ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c

Analysis

max time kernel
149s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe
Size

276KB
MD5

a1c3845f2b9c9083812665b7730b60f6
SHA1

fa22f42d3798dae6a382c231ba1cdfdaa1fc7f74
SHA256

ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c
SHA512

8d1866c80844a5285af4706a2b41dc3ea033786b5d95da94319d9184414ab44911e5d8419179787681b9fa8ca8dbf73e8c468e2857553c311d85ddd827c3da39
SSDEEP

6144:eVfjmNdVHNenR884rpXt476rjkdhgBFOPJJqe4:g7+dVtenR8bxq7dhgBFOHF4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2928	Logo1_.exe
3476	ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\styles\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Bundle\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Office 15\ClientX64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ka\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_2019.716.2316.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\data\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe
File created	C:\Windows\Logo1_.exe	ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe
2928	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 1424	4836	ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe	84
PID 4836 wrote to memory of 1424	4836	ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe	84
PID 4836 wrote to memory of 1424	4836	ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe	84
PID 4836 wrote to memory of 2928	4836	ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe	85
PID 4836 wrote to memory of 2928	4836	ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe	85
PID 4836 wrote to memory of 2928	4836	ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe	85
PID 2928 wrote to memory of 1164	2928	Logo1_.exe	86
PID 2928 wrote to memory of 1164	2928	Logo1_.exe	86
PID 2928 wrote to memory of 1164	2928	Logo1_.exe	86
PID 1164 wrote to memory of 4652	1164	net.exe	89
PID 1164 wrote to memory of 4652	1164	net.exe	89
PID 1164 wrote to memory of 4652	1164	net.exe	89
PID 1424 wrote to memory of 3476	1424	cmd.exe	90
PID 1424 wrote to memory of 3476	1424	cmd.exe	90
PID 2928 wrote to memory of 3340	2928	Logo1_.exe	57
PID 2928 wrote to memory of 3340	2928	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3340
- C:\Users\Admin\AppData\Local\Temp\ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe
  "C:\Users\Admin\AppData\Local\Temp\ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4836
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3671.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe
      "C:\Users\Admin\AppData\Local\Temp\ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe"
      4⤵
      Executes dropped EXE
      PID:3476
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1164
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
3004e27a8b7e23fc38b9e3ec0c6d3f72

SHA1
074580d9cc56b4c04f1b2567446740b034264af0

SHA256
2d4f29cfc198f22e8f65c09f99da27c611b302674e2938e574c308eb23c681c0

SHA512
ed111d0c8fbf18bdb4d198f6b43874eb178756b8e4b24f4e856c4d5e2dc56278270775d247a991293bcdb8e20a820e558bf4d3677e052ef048079075fe942f67

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
2b7b3a80fbb4bc23d4ea9a2413f9257a

SHA1
2c8cbcc85b5da2336832a038ff05718a5528bdd6

SHA256
f035bc055a82362879ec2409db90ee0bd46eeed2e46fc7e80e695c2c36a28cde

SHA512
082eeebf9ed50aa2cf2d4fc446f3f92ac2e5e7af9ae6ffac9028199702fcaff95e499d30958696fca095d26d01f7ad40e6b0fb66d71bfa0c3eb29547dae38926

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3671.bat

Filesize
722B

MD5
d80b29502b683659454de75de1e5a58e

SHA1
a24f5e4aa1f1e01d0502b0b9dabea8c49801e963

SHA256
78fc4d1a93c3ec9b0b9b5ef4ecfa9313828721ccef7e972ff34b855e829bd455

SHA512
976fc6944b08cd2ec746818caf6c8d6a2614c7fcd63d5aee19811224e0626c74cd0cf2980cbf9805fe11d484bc9069529695eaa97757e0bf1c460d86b82a286a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ff0debdae39c97d32e7a2283d369222298a3d4ba99ba8a083172ebed52631f9c.exe.exe

Filesize
250KB

MD5
a849bb305e6e958b07752fffacb42ae8

SHA1
7a7a11dfa9224b7636e5fe23cb577d9a4c5a660c

SHA256
6a5368cf2dd44ca2febc063c5086569fadc9cb146ad09efc3a0fadb299609061

SHA512
c8ec7442ef19daf7097c3a46fdca706362307ff88f7228ee5445c8475d47f40a77ab0d0d9300d4518d2058a2fc062395248afc6efef8ada645d640dd0066539c

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
dff8de046b8556b2c953bbcbb2f2a9ac

SHA1
1914be77275ac1b04ed230783c8a3cecb3b53c5d

SHA256
d125e499d2beda8783c19c8116cfa4e8983bfc33662ed3fcaa93bcf0428d0407

SHA512
56db3c89632a3cf8cfdf37421c255107c32f843f3647b5fe525174cb5c371c576c72401df05b654a8905515ceca6669a8acfb7930ff7a5c28e3b4b2930defbc3

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1132431369-515282257-1998160155-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/2928-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2928-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2928-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2928-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2928-1226-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2928-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2928-4792-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2928-5231-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4836-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download