50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe
Size

64KB
MD5

49a25636f673c1adb16d8a73f2fe7a27
SHA1

0df6ddb611d825ffa2d65589ddeb632ac74ff5ad
SHA256

50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503
SHA512

1c03a8ac7cac88c6e9e0877ec9370746b9faf8dce302856c7d2a09859570688a3a8a8570932e387e8a4f4a2a6228bf7dc813598eaebcc71df3feab336c4071af
SSDEEP

1536:u3SHmLKarIpYCriw+d9bHrkT5gUHz7FxtJ:ukF3pxrBkfkT5xHzD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3952	Logo1_.exe
3736	50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateSetup.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\el-GR\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\SoundRec.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\host\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\SIGNUP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Configuration\Schema\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe
File created	C:\Windows\Logo1_.exe	50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe
3952	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 228	3328	50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe	81
PID 3328 wrote to memory of 228	3328	50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe	81
PID 3328 wrote to memory of 228	3328	50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe	81
PID 3328 wrote to memory of 3952	3328	50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe	82
PID 3328 wrote to memory of 3952	3328	50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe	82
PID 3328 wrote to memory of 3952	3328	50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe	82
PID 3952 wrote to memory of 2260	3952	Logo1_.exe	84
PID 3952 wrote to memory of 2260	3952	Logo1_.exe	84
PID 3952 wrote to memory of 2260	3952	Logo1_.exe	84
PID 2260 wrote to memory of 4476	2260	net.exe	86
PID 2260 wrote to memory of 4476	2260	net.exe	86
PID 2260 wrote to memory of 4476	2260	net.exe	86
PID 228 wrote to memory of 3736	228	cmd.exe	87
PID 228 wrote to memory of 3736	228	cmd.exe	87
PID 3952 wrote to memory of 3432	3952	Logo1_.exe	56
PID 3952 wrote to memory of 3432	3952	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3432
- C:\Users\Admin\AppData\Local\Temp\50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe
  "C:\Users\Admin\AppData\Local\Temp\50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3328
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a52B4.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:228
  - - C:\Users\Admin\AppData\Local\Temp\50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe
      "C:\Users\Admin\AppData\Local\Temp\50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe"
      4⤵
      Executes dropped EXE
      PID:3736
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3952
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2260
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
252KB

MD5
cf7ad075af6662955c6fc8ec1f6db232

SHA1
0a59ac0f2c12305f206995fd1418600cd32bf431

SHA256
e2ba1777c9a6b8eb2a78a16d3d048cfab1bfb5c0d01389a58eaab4de1a8b133e

SHA512
24c678bfb9601658d6c2838017e387a9cc215b08fc0bf70812d87f05a75919b16d6ca0fb6e36d6a6e5937cf0fb923946ce2a4f63ba02f847d6f71ebb8312e64b

Download Submit
C:\Program Files\WatchRegister.exe

Filesize
237KB

MD5
f5610d0cea8bd0395eb6e4d057a66701

SHA1
49f5a14430a76c8fac9d5fbea3b60a123680cc7b

SHA256
32522424a02fe558c243cf42574d637eeb951d8fe0f1083aa2d34e55255fd103

SHA512
307d24f57bc2efa1cf3349e4fa0dfdfe0010499fdccbf797544b19d78be52b294612cfd48fd8197d400348b56d3a6dddaf664f58ad74cabb0b200b3abb4f3799

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
637KB

MD5
9cba1e86016b20490fff38fb45ff4963

SHA1
378720d36869d50d06e9ffeef87488fbc2a8c8f7

SHA256
a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

SHA512
2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a52B4.bat

Filesize
722B

MD5
2f6899c1a283a0d55416908e9f4b2434

SHA1
5e290ecd4ed2559a4b5fe0a94f255d015f608baf

SHA256
739e2a91645e4ecf8a5650283797c601fc44b800c3c2a227d3a695091448b5e4

SHA512
f57b944f8dd8397820f730cdb51e3c1f5506c3aaa8c08779047bdd3413a49d59ec9805464b73ca513396378c835fac039b629743e4781c9315ab0fa9eb6c8ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\50bbf35349da1a736b344eee8e8a8ac9dd3746ab836be7363a1cc4a18327f503.exe.exe

Filesize
36KB

MD5
9f498971cbe636662f3d210747d619e1

SHA1
44b8e2732fa1e2f204fc70eaa1cb406616250085

SHA256
8adf6748981c3e7b62f5dbca992be6675574fffbce7673743f2d7fe787d56a41

SHA512
b73083c2f7b028d2946cb8f7b4fe2289fedaa4175364a2aac37db0aeff4602aede772ccc9eba7e6dcfcb7276e52604ca45d8021952201b5834485b48bca3dc93

Download Submit
C:\Windows\Logo1_.exe

Filesize
27KB

MD5
df9b23c4e6e77120aca615976e4dd91b

SHA1
76c44eb0bc12a524faba18b297009b98e494cc7b

SHA256
25ae5f7f2dd9c451dc2f12a5ab2edf4b7e22e50802c45b638ce03573d5372948

SHA512
7d0d0ff426cd261022b9506c7cc0ef8219937c890a52b0674010122c45c5740bd06627e3b27fb9e80202dd562120bcc7d57273569ceea7e3d49a947743dc06d3

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2804150937-2146708401-419095071-1000\_desktop.ini

Filesize
8B

MD5
9bf5ad0e8bbf0ba1630c244358e5c6dd

SHA1
25918532222a7063195beeb76980b6ec9e59e19a

SHA256
551cc5b618f0fa78108dd2388d9136893adb10499e4836e9728f4e96530bf02f

SHA512
7fdce76bb191d4988d92e3d97ce8db4cae1b5c1f93198bffc4e863d324d814246353200d32ea730f83345fcb7ad82213c2bcd31351e905e473d9596bc7b43ad3

Download Submit
memory/3328-9-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3328-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3952-27-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3952-37-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3952-33-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3952-1232-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3952-20-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3952-4798-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3952-11-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3952-5237-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download