1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/08/2023, 23:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe
Size

788KB
MD5

951b00769ffa0ef32c3dbf7cb7f3ce02
SHA1

a0d73c195d1df84cf04e0b5da8aac7d7b2e54680
SHA256

1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32
SHA512

2572a99548704267c2f5820067bfa557f7ca3f59960873b6b486a38155311fae931586c98c8618f82f570e8bf5c96c05c9897ab37e30cc909060e4649658033d
SSDEEP

12288:d7+XpvhDBVVaUH0ZfvRgFlGbQT+zUkJzNeQOgAdW:d7GLBVwUHYfpgCUkZMQidW

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2264	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
1344	Logo1_.exe
2780	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe

Loads dropped DLL 1 IoCs

pid	Process
2264	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Journal\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Visualizations\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Acrobat\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ks_IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Journal\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RICEPAPR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Portal\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1344	Logo1_.exe
1344	Logo1_.exe
1344	Logo1_.exe
1344	Logo1_.exe
1344	Logo1_.exe
1344	Logo1_.exe
1344	Logo1_.exe
1344	Logo1_.exe
1344	Logo1_.exe
1344	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2264	1540	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe	30
PID 1540 wrote to memory of 2264	1540	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe	30
PID 1540 wrote to memory of 2264	1540	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe	30
PID 1540 wrote to memory of 2264	1540	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe	30
PID 1540 wrote to memory of 1344	1540	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe	31
PID 1540 wrote to memory of 1344	1540	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe	31
PID 1540 wrote to memory of 1344	1540	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe	31
PID 1540 wrote to memory of 1344	1540	1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe	31
PID 1344 wrote to memory of 2624	1344	Logo1_.exe	33
PID 1344 wrote to memory of 2624	1344	Logo1_.exe	33
PID 1344 wrote to memory of 2624	1344	Logo1_.exe	33
PID 1344 wrote to memory of 2624	1344	Logo1_.exe	33
PID 2264 wrote to memory of 2780	2264	cmd.exe	35
PID 2264 wrote to memory of 2780	2264	cmd.exe	35
PID 2264 wrote to memory of 2780	2264	cmd.exe	35
PID 2264 wrote to memory of 2780	2264	cmd.exe	35
PID 2624 wrote to memory of 2908	2624	net.exe	36
PID 2624 wrote to memory of 2908	2624	net.exe	36
PID 2624 wrote to memory of 2908	2624	net.exe	36
PID 2624 wrote to memory of 2908	2624	net.exe	36
PID 1344 wrote to memory of 1348	1344	Logo1_.exe	8
PID 1344 wrote to memory of 1348	1344	Logo1_.exe	8

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1348
- C:\Users\Admin\AppData\Local\Temp\1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe
  "C:\Users\Admin\AppData\Local\Temp\1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1540
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$aDA7.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe
      "C:\Users\Admin\AppData\Local\Temp\1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe"
      4⤵
      Executes dropped EXE
      PID:2780
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1344
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2624
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
d86d3d6f8f7b3baa63edf8fb55621890

SHA1
17b531174f9b96633a4222e29a5809a97548e260

SHA256
54ee7fb573d2dc0d09ae28546d1ff8f4f57dbd0dd8833f2d69a62925335124fa

SHA512
5c7112a78743bc5a0792ed7a98f2adad78cec07a17dd3c2ac840cce298356e0e35031cda0c9315b7d22bf1ef528dddd99cb13237e28d362464589f2a2da2ca2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aDA7.bat

Filesize
721B

MD5
61a63036bc68798cd397052a3da121a5

SHA1
f6f9a2d8d1889d3d07cb6bd786769617dec47c4b

SHA256
254506c3058153390c02258a07667284f61a9310fb3d316fe7f5cc12ca332bb0

SHA512
4d60cebbd184f5defd2ce490e5e0d1bff1ef3277c9e4dfc2e2dbb46e83fae37352a7da39bc7b2d227f3136f3d539f241cb99b06a4420976e1cc8fa69e681048a

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aDA7.bat

Filesize
721B

MD5
61a63036bc68798cd397052a3da121a5

SHA1
f6f9a2d8d1889d3d07cb6bd786769617dec47c4b

SHA256
254506c3058153390c02258a07667284f61a9310fb3d316fe7f5cc12ca332bb0

SHA512
4d60cebbd184f5defd2ce490e5e0d1bff1ef3277c9e4dfc2e2dbb46e83fae37352a7da39bc7b2d227f3136f3d539f241cb99b06a4420976e1cc8fa69e681048a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe

