db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
27/08/2023, 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe
Size

444KB
MD5

3e898d5151282eaced2e7fda0f066f71
SHA1

561d532b7d6fd4e9d1b4dcc7e3bf82eeb2710ff1
SHA256

db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154
SHA512

53797b6bf3d6d6edaf5e0f797e09e9b5e0f1c5addffd7546e0c65f9228613d9b5542b81555e470b4bfcb28ac06c4fb6d4ce7a3c376d401c3395e4e994250aac6
SSDEEP

6144:DVfjmNdx7kd41jEat/zDo2IuEeVXWTgj3rw:Z7+Ptb02IuEeVO

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2816	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2896	Logo1_.exe
2700	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe

Loads dropped DLL 1 IoCs

pid	Process
2816	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SUMIPNTG\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Mail\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Mail\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sq\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\Chess.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ka\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightOrange\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\Presentation Designs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2896	Logo1_.exe
2896	Logo1_.exe
2896	Logo1_.exe
2896	Logo1_.exe
2896	Logo1_.exe
2896	Logo1_.exe
2896	Logo1_.exe
2896	Logo1_.exe
2896	Logo1_.exe
2896	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 292 wrote to memory of 2816	292	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe	28
PID 292 wrote to memory of 2816	292	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe	28
PID 292 wrote to memory of 2816	292	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe	28
PID 292 wrote to memory of 2816	292	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe	28
PID 292 wrote to memory of 2896	292	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe	30
PID 292 wrote to memory of 2896	292	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe	30
PID 292 wrote to memory of 2896	292	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe	30
PID 292 wrote to memory of 2896	292	db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe	30
PID 2896 wrote to memory of 2800	2896	Logo1_.exe	31
PID 2896 wrote to memory of 2800	2896	Logo1_.exe	31
PID 2896 wrote to memory of 2800	2896	Logo1_.exe	31
PID 2896 wrote to memory of 2800	2896	Logo1_.exe	31
PID 2816 wrote to memory of 2700	2816	cmd.exe	33
PID 2816 wrote to memory of 2700	2816	cmd.exe	33
PID 2816 wrote to memory of 2700	2816	cmd.exe	33
PID 2816 wrote to memory of 2700	2816	cmd.exe	33
PID 2800 wrote to memory of 2692	2800	net.exe	34
PID 2800 wrote to memory of 2692	2800	net.exe	34
PID 2800 wrote to memory of 2692	2800	net.exe	34
PID 2800 wrote to memory of 2692	2800	net.exe	34
PID 2896 wrote to memory of 1372	2896	Logo1_.exe	21
PID 2896 wrote to memory of 1372	2896	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1372
- C:\Users\Admin\AppData\Local\Temp\db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe
  "C:\Users\Admin\AppData\Local\Temp\db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:292
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a72C0.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe
      "C:\Users\Admin\AppData\Local\Temp\db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe"
      4⤵
      Executes dropped EXE
      PID:2700
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
4910f2af9e31acb33adb3603cf5d5b80

SHA1
c599807043e6ad30d6475118ace4f5c4c026ae45

SHA256
5109a07d8f7d1e2d0f4f97025e72ed5dd253a2f6ec99a8702618da23d826f25a

SHA512
115f14f27d721024b3a082bf7f246481dacbb0c2aca237b2cfaa66a38f00f76183292f8be385136ce4cea211e177f4745dbce48faf3ffa7ba69dfbacc9bed781

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a72C0.bat

Filesize
722B

MD5
d34da70da8d5e8f22b7217c22bbb4f15

SHA1
d410e1fffa4ba1b2f6a5b0ae97ff4e0e78fd99c8

SHA256
7aff44ecb948d0ddbeaffcea039dbd61b317856db7734fbeeabf82f0918829a2

SHA512
69c79de701f21d67df16b641c890673362bde9a5a3c0680984efb401e47bf0681e45a8064de98978419c87b19791e14934e407355122aebd42e1b4a9b4999c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a72C0.bat

Filesize
722B

MD5
d34da70da8d5e8f22b7217c22bbb4f15

SHA1
d410e1fffa4ba1b2f6a5b0ae97ff4e0e78fd99c8

SHA256
7aff44ecb948d0ddbeaffcea039dbd61b317856db7734fbeeabf82f0918829a2

SHA512
69c79de701f21d67df16b641c890673362bde9a5a3c0680984efb401e47bf0681e45a8064de98978419c87b19791e14934e407355122aebd42e1b4a9b4999c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe

Filesize
418KB

MD5
e2b045baaf77e71b36ccec164d4658f9

SHA1
736c51e30f3897fe98dac82a63f231b798982f8d

SHA256
c23a7d9b9252bb826ac84f1e748f2e929c0ba5e5d3817541c835ff1e7e5371be

SHA512
dff95f1e1bde852254e0c2673a4362d6d130c5bba9fbeefdd90e43827630aebf93667d826d2b36445e07fcbc622e3ba0ad3b8d7e05dae462783383e7fb203979

