747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe
Size

957KB
MD5

61faac4003ded5a5812e719de38bd630
SHA1

e2f6e58b171f3773d80769f8b6996fac1941d9b2
SHA256

747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1
SHA512

0628dad76a15ee1c01147836dd852728cc5c99fa88d46286f1191c9f35a5f4724ac5fedbecdd32d27f068104f7a211300e1b23fecafd834b5ca38dcc3855af46
SSDEEP

12288:ep7RKcv8Nh7py6Rmi78gkPH3aPI9vyVg/0paQuj3IdD02fKBjtp/:epEBpDRmi78gkPXlyo0G/jr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4292	Logo1_.exe
1332	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{A7DDB725-0176-412C-9E62-95BAC2285DAC}\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Temp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_2019.125.2243.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\codecpacks.webp.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\collect_feedback\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe
File created	C:\Windows\Logo1_.exe	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe
4292	Logo1_.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	1332	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe
Token: 35	1332	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 2412	1528	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe	85
PID 1528 wrote to memory of 2412	1528	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe	85
PID 1528 wrote to memory of 2412	1528	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe	85
PID 1528 wrote to memory of 4292	1528	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe	86
PID 1528 wrote to memory of 4292	1528	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe	86
PID 1528 wrote to memory of 4292	1528	747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe	86
PID 4292 wrote to memory of 660	4292	Logo1_.exe	87
PID 4292 wrote to memory of 660	4292	Logo1_.exe	87
PID 4292 wrote to memory of 660	4292	Logo1_.exe	87
PID 660 wrote to memory of 2520	660	net.exe	90
PID 660 wrote to memory of 2520	660	net.exe	90
PID 660 wrote to memory of 2520	660	net.exe	90
PID 2412 wrote to memory of 1332	2412	cmd.exe	91
PID 2412 wrote to memory of 1332	2412	cmd.exe	91
PID 4292 wrote to memory of 3484	4292	Logo1_.exe	56
PID 4292 wrote to memory of 3484	4292	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3484
- C:\Users\Admin\AppData\Local\Temp\747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe
  "C:\Users\Admin\AppData\Local\Temp\747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1528
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a375C.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe
      "C:\Users\Admin\AppData\Local\Temp\747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:1332
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4292
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:660
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
252KB

MD5
b5c04d99eed307672a8deb8b7718a8aa

SHA1
9ce94d10b200241a594098c435d70dd3e6e89990

SHA256
08992cd838448e03e3ec818bd1ba776aef5b6f71ea4095d8ce504c3d02aa2de2

SHA512
a18954042f94b318fd04e86f7e4bf824d9fa5663515bca009baef55124937b8ed1c66a41e3afa76ad519058468daeb31555a14e339955cd81d68693547a80268

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
571KB

MD5
98d0fbd28c3f5dd1aaa9d950ed77d120

SHA1
955ebe56d4c059a42de70ba95a2946a5fdcac589

SHA256
0500db2c15a2f3564b9d759a3c9f273a20712ce8d262ece971854d1f2dcfb76e

SHA512
7234629bc2ff1f561e76cc8f35557982b4db2438af12a3f2d571c9175f6e0539d08f59102afefad6e0477abaa3f4957502a5bf269db338c88fa81b6c2118bc21

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
482KB

MD5
ef2faa6fbcf12b63da1cf3e9283ad1cf

SHA1
2032ddc0f6ed9560583f70a279ca858b1e746409

SHA256
2c7657fe57ec426599ef848815689264720ffed5a0f9a5d33d07cafabeb43bf3

SHA512
46b169f4142d45197207d0015119145c12eb01150c6b742c5f3792b01d2e23bda9e25e181144f4b9963eefcff7ccb9d37fad4d27b044753325ceeaea330fa00b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a375C.bat

Filesize
722B

MD5
94f077d00e4bae4d5b3d579f7ba5ffef

SHA1
928763ae5af840f1ab1cdecb50268e9eb9f6a15c

SHA256
f2b2d06d6b1109598dd1c6738c6c5b7a2beee45ca52706e02618089333e24e52

SHA512
00fe7f486872f84e866ca83a8e7bcda4a52805e4e5de574c832237c7184c3db83fea9a08108bcc8340945ba0aeb2458f890d91695dc87a0283de7cdc86fe8bae

Download Submit
C:\Users\Admin\AppData\Local\Temp\747fef3108122d57f102937ff809001ae2cfadbb16632340fce716d2399df8b1.exe.exe

Filesize
930KB

MD5
30ac0b832d75598fb3ec37b6f2a8c86a

SHA1
6f47dbfd6ff36df7ba581a4cef024da527dc3046

SHA256
1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

SHA512
505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

Download Submit
C:\Windows\Logo1_.exe

Filesize
27KB

MD5
b549a2d14ce574567c4fec243a27851c

SHA1
5822837482a62de07e8fd8ce12edd9d268512f28

SHA256
7bcd0400f099571362dc785b7497154974e1e8b79d455745fca8f68bc37327c7

SHA512
9458d2bafc896e4fa9be8b6a0144dd74eb5ffc34c1b883623b3985b5073893ccfd72e682a304b2f84f51675431fcbb7be7afa3eec30ed2bcf435c072b53fc9fe

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-566096764-1992588923-1249862864-1000\_desktop.ini

Filesize
9B

MD5
95b3e5fe04e8423c49a7f69a5d13771f

SHA1
615b63fb8bf07dbb0565ffd492067309645064c9

SHA256
1663db9b496c87701f6c8f6721e92994ffdd747f949ab1070fd844c4d63fb916

SHA512
d9a0d342e84c32d4c0aee97be7b9a102963d1aeab7edd87b080548f7dd144d851c558e6706bec441534d8e188938655c2b551e358d342309677511404a34ce81

Download Submit
memory/1528-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1528-8-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-37-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-32-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-41-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-10-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-1008-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-1175-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-2082-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-26-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-4742-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4292-19-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download