858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d

Analysis

max time kernel
149s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 09:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe
Size

2.2MB
MD5

3bb23713500e3778f7a456fe5d6ebfa7
SHA1

3e41436f3ac0e194baaa86aba9c6554c144b3600
SHA256

858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d
SHA512

650784071869b28b25122eda6a28ea527214f69073ffe7b1eba67a341ace78a56c4ed56eac72119a790d0acc3a9bcd3c4f85fae9db5e775b9e3a1d29904e6cee
SSDEEP

49152:l7DEmCd7ei0elaGJo08JfcgelMlionnSTAc:QgJkgBioPc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2828	Logo1_.exe
1976	858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Configuration\Registration\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eo\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hu-HU\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\WCChromeNativeMessagingHost.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\swiftshader\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bg\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cy\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Views\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe
File created	C:\Windows\Logo1_.exe	858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe
2828	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2924	2312	858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe	81
PID 2312 wrote to memory of 2924	2312	858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe	81
PID 2312 wrote to memory of 2924	2312	858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe	81
PID 2312 wrote to memory of 2828	2312	858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe	82
PID 2312 wrote to memory of 2828	2312	858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe	82
PID 2312 wrote to memory of 2828	2312	858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe	82
PID 2828 wrote to memory of 4480	2828	Logo1_.exe	83
PID 2828 wrote to memory of 4480	2828	Logo1_.exe	83
PID 2828 wrote to memory of 4480	2828	Logo1_.exe	83
PID 4480 wrote to memory of 3068	4480	net.exe	86
PID 4480 wrote to memory of 3068	4480	net.exe	86
PID 4480 wrote to memory of 3068	4480	net.exe	86
PID 2924 wrote to memory of 1976	2924	cmd.exe	87
PID 2924 wrote to memory of 1976	2924	cmd.exe	87
PID 2828 wrote to memory of 3540	2828	Logo1_.exe	56
PID 2828 wrote to memory of 3540	2828	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3540
- C:\Users\Admin\AppData\Local\Temp\858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe
  "C:\Users\Admin\AppData\Local\Temp\858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a518B.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe
      "C:\Users\Admin\AppData\Local\Temp\858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe"
      4⤵
      Executes dropped EXE
      PID:1976
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4480
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
d852ef5dff2438ea0a845f1fd260acae

SHA1
1359ff66e9cbcbe132d67481a7de5c326630380c

SHA256
c37e4f105ed9742bb9b25041b423b96815b4ab52b31544cd519f15ac2e2d8959

SHA512
5b8544a25c9bf0c3c851be388b32515c31b3f000f5883d993f3b288f71ef07aa2d040b0f30df7559976eaf6f5aeba994a72bb75eaf520efbf5559ccb38e1335d

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
fb5a9669477fbb6642ae249b52e2c814

SHA1
8c94963524d24546da243f782aab5f3ecad9a3b9

SHA256
1db4dab953ab16797a3cd4b903f55e7e308726b3d46f6fd4a4d5ff913801eb3f

SHA512
f0fc9d3f9b4b8739c43d474d475323d389a02d42af83360909da711ba283a1e6e7097504716affd7883e954d61886f74e81a995f6d9e2033778cfa8356857cd0

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a518B.bat

Filesize
722B

MD5
9041a3d87e723bbddc7437d4670cc13b

SHA1
b10f1d847fa42f0b2a40eb938dbaa3a5d56766eb

SHA256
9b7fce64d316416165886f8da6c9e50c0b513ef73ab8620297114db3c381a960

SHA512
47035935f7b5ee9df151030de6140d42688e45ab8926155c53541193b71553e200e5b352c98f5ac8bcd8f5a874eec961bd38f3589b2169d615952acb95faf1c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\858b05e503dcbc0ece3339ac3fbeec9d6804d7d9581946c3427775175df7566d.exe.exe

Filesize
2.1MB

MD5
67e7203b3ec026ded8d474d677f7755c

SHA1
dc3331c968d3d2d3ff5973f82f5aaa2ec976c418

SHA256
06223ec33140bbf02f6a67879fa49abcd77792c860579d1d330092fb29b563a6

SHA512
98a16f7c958174a43871a6487876a1b37f92761de634c979d2d04b2daac5421f172c3495b4857ab082b95c59fd2d9d6c81f340dc9d4277a7a353d4d6acfb01ec

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
c45bd4df01497a84c77398a57e042c8d

SHA1
582329976510839033609ecf5b3298569ed1575d

SHA256
abdd548cbdd8c1bf8921f8e4323307e155d9ddc048cf957b6c932f8758a74968

SHA512
f8cc4f4847840431dda0da9e94448a8420be2c5dac5fe5b72cbd8fcd91bb9e57d4b0a6af49c04e18b1d33cefa78ff3eaa64f364b248faaa763242599bad7d67b

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini

Filesize
8B

MD5
ee8c783242e20d39ed0878caba7b4548

SHA1
1556ec263d4ec9c198a44ea2ecc3c4141ef4509b

SHA256
83855d38f6399f8cd40257a5d87a328d41c21e0e50ad4c91de11897e03ad4532

SHA512
427491089ca5aecb5f365d6adf2e5c9d18a7acf93d471a425364dc504f581f29908df9abfa0fb721e768004737d6c250804dbf27b3c9e4b87532052810318f2a

Download Submit
memory/2312-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2312-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2828-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2828-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2828-34-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2828-1231-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2828-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2828-4797-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2828-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2828-5236-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download