e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe
Size

797KB
MD5

f35f37d1b74d94d33a751aacce2758b3
SHA1

1f0401fc2400f9b571a0d794789b010a7ec9d5c7
SHA256

e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b
SHA512

fe932b7e6145f179a6596fe6fe48791c30294e7275ce63f499db7a8b4cea00be17ec6f2b42537edc80147a3edc6340a2edffe358666d87299dff0068f1bc38ae
SSDEEP

12288:H7+e9rLQpfaUkAL1g4vJJxpsAu9hdZz/7re/fdo9WMhdfz0fYsKEbvCKlG:H7BrLFUkU1g4hJzQZz/ef7+zyKKs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3028	Logo1_.exe
2920	e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Windows.Photos_2019.19071.12548.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\host\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\az-Latn-AZ\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\applet\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\LocalBridge.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\Triedit\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\visualization\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\uz-Latn-UZ\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe
File created	C:\Windows\Logo1_.exe	e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe
3028	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 4748	4472	e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe	83
PID 4472 wrote to memory of 4748	4472	e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe	83
PID 4472 wrote to memory of 4748	4472	e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe	83
PID 4472 wrote to memory of 3028	4472	e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe	84
PID 4472 wrote to memory of 3028	4472	e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe	84
PID 4472 wrote to memory of 3028	4472	e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe	84
PID 3028 wrote to memory of 3688	3028	Logo1_.exe	85
PID 3028 wrote to memory of 3688	3028	Logo1_.exe	85
PID 3028 wrote to memory of 3688	3028	Logo1_.exe	85
PID 3688 wrote to memory of 2036	3688	net.exe	87
PID 3688 wrote to memory of 2036	3688	net.exe	87
PID 3688 wrote to memory of 2036	3688	net.exe	87
PID 4748 wrote to memory of 2920	4748	cmd.exe	89
PID 4748 wrote to memory of 2920	4748	cmd.exe	89
PID 4748 wrote to memory of 2920	4748	cmd.exe	89
PID 3028 wrote to memory of 3344	3028	Logo1_.exe	55
PID 3028 wrote to memory of 3344	3028	Logo1_.exe	55

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3344
- C:\Users\Admin\AppData\Local\Temp\e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe
  "C:\Users\Admin\AppData\Local\Temp\e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4472
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4323.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe
      "C:\Users\Admin\AppData\Local\Temp\e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe"
      4⤵
      Executes dropped EXE
      PID:2920
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3028
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3688
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
10fccb391b46e22576a736c690ae86fd

SHA1
21afa059afff34817aa54c752331a5794c3cbccb

SHA256
ba1f1a20b68217c37fa865680f639db00a8af1a690b3cf9f385bdc69248919fa

SHA512
aaa174c985d7f0681b43e5747a9e9cef3519a3f63fcbcf519b0a0a14641baa7da9909fb9ff1a4f6d085b66f94c6af906a446f5bf27dbdaed939afbda000a5033

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
ae79a8b0d9c05d49d1fef88dcb3dbd11

SHA1
0acf2d5cc86fda27577fb4d07b4b71887cc4848f

SHA256
2fd7dc5cea6d8707493f1a4aa7a00383a38100b1ae0b3ea24be1e7397d04c58a

SHA512
e1cc9ac1a8f78775b02fe69e205f85152f9a08bf1a8c34f139cfcf482b636b7a37e89d2b87bd82dbda0ac22581aa5f587890e829bfb5241873e442e57189eee7

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
f638389e14512cee81c8946bc5d61887

SHA1
37ff6089fd3ce85bc01c57ea7035891ea503bfc1

SHA256
dc42d85ea65a264d578a0b8c3b6050e3e89600a350861b548bcecce1573fa674

SHA512
ead93646db61d647324aad152972b4ea3a440f57225a4e225327688b962f26e3eb0d18680457c8f14d9d5f0633b050700e9295863b14d21ffbd6086a0cdaa842

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4323.bat

Filesize
722B

MD5
e972dec78660dd1a89a59e283a7279f9

SHA1
e13930be3d6efb8b30d953cd8bcc8478ad5fdd03

SHA256
11c76f0d7bdd61214aa02142c592490025759c144958793c16433c558981a2a7

SHA512
fbb56853e65437c7272c3ec286435941196e688a295d2bdec6a211bf9a3c9b22b50e82a233dddba16b205376a7a594ed29583a9fda155419bf5e5e3e0e31bc40

Download Submit
C:\Users\Admin\AppData\Local\Temp\e59abe31b0d086dbb3eaf989bed1c6638d10772cf0733b828220e87ba51d390b.exe.exe

Filesize
771KB

MD5
76ac599d68401f86b375936f136aa6b1

SHA1
ed9067aae50d0fec8af1c592d8e08bcb12039158

SHA256
3c40c2a1f8448c707e3b233c302fc25fda91bd02bfac86d7869135b72e5c24f3

SHA512
207eb613d6e5a3f42ad14d352ddde6ff3443935ecfeb9c2263f60ce62790b5f91be24e5fa8836458b52a664a270ab5b6cc88a54e0539b4cf2fed235b1480c9cb

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
7f27bae91113fe90205a6cf904da4a36

SHA1
f85b2bf9462a6695a9cbe98b22dd8df4d769957e

SHA256
a3cd685b3424c7db3cb51422aeba14ea98991e59b914e883746767e7a3f46221

SHA512
3d45a313fe9de1167e3755c46dfe6d2c9eacd55868e5790375550fafe84a35efc6ee3fe9d79d6a3f7c912965aaf2f0eb4a24b69006c8dff91358870d765c2fd5

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4018855536-2201274732-320770143-1000\_desktop.ini

Filesize
9B

MD5
4d28283e4d415600ffc2f8fda6d8c91e

SHA1
053dcb8d5d84b75459bc82d8740ee4684d680016

SHA256
b855effeaf01610130d3f38de35bc7f98bfc6643d98d4198af18534f048e8df7

SHA512
73a758cd5e5ac48d62dd89719be604214895e0cc9a10ff7464a6cf9161a37fd27d15dd2d2565f18198b381ac6442bcb36f38614df7b1176061a83616517a7edb

Download Submit
memory/2920-19-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/2920-21-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download
memory/3028-29-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3028-35-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3028-39-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3028-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3028-344-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3028-1234-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3028-4799-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3028-11-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3028-5238-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4472-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4472-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download