609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be

Analysis

max time kernel
149s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 04:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe
Size

254KB
MD5

7823eafb33a832996561c2c2bfbd8ddb
SHA1

a6a799740fafa30d8633ada3f648db0754911251
SHA256

609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be
SHA512

09f65880ee4e35c6f4a9675d2fec96f8c163132bbfeafa0fce9a17794056dd7db3209e2e8815a4996643000d9b0581f040641aba980cd23345f991ac92ad6a9f
SSDEEP

6144:h4uJQgiC4bXqsTk90qC1AOb7eswf1Px++fD8PJ:h9itXqsTkiR7twRx+gD8PJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3892	Logo1_.exe
3744	609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-ES\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\identity_proxy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_proxy.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\jscripts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pt-PT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Videos\Help\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2019.807.41.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe
File created	C:\Windows\Logo1_.exe	609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe
3892	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 3148	3956	609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe	83
PID 3956 wrote to memory of 3148	3956	609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe	83
PID 3956 wrote to memory of 3148	3956	609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe	83
PID 3956 wrote to memory of 3892	3956	609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe	84
PID 3956 wrote to memory of 3892	3956	609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe	84
PID 3956 wrote to memory of 3892	3956	609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe	84
PID 3892 wrote to memory of 1760	3892	Logo1_.exe	85
PID 3892 wrote to memory of 1760	3892	Logo1_.exe	85
PID 3892 wrote to memory of 1760	3892	Logo1_.exe	85
PID 1760 wrote to memory of 1672	1760	net.exe	88
PID 1760 wrote to memory of 1672	1760	net.exe	88
PID 1760 wrote to memory of 1672	1760	net.exe	88
PID 3148 wrote to memory of 3744	3148	cmd.exe	89
PID 3148 wrote to memory of 3744	3148	cmd.exe	89
PID 3148 wrote to memory of 3744	3148	cmd.exe	89
PID 3892 wrote to memory of 3436	3892	Logo1_.exe	56
PID 3892 wrote to memory of 3436	3892	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3436
- C:\Users\Admin\AppData\Local\Temp\609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe
  "C:\Users\Admin\AppData\Local\Temp\609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3956
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3D95.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe
      "C:\Users\Admin\AppData\Local\Temp\609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe"
      4⤵
      Executes dropped EXE
      PID:3744
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3892
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1760
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\MeasureUndo.exe

Filesize
484KB

MD5
0fe56efd702ca721611f17dd2474b041

SHA1
0263009fe2c2f164f92de8e5b37352098f43a10c

SHA256
4a55d3c1cc7a8cee9aa542f8279f514e00c78d6f8326a8077bed6eecddff3a9a

SHA512
e6328bfb00c0cbd0540ddbb139ee94e4b6328702d66b3476e26400fe33ed2114f285e44400a87d3f1d10dd506c09a581e1981ae25b1da6997c8d67f7fd865036

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
95818ea399e39ab52cca6282505bab97

SHA1
a6d30a0cad4bf9e669d2ad91e9fc89b6abb48446

SHA256
a8b8b159cbaa70753c1573d273bd6c932a5deb183f8b5de8e54974e4c17c1b2b

SHA512
8e43c1ea8cf483d7acf1bb791c8d22d6dfb4f9d35bb3ffc98c683f276ec391dc744424f2baf6b80337fb9d7540ec5e2462764ad7d45ed872e3a2cb609bb4ab3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3D95.bat

Filesize
722B

MD5
fbe1a158adeb0c8fa0c5045e9b0d6d27

SHA1
85d63d07bb75039a3f4999e4b5468b967dc1b0d1

SHA256
4b70c8078c553190e1023e33ce58e3f1a22f8289714d00d36ec217e5c59cc330

SHA512
4d915df6f7422ce12192479360d92630e1be9593a4bb27090c4704425f0bbc9e94732751557ccf2bfc0a1caa5e960b35f2f05d740c5ca8d2fe65f9d5db3dc5ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\609673c19660503ba1d72dca3ad0f5441e6a8e2036c5b0b992102a68f363f1be.exe.exe

Filesize
224KB

MD5
d4b257c01bbaa68d15d8368475a4e227

SHA1
fafae083a882e163cfa8c77258baaab891c17df2

SHA256
dd6dd981c7f1a6673dc8cc3a0fe1fc8a54e059a9fdb0545b0dc9258299c0c546

SHA512
167494ecb32196e8e199d7d14a1c0498eee45ab8e8862e5441539fa569313bb602b9e979935c7cc5ba39300e54e8bdbdf2f502e4ea24b5e8339fd2c3685ca502

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
5116475868108a57bc0b9f4cef3f978c

SHA1
ad6fcea28635ecb476fe35d383519945c0e1bbd9

SHA256
edd1ac8cbb63c59bdb356c027a1b24c771a90a8a9a802ccd1e4d09ffb249deab

SHA512
e6d1ef7b9f39c02cae86324fc5ac24a133a32bb51c51a663a88f40ef472d8523819fe413ab52d624b23090a65107259d0ef9aac7032db16086173c9fbf720e52

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4018855536-2201274732-320770143-1000\_desktop.ini

Filesize
9B

MD5
4d28283e4d415600ffc2f8fda6d8c91e

SHA1
053dcb8d5d84b75459bc82d8740ee4684d680016

SHA256
b855effeaf01610130d3f38de35bc7f98bfc6643d98d4198af18534f048e8df7

SHA512
73a758cd5e5ac48d62dd89719be604214895e0cc9a10ff7464a6cf9161a37fd27d15dd2d2565f18198b381ac6442bcb36f38614df7b1176061a83616517a7edb

Download Submit
memory/3892-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3892-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3892-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3892-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3892-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3892-1233-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3892-4798-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3892-5237-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3956-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3956-13-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download