Filesize
762KB

MD5
bc5ed783ad30c9346700663fd7e370ef

SHA1
7679b7692075bd671e127e9b51997530d065759a

SHA256
63f56a0ade3a2fb25992a1b09bb2b6c22694e92c9996fd6b389449440bf137c5

SHA512
ea999cc24142789a727841c9d42fc162efa57bc2a49cec15df6f72c6364e599d399da1431d87896f8f41fa2f2d791a1c8802da06d842830ad3c9cc4b155f9a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe.exe

Filesize
762KB

MD5
bc5ed783ad30c9346700663fd7e370ef

SHA1
7679b7692075bd671e127e9b51997530d065759a

SHA256
63f56a0ade3a2fb25992a1b09bb2b6c22694e92c9996fd6b389449440bf137c5

SHA512
ea999cc24142789a727841c9d42fc162efa57bc2a49cec15df6f72c6364e599d399da1431d87896f8f41fa2f2d791a1c8802da06d842830ad3c9cc4b155f9a21

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
7e4572dc8f3dff546723d1342e4a96fb

SHA1
9802b05a0e9ff6cea06d42bd27c6e49095a522c0

SHA256
c3763807e4dfdff3de55831bdbc5b43668e390afb1a5b24f456f3ad847f6b279

SHA512
f6befbd585660c290452305dbb440e7b6f5bbf20c8e0ef905141f878cdcce230b1a4228397aebf22363a4fd87b2d43bea64460d5d8afce1a1d8a1b7fe1c9d11a

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
7e4572dc8f3dff546723d1342e4a96fb

SHA1
9802b05a0e9ff6cea06d42bd27c6e49095a522c0

SHA256
c3763807e4dfdff3de55831bdbc5b43668e390afb1a5b24f456f3ad847f6b279

SHA512
f6befbd585660c290452305dbb440e7b6f5bbf20c8e0ef905141f878cdcce230b1a4228397aebf22363a4fd87b2d43bea64460d5d8afce1a1d8a1b7fe1c9d11a

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
7e4572dc8f3dff546723d1342e4a96fb

SHA1
9802b05a0e9ff6cea06d42bd27c6e49095a522c0

SHA256
c3763807e4dfdff3de55831bdbc5b43668e390afb1a5b24f456f3ad847f6b279

SHA512
f6befbd585660c290452305dbb440e7b6f5bbf20c8e0ef905141f878cdcce230b1a4228397aebf22363a4fd87b2d43bea64460d5d8afce1a1d8a1b7fe1c9d11a

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
7e4572dc8f3dff546723d1342e4a96fb

SHA1
9802b05a0e9ff6cea06d42bd27c6e49095a522c0

SHA256
c3763807e4dfdff3de55831bdbc5b43668e390afb1a5b24f456f3ad847f6b279

SHA512
f6befbd585660c290452305dbb440e7b6f5bbf20c8e0ef905141f878cdcce230b1a4228397aebf22363a4fd87b2d43bea64460d5d8afce1a1d8a1b7fe1c9d11a

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1014134971-2480516131-292343513-1000\_desktop.ini

Filesize
9B

MD5
4a4922bdf377baedb0460540a7e52405

SHA1
82789c7c3ee038da34ac62e38ddde0fe667d52ac

SHA256
589848447b17adf03dfa9db6e17b5ec00d1fabf203fa496bae29ed64764a052f

SHA512
fe635f97709f5f3df9290c6c53a374351481f13aa45105f48fe3709c15532313eb4d032eed20f2a278b9837c84bba9ba7a7fa2d83cd2a1e3adc0bc930d40c2a1

Download Submit
\Users\Admin\AppData\Local\Temp\1209603841a62e7d73e1a34eb51020f45eea34d1c4244f1f2cde78a221ac2f32.exe

Filesize
762KB

MD5
bc5ed783ad30c9346700663fd7e370ef

SHA1
7679b7692075bd671e127e9b51997530d065759a

SHA256
63f56a0ade3a2fb25992a1b09bb2b6c22694e92c9996fd6b389449440bf137c5

SHA512
ea999cc24142789a727841c9d42fc162efa57bc2a49cec15df6f72c6364e599d399da1431d87896f8f41fa2f2d791a1c8802da06d842830ad3c9cc4b155f9a21

Download Submit
memory/1344-92-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1344-98-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1344-3311-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1344-2516-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1344-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1344-1850-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1344-45-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1344-54-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1344-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1344-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1348-30-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/1540-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1540-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1540-12-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download
memory/1540-17-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download