c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe
Size

182KB
MD5

6bc1a74ad2949cd87554036930689aca
SHA1

da2878bb7b13df1abc4564598a868a347b8b6fa6
SHA256

c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8
SHA512

e734b3ec73c7b3c5a1ab26f4a988f68c2147c95220d5a0c7efbd2884062d0cb8e808953daa7e461decbf12e0949094465a98f97951666bf19ae36ac18fd9ab70
SSDEEP

3072:xftffepVPhsJCQIZHJTpprL8FZjuAZcU6xeZ/swaOL+2aDOI+MzGVNgZb+9EeMK:5VfgPK4QIZHJTAuAZVmeZ/6OLX+vXZC3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2732	Logo1_.exe
1248	c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themeless\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe\sq-AL\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lt-LT\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Content\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\el-GR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\skins\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe
File created	C:\Windows\Logo1_.exe	c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe
2732	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 1928	4768	c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe	87
PID 4768 wrote to memory of 1928	4768	c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe	87
PID 4768 wrote to memory of 1928	4768	c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe	87
PID 4768 wrote to memory of 2732	4768	c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe	88
PID 4768 wrote to memory of 2732	4768	c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe	88
PID 4768 wrote to memory of 2732	4768	c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe	88
PID 2732 wrote to memory of 4960	2732	Logo1_.exe	90
PID 2732 wrote to memory of 4960	2732	Logo1_.exe	90
PID 2732 wrote to memory of 4960	2732	Logo1_.exe	90
PID 4960 wrote to memory of 832	4960	net.exe	92
PID 4960 wrote to memory of 832	4960	net.exe	92
PID 4960 wrote to memory of 832	4960	net.exe	92
PID 1928 wrote to memory of 1248	1928	cmd.exe	93
PID 1928 wrote to memory of 1248	1928	cmd.exe	93
PID 2732 wrote to memory of 3448	2732	Logo1_.exe	56
PID 2732 wrote to memory of 3448	2732	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3448
- C:\Users\Admin\AppData\Local\Temp\c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe
  "C:\Users\Admin\AppData\Local\Temp\c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4D55.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe
      "C:\Users\Admin\AppData\Local\Temp\c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe"
      4⤵
      Executes dropped EXE
      PID:1248
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4960
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
770e80db366145f997b81f8040496869

SHA1
4d924c50b0c714b97047df34a0bd4adaf2de6a83

SHA256
dccf1246394aab3657a9ebd19ebd4150b9420f438bd50e40aafbc8ac8d51ebdb

SHA512
754b5ee9fdcc4614ad626ece4d684fdc2f4b20d5c20042dba268f4c7b1c913b2b707ac1903bfb85a79598975e4b6ab4eb508660a242cb9feb2196d6368a6ff8d

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
1e01d1160ba6e43d35de151fd823151e

SHA1
aa378c2982b0fa49a83d04e0f7bebfe1113fd4bc

SHA256
a93e95c61e248218eb6cd565a920c93f42d33366e1615da351c5e4309ee9fa76

SHA512
faf4fa464b333397505d0221fd5c31b4d9559f0880256f67dd52470d9add4c56386494fa0f233faace154ea022cd9f78e5a25f5335e2f62170e18edc9a09dbe7

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
481KB

MD5
d9a20f38778ddec5c48e2acde4956248

SHA1
fe41d404f38c2d570cd55158524d450f5ed50da3

SHA256
f39c91803fd8d891849aa7b16cd6f82fa4a3b0eaf12d6699127206f48dbf9c63

SHA512
c879087690924c702a818643329c7c8c2fae5fae3d9a2c6b1c5eb608f3c899ba4bd4708cde9565e957b669c09fa8ab11ad289128bc5871dd85fe4fa90c31e4b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4D55.bat

Filesize
722B

MD5
fb4cb8d3947ba767e704bba1b7a7c8e7

SHA1
296c36e8ecd5d845fb92c097f1f12b1b41ea758d

SHA256
538431d2b8cc1bb685520a292e42bda1d87a434c6e591a053842a5c6d5fff9b6

SHA512
38dfbc6bf3dbcbfa0522c2f8861baf39d6f6d34720f8f13b087555c3faecfaf6e1a138cfcf82e6418495d4e34705f3c1fe68a65f3b80ad9569105659b7919737

Download Submit
C:\Users\Admin\AppData\Local\Temp\c35935bc666ebfdec5c306508928c29fcc984165166e348a0c6f8db4edb329e8.exe.exe

Filesize
156KB

MD5
39e25fdcbc0fe52d96da002d453561fd

SHA1
45ff4ac06ed22d72700b17463c798b7a7133d048

SHA256
e77946b429093c874157b1dbc11cc69a137747ef1eab9bd3c2fb3d8e991934c3

SHA512
48add6448f3da3336fbf0efeee7b199f6d9508da31911df82f22ef0f6b8408e3100d4c21390cb420e45ee7eb037231e6e5a2c84b8a4022239053521c92bf0d30

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8758044db9fce67ea2ad542f86e69e57

SHA1
60cc4d25ea4e17f676e8ac8be10b9dfe2f7ed67d

SHA256
0c91b552dc6db19b6711e32cb8c9c604b60dc9d674be06cccb6adf08b4dbd82d

SHA512
411737be53feaef0829190b6610c729b925949bcc0b4a65063ab393acb1a92c577093e6377a373704ce54d27a593f2faddc23c80c660638f7c304a93f1972c93

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-566096764-1992588923-1249862864-1000\_desktop.ini

Filesize
9B

MD5
6304f6cd23949a0e203abd81fc93bcfd

SHA1
260299dcdd7b9af6298e036322e7493d3598ab44

SHA256
6e249dd60655637cf4a7f940b41cfc3b70dc36b986a37babad9180d29d22adb8

SHA512
ce9d77f19554bdfdf7bc99adc9a9cdbc79c3d30f901b9f47ffb8e2d737c7a3fceb059de56993f9092c4ba0276b9d6ebc035fd48298dc62e11a9ef05bb9e00ab5

Download Submit
memory/2732-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2732-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2732-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2732-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2732-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2732-1008-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2732-1175-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2732-1663-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2732-4742-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2732-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4768-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4768-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download