3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02/09/2023, 09:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe
Size

1.2MB
MD5

9b132130d596f1267c033e6836c6dae0
SHA1

f79117f9afb7988bcf3dec3bedf7f630919986b3
SHA256

3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438
SHA512

a01b28c0e5f189e0483752b48f7d1cc92a216d96b682aa55ae5e7fcc745ad37331c3f628d0d913271ee48d0842abdc50aa226714fba460d3afe7fa3bdf4f8476
SSDEEP

12288:bwuNTkUqw8FOw2uRpfd2PSKWcRn8FvhPkCBZg87KvQSqWy/SUfo3MA+nkzixGy3:b9Ww8Fh2uRpMPSJcx8FvdlgGCh8hfZGA

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2468	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
1708	Logo1_.exe
2720	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe

Loads dropped DLL 1 IoCs

pid	Process
2468	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ga\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Journal\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Swirl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe	Logo1_.exe
File created	C:\Program Files\Uninstall Information\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Document Parts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Basic\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\en_GB\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\MSBuild\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe
File created	C:\Windows\Logo1_.exe	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1708	Logo1_.exe
1708	Logo1_.exe
1708	Logo1_.exe
1708	Logo1_.exe
1708	Logo1_.exe
1708	Logo1_.exe
1708	Logo1_.exe
1708	Logo1_.exe
1708	Logo1_.exe
1708	Logo1_.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2468	2444	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe	28
PID 2444 wrote to memory of 2468	2444	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe	28
PID 2444 wrote to memory of 2468	2444	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe	28
PID 2444 wrote to memory of 2468	2444	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe	28
PID 2444 wrote to memory of 1708	2444	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe	30
PID 2444 wrote to memory of 1708	2444	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe	30
PID 2444 wrote to memory of 1708	2444	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe	30
PID 2444 wrote to memory of 1708	2444	3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe	30
PID 1708 wrote to memory of 2360	1708	Logo1_.exe	31
PID 1708 wrote to memory of 2360	1708	Logo1_.exe	31
PID 1708 wrote to memory of 2360	1708	Logo1_.exe	31
PID 1708 wrote to memory of 2360	1708	Logo1_.exe	31
PID 2360 wrote to memory of 2808	2360	net.exe	33
PID 2360 wrote to memory of 2808	2360	net.exe	33
PID 2360 wrote to memory of 2808	2360	net.exe	33
PID 2360 wrote to memory of 2808	2360	net.exe	33
PID 1708 wrote to memory of 1192	1708	Logo1_.exe	17
PID 1708 wrote to memory of 1192	1708	Logo1_.exe	17

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1192
- C:\Users\Admin\AppData\Local\Temp\3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe
  "C:\Users\Admin\AppData\Local\Temp\3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a312E.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe
      "C:\Users\Admin\AppData\Local\Temp\3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe"
      4⤵
      Executes dropped EXE
      PID:2720
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1708
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2360
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
568f17750238ab463c745953a303648a

SHA1
25e9de37d6edb52c584c442e4f93a0448b4b37d4

SHA256
5351b82387339c78b116a077f2ba633da2a6fef86a165d92bfe28c2c3770ac81

SHA512
9034bc060e8155e07009d2142830f03b29c50525232fa1719038eae4fc742d460c5dad7b7fdd6957264c338072fbe71193a23d994510dc809ae240023b9f1ed3

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
474KB

MD5
82d95ff3c368229d3ecd547bfc2e95e4

SHA1
05c2c8065f243260792924168f85c614057119e8

SHA256
5fd8262ebaf159fa1ba5a2b80dad6f98477d1f549a651fc1a327f0dd207f2fdb

SHA512
27815b93d6070f7026c23ceac6210a78e694616d6a6a2012369b271e2d2ec986438f80dd3a29db4c4419b08084cb5a5914af216177669b86d8e2ae7184691699

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a312E.bat

Filesize
722B

MD5
c92272e2614eb3af7df7e8a7d267e242

SHA1
a6628354eeebab853dc2070e0784eaf651f231de

SHA256
23382b590075209111ae0a10a1173e397474d498fda4aceab48bf9e20ae1451b

SHA512
1662968673b8601a4ed529d71d5beae297a4383b7ee262ab0ff8de06251d3023772911ec95bb553e02c16689edc9ee31f9b3b27c95d7169ed3f8b7fab38a435b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a312E.bat

Filesize
722B

MD5
c92272e2614eb3af7df7e8a7d267e242

SHA1
a6628354eeebab853dc2070e0784eaf651f231de

SHA256
23382b590075209111ae0a10a1173e397474d498fda4aceab48bf9e20ae1451b

SHA512
1662968673b8601a4ed529d71d5beae297a4383b7ee262ab0ff8de06251d3023772911ec95bb553e02c16689edc9ee31f9b3b27c95d7169ed3f8b7fab38a435b

