1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
30/09/2023, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe
Size

180KB
MD5

80a11cd2aeb53af45f78af93e0cd1d33
SHA1

65367038e9d89a113b1a1c1dd4da42d8930e6951
SHA256

1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18
SHA512

b1f9aaad935d1493f2a5d5b145c399e476cfe5de17cf81ea6d56d3008ab60ae1cf6305be0dfd6c294ba038776f2959bd7624aa7934b68c81cf9980d0c4a8f6fd
SSDEEP

3072:5ftffjmNs9CEAGxiVRh+h85ufeKg0eylJ6YSXWkvDObXt4O:RVfjmNUxiVRh+i4Wt0ey/6YSXAmO

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2560	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
1696	Logo1_.exe
2912	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe

Loads dropped DLL 1 IoCs

pid	Process
2560	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Resources\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BabyBlue\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Mail\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ne\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\More Games\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zh_CN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ARCTIC\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\QUERIES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe
File created	C:\Windows\Logo1_.exe	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1696	Logo1_.exe
1696	Logo1_.exe
1696	Logo1_.exe
1696	Logo1_.exe
1696	Logo1_.exe
1696	Logo1_.exe
1696	Logo1_.exe
1696	Logo1_.exe
1696	Logo1_.exe
1696	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2560	3020	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe	28
PID 3020 wrote to memory of 2560	3020	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe	28
PID 3020 wrote to memory of 2560	3020	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe	28
PID 3020 wrote to memory of 2560	3020	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe	28
PID 3020 wrote to memory of 1696	3020	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe	30
PID 3020 wrote to memory of 1696	3020	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe	30
PID 3020 wrote to memory of 1696	3020	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe	30
PID 3020 wrote to memory of 1696	3020	1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe	30
PID 2560 wrote to memory of 2912	2560	cmd.exe	32
PID 2560 wrote to memory of 2912	2560	cmd.exe	32
PID 2560 wrote to memory of 2912	2560	cmd.exe	32
PID 2560 wrote to memory of 2912	2560	cmd.exe	32
PID 1696 wrote to memory of 2788	1696	Logo1_.exe	31
PID 1696 wrote to memory of 2788	1696	Logo1_.exe	31
PID 1696 wrote to memory of 2788	1696	Logo1_.exe	31
PID 1696 wrote to memory of 2788	1696	Logo1_.exe	31
PID 2788 wrote to memory of 3064	2788	net.exe	34
PID 2788 wrote to memory of 3064	2788	net.exe	34
PID 2788 wrote to memory of 3064	2788	net.exe	34
PID 2788 wrote to memory of 3064	2788	net.exe	34
PID 1696 wrote to memory of 1384	1696	Logo1_.exe	12
PID 1696 wrote to memory of 1384	1696	Logo1_.exe	12

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1384
- C:\Users\Admin\AppData\Local\Temp\1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe
  "C:\Users\Admin\AppData\Local\Temp\1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a89A9.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe
      "C:\Users\Admin\AppData\Local\Temp\1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe"
      4⤵
      Executes dropped EXE
      PID:2912
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1696
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2788
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
cf60447b5a5d7b2e800c5389c00686b9

SHA1
537bd6ffe4c8393f09faf07ce7e67c6355a29683

SHA256
15ca4a536e83e6637b34d89a07be1aa47f19c24eb4ed8cc8ce4f7cd5a7d6e6be

SHA512
ed7c4691f3ffec6a19538b872525758d17c4b72de2efe24b49da3197d1454e07ca4c9cfbcc02db692d4adada71936ecdcb4e44e1508aea778d80028430d831ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a89A9.bat

Filesize
722B

MD5
93ccb5134091c5de014f910f3f5c2e96

SHA1
5736fb617faa887ef0be069d22f5171e63519c42

SHA256
bdab06396b8317c9a72a164840e54c8066cbbab7147e5e9ae3c78c01a14b384b

SHA512
d1e692465c951bffa0d6d3d5baa4b149ebcaeced9c444fc449e569fbcbce105e43ec4647b2dce3c9d39138af8269a4dc192dbc1f725615b6b29b18593be739e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a89A9.bat

Filesize
722B

MD5
93ccb5134091c5de014f910f3f5c2e96

SHA1
5736fb617faa887ef0be069d22f5171e63519c42

SHA256
bdab06396b8317c9a72a164840e54c8066cbbab7147e5e9ae3c78c01a14b384b

SHA512
d1e692465c951bffa0d6d3d5baa4b149ebcaeced9c444fc449e569fbcbce105e43ec4647b2dce3c9d39138af8269a4dc192dbc1f725615b6b29b18593be739e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe

