snakebot | 73db1eca7ae24d70cf90bd1b9543b2acf4f74c6a3f8315a427daaad0758aa90d

Analysis

max time kernel
154s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13-04-2023 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undertale/Undertale Setup.exe
Size

117.7MB
MD5

78d20884005dd7b4f01487270ca8414a
SHA1

c61ccab304edb844257abf20bf4af01129402a32
SHA256

be571d8d78f5a13bd804ea289be2a0224a29dd37893312668c62c5f347606e67
SHA512

870308d9c893dbd5e18e0abee87b65b4b73f268e7108bf7914c54504d8220864b75485ad550487a8c13fb649b20b467d3c7f01b50f420c92cb8ddbc74ae2b2e3
SSDEEP

3145728:/dbuLhfkuy+v6k8c5hP6oA2+tnS+FTi/5ZnWwY4Gf6YB5qZeHEJf:/ELhfkNm6eUC+QYiBZnWb4GfJBKeq

Score

10^/10

snakebot discovery snakebot

Malware Config

Signatures

SnakeBOT
SnakeBOT is a heavily obfuscated .NET downloader.
snakebot

Contains SnakeBOT related strings 1 IoCs

snakebot

Processes:

resource	yara_rule
C:\Program Files (x86)\Undertale\data.win	snakebot_strings

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Program Files (x86)\Undertale\steam_api.dll	acprotect
C:\Program Files (x86)\Undertale\steam_api.dll	acprotect

Executes dropped EXE 2 IoCs

Processes:

Undertale Setup.tmpUNDERTALE.exe

pid process

2132 Undertale Setup.tmp
2588 UNDERTALE.exe
Loads dropped DLL 2 IoCs

Processes:

UNDERTALE.exe

pid process

2588 UNDERTALE.exe
2588 UNDERTALE.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe

pid	process
2132	Undertale Setup.tmp
2588	UNDERTALE.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Drops file in Program Files directory 64 IoCs

Processes:

Undertale Setup.tmp

description	ioc	process
File created	C:\Program Files (x86)\Undertale\is-2JTUG.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-5DP36.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-UA58D.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-PO2MI.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-GN08A.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-9PJ86.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-3CU8I.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-QCG62.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-6FBE9.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-ACVFC.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-U54SA.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-49SKC.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-E9UAB.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-784E5.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-19F09.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-9OV7R.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-GDOBS.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-PNOUS.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-CGBEH.tmp	Undertale Setup.tmp
File opened for modification	C:\Program Files (x86)\Undertale\unins000.dat	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-SDL1M.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-DSE90.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-4TLFC.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-NJ0QR.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-887V9.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-SRQ5H.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-U4SQC.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-A141K.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-7VPJL.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-TMKA1.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-5H6O0.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-LBMDR.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-KPHR2.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-D4AVU.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-9DFRS.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-I33R5.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-KFBI9.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-7GJPU.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-R7A02.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-7SB8N.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-C465E.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-SQTAM.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-R64M2.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-AQ0PB.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-08I51.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-EORI0.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-U6KF4.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-BKFPQ.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-GASIR.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-F09DP.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-TJ5TF.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-ALIVT.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-IGHTQ.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-UAEET.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-73AHV.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-9IPS3.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-8127B.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-UDD52.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-83FHA.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-EQAI4.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-MTKCE.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-1L31P.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-T7TAR.tmp	Undertale Setup.tmp
File created	C:\Program Files (x86)\Undertale\is-RRDK4.tmp	Undertale Setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Modifies registry class 1 IoCs

Processes:

svchost.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4238149048-355649189-894321705-1000\{27577EBA-0BF6-4E55-AB48-01E2BA38327E}	svchost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

UNDERTALE.exe

pid	process
2588	UNDERTALE.exe
2588	UNDERTALE.exe
2588	UNDERTALE.exe
2588	UNDERTALE.exe
2588	UNDERTALE.exe
2588	UNDERTALE.exe
2588	UNDERTALE.exe
2588	UNDERTALE.exe
2588	UNDERTALE.exe
2588	UNDERTALE.exe
2588	UNDERTALE.exe
2588	UNDERTALE.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4380 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4380 AUDIODG.EXE
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

UNDERTALE.exeOpenWith.exe

pid process

2588 UNDERTALE.exe
5024 OpenWith.exe

description	pid	process
Token: 33	4380	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4380	AUDIODG.EXE

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

Undertale Setup.exeUndertale Setup.tmp

description	pid	process	target process
PID 368 wrote to memory of 2132	368	Undertale Setup.exe	Undertale Setup.tmp
PID 368 wrote to memory of 2132	368	Undertale Setup.exe	Undertale Setup.tmp
PID 368 wrote to memory of 2132	368	Undertale Setup.exe	Undertale Setup.tmp
PID 2132 wrote to memory of 2588	2132	Undertale Setup.tmp	UNDERTALE.exe
PID 2132 wrote to memory of 2588	2132	Undertale Setup.tmp	UNDERTALE.exe
PID 2132 wrote to memory of 2588	2132	Undertale Setup.tmp	UNDERTALE.exe

