b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 21:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe
Size

573KB
MD5

0554673eb23f4c8db9861fed586bc406
SHA1

44aa310aeafc3b756cfdbf7d241eb56b96620440
SHA256

b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16
SHA512

0a05a6ec96f3f708e87908bfb789c007fb4154a192b4b9885bece01d4bdf67a3432518ca0eb547916c95dec4bc570fbba95663960a6a512f97303325c0e25254
SSDEEP

6144:b3uJpE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BHQQG:N7a3iwbihym2g7XO3LWUQfh4Co

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2972	Logo1_.exe
4736	b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bg\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\is-IS\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\plugin2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sv-SE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\collect_feedback\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe
File created	C:\Windows\Logo1_.exe	b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe
2972	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 1104	2748	b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe	83
PID 2748 wrote to memory of 1104	2748	b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe	83
PID 2748 wrote to memory of 1104	2748	b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe	83
PID 2748 wrote to memory of 2972	2748	b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe	84
PID 2748 wrote to memory of 2972	2748	b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe	84
PID 2748 wrote to memory of 2972	2748	b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe	84
PID 2972 wrote to memory of 2924	2972	Logo1_.exe	86
PID 2972 wrote to memory of 2924	2972	Logo1_.exe	86
PID 2972 wrote to memory of 2924	2972	Logo1_.exe	86
PID 2924 wrote to memory of 3520	2924	net.exe	88
PID 2924 wrote to memory of 3520	2924	net.exe	88
PID 2924 wrote to memory of 3520	2924	net.exe	88
PID 1104 wrote to memory of 4736	1104	cmd.exe	89
PID 1104 wrote to memory of 4736	1104	cmd.exe	89
PID 2972 wrote to memory of 3464	2972	Logo1_.exe	56
PID 2972 wrote to memory of 3464	2972	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3464
- C:\Users\Admin\AppData\Local\Temp\b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe
  "C:\Users\Admin\AppData\Local\Temp\b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a46CD.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe
      "C:\Users\Admin\AppData\Local\Temp\b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe"
      4⤵
      Executes dropped EXE
      PID:4736
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2972
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2924
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
64b7a498ca89b776d45ec09d763d04b6

SHA1
5ebd2388f8ac29c201b2bfad06f6fee29716c7b5

SHA256
e3332364253c392c3e72a3b8adef2d82014651656eea38e186936c9d638c0197

SHA512
049b2a3836575250f285d9bba5c1cefecbb9fcf2eed9baf1e7e553625f705ce2dac61355bcd4b5f619c40f44a45f7aa74802e42e436e3211a0e26035d2644453

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
0554673eb23f4c8db9861fed586bc406

SHA1
44aa310aeafc3b756cfdbf7d241eb56b96620440

SHA256
b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16

SHA512
0a05a6ec96f3f708e87908bfb789c007fb4154a192b4b9885bece01d4bdf67a3432518ca0eb547916c95dec4bc570fbba95663960a6a512f97303325c0e25254

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
a2a5a93e217bb462f2bd0d423de3a864

SHA1
2109bfcc6d5376585b2e250bb7c562015f30988b

SHA256
1fd18659738ee1ea3a387d548ffd74b3923f328676446e9da7ad5814161d646c

SHA512
9a1c737e7ecc40257c4c5d184fd43db2439c1fe76c4407f3936189f18ca267bbe099d968c646bc3f12f60b311205822e842c5dc715d9192be88cfa1196337ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a46CD.bat

Filesize
722B

MD5
2a38ab28f09f7c4d1dce56d18530fb40

SHA1
ed78cead0d199cfc98880f97e9344b0336013583

SHA256
6d88df1d7650de370c8bf554d61fd4da7771b92bae8be16c7a9f09f9ba65cca8

SHA512
84d75a9055a5cc5cb028ba8e03f9cf7419168c293248ed6e5ec7f2dd7c05c235653936b7fd1c435dd31c067af2cac596982896e067ee2d2651bdfe400800fc93

Download Submit
C:\Users\Admin\AppData\Local\Temp\b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16.exe.exe

Filesize
544KB

MD5
9a1dd1d96481d61934dcc2d568971d06

SHA1
f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

SHA256
8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

SHA512
7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
df2c093eb893bac680bb0fdf75ef20a2

SHA1
896bb694b57022440cb713947facaaa6b227a92e

SHA256
faba7487ab383c4855ba29a1bd408c6a3947af3a3189f41ba7648c5289b89983

SHA512
ed7a8c0d189321a807ac92ed2ab4056b26df2b9fba51a57065f55a190e1bdd2b3a7cd274e9b3437577abc4af96746a6cf2f4374290c49ec113ce8527733862d6

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini

Filesize
9B

MD5
31874817e0fb055be8d2c971c0e3bbde

SHA1
ee8a35d6a86cb6d13f354d67d912e194bb09c74b

SHA256
94de8b492bc2db9a9592f7c9433547eb7f80826ed67f48d2bb7e22db9d49f544

SHA512
55747c69ae50fa212576d095f60cf33b42e26789cf8c34fc5120a45b1988aae95f91d9e37cb17298c5ac5243b2e4c40e1d0e084ce7fe14bceb4ebb318c65c944

Download Submit
memory/2748-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2748-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2972-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2972-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2972-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2972-1231-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2972-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2972-4797-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2972-13-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2972-5236-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download