c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 07:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe
Size

3.2MB
MD5

6eb9714eeab6ff694206677f5a3a69be
SHA1

415519d6501fc71d151d49f70e9f63ca0e1f5112
SHA256

c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9
SHA512

280fd0eaf96de96df14dc08f3c36432220a9b50e984bdfa9a079bc4bc67d2c9bfee6075f51f1c3722e05aa73415ba442680cf28392d575b0d428658f1f7bcbdc
SSDEEP

49152:bb2VhvdGARh7ff2ABgJM4HFIbcSjH3CC12PqBt/1rtB7Y4mVZr:PaUABizC129Zr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4032	Logo1_.exe
4376	c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CoreEngine\Data\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pt_BR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdateOnDemand.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\gl-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\swiftshader\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe
File created	C:\Windows\Logo1_.exe	c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe
4032	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 3692	5004	c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe	83
PID 5004 wrote to memory of 3692	5004	c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe	83
PID 5004 wrote to memory of 3692	5004	c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe	83
PID 5004 wrote to memory of 4032	5004	c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe	84
PID 5004 wrote to memory of 4032	5004	c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe	84
PID 5004 wrote to memory of 4032	5004	c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe	84
PID 4032 wrote to memory of 3520	4032	Logo1_.exe	86
PID 4032 wrote to memory of 3520	4032	Logo1_.exe	86
PID 4032 wrote to memory of 3520	4032	Logo1_.exe	86
PID 3520 wrote to memory of 2628	3520	net.exe	88
PID 3520 wrote to memory of 2628	3520	net.exe	88
PID 3520 wrote to memory of 2628	3520	net.exe	88
PID 3692 wrote to memory of 4376	3692	cmd.exe	89
PID 3692 wrote to memory of 4376	3692	cmd.exe	89
PID 4032 wrote to memory of 3528	4032	Logo1_.exe	56
PID 4032 wrote to memory of 3528	4032	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3528
- C:\Users\Admin\AppData\Local\Temp\c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe
  "C:\Users\Admin\AppData\Local\Temp\c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:5004
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a48B1.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe
      "C:\Users\Admin\AppData\Local\Temp\c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe"
      4⤵
      Executes dropped EXE
      PID:4376
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4032
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3520
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
3afb0a99a585090f3ea9e1b0ed7e7f0e

SHA1
224457aa6704589cd6868be365ee643f27f5a3d9

SHA256
4cc2c1deda69affa709fe6f719529af9702221e31b5a429b3beaea6d3fb56b48

SHA512
772c57756de3a01373d24b97bc93e206980d29f15400be2a10acb749cd973533cb794d8baf1b62c2612f22e35a6c76770a9ece57b1a9bc3360f20e76e0e6dd95

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
b88e4ddec0fc52601327fbd5e0943f69

SHA1
10b5ccddc611de7463cc53134a36d4b2ef8abfd7

SHA256
0735c1013c26b7f927fc679e7d5208447b57b1b088b64de06456621aab7fda5f

SHA512
ba4f1e5a33408edfe77f3c67685a12cccb31c698e283df149cd83da2560c2ead249b688906427ad1774b1252fa1de70eaf0c2f00ca0b2c14d2e2bdbf0becefaf

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
26f10ae795ba6df10c2779f4a535b449

SHA1
f00986886ad07550c909b9f02b7b3a9c310e8b0f

SHA256
996761040fa3726dbdda9dd94f543e7d0f26f58b5c7a122e900e56b2dacdc7b8

SHA512
5f5ea3a050876256571610eec85456ac6b3469ddaa10a6c62d621081718cf8eeedc21cf6381c49c835c6b61690b7c41107b357bb14c044ace1dfe7f827baa93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a48B1.bat

Filesize
722B

MD5
44fd5dd8e0db2650329623a95051d600

SHA1
0e6a7cdccaaa7420087b6432edbfa5320042f002

SHA256
f75a9c94aa7fb081aa4a501379cd07f7e92d28fe9398d7b45d84200277e655c9

SHA512
484597f7dd0ed52351f5937b8d23eb7f5a2e7603ef06cc33c930dee0cf84d7eae3fff65a353a869bffa42e993d39d83e02c8c94ba8a879d6546cfb606a35babe

Download Submit
C:\Users\Admin\AppData\Local\Temp\c13b4067036413378d6e9160da1334e07b6764eeedeaa493dd0752f411fa68d9.exe.exe

Filesize
3.2MB

MD5
3aabfd85c241630d864ed82613be79f5

SHA1
e877b134abff2d012a25d260cbc235ee84fec481

SHA256
c73562f2e2ab7324b17ce8768a8719bbc1b95712b2302a38130789ff1b691707

SHA512
9a16d61f57f8e9d5c1640ebf5a20ae0665f168efa603bd58b6260d70b5a7c6e7349c3d3b92e24b7a6d6304c00d89ce51cb97c4e45dedd8c14f87b9eff9110c2d

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
bd55572fd78af91db4f5c93bc55b1b99

SHA1
f02698dcc1f4f824db7166bdc4aaa176dbe58192

SHA256
c7be6682c3aaaa2e5aa4c03974b015a46b23af820e24bbdb860647974abb6387

SHA512
14998a98a48077f4e7b039367a9caa674531fdcbfd1b564cc17aa41961d7651f55b59511ad75a9152408d53a11f6126fe2db8ede1eea2fc0477ece4c7a019842

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3571316656-3665257725-2415531812-1000\_desktop.ini

Filesize
9B

MD5
304501c003da3bc5756aa53a757c30cc

SHA1
94dfcea0ef17f89b3a60a85a07edb4c00170cc1c

SHA256
9f4b03cbd52378f329bfc7088f8242bbc1a0a2754bc2f8a40e3b74e0dedecd6e

SHA512
78cd3c2cb4cb66e41d8947e1231256c2043d71c77f97e92915e938a6c1d9a8c003512027d98bc71bf582875d269e5fbe6e134f57b25f5f79fe16f9a412387dc8

Download Submit
memory/4032-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4032-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4032-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4032-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4032-1232-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4032-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4032-4810-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4032-5249-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5004-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/5004-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download