16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f

Analysis

max time kernel
151s
max time network
128s
platform
windows7_x64
resource
win7-20230824-en
resource tags

arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system
submitted
28-08-2023 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe
Size

41KB
MD5

4626379585dea573d8474c80c39d824b
SHA1

6d35c00056b582d724da219e13f43757f4b6e899
SHA256

16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f
SHA512

3ed9f01a2558ecdb47cf1b38b9ca3693e6e14c0b78f21b848b98e05b71ad3f25f64255acb8c3c6476edf7c7e1f00add0c0c6d295cf72c11ea63efcef7850cbb6
SSDEEP

768:pJq16GVRu1yK9fMnJG2V9dHS8HI64LMP1wy:pJM3SHuJV9NUtLMP1wy

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2844	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
920	Logo1_.exe
2216	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe

Loads dropped DLL 1 IoCs

pid	Process
2844	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Games\More Games\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ARFR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Mail\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\skins\fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\jfr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe
File created	C:\Windows\Logo1_.exe	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
920	Logo1_.exe
920	Logo1_.exe
920	Logo1_.exe
920	Logo1_.exe
920	Logo1_.exe
920	Logo1_.exe
920	Logo1_.exe
920	Logo1_.exe
920	Logo1_.exe
920	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 2844	780	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	30
PID 780 wrote to memory of 2844	780	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	30
PID 780 wrote to memory of 2844	780	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	30
PID 780 wrote to memory of 2844	780	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	30
PID 780 wrote to memory of 920	780	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	32
PID 780 wrote to memory of 920	780	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	32
PID 780 wrote to memory of 920	780	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	32
PID 780 wrote to memory of 920	780	16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe	32
PID 2844 wrote to memory of 2216	2844	cmd.exe	34
PID 2844 wrote to memory of 2216	2844	cmd.exe	34
PID 2844 wrote to memory of 2216	2844	cmd.exe	34
PID 2844 wrote to memory of 2216	2844	cmd.exe	34
PID 920 wrote to memory of 2188	920	Logo1_.exe	33
PID 920 wrote to memory of 2188	920	Logo1_.exe	33
PID 920 wrote to memory of 2188	920	Logo1_.exe	33
PID 920 wrote to memory of 2188	920	Logo1_.exe	33
PID 2188 wrote to memory of 2724	2188	net.exe	36
PID 2188 wrote to memory of 2724	2188	net.exe	36
PID 2188 wrote to memory of 2724	2188	net.exe	36
PID 2188 wrote to memory of 2724	2188	net.exe	36
PID 920 wrote to memory of 1360	920	Logo1_.exe	10
PID 920 wrote to memory of 1360	920	Logo1_.exe	10

C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe
"C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:780
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\$$aEE55.bat
  2⤵
  - Deletes itself
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe
    "C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe"
    3⤵
    - Executes dropped EXE
    PID:2216
- C:\Windows\Logo1_.exe
  C:\Windows\Logo1_.exe
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:920
- - C:\Windows\SysWOW64\net.exe
    net stop "Kingsoft AntiVirus Service"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2188
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      4⤵
      PID:2724

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
fc5abdf84041898d0611e82ddfaa681b

SHA1
67b2b2a3c516aa82e687958db8799fce47b4aea2

SHA256
69d8a39499c612c4083459232412b68bb4c0edd4382c85ec2568318acf16db1e

SHA512
5bae9da9c8096b81b4c3049cd87b0ed0dee318a4b1ef81f60b081e898b6e38b1f74e61533d54c01de17974888583a7105ebeff6bb1cb54b8db89dacf45e78059

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aEE55.bat

Filesize
722B

MD5
b06078dca90f0a644bd82ba9711a5f4c

SHA1
56c61b6c88e685c946c7a4b4045501159a527c49

SHA256
157d7a82ff8057154f45f6d04688fe8c543bf7c29ed125a3f2c713c5c4a8dc3d

SHA512
27ceab91e4f149b810e91521694d51c610de5e5aa21328f36a41798a830389ed0b6ae5cabed2f061c810fd1e1f962e1ae13f0e0a6f25c714e40c82916703dfcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aEE55.bat

Filesize
722B

MD5
b06078dca90f0a644bd82ba9711a5f4c

SHA1
56c61b6c88e685c946c7a4b4045501159a527c49

SHA256
157d7a82ff8057154f45f6d04688fe8c543bf7c29ed125a3f2c713c5c4a8dc3d

SHA512
27ceab91e4f149b810e91521694d51c610de5e5aa21328f36a41798a830389ed0b6ae5cabed2f061c810fd1e1f962e1ae13f0e0a6f25c714e40c82916703dfcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe

Filesize
12KB

MD5
e3484945f925f2100f56440166ace7ff

SHA1
0fd86b8f1e0f1e70ad1cda6ad16b4f7e8448e390

SHA256
9f53f8fc797015e9b5ae35c802c879ce7d45ca78c364d12a99b8d9167056dee9

SHA512
99bbe843ab970f2fc9b210c207d0e83711033c200f369be7f5fb20c97003710baa56daf206e2e4356d820ad8a49d58b97d8c1c2882ac34a399376d2cdb4c63a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe.exe

