f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
19/09/2023, 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe
Size

127KB
MD5

195a3e7cbbdb0f5f0c0f864c6619da18
SHA1

0274998c7cc8abd61eb94b8b2be4924179caa6f7
SHA256

f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c
SHA512

2c41a9514cd4f07847a75a89ed2ab0a4e6a790ce50e998a69409807bf440635b08ee865c9fdd987a0c0a42a5a9c106d99aa8d8ae7158089bb520876d70b7296d
SSDEEP

3072:KNftffjmNm0GSrIqU7DWDM5IXy1aOmRu8XljkiZhP5X25:KdVfjmNmars7DOu8XHPx

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
312	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2940	Logo1_.exe
2044	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe

Loads dropped DLL 1 IoCs

pid	Process
312	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\amd64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tet\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\et\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMFormServices\InfoPathOMFormServicesV12\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SATIN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\SAMPLES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Synchronization Services\ADO.NET\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DAO\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe
File created	C:\Windows\Logo1_.exe	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2940	Logo1_.exe
2940	Logo1_.exe
2940	Logo1_.exe
2940	Logo1_.exe
2940	Logo1_.exe
2940	Logo1_.exe
2940	Logo1_.exe
2940	Logo1_.exe
2940	Logo1_.exe
2940	Logo1_.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2044	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe
2044	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 312	1064	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe	28
PID 1064 wrote to memory of 312	1064	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe	28
PID 1064 wrote to memory of 312	1064	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe	28
PID 1064 wrote to memory of 312	1064	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe	28
PID 1064 wrote to memory of 2940	1064	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe	30
PID 1064 wrote to memory of 2940	1064	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe	30
PID 1064 wrote to memory of 2940	1064	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe	30
PID 1064 wrote to memory of 2940	1064	f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe	30
PID 2940 wrote to memory of 2636	2940	Logo1_.exe	31
PID 2940 wrote to memory of 2636	2940	Logo1_.exe	31
PID 2940 wrote to memory of 2636	2940	Logo1_.exe	31
PID 2940 wrote to memory of 2636	2940	Logo1_.exe	31
PID 312 wrote to memory of 2044	312	cmd.exe	33
PID 312 wrote to memory of 2044	312	cmd.exe	33
PID 312 wrote to memory of 2044	312	cmd.exe	33
PID 312 wrote to memory of 2044	312	cmd.exe	33
PID 2636 wrote to memory of 760	2636	net.exe	34
PID 2636 wrote to memory of 760	2636	net.exe	34
PID 2636 wrote to memory of 760	2636	net.exe	34
PID 2636 wrote to memory of 760	2636	net.exe	34
PID 2940 wrote to memory of 1280	2940	Logo1_.exe	12
PID 2940 wrote to memory of 1280	2940	Logo1_.exe	12

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1280
- C:\Users\Admin\AppData\Local\Temp\f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe
  "C:\Users\Admin\AppData\Local\Temp\f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1064
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2E51.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:312
  - - C:\Users\Admin\AppData\Local\Temp\f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe
      "C:\Users\Admin\AppData\Local\Temp\f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2044
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
823531bbd70233476ca605959cb8d2cc

SHA1
74d878fd6828e77407da2f3c7a4085df4a6911ab

SHA256
9a10abcfd9877c51a6a4bfd5f81681f59537171b37f398571d9ba9cbde784c16

SHA512
08bb43ac1d17d35709a4beafe60fd5074d9ee0c30398e0e934ff3bef0577a19f20be821dbf5d02fcaa0fb1f48fa2defec4b41d6ca99bfb2b7d51f5290f622632

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
99ea9b604a7a734d3087fa6159684c42

SHA1
709fa1068ad4d560fe03e05b68056f1b0bedbfc8

SHA256
3f733f9e6fec7c4165ca8ba41eb23f604a248babe794c4ad2c6c3ce8032aab1c

SHA512
7af8008c7e187f925c62efc97e1891a7a38d089302dba39fbde137fb895e0592847ed0982c824c2075be8e6b95b6ce165ecb848ab85adf53779ebef613410fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a2E51.bat

Filesize
722B

MD5
0ce002b910d7648b11ceb183c0367208

SHA1
486af522ac0bd12652e0ca3b4b861a12fac66e8e

SHA256
d754fe8d70e034674fe88e68fef92fac40a40c37cfa67b5c18e563c7c209353f

SHA512
9d467bd3b53c6d11598a9a5e2e04e9ed976d47364389ddd6985d3888ca947e2b20f257ac21054de129e3c21a0b5b8aef86aacefabf996f13bdb2816325b35f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a2E51.bat