C:\Users\Admin\AppData\Local\Temp\Undertale\Undertale Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Undertale\Undertale Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:368

C:\Users\Admin\AppData\Local\Temp\is-1BNMA.tmp\Undertale Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1BNMA.tmp\Undertale Setup.tmp" /SL5="$70150,122986545,156672,C:\Users\Admin\AppData\Local\Temp\Undertale\Undertale Setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2132

C:\Program Files (x86)\Undertale\UNDERTALE.exe
"C:\Program Files (x86)\Undertale\UNDERTALE.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4380

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:1972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:4944

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Undertale\D3DX9_43.dll
Filesize
1.9MB

MD5
86e39e9161c3d930d93822f1563c280d

SHA1
f5944df4142983714a6d9955e6e393d9876c1e11

SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

Download Submit
C:\Program Files (x86)\Undertale\UNDERTALE.exe
Filesize
3.6MB

MD5
93d87952773a2bb59a8667d0bc06c2c0

SHA1
480c87f42e8ecbcde1104f4a61de5dee6a9cb3c5

SHA256
9ec41f5094544c938fc075f5506c089d0c1e11fb93afba79a196981bef81d19b

SHA512
d9fce47e5c037e4954437c95abea6959e39c91d0bcd596f1c3267e5c09e5a0defade4c63617609b5386879bcae06e3c60e909fcf2476e250bc960eea0c2d1c6d

Download Submit
C:\Program Files (x86)\Undertale\UNDERTALE.exe
Filesize
3.6MB

MD5
93d87952773a2bb59a8667d0bc06c2c0

SHA1
480c87f42e8ecbcde1104f4a61de5dee6a9cb3c5

SHA256
9ec41f5094544c938fc075f5506c089d0c1e11fb93afba79a196981bef81d19b

SHA512
d9fce47e5c037e4954437c95abea6959e39c91d0bcd596f1c3267e5c09e5a0defade4c63617609b5386879bcae06e3c60e909fcf2476e250bc960eea0c2d1c6d

Download Submit
C:\Program Files (x86)\Undertale\UNDERTALE.exe
Filesize
3.6MB

MD5
93d87952773a2bb59a8667d0bc06c2c0

SHA1
480c87f42e8ecbcde1104f4a61de5dee6a9cb3c5

SHA256
9ec41f5094544c938fc075f5506c089d0c1e11fb93afba79a196981bef81d19b

SHA512
d9fce47e5c037e4954437c95abea6959e39c91d0bcd596f1c3267e5c09e5a0defade4c63617609b5386879bcae06e3c60e909fcf2476e250bc960eea0c2d1c6d

Download Submit
C:\Program Files (x86)\Undertale\d3dx9_43.dll
Filesize
1.9MB

MD5
86e39e9161c3d930d93822f1563c280d

SHA1
f5944df4142983714a6d9955e6e393d9876c1e11

SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

Download Submit
C:\Program Files (x86)\Undertale\data.win
Filesize
55.2MB

MD5
a7728805e9789cb1288e6d807aa46833

SHA1
9c07858aa3ea04319644cc246d04ffa2dd77323c

SHA256
36e4544d49fbba8f484cd1c629085d240139b54e07dab6a466f0dd36f1753e98

SHA512
f8f54db54d921eff62327733d8a4811dc1c0e5c0fd3b9c898a84cdfeba513ec8e9dde2a333ef411b0190106c80e0a2a1776dc927d3ad9e62d0b515999690237d

Download Submit
C:\Program Files (x86)\Undertale\mus_intronoise.ogg
Filesize
38KB

MD5
f851df4bc59e60e9be07e2ba413b44a0

SHA1
1004c711725031a7ed4b48fe9647cd03670d8385

SHA256
85dbde2ff5894d1942618b763e3d70af7d5c46c09da77ea772bbe93a858b70fd

SHA512
47f4a4e11eefd3f0fbae3a85125d82321a8a9b69d06cd5e3acc124f6a4909b4cfe36830a10a3020f04c58410913913de1ed4606b16c76d44198d6bb493bf73bc

Download Submit
C:\Program Files (x86)\Undertale\mus_menu0.ogg
Filesize
199KB

MD5
6a29fbe5262d5b28bdd3e401348870a6

SHA1
9c2097c504a7223157aa1207a71e5254ab6f3f98

SHA256
69c40b001e1391f2d28170523e02e2bf27b582e28c8c8ffd4c70ebb5d9b31344

SHA512
cc825987f964434996a2354e93cc41752b7bf1615b085c59ba2472861b606cc76c8d449db05662abc13eea015ec976cf0e0e0ace22f39474d6b8ba833532c339

