775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a

Analysis

max time kernel
149s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe
Size

70KB
MD5

e2942eefba935dca0e9a040cef205f1b
SHA1

15bb8b1e40e8f176bb6520d219a0b39892ab30d5
SHA256

775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a
SHA512

8c1aae6d67d47dfb0e2b1f0136fe0ce8b54ed21b9bdf18d968a5f5bfc82627ae658b851854c014f347df687ff07a46bf156b3ff4596c70d499589b92eb23f4f9
SSDEEP

1536:p1uu6h3SHuJV9NdEToa9D4ZQKbgZi1dst7x9PxQ:p1tQkuJVLtlZQKbgZi1St7xQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4840	Logo1_.exe
2060	775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Sounds\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\HelpCfg\en_US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ks_IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\applet\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Images\Ratings\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe
File created	C:\Windows\Logo1_.exe	775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe
4840	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 4436	1200	775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe	84
PID 1200 wrote to memory of 4436	1200	775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe	84
PID 1200 wrote to memory of 4436	1200	775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe	84
PID 1200 wrote to memory of 4840	1200	775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe	85
PID 1200 wrote to memory of 4840	1200	775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe	85
PID 1200 wrote to memory of 4840	1200	775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe	85
PID 4840 wrote to memory of 1284	4840	Logo1_.exe	86
PID 4840 wrote to memory of 1284	4840	Logo1_.exe	86
PID 4840 wrote to memory of 1284	4840	Logo1_.exe	86
PID 1284 wrote to memory of 4496	1284	net.exe	90
PID 1284 wrote to memory of 4496	1284	net.exe	90
PID 1284 wrote to memory of 4496	1284	net.exe	90
PID 4436 wrote to memory of 2060	4436	cmd.exe	92
PID 4436 wrote to memory of 2060	4436	cmd.exe	92
PID 4840 wrote to memory of 3456	4840	Logo1_.exe	56
PID 4840 wrote to memory of 3456	4840	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3456
- C:\Users\Admin\AppData\Local\Temp\775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe
  "C:\Users\Admin\AppData\Local\Temp\775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1200
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3C0F.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe
      "C:\Users\Admin\AppData\Local\Temp\775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe"
      4⤵
      Executes dropped EXE
      PID:2060
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4840
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1284
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
64b7a498ca89b776d45ec09d763d04b6

SHA1
5ebd2388f8ac29c201b2bfad06f6fee29716c7b5

SHA256
e3332364253c392c3e72a3b8adef2d82014651656eea38e186936c9d638c0197

SHA512
049b2a3836575250f285d9bba5c1cefecbb9fcf2eed9baf1e7e553625f705ce2dac61355bcd4b5f619c40f44a45f7aa74802e42e436e3211a0e26035d2644453

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
0554673eb23f4c8db9861fed586bc406

SHA1
44aa310aeafc3b756cfdbf7d241eb56b96620440

SHA256
b44000b73a67f62fd1481cab7f1ef143d7184071d66db9ba2906d5847ac27d16

SHA512
0a05a6ec96f3f708e87908bfb789c007fb4154a192b4b9885bece01d4bdf67a3432518ca0eb547916c95dec4bc570fbba95663960a6a512f97303325c0e25254

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
a2a5a93e217bb462f2bd0d423de3a864

SHA1
2109bfcc6d5376585b2e250bb7c562015f30988b

SHA256
1fd18659738ee1ea3a387d548ffd74b3923f328676446e9da7ad5814161d646c

SHA512
9a1c737e7ecc40257c4c5d184fd43db2439c1fe76c4407f3936189f18ca267bbe099d968c646bc3f12f60b311205822e842c5dc715d9192be88cfa1196337ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3C0F.bat

Filesize
722B

MD5
bbdff07d92c447462acf4921b3bd80cc

SHA1
448fac397cf5dbf41484820b229cff6559fab498

SHA256
669ab7802ee9d5cbfbe9ff5df386b7575a27fc7b1409c8363d28bbc138bcb138

SHA512
1debba848b78788ea38d3c9a8f179ac1d3de3f64e4204d11bf0c4e87e6f1f89857ebff88464182ce8ebf9148ac083f3ba1367fcc05608f068edd3bc9a53b59a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\775afdc737b42a46435956b6529c3dd91671b3290f61a0fa52235ed2d0d4cf2a.exe.exe

Filesize
41KB

MD5
977e405c109268909fd24a94cc23d4f0

SHA1
af5d032c2b6caa2164cf298e95b09060665c4188

SHA256
cd24c61fe7dc3896c6c928c92a2adc58fab0a3ff61ef7ddcac1ba794182ab12f

SHA512
12b4b59c1a8e65e72aa07ee4b6b6cd9fdedead01d5ce8e30f16ca26b5d733655e23a71c1d273a950a5b1a6cce810b696612de4a1148ac5f468ddf05d4549eed5

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
df2c093eb893bac680bb0fdf75ef20a2

SHA1
896bb694b57022440cb713947facaaa6b227a92e

SHA256
faba7487ab383c4855ba29a1bd408c6a3947af3a3189f41ba7648c5289b89983

SHA512
ed7a8c0d189321a807ac92ed2ab4056b26df2b9fba51a57065f55a190e1bdd2b3a7cd274e9b3437577abc4af96746a6cf2f4374290c49ec113ce8527733862d6

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3906287020-2915474608-1755617787-1000\_desktop.ini

Filesize
9B

MD5
31874817e0fb055be8d2c971c0e3bbde

SHA1
ee8a35d6a86cb6d13f354d67d912e194bb09c74b

SHA256
94de8b492bc2db9a9592f7c9433547eb7f80826ed67f48d2bb7e22db9d49f544

SHA512
55747c69ae50fa212576d095f60cf33b42e26789cf8c34fc5120a45b1988aae95f91d9e37cb17298c5ac5243b2e4c40e1d0e084ce7fe14bceb4ebb318c65c944

Download Submit
memory/1200-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1200-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4840-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4840-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4840-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4840-1231-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4840-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4840-4797-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4840-13-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4840-5236-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download