042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe
Size

106KB
MD5

5e9cf02766e819ed2e9790701a15abc8
SHA1

8560510b425f265fc0d5d692dda1b9736231bccc
SHA256

042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e
SHA512

35a2b60f192c49f160e88cb91374e586969efd3fa6f0c3e8a4fd522fd802bd720babad7b165f11ccbca07f9a6ed5cba5605e760d33172b20b1544a658dc4e1c6
SSDEEP

3072:pykuJVLgzoTNenyOLZaYWbB7dol+pW77M90B:5uJuzoTkLZa/lRol+pf

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2444	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2016	Logo1_.exe
2768	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe

Loads dropped DLL 1 IoCs

pid	Process
2444	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightOrange\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\te\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Mail\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Journal\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\PROOF\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft.NET\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Skins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RIPPLE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{11BE85C4-FDB6-4044-BF89-B05107AB6512}\chrome_installer.exe	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2016	Logo1_.exe
2016	Logo1_.exe
2016	Logo1_.exe
2016	Logo1_.exe
2016	Logo1_.exe
2016	Logo1_.exe
2016	Logo1_.exe
2016	Logo1_.exe
2016	Logo1_.exe
2016	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2444	2484	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe	28
PID 2484 wrote to memory of 2444	2484	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe	28
PID 2484 wrote to memory of 2444	2484	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe	28
PID 2484 wrote to memory of 2444	2484	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe	28
PID 2484 wrote to memory of 2016	2484	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe	29
PID 2484 wrote to memory of 2016	2484	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe	29
PID 2484 wrote to memory of 2016	2484	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe	29
PID 2484 wrote to memory of 2016	2484	042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe	29
PID 2016 wrote to memory of 2036	2016	Logo1_.exe	31
PID 2016 wrote to memory of 2036	2016	Logo1_.exe	31
PID 2016 wrote to memory of 2036	2016	Logo1_.exe	31
PID 2016 wrote to memory of 2036	2016	Logo1_.exe	31
PID 2036 wrote to memory of 2736	2036	net.exe	33
PID 2036 wrote to memory of 2736	2036	net.exe	33
PID 2036 wrote to memory of 2736	2036	net.exe	33
PID 2036 wrote to memory of 2736	2036	net.exe	33
PID 2444 wrote to memory of 2768	2444	cmd.exe	34
PID 2444 wrote to memory of 2768	2444	cmd.exe	34
PID 2444 wrote to memory of 2768	2444	cmd.exe	34
PID 2444 wrote to memory of 2768	2444	cmd.exe	34
PID 2016 wrote to memory of 1172	2016	Logo1_.exe	16
PID 2016 wrote to memory of 1172	2016	Logo1_.exe	16

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1172
- C:\Users\Admin\AppData\Local\Temp\042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe
  "C:\Users\Admin\AppData\Local\Temp\042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a31DA.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe
      "C:\Users\Admin\AppData\Local\Temp\042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe"
      4⤵
      Executes dropped EXE
      PID:2768
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2016
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2036
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
d3f033c2d6204b7a3003dca36688228d

SHA1
c14a1585f4c982230458a7edf94d70ff79f0e53e

SHA256
9519d629f5db5a1efa77ba49048aacd24040f4d3373af44975dd25e61ea57cdd

SHA512
762cce8bb2dfd19851bb725dddf29ffbcaba6f309362f4366202efd69e397c727cb3e0f8895dce3f2dd3bf7546ba2b168ecce1b2fe11606d4d545586c1ed3b6a

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
474KB

MD5
b64f00ca47092ef22416f70d5aa78fa6

SHA1
838f6038dabbb6936679e562133e96756c78bf2c

SHA256
d5c7eca76122a2ac5c42cc8d48ff5644e8c2d72282c6dc3c30e33d69d4a788cf

SHA512
b395f15a545d84a77f526f019dc69b03582f26fa6d2ff222b3cc0c5633f3e3aa722d477eefdb830a672650ebf628a0b897288793fc583cbb7f01485619a77c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a31DA.bat

Filesize
722B

MD5
7588488862a88821a42de533e573d8dd

SHA1
5424efcdaf77dea0a29fc2f6b7197e564b2dfcdc

SHA256
1437a7fc31575629ac2c73aa6cd57fbbb9a5fc839fc1946c718296370aeaca63

SHA512
adea8eb04d4a1a2d1c90d36a04fca4a3d251ddb17ca29caab209fa68d0fd3c14f8c3310b0b9ef26e324a43688673654512054a97ee5b4fee3bfd6d44ee46e573

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a31DA.bat

Filesize
722B

MD5
7588488862a88821a42de533e573d8dd

SHA1
5424efcdaf77dea0a29fc2f6b7197e564b2dfcdc

SHA256
1437a7fc31575629ac2c73aa6cd57fbbb9a5fc839fc1946c718296370aeaca63

SHA512
adea8eb04d4a1a2d1c90d36a04fca4a3d251ddb17ca29caab209fa68d0fd3c14f8c3310b0b9ef26e324a43688673654512054a97ee5b4fee3bfd6d44ee46e573

