa681b

SHA1
67b2b2a3c516aa82e687958db8799fce47b4aea2

SHA256
69d8a39499c612c4083459232412b68bb4c0edd4382c85ec2568318acf16db1e

SHA512
5bae9da9c8096b81b4c3049cd87b0ed0dee318a4b1ef81f60b081e898b6e38b1f74e61533d54c01de17974888583a7105ebeff6bb1cb54b8db89dacf45e78059

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
487KB

MD5
0f1595b6fc556bdd2110c22655cc1442

SHA1
0e26079fedf000158e9aea69a672ed091ce7b474

SHA256
f014da38ac56c8da2ec98f1cbd38d1db7863836872c0e5140971540ff4612644

SHA512
3683d65316c08c1197a57f7df07c54a7f41e45e79c866eb7efc999793536e858cf91a35768f20dbc6f92362b5cc75c7926887e4422089f8c28eeef31a06d42b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a6B1E.bat

Filesize
722B

MD5
3021095ad4a8de5a5e70336e468a569e

SHA1
e907c5eb041b81f8148ba2afdf5effb47097c4e3

SHA256
8001b45a7aa95aab1b767384124ce73c2f7af7379950a77c48e89bd7bf94d92f

SHA512
d3ab4bad40b6f274857834edb826536597b4088d672f73e2af0ad879f42dbc540e4f5b87f89d55d51bc31c8fcd64adb9fb2adc55bdb893138faee011bd1fd4b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe

Filesize
12KB

MD5
e3484945f925f2100f56440166ace7ff

SHA1
0fd86b8f1e0f1e70ad1cda6ad16b4f7e8448e390

SHA256
9f53f8fc797015e9b5ae35c802c879ce7d45ca78c364d12a99b8d9167056dee9

SHA512
99bbe843ab970f2fc9b210c207d0e83711033c200f369be7f5fb20c97003710baa56daf206e2e4356d820ad8a49d58b97d8c1c2882ac34a399376d2cdb4c63a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe.exe

Filesize
12KB

MD5
e3484945f925f2100f56440166ace7ff

SHA1
0fd86b8f1e0f1e70ad1cda6ad16b4f7e8448e390

SHA256
9f53f8fc797015e9b5ae35c802c879ce7d45ca78c364d12a99b8d9167056dee9

SHA512
99bbe843ab970f2fc9b210c207d0e83711033c200f369be7f5fb20c97003710baa56daf206e2e4356d820ad8a49d58b97d8c1c2882ac34a399376d2cdb4c63a5

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
780759899c3b5324b5ee62b0d656f11a

SHA1
6e46823a92632b76dbe47f14553f631c391d00b9

SHA256
5c9a1e2526783e8a167c7bbcb2c57d459ca3640de6598dc7ad92934e1bfb1084

SHA512
041828e5fa86c07058869726160e95f8c630599fd3ebb3754a02e423d225339e2b533c3c10e00e1382503190a53aa127168314c1a4fe50736e7071437e7cc636

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
780759899c3b5324b5ee62b0d656f11a

SHA1
6e46823a92632b76dbe47f14553f631c391d00b9

SHA256
5c9a1e2526783e8a167c7bbcb2c57d459ca3640de6598dc7ad92934e1bfb1084

SHA512
041828e5fa86c07058869726160e95f8c630599fd3ebb3754a02e423d225339e2b533c3c10e00e1382503190a53aa127168314c1a4fe50736e7071437e7cc636

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
780759899c3b5324b5ee62b0d656f11a

SHA1
6e46823a92632b76dbe47f14553f631c391d00b9

SHA256
5c9a1e2526783e8a167c7bbcb2c57d459ca3640de6598dc7ad92934e1bfb1084

SHA512
041828e5fa86c07058869726160e95f8c630599fd3ebb3754a02e423d225339e2b533c3c10e00e1382503190a53aa127168314c1a4fe50736e7071437e7cc636

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1043950675-1972537973-2972532878-1000\_desktop.ini

Filesize
9B

MD5
ec7139d5bb99bcebaf0b91c58a9ec5aa

SHA1
70404362dd74e309722fd282c3492ec95674123c

SHA256
eb17ae1b1de9e95e0d159893048f2de5c1c158467e768cc0ddbaa517c45e0582

SHA512
b0114d8f74b17836819b750cff2b590b652e04bb2dc0e9dc8bffac7ed66bd9ded03cd35abc7fc0fcd0127a994c283dcd162e97e6dd76f5a903ff59e4951dfc48

Download Submit
memory/1556-49-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1556-38-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1556-4832-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1556-3913-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1556-1290-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1556-214-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1556-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1556-53-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1556-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1556-42-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3004-24-0x000000001B260000-0x000000001B268000-memory.dmp

Filesize
32KB

Download
memory/3004-31-0x0000000000A90000-0x0000000000AA0000-memory.dmp

Filesize
64KB

Download
memory/3004-18-0x0000000000310000-0x000000000031A000-memory.dmp

Filesize
40KB

Download
memory/3004-30-0x0000000000A90000-0x0000000000AA0000-memory.dmp

Filesize
64KB

Download
memory/3004-28-0x00007FFB54200000-0x00007FFB54BA1000-memory.dmp

Filesize
9.6MB

Download
memory/3004-26-0x0000000000A90000-0x0000000000AA0000-memory.dmp

Filesize
64KB

Download
memory/3004-19-0x00007FFB54200000-0x00007FFB54BA1000-memory.dmp

Filesize
9.6MB

Download
memory/3004-23-0x000000001B1C0000-0x000000001B25C000-memory.dmp

Filesize
624KB

Download
memory/3004-22-0x000000001B750000-0x000000001BC1E000-memory.dmp

Filesize
4.8MB

Download
memory/3004-21-0x0000000000A90000-0x0000000000AA0000-memory.dmp

Filesize
64KB

Download
memory/3004-20-0x00007FFB54200000-0x00007FFB54BA1000-memory.dmp

Filesize
9.6MB

Download
memory/4084-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4084-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download