Download Submit
C:\Program Files (x86)\Undertale\mus_story.ogg
Filesize
648KB

MD5
d616e0ef2ae212ae0717c1b3838d2cd6

SHA1
eec3f046a8ad007b8fca4cc843ad62db267a59bf

SHA256
65688e20f6a2fc02ad2736db1a7106289f5a6cde5114daa326f85b930fc73209

SHA512
777f61c394141e2f883897367ff5c984875b5bbb49f70c2153cc5d51566c8ce2f02aae3d963846644479486b96f8f0c07bcd9581b5b8fc43a50a5efbea9d5f62

Download Submit
C:\Program Files (x86)\Undertale\options.ini
Filesize
97B

MD5
396f73a1185a5642f5f1e2538b64396a

SHA1
d72d687a5a1258986f218bfccacc6118c39ec4f9

SHA256
e267293f58d257d2dd1e00ad25425bdb798fcbf75256a7d45b7d7086159dbc58

SHA512
e17cfca14ce79c71eea01973385fa4151989d40bfc5a04b97fd3534ff5b4f04b385d11867d80a60325aa0bd13403910fee73ab9379f0e05c669d24d5d95957da

Download Submit
C:\Program Files (x86)\Undertale\splash.png
Filesize
893B

MD5
188cf6da0fd3f7ec3e1be7d6a2c38663

SHA1
17f12013c22612b58382ab7ef01da4a96036fb9a

SHA256
358239b9859b8b15135b8092ce1cf45473db83e0cbe50c632bcd2a510d41cd05

SHA512
4d60a961cd3f30d180f07fd894d74db0f730e93323338b112918c44719f2d2cc4b4b18803288fc0d047710840cbc78106fb3eb13a6249747b6d21fb7382fda45

Download Submit
C:\Program Files (x86)\Undertale\steam_api.dll
Filesize
251KB

MD5
23767288e6a003aaaa54355cbe108da8

SHA1
c7f21dc71491fe661c698f5c561405c0e3f423c1

SHA256
209135c082a8ef8323479384e97d769d9b2d98f727bbb34a7806ce150b750c89

SHA512
a870b2f99da48ad07f9b36d6730d74af5f285af12e21a24d61e6e3023d5917920bd343fe295b7374a2065bf9c09b6f1cbb03fbcf05206f4bd0544b5f0eb0e147

Download Submit
C:\Program Files (x86)\Undertale\steam_api.dll
Filesize
251KB

MD5
23767288e6a003aaaa54355cbe108da8

SHA1
c7f21dc71491fe661c698f5c561405c0e3f423c1

SHA256
209135c082a8ef8323479384e97d769d9b2d98f727bbb34a7806ce150b750c89

SHA512
a870b2f99da48ad07f9b36d6730d74af5f285af12e21a24d61e6e3023d5917920bd343fe295b7374a2065bf9c09b6f1cbb03fbcf05206f4bd0544b5f0eb0e147

Download Submit
C:\Program Files (x86)\Undertale\steam_emu.ini
Filesize
2KB

MD5
f98efa05e4c224bec6df0f38c1f41801

SHA1
b73f247e46657c5e78c410d7d5bef50dac8c172e

SHA256
303cfb51ad5a389296c7c86e4aea6d450276078d40d848df4a334e70d5b77885

SHA512
13bad72f40efb3ca91bc28490974af4a7a40c6da5b11ae2f277cc24def56c32b2f9381b09c11a028e5bd27966f88085eb98aebb6f81e7893efdd76bc3981cf4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1BNMA.tmp\Undertale Setup.tmp
Filesize
770KB

MD5
c16e0a69c8488637d4d61957a7a99fe2

SHA1
66de164a6b8365aba6220f96df28153c542ca5cc

SHA256
a120ee95eb39faba843f3f7afd8c9507c93a665ba12c1c9853c6e8c5aac4c5b1

SHA512
5fc87953210e62beabbf5f98398a408254192bd1ed87bbf288351ddccead248077a1c0d213b721878abf090d0c50a6e49e5cafd79226f676c5b9da588e287e2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1BNMA.tmp\Undertale Setup.tmp
Filesize
770KB

MD5
c16e0a69c8488637d4d61957a7a99fe2

SHA1
66de164a6b8365aba6220f96df28153c542ca5cc

SHA256
a120ee95eb39faba843f3f7afd8c9507c93a665ba12c1c9853c6e8c5aac4c5b1

SHA512
5fc87953210e62beabbf5f98398a408254192bd1ed87bbf288351ddccead248077a1c0d213b721878abf090d0c50a6e49e5cafd79226f676c5b9da588e287e2d

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/368-644-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/368-145-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/368-133-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2132-496-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/2132-643-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/2132-172-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/2132-146-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/2132-144-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2588-653-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/2588-652-0x0000000074790000-0x0000000074841000-memory.dmp

Filesize
708KB

Download
memory/2588-660-0x0000000074790000-0x0000000074841000-memory.dmp

Filesize
708KB

Download
memory/2588-678-0x0000000074790000-0x0000000074841000-memory.dmp

Filesize
708KB

Download