00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 16:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe
Size

1.7MB
MD5

816d76d1e1377546ba1521373f912255
SHA1

da353cdf0091505b3ca4dbf251eb47c2bcbb6e0a
SHA256

00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52
SHA512

5814bfb957f28ce49bc4c1dc0b12140555286ac36927d1f6200fe7812fed4f62c794c31a6987ec07518ef06f57699c5ec72aa7253efcb937e822b6004d5b281c
SSDEEP

49152:c7xFdZ6npCxnngx1oZ7zIFqrFG2RFzbh:8BxnkoZ79n

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2196	Logo1_.exe
4748	00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\libs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lo-LA\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Adobe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\beeps\beeps\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fa-IR\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\root\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe
File created	C:\Windows\Logo1_.exe	00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe
2196	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 3684	1368	00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe	84
PID 1368 wrote to memory of 3684	1368	00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe	84
PID 1368 wrote to memory of 3684	1368	00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe	84
PID 1368 wrote to memory of 2196	1368	00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe	85
PID 1368 wrote to memory of 2196	1368	00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe	85
PID 1368 wrote to memory of 2196	1368	00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe	85
PID 2196 wrote to memory of 1008	2196	Logo1_.exe	86
PID 2196 wrote to memory of 1008	2196	Logo1_.exe	86
PID 2196 wrote to memory of 1008	2196	Logo1_.exe	86
PID 1008 wrote to memory of 1956	1008	net.exe	89
PID 1008 wrote to memory of 1956	1008	net.exe	89
PID 1008 wrote to memory of 1956	1008	net.exe	89
PID 3684 wrote to memory of 4748	3684	cmd.exe	90
PID 3684 wrote to memory of 4748	3684	cmd.exe	90
PID 2196 wrote to memory of 3420	2196	Logo1_.exe	55
PID 2196 wrote to memory of 3420	2196	Logo1_.exe	55

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3420
- C:\Users\Admin\AppData\Local\Temp\00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe
  "C:\Users\Admin\AppData\Local\Temp\00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1368
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a5A16.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe
      "C:\Users\Admin\AppData\Local\Temp\00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe"
      4⤵
      Executes dropped EXE
      PID:4748
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2196
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1008
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
f571ac45e8ad5b10e044a6a7b3e50ab5

SHA1
f68acef0db816eb2257ef292a0055fa723522131

SHA256
8e8e25961e30350f0c04ecc428e5e93a2fb6d5adfa7feb537d0d1cb054db5a3b

SHA512
e636256459d8d251d97417eb63a038405d17f3f3b47a70cfb6ba4c0e386f24aee8dad9a792eee4719084293cd0d76839f3fddf7d957b58dc46337eb3389490db

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
fad0aa50a7debba6413b115cf5049aa4

SHA1
b99e1530db8afac861ad97466634b8509ffbd380

SHA256
15e1ff3de82682de1e3107d292f8cdc2f7bd80d41ccdd6f96e8c2810d47ffd91

SHA512
ccd474c55adf0aead7199c44d6c29fb3f2303c8264519672ec3c7e4f22827ff3451e54f6ee220498f847cb597133ecb517017f372ec244972de470649a79f634

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5A16.bat

Filesize
722B

MD5
7aa552a174f8e14908f9475804c1cf1a

SHA1
48b2af8858ddae3adce88cb243aa4aa1f19a7393

SHA256
904efb890652ec95f6b912b4351bc2da51a6ab9e16b6394246ec36d896382d15

SHA512
cce16b5dc49f0af2bf54fe4112fd958375ffae095ddab970bf673699ca9c9ef08ee27f27fd338e6d71af9e1ae0307759252f5a558f9a78ced8f2a167668cb92b

Download Submit
C:\Users\Admin\AppData\Local\Temp\00895107e25485d3536c8898fc8b24e0dd6ec84461bebc705497b06bcf5dbe52.exe.exe

Filesize
1.7MB

MD5
93d201ce0e1f14b03096ed19074635de

SHA1
9175c5e7f344c6253796fbfe9b10c3205d051138

SHA256
6dd4837f317ab965386fb24558476709045291d93a8a86ad696ac7d8251dd16c

SHA512
6f632df1bf6210ff767ea9ff89a1702eeb16a832c868d5f6bcb4800d8f7c3e673e8690c792b33572e9afbc1b3c476c03ea03a456d193e753f3477999c5c61dff

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
59b6f2680ede09b8bd4f473995ed3721

SHA1
11e97db0d3247b8ea6e4f1b92e370993ca8d511f

SHA256
60717da5e3048f422cd7d686a7294a85c3067ae60a82b4d8ce8b2584d732de56

SHA512
ad1cb9350d328e8323bba383e9f3903f69722471955165506b252aec071ef3525dc821a7b575b220c1804080b4fddd0987f0fab39640a83cf7cce5040c785279

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-776854024-226333264-2052258302-1000\_desktop.ini

Filesize
9B

MD5
2be02af4dacf3254e321ffba77f0b1c6

SHA1
d8349307ec08d45f2db9c9735bde8f13e27a551d

SHA256
766fe9c47ca710d9a00c08965550ee7de9cba2d32d67e4901e8cec7e33151d16

SHA512
57f61e1b939ed98e6db460ccdbc36a1460b727a99baac0e3b041666dedcef11fcd72a486d91ec7f0ee6e1aec40465719a6a5c22820c28be1066fe12fcd47ddd0

Download Submit
memory/1368-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1368-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2196-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2196-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2196-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2196-1227-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2196-2258-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2196-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2196-4794-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2196-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download