Download Submit
C:\Users\Admin\AppData\Local\Temp\db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe.exe

Filesize
418KB

MD5
e2b045baaf77e71b36ccec164d4658f9

SHA1
736c51e30f3897fe98dac82a63f231b798982f8d

SHA256
c23a7d9b9252bb826ac84f1e748f2e929c0ba5e5d3817541c835ff1e7e5371be

SHA512
dff95f1e1bde852254e0c2673a4362d6d130c5bba9fbeefdd90e43827630aebf93667d826d2b36445e07fcbc622e3ba0ad3b8d7e05dae462783383e7fb203979

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
bb94a71482debfe3253e756925c8b8fc

SHA1
65b9a032fe9003371c338b2eb756746883376677

SHA256
5d856c6f6f8f1a9fabbe803b143941c880fc4fbc3d4c1868f093c4c030c532e0

SHA512
f35c8378eeffd59af463712006d456ed03654c1d6e4fb2be4df0f47e036ab5940ef4e13a09ef18ec7143c4741423a9be896a0f0465a1956cbab1d2cd79c34e3e

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
bb94a71482debfe3253e756925c8b8fc

SHA1
65b9a032fe9003371c338b2eb756746883376677

SHA256
5d856c6f6f8f1a9fabbe803b143941c880fc4fbc3d4c1868f093c4c030c532e0

SHA512
f35c8378eeffd59af463712006d456ed03654c1d6e4fb2be4df0f47e036ab5940ef4e13a09ef18ec7143c4741423a9be896a0f0465a1956cbab1d2cd79c34e3e

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
bb94a71482debfe3253e756925c8b8fc

SHA1
65b9a032fe9003371c338b2eb756746883376677

SHA256
5d856c6f6f8f1a9fabbe803b143941c880fc4fbc3d4c1868f093c4c030c532e0

SHA512
f35c8378eeffd59af463712006d456ed03654c1d6e4fb2be4df0f47e036ab5940ef4e13a09ef18ec7143c4741423a9be896a0f0465a1956cbab1d2cd79c34e3e

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
bb94a71482debfe3253e756925c8b8fc

SHA1
65b9a032fe9003371c338b2eb756746883376677

SHA256
5d856c6f6f8f1a9fabbe803b143941c880fc4fbc3d4c1868f093c4c030c532e0

SHA512
f35c8378eeffd59af463712006d456ed03654c1d6e4fb2be4df0f47e036ab5940ef4e13a09ef18ec7143c4741423a9be896a0f0465a1956cbab1d2cd79c34e3e

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1024678951-1535676557-2778719785-1000\_desktop.ini

Filesize
9B

MD5
c0232c2f01c543d260713210da47a57b

SHA1
63f2c13c2c5c83091133c2802e69993d52e3ec65

SHA256
278e1b8fd3f40d95faaecf548098b8d9ee4b32e98a8878559c8c8dfcd5cd1197

SHA512
2ccfd67393a63f03f588296bb798d7a7d4ec2ea5d6ac486cb7bdf8a5a66b1df944d8b548f317e58bfe17dea2ae54e536ffe77bc11a43c931f3d10e299ab3fca0

Download Submit
\Users\Admin\AppData\Local\Temp\db4a45169e7f24de15ff04a0536690078e63ca523e5af271638c80a787319154.exe

Filesize
418KB

MD5
e2b045baaf77e71b36ccec164d4658f9

SHA1
736c51e30f3897fe98dac82a63f231b798982f8d

SHA256
c23a7d9b9252bb826ac84f1e748f2e929c0ba5e5d3817541c835ff1e7e5371be

SHA512
dff95f1e1bde852254e0c2673a4362d6d130c5bba9fbeefdd90e43827630aebf93667d826d2b36445e07fcbc622e3ba0ad3b8d7e05dae462783383e7fb203979

Download Submit
memory/292-18-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/292-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/292-17-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/292-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1372-33-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/2700-39-0x0000000000A20000-0x0000000000A60000-memory.dmp

Filesize
256KB

Download
memory/2700-35-0x0000000000A20000-0x0000000000A60000-memory.dmp

Filesize
256KB

Download
memory/2700-29-0x00000000744C0000-0x0000000074A6B000-memory.dmp

Filesize
5.7MB

Download
memory/2700-37-0x00000000744C0000-0x0000000074A6B000-memory.dmp

Filesize
5.7MB

Download
memory/2700-31-0x0000000000A20000-0x0000000000A60000-memory.dmp

Filesize
256KB

Download
memory/2700-30-0x00000000744C0000-0x0000000074A6B000-memory.dmp

Filesize
5.7MB

Download
memory/2896-52-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2896-47-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2896-98-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2896-105-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2896-1857-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2896-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2896-3317-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2896-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download