bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2

Analysis

max time kernel
149s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe
Size

88KB
MD5

ab054d5ffb9c058402e9375e28840f22
SHA1

88f5df08335ddaffdbab6aca65cda6b51d85643b
SHA256

bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2
SHA512

5cf3ed305e4398c98698c8032d7986040f95b816181eed0f07a6be4ff7503a6eecf75df28cbdee3547378d6c89d782c432afd73a505e468fbe4b8777ce872c3a
SSDEEP

1536:ppF3SHuJV9Ntyapmebn4ddJZeY86iLflLJYEIs67rxo:ppFkuJVL8LK4ddJMY86ipmns6S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4248	Logo1_.exe
2968	bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CoreEngine\Data\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\HoloTileAssets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe
4248	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 3240	4228	bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe	83
PID 4228 wrote to memory of 3240	4228	bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe	83
PID 4228 wrote to memory of 3240	4228	bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe	83
PID 4228 wrote to memory of 4248	4228	bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe	84
PID 4228 wrote to memory of 4248	4228	bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe	84
PID 4228 wrote to memory of 4248	4228	bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe	84
PID 4248 wrote to memory of 3700	4248	Logo1_.exe	85
PID 4248 wrote to memory of 3700	4248	Logo1_.exe	85
PID 4248 wrote to memory of 3700	4248	Logo1_.exe	85
PID 3700 wrote to memory of 2044	3700	net.exe	88
PID 3700 wrote to memory of 2044	3700	net.exe	88
PID 3700 wrote to memory of 2044	3700	net.exe	88
PID 3240 wrote to memory of 2968	3240	cmd.exe	89
PID 3240 wrote to memory of 2968	3240	cmd.exe	89
PID 4248 wrote to memory of 3436	4248	Logo1_.exe	56
PID 4248 wrote to memory of 3436	4248	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3436
- C:\Users\Admin\AppData\Local\Temp\bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe
  "C:\Users\Admin\AppData\Local\Temp\bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4228
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a41EB.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe
      "C:\Users\Admin\AppData\Local\Temp\bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe"
      4⤵
      Executes dropped EXE
      PID:2968
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4248
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3700
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
59b7aae3cb37d1edacd55159253dd510

SHA1
ceabb6ffbb679732784c01f9d3631898546043a6

SHA256
44ead1f1ed8b1136baf384c692ebd3547d6d7a9a2398dc32774f625ad3849dd9

SHA512
d1679594a2f6417c01602781436b8766af5f7c470f500885e7bf74ec60e9006741aad5c164e3088a0785f3ff3b5d91ac91325c29e9d51b0abbbb24cdda6ea778

Download Submit
C:\Program Files\TraceSkip.exe

Filesize
962KB

MD5
9d283361d0a4bfb4b42ef99dde44f3ad

SHA1
350e689bca170aa4427fdaf88aa37483ac9ab755

SHA256
e06e741fdea75140bf8cb5b333205fa1a3198c7a16f16d568f2984aa46b68d03

SHA512
c55ac20de17ddda9dc60ad1c49d8a8d59f96cfee59c4217163c4654455c5d1af84de1c57267f82be2cace18e9cc01f9d9b1c509922ca3416ac43427aa54b1f26

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
c8d281da4c32df16eef470c27c8cb459

SHA1
00efc9f6844bfaa37c264b6452c6a7356638ab10

SHA256
058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

SHA512
e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a41EB.bat

Filesize
722B

MD5
f8785c581b3cfed268e9139797139fbe

SHA1
20a188fab017446cf9f48fd8f5328b0ab9fb29b4

SHA256
8acb5a2dcefb3f0c88f5f9911297ce456cbe757c76ad4b51a01ac8197b339e1e

SHA512
e45867801d6fcf927a847aac4fc9ccddaf570651790be7bd68b432522b4e92b486b14337b130615b810c0ecbc552907b99051f75b1b2a59f1e72c416552249e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\bb7dd31ab165d1e3d427bc0e9b9d33bbd23a286d8b6d4360cbbe3f4a22fe23a2.exe.exe

Filesize
59KB

MD5
dfc18f7068913dde25742b856788d7ca

SHA1
cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

SHA256
ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

SHA512
d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
87e1376a8f4d0187c9cd966e5387fba6

SHA1
58bdbcb537922706c165607eaf003f2189bc99d3

SHA256
f232f879c9a948f3a8697062e75ed55b0e34c10b4c9aa164f90a8a12e0816895

SHA512
33219331ace9c8f8ab0a670c9a1f264dfe5e6b50443922d8dac485cd7dc4fd8b63321433c555d6484e038e04985656ce417b4b7a8ffbd8c43b2ad8a7c45dbff4

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini

Filesize
9B

MD5
917c6bf65db2dfa12e70e5aa6a061a01

SHA1
bd0d9f217fd74efd784ad4a1b41f330b36e64edf

SHA256
8ad43ce062fe590809844ebdf64f2eb0f7d32357c89baac5640ff132dfcfdd19

SHA512
21a71205a9abfafcf7fef2a1697ae78a6fe14591bef85f86137d5355b5d40e1b8ca810e351256e0dc2973677e9b4452014126d3e5e81b0c3f1fcbd1a087481cb

Download Submit
memory/4228-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4228-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4248-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4248-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4248-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4248-1232-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4248-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4248-4798-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4248-13-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4248-5237-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download