Download Submit
C:\Users\Admin\AppData\Local\Temp\042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe

Filesize
77KB

MD5
a7716d38fea21265e471d4ef980e71c5

SHA1
371ce2ec176015299d9605e06271dd85bb35b393

SHA256
2d9749fb6e3fbf080c8261974ade955fbb10dbba5ef7f37863820a199caf81f1

SHA512
c402373b60e50166537334116bc7a3e78f7794de198700f610101e6a479071c395fbbef66f23d2169e212672ef85debd45c17b9290eae929cb22fc9ff480d3b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe.exe

Filesize
77KB

MD5
a7716d38fea21265e471d4ef980e71c5

SHA1
371ce2ec176015299d9605e06271dd85bb35b393

SHA256
2d9749fb6e3fbf080c8261974ade955fbb10dbba5ef7f37863820a199caf81f1

SHA512
c402373b60e50166537334116bc7a3e78f7794de198700f610101e6a479071c395fbbef66f23d2169e212672ef85debd45c17b9290eae929cb22fc9ff480d3b8

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
cf88808bf1a7bb211e559a06b88bcb9d

SHA1
494e46d62930a122e416356c9d2cec58d7fd7e45

SHA256
4bf3328e40fd19185b720238497918abdbf018580f705675729f300f4acc25c4

SHA512
e92c6ceec34424b33ebcdbda8a3eaa5054410ac49c720eb052f107d0650db69cab07a1abcbc64b872d4fc64593cb1128d7bd9ad2eaaf8b12f1900f30e0b95e65

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
cf88808bf1a7bb211e559a06b88bcb9d

SHA1
494e46d62930a122e416356c9d2cec58d7fd7e45

SHA256
4bf3328e40fd19185b720238497918abdbf018580f705675729f300f4acc25c4

SHA512
e92c6ceec34424b33ebcdbda8a3eaa5054410ac49c720eb052f107d0650db69cab07a1abcbc64b872d4fc64593cb1128d7bd9ad2eaaf8b12f1900f30e0b95e65

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
cf88808bf1a7bb211e559a06b88bcb9d

SHA1
494e46d62930a122e416356c9d2cec58d7fd7e45

SHA256
4bf3328e40fd19185b720238497918abdbf018580f705675729f300f4acc25c4

SHA512
e92c6ceec34424b33ebcdbda8a3eaa5054410ac49c720eb052f107d0650db69cab07a1abcbc64b872d4fc64593cb1128d7bd9ad2eaaf8b12f1900f30e0b95e65

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
cf88808bf1a7bb211e559a06b88bcb9d

SHA1
494e46d62930a122e416356c9d2cec58d7fd7e45

SHA256
4bf3328e40fd19185b720238497918abdbf018580f705675729f300f4acc25c4

SHA512
e92c6ceec34424b33ebcdbda8a3eaa5054410ac49c720eb052f107d0650db69cab07a1abcbc64b872d4fc64593cb1128d7bd9ad2eaaf8b12f1900f30e0b95e65

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-686452656-3203474025-4140627569-1000\_desktop.ini

Filesize
9B

MD5
dff4f6f0cc6b8b3bb8efb4a275a8f779

SHA1
e87d0f214e09712ed6d4d73e571edb2c1b140327

SHA256
34eaeafe313f318504cabbbdf6a150f2928ed89c13a836126478f56c6904cd20

SHA512
1a534267509c4dd7c0421a5460ea7b3d58e05ba1343c2f45ca6ca537ff5259f1fae31c68928acba3492875ba270242f41c43ed5d705d31cf9af5a56ca4edd0e0

Download Submit
\Users\Admin\AppData\Local\Temp\042376058c11550b79de907155ccd7b983c72a28f1b36f1b77b3cbf41a97d56e.exe

Filesize
77KB

MD5
a7716d38fea21265e471d4ef980e71c5

SHA1
371ce2ec176015299d9605e06271dd85bb35b393

SHA256
2d9749fb6e3fbf080c8261974ade955fbb10dbba5ef7f37863820a199caf81f1

SHA512
c402373b60e50166537334116bc7a3e78f7794de198700f610101e6a479071c395fbbef66f23d2169e212672ef85debd45c17b9290eae929cb22fc9ff480d3b8

Download Submit
memory/1172-30-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/2016-46-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2016-21-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2016-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2016-40-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2016-92-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2016-99-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2016-112-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2016-1851-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2016-3311-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2484-22-0x0000000000220000-0x0000000000256000-memory.dmp

Filesize
216KB

Download
memory/2484-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2484-16-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2484-12-0x0000000000220000-0x0000000000256000-memory.dmp

Filesize
216KB

Download