58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62

Analysis

max time kernel
149s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 08:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe
Size

2.0MB
MD5

9a9c5b43a51e936989d91f14f4a2ff7c
SHA1

cb6b4fccdeaf1d5fd5f7197a0e801cf286f6188e
SHA256

58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62
SHA512

1c6b0fc87530e5f22d6878c30c624107d239c872ca9dfd54edfad7d18992b56f0fcf12bccdf397344b684dfb67909f5dd83ddc1cd3827be5e0f4c341c89fb004
SSDEEP

49152:4ODO2RBU5kCit5QqJ3Th42yT+hn010gdN7gIrP7CtEiuw:4O62RBU5Bit5B3T2GnIqZb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2372	Logo1_.exe
3948	58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmiregistry.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\de-DE\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\ImmersiveVideoPlayback\Content\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ie\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\x86\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\LiveTiles\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jfr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\StartScreen\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\8.0.2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-MX\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Time.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\es-ES\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe
2372	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 5104	4828	58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe	85
PID 4828 wrote to memory of 5104	4828	58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe	85
PID 4828 wrote to memory of 5104	4828	58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe	85
PID 4828 wrote to memory of 2372	4828	58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe	86
PID 4828 wrote to memory of 2372	4828	58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe	86
PID 4828 wrote to memory of 2372	4828	58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe	86
PID 2372 wrote to memory of 3848	2372	Logo1_.exe	88
PID 2372 wrote to memory of 3848	2372	Logo1_.exe	88
PID 2372 wrote to memory of 3848	2372	Logo1_.exe	88
PID 3848 wrote to memory of 984	3848	net.exe	90
PID 3848 wrote to memory of 984	3848	net.exe	90
PID 3848 wrote to memory of 984	3848	net.exe	90
PID 5104 wrote to memory of 3948	5104	cmd.exe	91
PID 5104 wrote to memory of 3948	5104	cmd.exe	91
PID 5104 wrote to memory of 3948	5104	cmd.exe	91
PID 2372 wrote to memory of 3460	2372	Logo1_.exe	56
PID 2372 wrote to memory of 3460	2372	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3460
- C:\Users\Admin\AppData\Local\Temp\58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe
  "C:\Users\Admin\AppData\Local\Temp\58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4828
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a374C.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe
      "C:\Users\Admin\AppData\Local\Temp\58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe"
      4⤵
      Executes dropped EXE
      PID:3948
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3848
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
f27ef237a095affc876cb4b4dfdbf442

SHA1
4d24271110a670241cbb1d8d95f0742577633445

SHA256
83f9624e2b9ad380e376e4818a5fa81690450a01d06e0e2ad68a742268deb0f8

SHA512
fdf45b20af3eacb51d55e13f4a7428d7fa9e52c019d915299f8d9859ffdde9f3a637239213c8f36b537698e7f3020cb9cce1c3e0f7f452d9002670989ed041cb

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
44a320a5d7d138737b611a0730e5c624

SHA1
046f3db585c68b589221be9c0c4cd51b99dfc188

SHA256
fdb28f5e11a6ed7162dc27cb685c6ddf6079331b16182b3159b2000ad6acd294

SHA512
1d9d8150b472183ecd82c6facf303147aa53f58bf87ababe57a52001cb305b144b67cad1a93bd3b85eff0c10240cedbc6e31e63b26b00859d122e0e2e74adbec

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
a5eef251020938c1b7918ee72d5c730e

SHA1
d32b835dd9a905f133eeebaedd29274f96fb9301

SHA256
a55f5932565f3fb60ba2bb6e1ec386eaf892d500af96f362f2b29563a13ba344

SHA512
25a39c83fcff1ef946e9bb237d492c7f93a5fe2a48b86f7bdb179705e8d59e552c00e5f977bcd960d223ebc606eec70f252281d595135fba6e670bcb4065800a

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a374C.bat

Filesize
722B

MD5
a646c7105be770b44ed4ee12fc8ee8b2

SHA1
eb58d4d7e68a6139665cecbc5de08502dafc8ad7

SHA256
24f3c59dddfb5001668f7b84c588b9cf129f0d9c6152b732b6411012a93ca0b4

SHA512
8ecb5c1f3f7d5cc6a4a445274d28ed7650aca65cfeaaf0a380e6b8587fd78dea354c4720fd0ca41f5a7937881b6a18352413a250dae3ceaf8ef75ccbc154503c

Download Submit
C:\Users\Admin\AppData\Local\Temp\58ae775e94c2776524eb9a702233e18d5362b03dcb1f2c51b01008ebdfd16d62.exe.exe

Filesize
1.9MB

MD5
945ff3b0412764180f633a2dcb8a66c0

SHA1
84db2e2363cca806f6e2c59dace5d2001e8514cc

SHA256
ee43f0adc27d03d42ce23a46a962787950b755062726027438c0731f2efe4f81

SHA512
552b75983caff7d029df59447444732bae70cf76ae5d510dbed890f797d3cbff98d22a0c617738c142e57c3c4fcab4c2d7cdb87c1d9598566fd67c0149c7117d

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
6aab1857fddb16f73ee3c6412859538f

SHA1
94c7c8ef050ba97735c153ff3c50dcb2ff1984e6

SHA256
5425065aa2387fb417dda03f510dee43d51aec1cec445ece37873d75d109037c

SHA512
1842cfcb7cc3695acf2ad76fd330b83ba3982e6b284d1f0e15433f2f83fa02387b7a1e8a7919f7797f555c151b35da4611adac33c5b2f18190068df58708e842

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-259785868-298165991-4178590326-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/2372-1229-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2372-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2372-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2372-34-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2372-38-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2372-138-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2372-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2372-4794-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2372-5233-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3948-28-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/3948-18-0x0000000002950000-0x0000000002951000-memory.dmp

Filesize
4KB

Download
memory/4828-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4828-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download