8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe
Size

50KB
MD5

e149e6834b50e0c9322ea0ec2c15170b
SHA1

59a264cf50f452ae61c487b3f96292e3a9c9dad8
SHA256

8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2
SHA512

2212cc5f5b8d701ca756cc7af2d5531728ed24a724f259d1a8488300eae118e2a9bc14b7239e182fa4c400a6ab71c2639565fbdcf698a36a6319931bf236c162
SSDEEP

768:Q1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoLSkB2ZAUmgxH:CfgLdQAQfcfymNeK6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4508	Logo1_.exe
1036	8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\mk-MK\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\tool\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\en-GB\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\cef\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\PFM\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-100_kzf8qxf38zg5c\Assets\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe
File created	C:\Windows\Logo1_.exe	8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe
4508	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 4624	4424	8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe	84
PID 4424 wrote to memory of 4624	4424	8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe	84
PID 4424 wrote to memory of 4624	4424	8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe	84
PID 4424 wrote to memory of 4508	4424	8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe	85
PID 4424 wrote to memory of 4508	4424	8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe	85
PID 4424 wrote to memory of 4508	4424	8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe	85
PID 4508 wrote to memory of 3992	4508	Logo1_.exe	87
PID 4508 wrote to memory of 3992	4508	Logo1_.exe	87
PID 4508 wrote to memory of 3992	4508	Logo1_.exe	87
PID 3992 wrote to memory of 4888	3992	net.exe	89
PID 3992 wrote to memory of 4888	3992	net.exe	89
PID 3992 wrote to memory of 4888	3992	net.exe	89
PID 4624 wrote to memory of 1036	4624	cmd.exe	90
PID 4624 wrote to memory of 1036	4624	cmd.exe	90
PID 4624 wrote to memory of 1036	4624	cmd.exe	90
PID 4508 wrote to memory of 3480	4508	Logo1_.exe	56
PID 4508 wrote to memory of 3480	4508	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3480
- C:\Users\Admin\AppData\Local\Temp\8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe
  "C:\Users\Admin\AppData\Local\Temp\8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4424
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a92CA.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe
      "C:\Users\Admin\AppData\Local\Temp\8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe"
      4⤵
      Executes dropped EXE
      PID:1036
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4508
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3992
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
244KB

MD5
687bf289f59132467433ce04468c969b

SHA1
44f11fcc18c9dacc8c4e1e3290f51f7101215e5a

SHA256
ad547e5f66763f26590ce4cfcf5859a9cb6409983bb83ee14a1c462f8f355ba0

SHA512
74150b10da282ca2f48bd790ffa649f934ef03f8d73973875b3bb6c1adbee075e1684d295667ed48e1595ed1f60d254f94ea2903462ac1bfe80f05e88052f0b0

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
56cf65fde4a6e6f7a14a25424ee789bb

SHA1
aca7a095255f966a28e5237dbe319573a4c91721

SHA256
1dc0dc84ce8d549253aab5f408c1c452be6cc6bfc33bc3c381dbaa1c8b393440

SHA512
1ca154879cad89acb7fd8d4751f84dc4442820df6f59c987b95d8a031554adf2108d1ae3da3b03c2bccacba28ee2b02a78c6cc0076d1d455a6296ed61eee20e1

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a92CA.bat

Filesize
722B

MD5
17a03953be0b62a313b9177da8a98424

SHA1
da598f18d2bb90ae393d3134837f1fab9a0db08b

SHA256
8a73d16abcf0734f12cbc39a3d2042f0af84da4e1b535e851b8692b3af9363e6

SHA512
e9c30d7508ce14c0d6dcc3e9532b4b579a35aaacd06aaa0330f9b10c742a865e9f5145ff88f6b8a63510d4449923296c79c36531c4b47e7f9da23221d85be78b

Download Submit
C:\Users\Admin\AppData\Local\Temp\8caaeabc3a2d01441e75dc6fb393b816e83c6b728851002ef504e635657a99c2.exe.exe

Filesize
24KB

MD5
19e1e266dc889c4f87641cb07b589391

SHA1
893d64e4189eec187a9446ff955abed1144b1113

SHA256
c7de50d5674a0259625734daa4fc989de54641e78dead4bebb2cd3926a20d01b

SHA512
bb7d0ad6b44441bdbbc0c06d78f46ab506b585ebcedee439ec7ab0c6d5d742c0707ccb48fcc4cec0cd3c4f8d9346b6d9008f646049f2a96864365217c5b2a68f

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
f85d04d350635e9f0363b173e23fc424

SHA1
27dc999478aebda72d6398c8516d898f03cfd74d

SHA256
c248aa3b61539f878316cc48a7afc8501ddc6a99cd334bbe13695d65adca677c

SHA512
4515a8f805bec76dad2da2ee1c4d8ae3c0393c50298f434aa4f960bc470bd4437d99df36bfd611e90348970a3570c2cac4f1aa1a473d4d335f01bbecc8b741a9

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-47134698-4092160662-1261813102-1000\_desktop.ini

Filesize
9B

MD5
1368e4d784ef82633de86fa6bc6e37f9

SHA1
77c7384e886b27647bb4f2fd364e7947e7b6abc6

SHA256
57507bed6cf91d70e66bd4cc287634889ef30b648cb7c44a4edec0e2cb68b772

SHA512
3cb7168e776eb564768e30eba43174014a85108ab306a7c07a1522fb42173c381a5bff9ac10944fd345dd5308061cbe2878c60d1e878f8768281c1adcf5dd85b

Download Submit
memory/1036-20-0x0000000074450000-0x0000000074A01000-memory.dmp

Filesize
5.7MB

Download
memory/1036-23-0x0000000074450000-0x0000000074A01000-memory.dmp

Filesize
5.7MB

Download
memory/1036-19-0x0000000074452000-0x0000000074453000-memory.dmp

Filesize
4KB

Download
memory/4424-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4424-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4508-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4508-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4508-31-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4508-985-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4508-1238-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4508-1986-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4508-11-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4508-4802-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4508-24-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4508-5247-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download