Download Submit
C:\Users\Admin\AppData\Local\Temp\3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe

Filesize
1.2MB

MD5
a51cd5d5d0d731a48ff85bc636f6857c

SHA1
980018a6fbf1122e7d5fc5d5cdb01ae212d80b70

SHA256
92345a3ff8ee21ed4f830f4a581c8f385536c00e492f078f542d2f5e72229529

SHA512
04d7c8787c0f44fcc7d2fe4a10016c1b72f9356987148f9e133d6b8e438c60a16c0a931f00129f0cf3b80fe19c941f7445fe1240b9b1c8eb7e1636e7b25ac947

Download Submit
C:\Users\Admin\AppData\Local\Temp\3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe.exe

Filesize
1.2MB

MD5
a51cd5d5d0d731a48ff85bc636f6857c

SHA1
980018a6fbf1122e7d5fc5d5cdb01ae212d80b70

SHA256
92345a3ff8ee21ed4f830f4a581c8f385536c00e492f078f542d2f5e72229529

SHA512
04d7c8787c0f44fcc7d2fe4a10016c1b72f9356987148f9e133d6b8e438c60a16c0a931f00129f0cf3b80fe19c941f7445fe1240b9b1c8eb7e1636e7b25ac947

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
a0a84e76a495cbe3dd66615625e80be3

SHA1
e17712c6939d13dc78aa8306871ff685c9cf00b5

SHA256
908960608aff75cbb5bb3855d25f86dbc86847905b1c6bcfbe4da648e58c507d

SHA512
b3c066856ff1bdff4b8825ab8e849a95ad2133e6e104d14b88e750792479690e2cf9d807f197adfdd73549b706774150e2574973e750c7f4e0c71bed95e9faa2

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
a0a84e76a495cbe3dd66615625e80be3

SHA1
e17712c6939d13dc78aa8306871ff685c9cf00b5

SHA256
908960608aff75cbb5bb3855d25f86dbc86847905b1c6bcfbe4da648e58c507d

SHA512
b3c066856ff1bdff4b8825ab8e849a95ad2133e6e104d14b88e750792479690e2cf9d807f197adfdd73549b706774150e2574973e750c7f4e0c71bed95e9faa2

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
a0a84e76a495cbe3dd66615625e80be3

SHA1
e17712c6939d13dc78aa8306871ff685c9cf00b5

SHA256
908960608aff75cbb5bb3855d25f86dbc86847905b1c6bcfbe4da648e58c507d

SHA512
b3c066856ff1bdff4b8825ab8e849a95ad2133e6e104d14b88e750792479690e2cf9d807f197adfdd73549b706774150e2574973e750c7f4e0c71bed95e9faa2

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
a0a84e76a495cbe3dd66615625e80be3

SHA1
e17712c6939d13dc78aa8306871ff685c9cf00b5

SHA256
908960608aff75cbb5bb3855d25f86dbc86847905b1c6bcfbe4da648e58c507d

SHA512
b3c066856ff1bdff4b8825ab8e849a95ad2133e6e104d14b88e750792479690e2cf9d807f197adfdd73549b706774150e2574973e750c7f4e0c71bed95e9faa2

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2180306848-1874213455-4093218721-1000\_desktop.ini

Filesize
8B

MD5
6bdc569e34ba772e6a02bf98e5269208

SHA1
d6e9053ccd9906f78c9f4dd12414246f31622d49

SHA256
a2f6c9ea9fb63e52c84ba26b60450f841bafcf7378af3f8310c32c86701dc148

SHA512
d25858c63ebf7077fbf1a96c3fbb6577cab1ebd3d133f6982672e6c721bebee655028a8f35292c1c3fc1d3d1a166256da32a54e3981c453fa0b30df3b2278ee0

Download Submit
\Users\Admin\AppData\Local\Temp\3254d014eb001868dbfce3df28ef1e96d533955a4bafb44e048e86435aaa2438.exe

Filesize
1.2MB

MD5
a51cd5d5d0d731a48ff85bc636f6857c

SHA1
980018a6fbf1122e7d5fc5d5cdb01ae212d80b70

SHA256
92345a3ff8ee21ed4f830f4a581c8f385536c00e492f078f542d2f5e72229529

SHA512
04d7c8787c0f44fcc7d2fe4a10016c1b72f9356987148f9e133d6b8e438c60a16c0a931f00129f0cf3b80fe19c941f7445fe1240b9b1c8eb7e1636e7b25ac947

Download Submit
memory/1192-29-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/1708-91-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1708-31-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1708-21-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1708-39-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1708-45-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1708-98-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1708-186-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1708-1850-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1708-3310-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2444-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2444-12-0x0000000000440000-0x0000000000476000-memory.dmp

Filesize
216KB

Download
memory/2444-16-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download