07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 10:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe
Size

68KB
MD5

7b595030a2cce4beec106294be843d43
SHA1

61c1314c1c423f87026a0bb1645f3bdf81a82225
SHA256

07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb
SHA512

ed45e134b93d87939735188d25e109776704c124c10fcd4ab3c72d083b94440575bf527044e94ad62d076bb439d6bfbc6b500372066a1638c843b7c43c7e453d
SSDEEP

1536:XDCfgLdQAQfcfymNHP99XSISkDN2iKX+sBqdVU:XGftffjmNHP994kGXWo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2560	Logo1_.exe
4968	07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ug\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Office 15\ClientX64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Configuration\Schema\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugins\rhp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe
File created	C:\Windows\Logo1_.exe	07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe
2560	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 2256	3720	07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe	81
PID 3720 wrote to memory of 2256	3720	07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe	81
PID 3720 wrote to memory of 2256	3720	07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe	81
PID 3720 wrote to memory of 2560	3720	07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe	82
PID 3720 wrote to memory of 2560	3720	07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe	82
PID 3720 wrote to memory of 2560	3720	07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe	82
PID 2560 wrote to memory of 2184	2560	Logo1_.exe	83
PID 2560 wrote to memory of 2184	2560	Logo1_.exe	83
PID 2560 wrote to memory of 2184	2560	Logo1_.exe	83
PID 2184 wrote to memory of 4644	2184	net.exe	85
PID 2184 wrote to memory of 4644	2184	net.exe	85
PID 2184 wrote to memory of 4644	2184	net.exe	85
PID 2256 wrote to memory of 4968	2256	cmd.exe	87
PID 2256 wrote to memory of 4968	2256	cmd.exe	87
PID 2560 wrote to memory of 3556	2560	Logo1_.exe	56
PID 2560 wrote to memory of 3556	2560	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3556
- C:\Users\Admin\AppData\Local\Temp\07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe
  "C:\Users\Admin\AppData\Local\Temp\07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a37AA.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe
      "C:\Users\Admin\AppData\Local\Temp\07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe"
      4⤵
      Executes dropped EXE
      PID:4968
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2184
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
207ff35d6aa96337c2bb1c0b24abccbe

SHA1
46e647905a3d671fa422a5f1cea55c8f53335acd

SHA256
18ffe6e707265db03f63b1331c0657a640834189feb7c5b283894f890e18b3c0

SHA512
3bd55ef4f6bf9a6e41e05e8fc6b62b796b6084dfeb146326ba69827a518d36e2bdc58674f432b922de063a1553e5f6dd58eb9dc871bd121c9f661a5574356713

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
b7fc51b1bb50dfa8176fb7802a02a144

SHA1
8919c642394c5ddbdf25737316f5f12053969bbd

SHA256
63c05fa99366856b5bcf4a1f7473dd91acf617a61e126cca28227fe8a4eea591

SHA512
5a511576ddc5964c9553547d2aab539856b2fe6db3b7439e37123a5b89595cba92f409a1397984f43b98ad74f0a2c7ba5b9ff3d60c89417387abe6bb7a46d40f

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a37AA.bat

Filesize
722B

MD5
48cd11fa2ee7bee031675eabbad3536a

SHA1
d98ae6759a80de62c857f5d6a7f1b8d7e48f179a

SHA256
e664c96be6a5ca289d046ab09cf19f8fa5a5bc20b138265d72cd00f0304b2cb3

SHA512
ebc8c8110cbda05c6155ca9dc9c3c183cdf5cddcc3aaa4c9d9a723f1fc046fa21f148911f8a645e5c8f16d6c783969bb604eec527eb32c20cfed09531df578e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\07f9d13b2b7f7645b1c59f4f3b4ea7c00cf211b0962a94afb9d888ed9e2a48cb.exe.exe

Filesize
42KB

MD5
fe38c99ad01fba67d6fb7267c54b73cb

SHA1
e6e8da89c9ea29363e0ee23cc903631383b142a4

SHA256
fb1188c1841cf5a7629080e79bbac0553a0f2705db35b178209d1bd1e7ddd1fd

SHA512
a80f7e7a8d9aaf4488148203e879c54bd70278943ebd0bb9c17416a2ad97223f9eb8c1ba338626edc294c4cc5e0abb3e075224c8612728bfde440bd6d2ed0516

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
b841f7aea4eb01cc11a9ce66db0dcf21

SHA1
0623eca292740bef4bd6b77d7ff8fb4c7f2a8669

SHA256
1ee0ab4550bf0f7789b0c4cc7c669760f4272364cc272d92185f897d4f116cbe

SHA512
b60cf28490a32c037985d2bf469ce572c61edc57119cabee987b31a28fa5926d7c08edf13d277751eb67ae75b0dd9a3055a4c2077d3044bf229495cfd23c3100

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-540404634-651139247-2967210625-1000\_desktop.ini

Filesize
9B

MD5
3b22ce0fee2d1aaf2c66dcd142740e29

SHA1
94d542b4bb9854a9419753c38e6ffe747653d91c

SHA256
8284772f28954a109c16f1583e6e34e29f06673b34e04f268bda961b57ba9f79

SHA512
efd4900a49624170e51ea401f0845634f49484a49335845258dc3d41a12e2022bf413a6751fcbcfd1ec68cde506f3363beae57f20e8eaca8b214d28baa138c5b

Download Submit
memory/2560-5249-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2560-4810-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2560-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2560-1244-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2560-50-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2560-46-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2560-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2560-30-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3720-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3720-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4968-20-0x00007FFF45C20000-0x00007FFF465C1000-memory.dmp

Filesize
9.6MB

Download
memory/4968-33-0x00007FFF45C20000-0x00007FFF465C1000-memory.dmp

Filesize
9.6MB

Download
memory/4968-32-0x00007FFF45ED5000-0x00007FFF45ED6000-memory.dmp

Filesize
4KB

Download
memory/4968-28-0x00007FFF45C20000-0x00007FFF465C1000-memory.dmp

Filesize
9.6MB

Download
memory/4968-27-0x00007FFF45C20000-0x00007FFF465C1000-memory.dmp

Filesize
9.6MB

Download
memory/4968-26-0x00007FFF45C20000-0x00007FFF465C1000-memory.dmp

Filesize
9.6MB

Download
memory/4968-25-0x00007FFF45C20000-0x00007FFF465C1000-memory.dmp

Filesize
9.6MB

Download
memory/4968-24-0x0000000001140000-0x0000000001148000-memory.dmp

Filesize
32KB

Download
memory/4968-23-0x000000001C250000-0x000000001C2EC000-memory.dmp

Filesize
624KB

Download
memory/4968-22-0x000000001B750000-0x000000001B760000-memory.dmp

Filesize
64KB

Download
memory/4968-21-0x000000001BCE0000-0x000000001C1AE000-memory.dmp

Filesize
4.8MB

Download
memory/4968-19-0x00007FFF45ED5000-0x00007FFF45ED6000-memory.dmp

Filesize
4KB

Download