960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076

Analysis

max time kernel
102s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe
Size

5.7MB
MD5

862ff3ae77f95abc4ee876b02b8fea8f
SHA1

2458523746f40003dbfb61931fd04a9e84901041
SHA256

960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076
SHA512

bfa0940daf38314ca1faad6aa945f14a856d1a5ad6a21ba008305b317d6a4d6661d93ae67478fbd497916f70e35415bf3d09aa96c006da2bfbe0dfdd4623391b
SSDEEP

49152:9Pv94AEsKU8ggw1g+1CART5eBiyKS3EI3wybn20DCYIHvc8ixuZm9+fWsw6dTPBJ:JKUgTH2M2m9UMpu1QfLczqssnKSk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
8	Logo1_.exe
1980	960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-150_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\files\dev\libs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\is\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Configuration\Registration\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pt-PT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Views\Utilities\Styling\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Extensions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ach\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ro-RO\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\nb-NO\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\ringless_calls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\7-Zip\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Mail\wabmig.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\et-EE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe
8	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 1368	1532	960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe	86
PID 1532 wrote to memory of 1368	1532	960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe	86
PID 1532 wrote to memory of 1368	1532	960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe	86
PID 1532 wrote to memory of 8	1532	960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe	87
PID 1532 wrote to memory of 8	1532	960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe	87
PID 1532 wrote to memory of 8	1532	960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe	87
PID 8 wrote to memory of 3948	8	Logo1_.exe	88
PID 8 wrote to memory of 3948	8	Logo1_.exe	88
PID 8 wrote to memory of 3948	8	Logo1_.exe	88
PID 3948 wrote to memory of 4564	3948	net.exe	91
PID 3948 wrote to memory of 4564	3948	net.exe	91
PID 3948 wrote to memory of 4564	3948	net.exe	91
PID 8 wrote to memory of 3496	8	Logo1_.exe	56
PID 8 wrote to memory of 3496	8	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3496
- C:\Users\Admin\AppData\Local\Temp\960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe
  "C:\Users\Admin\AppData\Local\Temp\960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1532
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a542B.bat
    3⤵
    PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe
      "C:\Users\Admin\AppData\Local\Temp\960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe"
      4⤵
      Executes dropped EXE
      PID:1980
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:8
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3948
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
22d003d3f5edc56ca7ec1e07f50145db

SHA1
0a831d187f1e656e29900a871039f9682f1e3f10

SHA256
db47539501bb96d6ee9207e3021c989985864c5426b907cf330de7aca5058c70

SHA512
d0919f9a98731cc619ac07836f5e4dd6d8793665909fdb1d9de526be6ed7bd787bbfb52034a8596304cee07ced99635e7e966a88b79b3244c0fc169025558367

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
33eac009b57f1bfbfcb89475e5b96ebc

SHA1
7b9bfe8ae99398e16ec257df4fe4811ae77230e8

SHA256
8dee192dfbb00c4b4fd5c30c851aff5a23025081210100d6bbec781c48baec79

SHA512
9165cea935523748247fead4a36c31276ae67cb870b1418bfdbfe9681fe0390056f93e076022d9ec2fc7b514a2c37259dc004e5748b0220c8c0ec61176967005

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
c168f1400f09b767044170c5c0603287

SHA1
806b134d2145304a602bc358c2664cc266a52aeb

SHA256
05d52614bdae4496eb435a35b3eb91cc424abb582fdaaae8a8f96a3cf34e2676

SHA512
532f698580361daa78290a7871c1a58fd6e9a445ec78224f7b90bea454fb15183eaa9cee1ef9dcf3fb30a56b5fa6e57de67b817fe04cd5bd61ca5e6710f8f9a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a542B.bat

Filesize
722B

MD5
d416278011c3605b5fda5a904f8cb1cf

SHA1
b19d4a0f462d828c0df15def9a4dc8d2e87111a0

SHA256
76218006e563ca03deec35416f97fcd99bc7f3fbedec767ba89c73d9ad2aebb5

SHA512
172035d425b0a51c76f0222133ef173ad0f2f6fcc871d31b0d153e9a6411c3c9bd50354745007a78dc593286e7d6faa79d87774f3a94a0b37926dc2e70ddd82a

Download Submit
C:\Users\Admin\AppData\Local\Temp\960dd1411d56dc9c8e1a55cb9ef5a5455dad12d397f7724330be58cb4b81c076.exe.exe

Filesize
5.7MB

MD5
ba18e99b3e17adb5b029eaebc457dd89

SHA1
ec0458f3c00d35b323f08d4e1cc2e72899429c38

SHA256
f5ee36de8edf9be2ac2752b219cfdcb7ca1677071b8e116cb876306e9f1b6628

SHA512
1f41929e6f5b555b60c411c7810cbf14e3af26100df5ac4533ec3739a278c1b925687284660efb4868e3741305098e2737836229efc9fe46c97a6057c10e677c

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
d8bdfe1646d2659fdb23730409bf38ae

SHA1
887fb9da472efab54f9af265cd7da777b3430db6

SHA256
9e4d074cb14179eecfb995d1fb507779698cc72ed445596ee23b9daf6966512a

SHA512
feb8ed7223513c3c0ae9593a6d396944f69d51ede7f7dcef7eb8e401a1a5cdd5fe5f3dd54716c6810e5458f737ecb90ad9a4493add1bd196354e1bb284b12939

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-355664440-2199602304-1223909400-1000\_desktop.ini

Filesize
9B

MD5
2be02af4dacf3254e321ffba77f0b1c6

SHA1
d8349307ec08d45f2db9c9735bde8f13e27a551d

SHA256
766fe9c47ca710d9a00c08965550ee7de9cba2d32d67e4901e8cec7e33151d16

SHA512
57f61e1b939ed98e6db460ccdbc36a1460b727a99baac0e3b041666dedcef11fcd72a486d91ec7f0ee6e1aec40465719a6a5c22820c28be1066fe12fcd47ddd0

Download Submit
memory/8-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/8-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/8-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/8-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/8-1226-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/8-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/8-4792-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/8-5231-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1532-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download