91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
04/11/2023, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe
Size

101KB
MD5

d4e42d2a1f81742c9aa3d5efc9d0f76b
SHA1

39e4e462aead3ef720695cb591037431b7fca5f8
SHA256

91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39
SHA512

58aab2c90edc7cd3bc603fb01d9c7c3d70d520e955625322ac8274ba86dd03b3a0a09a54f70f2859522aa72e3830302829cb2e156b20f908cdf9f86731a6fe53
SSDEEP

3072:cNftffjmNoxPGvE4pL4zv2NL6sRe5lxe:cdVfjmNUGvEaL4z6Re5S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4864	Logo1_.exe
3716	91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\serialver.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\locales\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\identity_proxy\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe
File created	C:\Windows\Logo1_.exe	91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe
4864	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 3496	3544	91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe	85
PID 3544 wrote to memory of 3496	3544	91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe	85
PID 3544 wrote to memory of 3496	3544	91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe	85
PID 3544 wrote to memory of 4864	3544	91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe	86
PID 3544 wrote to memory of 4864	3544	91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe	86
PID 3544 wrote to memory of 4864	3544	91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe	86
PID 4864 wrote to memory of 2960	4864	Logo1_.exe	87
PID 4864 wrote to memory of 2960	4864	Logo1_.exe	87
PID 4864 wrote to memory of 2960	4864	Logo1_.exe	87
PID 2960 wrote to memory of 2888	2960	net.exe	90
PID 2960 wrote to memory of 2888	2960	net.exe	90
PID 2960 wrote to memory of 2888	2960	net.exe	90
PID 3496 wrote to memory of 3716	3496	cmd.exe	91
PID 3496 wrote to memory of 3716	3496	cmd.exe	91
PID 4864 wrote to memory of 3180	4864	Logo1_.exe	43
PID 4864 wrote to memory of 3180	4864	Logo1_.exe	43

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3180
- C:\Users\Admin\AppData\Local\Temp\91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe
  "C:\Users\Admin\AppData\Local\Temp\91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3544
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aB100.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe
      "C:\Users\Admin\AppData\Local\Temp\91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe"
      4⤵
      Executes dropped EXE
      PID:3716
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4864
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2960
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
484KB

MD5
1c329a7f67b9d88b199e6a5bdf287198

SHA1
08009c4216ac42d5735ef5da01f412440bf2fd88

SHA256
0aa973d584c6a8488d9a735464e3757ffde602b2736b4bed433f7dd6e7d16836

SHA512
56b2c5c7a5a8582f12668648db2e98cb6e2de0a164dbcb9a2f61d39638e8aa7c6968b26d97d3107dd19bd0335e984597634b1c39a04643ee12fc7b9b3aab4a6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aB100.bat

Filesize
722B

MD5
73e85fb82bd45061ad81abc1ee0175ab

SHA1
f4eec0bffb6b499116fd00ab9db96daa3d6a5bb0

SHA256
3735b09a83c3199d2a72151b99b3aa733939f8b15925d4930752da3a16ca12ba

SHA512
1d2cc0db40659fcc1f4fe60477550bac6d60cf6148d88dde6f4f0dc26fc800559ab76d96a60ccfdad98effe4d5b129456f4529d2faf70a743342a04cd43f4f22

Download Submit
C:\Users\Admin\AppData\Local\Temp\91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe

Filesize
75KB

MD5
a7851a05e83f42f741a804320c485083

SHA1
b76d2e6eb6d2bf289a5118c908578906851460d0

SHA256
3600ff58fdb37f53562e626fd74d6f4d8d39925d711a96f221bb4aca7992926a

SHA512
eadbfbee79aa0f34b35e0a9c9d717b3c8ac18729df8e52332b696352a2a41d0da37119ab1cb81a10bb7854b930e6479686f8fa8b5a447d48213e3c1c9304ce7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\91a599fb57df5595914b7019fad54551713be537af250f0f43ebb7c9e2acbf39.exe.exe

Filesize
75KB

MD5
a7851a05e83f42f741a804320c485083

SHA1
b76d2e6eb6d2bf289a5118c908578906851460d0

SHA256
3600ff58fdb37f53562e626fd74d6f4d8d39925d711a96f221bb4aca7992926a

SHA512
eadbfbee79aa0f34b35e0a9c9d717b3c8ac18729df8e52332b696352a2a41d0da37119ab1cb81a10bb7854b930e6479686f8fa8b5a447d48213e3c1c9304ce7b

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
949c1d647427e45748ca7bf99f69f6c5

SHA1
cb82678be077dced0eac4746aa4d1cce90ab37c1

SHA256
af7ea121df690d7fddfea9342c9e4e7cbc68594a10009a2c927bb3148772f85d

SHA512
595d73796c765cb010f3dd557724742cc64efb244ceca5f6405a54674ce187f51a5f93d7717a4e6a5647c7178487b93a537fa9cb0a313da5048eddd9c40d646c

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
949c1d647427e45748ca7bf99f69f6c5

SHA1
cb82678be077dced0eac4746aa4d1cce90ab37c1

SHA256
af7ea121df690d7fddfea9342c9e4e7cbc68594a10009a2c927bb3148772f85d

SHA512
595d73796c765cb010f3dd557724742cc64efb244ceca5f6405a54674ce187f51a5f93d7717a4e6a5647c7178487b93a537fa9cb0a313da5048eddd9c40d646c

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
949c1d647427e45748ca7bf99f69f6c5

SHA1
cb82678be077dced0eac4746aa4d1cce90ab37c1

SHA256
af7ea121df690d7fddfea9342c9e4e7cbc68594a10009a2c927bb3148772f85d

SHA512
595d73796c765cb010f3dd557724742cc64efb244ceca5f6405a54674ce187f51a5f93d7717a4e6a5647c7178487b93a537fa9cb0a313da5048eddd9c40d646c

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3350690463-3549324357-1323838019-1000\_desktop.ini

Filesize
9B

MD5
6029ce528adbc1284163cdd2b27a082e

SHA1
a2f23e1d5101c3b6929686a2d5711c2af2dec1b7

SHA256
5036deecfbb090aa7f7c21c159b1921df0cf23eedafb7e0c208668ad82872dae

SHA512
a661e939e69a59f88fd86fa654371ba4b3e3e8faf5c1b39bdaa0def8b277b26b63e96d4f5eb047ca3d8888597165dc709f395eeaf333c25c9cf56441c31dd676

Download Submit
memory/3544-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3544-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4864-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4864-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4864-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4864-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4864-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4864-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4864-352-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4864-1084-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4864-2345-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4864-4647-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download