fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28-08-2023 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe
Size

386KB
MD5

f3ab5a6e6110090d3390424eb4170e37
SHA1

7d6ae8d932971c16ee63037bc5ff18a521877694
SHA256

fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91
SHA512

38069cba860a9d42707232bcfba5505be929de72da3086c54ae58b8209be025447a862a798352dcfd022299c304f02bb38b329dd02e6e553d525b909db57a40c
SSDEEP

6144:LmVfjmNG4WATf7l+psskdSMLLSATCNxFx3TQqNLq3:LI7+GITfgps/dSsLTCNxgWLq3

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2812	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2808	Logo1_.exe
2740	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe

Loads dropped DLL 1 IoCs

pid	Process
2812	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Desert\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Slate\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe
File created	C:\Windows\Logo1_.exe	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2808	Logo1_.exe
2808	Logo1_.exe
2808	Logo1_.exe
2808	Logo1_.exe
2808	Logo1_.exe
2808	Logo1_.exe
2808	Logo1_.exe
2808	Logo1_.exe
2808	Logo1_.exe
2808	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2812	2216	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe	28
PID 2216 wrote to memory of 2812	2216	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe	28
PID 2216 wrote to memory of 2812	2216	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe	28
PID 2216 wrote to memory of 2812	2216	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe	28
PID 2216 wrote to memory of 2808	2216	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe	30
PID 2216 wrote to memory of 2808	2216	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe	30
PID 2216 wrote to memory of 2808	2216	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe	30
PID 2216 wrote to memory of 2808	2216	fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe	30
PID 2808 wrote to memory of 2388	2808	Logo1_.exe	31
PID 2808 wrote to memory of 2388	2808	Logo1_.exe	31
PID 2808 wrote to memory of 2388	2808	Logo1_.exe	31
PID 2808 wrote to memory of 2388	2808	Logo1_.exe	31
PID 2812 wrote to memory of 2740	2812	cmd.exe	33
PID 2812 wrote to memory of 2740	2812	cmd.exe	33
PID 2812 wrote to memory of 2740	2812	cmd.exe	33
PID 2812 wrote to memory of 2740	2812	cmd.exe	33
PID 2388 wrote to memory of 2916	2388	net.exe	34
PID 2388 wrote to memory of 2916	2388	net.exe	34
PID 2388 wrote to memory of 2916	2388	net.exe	34
PID 2388 wrote to memory of 2916	2388	net.exe	34
PID 2808 wrote to memory of 1204	2808	Logo1_.exe	21
PID 2808 wrote to memory of 1204	2808	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1204
- C:\Users\Admin\AppData\Local\Temp\fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe
  "C:\Users\Admin\AppData\Local\Temp\fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a733D.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe
      "C:\Users\Admin\AppData\Local\Temp\fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe"
      4⤵
      Executes dropped EXE
      PID:2740
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2388
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
8ff02549f40904b60daba7b19439ba9f

SHA1
88c247f89555e14b084c3f292bda1d0162eaf427

SHA256
b6217ec4646499eec8098afdcc3d72f4d99d77db4967c168244ad56dee3e8ed1

SHA512
26c2c70a63de889b54963b8e875df361809dd565fbf9dd2531b8734c77ceffb2e551fc82b10991040aad91eb960e47f3b902ecdb98a2469d2a1a235e2933a493

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a733D.bat

Filesize
722B

MD5
754765253e7ee6f3976b20d857a0c2fa

SHA1
85081a25c300a5c6b3d434450729f1472ddafe12

SHA256
9d204a82c9574b1cf46682340e13d67d47c2dfeeb7fdabf13c284107a40b587c

SHA512
217d76650ecfb0e1d09a72046c969516a0be077e750af01915dc1ee6976314ce878d2440956e3a67a4927e85bcd1d385830b028f40de6aeaffc0c6470d98b8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a733D.bat

Filesize
722B

MD5
754765253e7ee6f3976b20d857a0c2fa

SHA1
85081a25c300a5c6b3d434450729f1472ddafe12

SHA256
9d204a82c9574b1cf46682340e13d67d47c2dfeeb7fdabf13c284107a40b587c

SHA512
217d76650ecfb0e1d09a72046c969516a0be077e750af01915dc1ee6976314ce878d2440956e3a67a4927e85bcd1d385830b028f40de6aeaffc0c6470d98b8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe

Filesize
359KB

MD5
92384ca177708e57273cd9af9c21057e

SHA1
5c9372e1f7d897fc8db89bd75aefab185dc235bc

SHA256
c327cb79f271dfbf4502bf20f23fecb5332100762bb8a21cf20f4e2ef1012e27

SHA512
f0f968fde21e399079112402237fb16306fab98afeba88320f3e15d140477a0762e731f23591ea91f103f3b4e89876d510a3669e1b5c405b7dd777174fa12c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe.exe

Filesize
359KB

MD5
92384ca177708e57273cd9af9c21057e

SHA1
5c9372e1f7d897fc8db89bd75aefab185dc235bc

SHA256
c327cb79f271dfbf4502bf20f23fecb5332100762bb8a21cf20f4e2ef1012e27

SHA512
f0f968fde21e399079112402237fb16306fab98afeba88320f3e15d140477a0762e731f23591ea91f103f3b4e89876d510a3669e1b5c405b7dd777174fa12c9d

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
f550472f192027ed00d127f1ae855190

SHA1
b11ed82a41a4ef6f4158aa2c99e2fa7e337b8acd

SHA256
9f90ca94aa8c53c02813c7d118ab884cafb7f25cf0e85d3e672d704b91c80adf

SHA512
a137c2d20f1727d9ee1412f0855cc9356e01cea016b3fba9891f82cc1f14982f67a0eab168d6db5bc8f7667679e7459abe7dc7fb19a4fb8c044f55e0842ed446

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
f550472f192027ed00d127f1ae855190

SHA1
b11ed82a41a4ef6f4158aa2c99e2fa7e337b8acd

SHA256
9f90ca94aa8c53c02813c7d118ab884cafb7f25cf0e85d3e672d704b91c80adf

SHA512
a137c2d20f1727d9ee1412f0855cc9356e01cea016b3fba9891f82cc1f14982f67a0eab168d6db5bc8f7667679e7459abe7dc7fb19a4fb8c044f55e0842ed446

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
f550472f192027ed00d127f1ae855190

SHA1
b11ed82a41a4ef6f4158aa2c99e2fa7e337b8acd

SHA256
9f90ca94aa8c53c02813c7d118ab884cafb7f25cf0e85d3e672d704b91c80adf

SHA512
a137c2d20f1727d9ee1412f0855cc9356e01cea016b3fba9891f82cc1f14982f67a0eab168d6db5bc8f7667679e7459abe7dc7fb19a4fb8c044f55e0842ed446

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3408354897-1169622894-3874090110-1000\_desktop.ini

Filesize
9B

MD5
ec7139d5bb99bcebaf0b91c58a9ec5aa

SHA1
70404362dd74e309722fd282c3492ec95674123c

SHA256
eb17ae1b1de9e95e0d159893048f2de5c1c158467e768cc0ddbaa517c45e0582

SHA512
b0114d8f74b17836819b750cff2b590b652e04bb2dc0e9dc8bffac7ed66bd9ded03cd35abc7fc0fcd0127a994c283dcd162e97e6dd76f5a903ff59e4951dfc48

Download Submit
\Users\Admin\AppData\Local\Temp\fe55e3261d2c91f7f435e663f755f04e8304f88d8aff1bbcba885acf340c2b91.exe

Filesize
359KB

MD5
92384ca177708e57273cd9af9c21057e

SHA1
5c9372e1f7d897fc8db89bd75aefab185dc235bc

SHA256
c327cb79f271dfbf4502bf20f23fecb5332100762bb8a21cf20f4e2ef1012e27

SHA512
f0f968fde21e399079112402237fb16306fab98afeba88320f3e15d140477a0762e731f23591ea91f103f3b4e89876d510a3669e1b5c405b7dd777174fa12c9d

Download Submit
memory/1204-33-0x0000000001C50000-0x0000000001C51000-memory.dmp

Filesize
4KB

Download
memory/2216-17-0x00000000002B0000-0x00000000002E4000-memory.dmp

Filesize
208KB

Download
memory/2216-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2216-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2740-29-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2740-28-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2740-30-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2808-35-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2808-43-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2808-49-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2808-96-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2808-102-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2808-145-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2808-1854-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2808-3314-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2808-18-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download