210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201

Analysis

max time kernel
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe
Size

354KB
MD5

b8984178e05b1341f5879a2b55de4136
SHA1

eee45e2e9cce251301c5fe25613433e488cfe9a2
SHA256

210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201
SHA512

2c3cf8e83d37c749ec1b3b2a2b7a5806c9f3bb4fba27abdbce77c8bd94a6a71a2d1c6055e1a34c70cd6b50792a3ba741f4beef1c03e998352484d51bdea7bed3
SSDEEP

6144:8VfjmNsIla7NtmPcNGCFmiuhw9YE29SnKqFULHdkgZ3rfxbXKoIZP/sVn:+7+sjtZ4iuhw9YfAKEujpb6/ZP/sVn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3592	Logo1_.exe
4896	210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppCore\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_2019.904.1644.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Office 15\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\codecpacks.heif.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\et-EE\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\collect_feedback\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Setup Files\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-150_8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe
File created	C:\Windows\Logo1_.exe	210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe
3592	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 716 wrote to memory of 3016	716	210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe	87
PID 716 wrote to memory of 3016	716	210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe	87
PID 716 wrote to memory of 3016	716	210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe	87
PID 716 wrote to memory of 3592	716	210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe	88
PID 716 wrote to memory of 3592	716	210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe	88
PID 716 wrote to memory of 3592	716	210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe	88
PID 3592 wrote to memory of 5076	3592	Logo1_.exe	89
PID 3592 wrote to memory of 5076	3592	Logo1_.exe	89
PID 3592 wrote to memory of 5076	3592	Logo1_.exe	89
PID 5076 wrote to memory of 4276	5076	net.exe	92
PID 5076 wrote to memory of 4276	5076	net.exe	92
PID 5076 wrote to memory of 4276	5076	net.exe	92
PID 3016 wrote to memory of 4896	3016	cmd.exe	93
PID 3016 wrote to memory of 4896	3016	cmd.exe	93
PID 3016 wrote to memory of 4896	3016	cmd.exe	93
PID 3592 wrote to memory of 3440	3592	Logo1_.exe	57
PID 3592 wrote to memory of 3440	3592	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3440
- C:\Users\Admin\AppData\Local\Temp\210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe
  "C:\Users\Admin\AppData\Local\Temp\210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:716
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aCFD3.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe
      "C:\Users\Admin\AppData\Local\Temp\210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe"
      4⤵
      Executes dropped EXE
      PID:4896
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3592
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5076
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
017b5ff3fe0c3468438be2ec74cebc30

SHA1
6c3d43933b458fc53062a5d51b8d9570be6d3e2d

SHA256
f23e73059d7cbbe7cc9f6a50932f5aa26d25feaf6e1a32c35cd01fa49183a619

SHA512
cb317a0becd259af4982ae63e97a1205c250a9cf09b47fbb0460eb2bcbe93421014f49f72c33b51dcd7517034be9b95b09ab7c0312cd79bf5b41b4fd8df6ac77

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
662ac2ff73a0428213e4fb19ccd5fec3

SHA1
bec0ee8e1d7bd1496959d9ef9f043eac07611379

SHA256
47f518a26a7052c0d89c3e33c9480ad79557c0aec94b65d6ae6d346234118966

SHA512
7b9086833001c5aac552606736d85fc60697c37a13ad606479b1c4de9c12082799de6285c1a6f994dc9b79fc57416c5dddc858d0c54aed4e44bde9c02e825ef1

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
53ee62011469b286a2a1b5658c86b9bf

SHA1
9bdac0b23b0a965947c780c6a6b48fc7122f9ade

SHA256
7125735e4e8595f1c17ff3235bc65dacabc2ec874b29ac7ba8eddd80ad10b3c0

SHA512
c9c24e578da0a38048e71548fac66465bcb624e971f745bba559e8c49fd621752e718d4c983a90a97277407bb23348ca109436e1eeebef030c3b599c712ff236

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aCFD3.bat

Filesize
722B

MD5
78a32c76141c0a734cc510d1014ea456

SHA1
3f4f23c89eb72b61254c45042150d1f9f9ba49a0

SHA256
5067c0d58b787d4084474ce8bdf53be45e396bfbfcf6eba13d732839d9fd9c89

SHA512
c044ea7dd2f0e58d95bbc971247e0d00e10a5675daf72b9a3f7e3e33c8e0f3319aa1ea013587e1e5965031719a79af5024e706029778ccc356a136c1414f04e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\210472eacc6001145b71b2915a54cb2e25cbe2da132dddf6799ce5ef94ba8201.exe.exe

Filesize
328KB

MD5
926b26e3fc9707ec5c760feee6275d6d

SHA1
4f31e72b46b6725270402f93811ed5630e1e8787

SHA256
c504578222da4fe8a7fad9ededf918a3286153d9780e9c18090580b01a3d3b73

SHA512
3a41fc7a67a5791bb1b320924ce46573a449a0b94bb69cbbb292c3cc703938305216c2ce861c59bac219cac0da26741541a7f1ef15afff083d4152f49ec7b157

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
d375bd04f866e1b3276ba3b9779966ad

SHA1
1da9855e29a5384522563e0c4bdac786712d8b12

SHA256
a540c3c24ac2e3e353f3e0376889b61d7c11c926b29c8f0b8c768aea37daf7be

SHA512
78aa0651eeebb8475328fb7090ef3bdc8984ea22c888365727fd7c09533d59873599fc172d291fbadc55e04034fa62e7be405cd501df063105b0c03d7638de10

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4084619521-2220719027-1909462854-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/716-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/716-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3592-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3592-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3592-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3592-1226-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3592-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3592-4792-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3592-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3592-5231-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download