20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 13:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe
Size

1.0MB
MD5

072405dffbf781955823ee0a03f9780b
SHA1

d47b5c129e8366022b1ab467fd160ff6a2a1c075
SHA256

20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21
SHA512

5b27600cfd1ace8b99c56a0cfe461975d97132ae2a1f8db996c4e98db2eb91d77dced3bdf616af270bfd0e364120f401a9d1c82758595d463fb6cba66a58bbae
SSDEEP

24576:P7hLTATIZ0wktX0t8LCnhII+BKS5R2ZQCPnx2p:P7JmP/sSOQAx2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2852	Logo1_.exe
4976	20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ms-MY\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_2019.125.2243.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pl-PL\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hr-HR\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Acrobat\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_2019.904.1644.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe
File created	C:\Windows\Logo1_.exe	20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe
2852	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 1604	3492	20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe	85
PID 3492 wrote to memory of 1604	3492	20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe	85
PID 3492 wrote to memory of 1604	3492	20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe	85
PID 3492 wrote to memory of 2852	3492	20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe	86
PID 3492 wrote to memory of 2852	3492	20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe	86
PID 3492 wrote to memory of 2852	3492	20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe	86
PID 2852 wrote to memory of 2400	2852	Logo1_.exe	87
PID 2852 wrote to memory of 2400	2852	Logo1_.exe	87
PID 2852 wrote to memory of 2400	2852	Logo1_.exe	87
PID 2400 wrote to memory of 3720	2400	net.exe	90
PID 2400 wrote to memory of 3720	2400	net.exe	90
PID 2400 wrote to memory of 3720	2400	net.exe	90
PID 1604 wrote to memory of 4976	1604	cmd.exe	91
PID 1604 wrote to memory of 4976	1604	cmd.exe	91
PID 1604 wrote to memory of 4976	1604	cmd.exe	91
PID 2852 wrote to memory of 3444	2852	Logo1_.exe	56
PID 2852 wrote to memory of 3444	2852	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3444
- C:\Users\Admin\AppData\Local\Temp\20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe
  "C:\Users\Admin\AppData\Local\Temp\20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3492
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4BED.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe
      "C:\Users\Admin\AppData\Local\Temp\20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe"
      4⤵
      Executes dropped EXE
      PID:4976
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2400
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
ea5cfbc75922a1e8469eac44237ed6a4

SHA1
5d8343b81425bc6338c5036bf6c458c9dc57b292

SHA256
e9dcf9faeaef5e223b05fcbe1c97f133dc7723591d911947b59dc88d5bdd3cca

SHA512
764fae1d5d17420640e73921cb916676ef6c628c4e7197c225fedd1e348458f967a87c6c5ab5fb9f4a320f9784efec7542088b730ace8f8ac60c41f47d91f66b

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
ce02fea0f5973dc65eff8efc06883f26

SHA1
2831aed15b8014a87a78be91601c30785b813502

SHA256
801f86655dfdc8bfa7c7583bfae857324fe85e1d4ff4b7ac12ef46572a065516

SHA512
a43b357b8d692e38cece2f5b7af300ff530548f49ee3a7751d517ffde4e8e38566e4151ae9abf26871354b485f105c12f7c4639c5cccd573303acf8f4063469e

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4BED.bat

Filesize
722B

MD5
2670c46cbe48380875ffdf7b18a4f886

SHA1
061e04a910d5381203bb9ac720e71f93974a73c9

SHA256
06a12015500a44987f8eb031ad017b5ae035c909dab6b4a4a66e2b57f927dc1a

SHA512
ba89415a603a0d71e8356e97e291ed9bf6c5ef71dd62928314ad69c42a346c046e1bfa1cf6cb513f9c5cd0b0345729b2ffef01702cb903cf0cd80d7220d67bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\20019f8c854d9b55c46ab224ffee2631d697ecd039f942750eed27a841236a21.exe.exe

Filesize
1.0MB

MD5
dff591c1405ed66adfcde6fe4b504e52

SHA1
e8b8823334c3e93be15ec50fc1b0a44e1f42d447

SHA256
242a70809bd63cd77fa69857ec5cd35bfa817c1e911d16213db9945c98d8ed9d

SHA512
5e5ccbc784bd6576998c05d16d18bb763f842a536983ee2d288b320ff10d50f7d0204b72e2975b1321f2dcdb4f0af7bee88fe304da7117ce87bde52ec3f5b934

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
542d91df1d3b6cf082f7417fa88b0479

SHA1
e4b2a944dd88696127389d1f4dfc70b2a41b38c7

SHA256
9a53a608fcc407f47345cede508ae5d15c598b62194f12e7eab72e5d3be71043

SHA512
ccb848910dfaee97260259609c4ebe75dd09ba27543eebb5132b46f3cb102b5f27279dbf083025b422c0a656005742362f45f84a11c74be32d93cfc1bbc8d24f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2288054676-1871194608-3559553667-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/2852-28-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2852-4804-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2852-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2852-5245-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2852-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2852-43-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2852-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2852-200-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2852-1237-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3492-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3492-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4976-30-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4976-18-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/4976-21-0x0000000000400000-0x0000000000511000-memory.dmp

Filesize
1.1MB

Download