Filesize
722B

MD5
0ce002b910d7648b11ceb183c0367208

SHA1
486af522ac0bd12652e0ca3b4b861a12fac66e8e

SHA256
d754fe8d70e034674fe88e68fef92fac40a40c37cfa67b5c18e563c7c209353f

SHA512
9d467bd3b53c6d11598a9a5e2e04e9ed976d47364389ddd6985d3888ca947e2b20f257ac21054de129e3c21a0b5b8aef86aacefabf996f13bdb2816325b35f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe

Filesize
100KB

MD5
e6991a57fbaebcfab51d7897001d2320

SHA1
fc482e66f32c572f0f934e2b3dcb0b97fa2fa2e5

SHA256
33f5cf13684f5ca72172f8302a8e62209a1dbad2a6958821b0199c3d08064b71

SHA512
6d905a649fc47c3e6e141b3f360da93d45bc6b9ab2a59b63facdb6d68606cc2059d952c2ea5e8e02e1295e88a101c384afff725e0ea978879d47fac6952ae7a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe.exe

Filesize
100KB

MD5
e6991a57fbaebcfab51d7897001d2320

SHA1
fc482e66f32c572f0f934e2b3dcb0b97fa2fa2e5

SHA256
33f5cf13684f5ca72172f8302a8e62209a1dbad2a6958821b0199c3d08064b71

SHA512
6d905a649fc47c3e6e141b3f360da93d45bc6b9ab2a59b63facdb6d68606cc2059d952c2ea5e8e02e1295e88a101c384afff725e0ea978879d47fac6952ae7a8

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
b16f445581f1c84748e3ef64f127b97d

SHA1
b5eee38ce13635f35a781926f8434a07ca295872

SHA256
b3fe889ff71155b7882670d7a2197a75cc11601a7a1003eb1948be8a87f916f8

SHA512
de97b113bed31ba85a533a4f8bc6a6f25df09403299e45a23cd908cbd6dded5b033fc0dbd800f143045871f57dff198036bc1a539b1d44527fca2cb7cb195e54

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
b16f445581f1c84748e3ef64f127b97d

SHA1
b5eee38ce13635f35a781926f8434a07ca295872

SHA256
b3fe889ff71155b7882670d7a2197a75cc11601a7a1003eb1948be8a87f916f8

SHA512
de97b113bed31ba85a533a4f8bc6a6f25df09403299e45a23cd908cbd6dded5b033fc0dbd800f143045871f57dff198036bc1a539b1d44527fca2cb7cb195e54

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
b16f445581f1c84748e3ef64f127b97d

SHA1
b5eee38ce13635f35a781926f8434a07ca295872

SHA256
b3fe889ff71155b7882670d7a2197a75cc11601a7a1003eb1948be8a87f916f8

SHA512
de97b113bed31ba85a533a4f8bc6a6f25df09403299e45a23cd908cbd6dded5b033fc0dbd800f143045871f57dff198036bc1a539b1d44527fca2cb7cb195e54

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
b16f445581f1c84748e3ef64f127b97d

SHA1
b5eee38ce13635f35a781926f8434a07ca295872

SHA256
b3fe889ff71155b7882670d7a2197a75cc11601a7a1003eb1948be8a87f916f8

SHA512
de97b113bed31ba85a533a4f8bc6a6f25df09403299e45a23cd908cbd6dded5b033fc0dbd800f143045871f57dff198036bc1a539b1d44527fca2cb7cb195e54

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-607259312-1573743425-2763420908-1000\_desktop.ini

Filesize
9B

MD5
aefd96a8d669fca3e61965ad4b456dbb

SHA1
a59ed0823bb825478bf4fa66cf84a474ac4f5272

SHA256
74e41853b6b9afd3ddd0261721f2c376a6c037a7659d829e65426afecfdbb8a2

SHA512
33e6dead0656b021014d6df9026a8988ab0b1098a476292ddde356a6c9d3536fc775419bc091399879d38ce403d6c450420c5bdc8423d4b20b945d75237696d1

Download Submit
\Users\Admin\AppData\Local\Temp\f82028ae065230e18f328c7d77d6f988a589295ba05d994b5f94dec086d14c8c.exe

Filesize
100KB

MD5
e6991a57fbaebcfab51d7897001d2320

SHA1
fc482e66f32c572f0f934e2b3dcb0b97fa2fa2e5

SHA256
33f5cf13684f5ca72172f8302a8e62209a1dbad2a6958821b0199c3d08064b71

SHA512
6d905a649fc47c3e6e141b3f360da93d45bc6b9ab2a59b63facdb6d68606cc2059d952c2ea5e8e02e1295e88a101c384afff725e0ea978879d47fac6952ae7a8

Download Submit
memory/1064-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1064-12-0x0000000001C80000-0x0000000001CB4000-memory.dmp

Filesize
208KB

Download
memory/1064-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1280-30-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/2044-28-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2044-34-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2940-48-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2940-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2940-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2940-94-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2940-99-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2940-1852-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2940-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2940-3312-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2940-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download