Filesize
12KB

MD5
e3484945f925f2100f56440166ace7ff

SHA1
0fd86b8f1e0f1e70ad1cda6ad16b4f7e8448e390

SHA256
9f53f8fc797015e9b5ae35c802c879ce7d45ca78c364d12a99b8d9167056dee9

SHA512
99bbe843ab970f2fc9b210c207d0e83711033c200f369be7f5fb20c97003710baa56daf206e2e4356d820ad8a49d58b97d8c1c2882ac34a399376d2cdb4c63a5

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
780759899c3b5324b5ee62b0d656f11a

SHA1
6e46823a92632b76dbe47f14553f631c391d00b9

SHA256
5c9a1e2526783e8a167c7bbcb2c57d459ca3640de6598dc7ad92934e1bfb1084

SHA512
041828e5fa86c07058869726160e95f8c630599fd3ebb3754a02e423d225339e2b533c3c10e00e1382503190a53aa127168314c1a4fe50736e7071437e7cc636

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
780759899c3b5324b5ee62b0d656f11a

SHA1
6e46823a92632b76dbe47f14553f631c391d00b9

SHA256
5c9a1e2526783e8a167c7bbcb2c57d459ca3640de6598dc7ad92934e1bfb1084

SHA512
041828e5fa86c07058869726160e95f8c630599fd3ebb3754a02e423d225339e2b533c3c10e00e1382503190a53aa127168314c1a4fe50736e7071437e7cc636

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
780759899c3b5324b5ee62b0d656f11a

SHA1
6e46823a92632b76dbe47f14553f631c391d00b9

SHA256
5c9a1e2526783e8a167c7bbcb2c57d459ca3640de6598dc7ad92934e1bfb1084

SHA512
041828e5fa86c07058869726160e95f8c630599fd3ebb3754a02e423d225339e2b533c3c10e00e1382503190a53aa127168314c1a4fe50736e7071437e7cc636

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
780759899c3b5324b5ee62b0d656f11a

SHA1
6e46823a92632b76dbe47f14553f631c391d00b9

SHA256
5c9a1e2526783e8a167c7bbcb2c57d459ca3640de6598dc7ad92934e1bfb1084

SHA512
041828e5fa86c07058869726160e95f8c630599fd3ebb3754a02e423d225339e2b533c3c10e00e1382503190a53aa127168314c1a4fe50736e7071437e7cc636

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1528014236-771305907-3973026625-1000\_desktop.ini

Filesize
9B

MD5
ec7139d5bb99bcebaf0b91c58a9ec5aa

SHA1
70404362dd74e309722fd282c3492ec95674123c

SHA256
eb17ae1b1de9e95e0d159893048f2de5c1c158467e768cc0ddbaa517c45e0582

SHA512
b0114d8f74b17836819b750cff2b590b652e04bb2dc0e9dc8bffac7ed66bd9ded03cd35abc7fc0fcd0127a994c283dcd162e97e6dd76f5a903ff59e4951dfc48

Download Submit
\Users\Admin\AppData\Local\Temp\16197c782fd800bed43b302000fe3f8a9e4f500bcbe5ecc83d63c396261bcc8f.exe

Filesize
12KB

MD5
e3484945f925f2100f56440166ace7ff

SHA1
0fd86b8f1e0f1e70ad1cda6ad16b4f7e8448e390

SHA256
9f53f8fc797015e9b5ae35c802c879ce7d45ca78c364d12a99b8d9167056dee9

SHA512
99bbe843ab970f2fc9b210c207d0e83711033c200f369be7f5fb20c97003710baa56daf206e2e4356d820ad8a49d58b97d8c1c2882ac34a399376d2cdb4c63a5

Download Submit
memory/780-17-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/780-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/780-12-0x0000000000230000-0x0000000000266000-memory.dmp

Filesize
216KB

Download
memory/920-21-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/920-3318-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/920-53-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/920-34-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/920-2305-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/920-1857-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/920-105-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/920-99-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/920-47-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1360-32-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/2216-27-0x000007FEF6060000-0x000007FEF69FD000-memory.dmp

Filesize
9.6MB

Download
memory/2216-40-0x0000000001EA0000-0x0000000001F20000-memory.dmp

Filesize
512KB

Download
memory/2216-38-0x0000000001EA0000-0x0000000001F20000-memory.dmp

Filesize
512KB

Download
memory/2216-37-0x0000000001EA0000-0x0000000001F20000-memory.dmp

Filesize
512KB

Download
memory/2216-35-0x000007FEF6060000-0x000007FEF69FD000-memory.dmp

Filesize
9.6MB

Download
memory/2216-28-0x0000000001EA0000-0x0000000001F20000-memory.dmp

Filesize
512KB

Download
memory/2216-26-0x0000000000010000-0x000000000001A000-memory.dmp

Filesize
40KB

Download