Filesize
154KB

MD5
99c93b09d70b12cda44554b78d0667a7

SHA1
2241e25b63f032dd5167e29375eb9565a0fa1406

SHA256
4a3dd52b06a4334ca382e9fd669ecb3fcd37d1b38c2f91a757d32fa76c762ce2

SHA512
45935d5670d6d1c37807c214c87d2c81e6b4147df0dff6bc3629a286eb1391834e406fc70b84cdd9a1468ed429ffdc174fef3c0afcac901a97e66b21d1659af4

Download Submit
C:\Users\Admin\AppData\Local\Temp\1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe.exe

Filesize
154KB

MD5
99c93b09d70b12cda44554b78d0667a7

SHA1
2241e25b63f032dd5167e29375eb9565a0fa1406

SHA256
4a3dd52b06a4334ca382e9fd669ecb3fcd37d1b38c2f91a757d32fa76c762ce2

SHA512
45935d5670d6d1c37807c214c87d2c81e6b4147df0dff6bc3629a286eb1391834e406fc70b84cdd9a1468ed429ffdc174fef3c0afcac901a97e66b21d1659af4

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
36b3f02b659eb0ad5fddf054af96b525

SHA1
17eab1988b6601611ae0683bb8b26ec04c377cb9

SHA256
a1822df7617c493bc4dca454e06a5f93d3dac7b6133b5a8dca37866d3cd3c1c6

SHA512
e20e9add4525449be31da571226255cb3cb06bf1f2efe84591e77972283407c783321b676f2e3bc78dd85dcfb0f20db77a40bcd179599cdd0f453534acf9dbaf

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
36b3f02b659eb0ad5fddf054af96b525

SHA1
17eab1988b6601611ae0683bb8b26ec04c377cb9

SHA256
a1822df7617c493bc4dca454e06a5f93d3dac7b6133b5a8dca37866d3cd3c1c6

SHA512
e20e9add4525449be31da571226255cb3cb06bf1f2efe84591e77972283407c783321b676f2e3bc78dd85dcfb0f20db77a40bcd179599cdd0f453534acf9dbaf

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
36b3f02b659eb0ad5fddf054af96b525

SHA1
17eab1988b6601611ae0683bb8b26ec04c377cb9

SHA256
a1822df7617c493bc4dca454e06a5f93d3dac7b6133b5a8dca37866d3cd3c1c6

SHA512
e20e9add4525449be31da571226255cb3cb06bf1f2efe84591e77972283407c783321b676f2e3bc78dd85dcfb0f20db77a40bcd179599cdd0f453534acf9dbaf

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
36b3f02b659eb0ad5fddf054af96b525

SHA1
17eab1988b6601611ae0683bb8b26ec04c377cb9

SHA256
a1822df7617c493bc4dca454e06a5f93d3dac7b6133b5a8dca37866d3cd3c1c6

SHA512
e20e9add4525449be31da571226255cb3cb06bf1f2efe84591e77972283407c783321b676f2e3bc78dd85dcfb0f20db77a40bcd179599cdd0f453534acf9dbaf

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3185155662-718608226-894467740-1000\_desktop.ini

Filesize
9B

MD5
2c012c1af0648018cb6d8f5d91a5a1df

SHA1
a55ab94d1fdb3374bee98660f16093ebca4e9258

SHA256
50313ae96f06443d8a81be791ed17d2060cbbe0b3ab5675290bf34eabbbdce3a

SHA512
1db76dae120f6de58372c7aec1c84b213242e991bdd92fb1a327b32bb91af55bab93719d55d49ae3712bf0b42998d561960ffe086bb3e42e806acc248ce1664e

Download Submit
\Users\Admin\AppData\Local\Temp\1ea0f9780257a0b172b505888106f54e0cc8be69e713753827143d245426af18.exe

Filesize
154KB

MD5
99c93b09d70b12cda44554b78d0667a7

SHA1
2241e25b63f032dd5167e29375eb9565a0fa1406

SHA256
4a3dd52b06a4334ca382e9fd669ecb3fcd37d1b38c2f91a757d32fa76c762ce2

SHA512
45935d5670d6d1c37807c214c87d2c81e6b4147df0dff6bc3629a286eb1391834e406fc70b84cdd9a1468ed429ffdc174fef3c0afcac901a97e66b21d1659af4

Download Submit
memory/1384-30-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/1696-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1696-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1696-34-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1696-48-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1696-94-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1696-100-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1696-1852-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1696-2141-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1696-3313-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3020-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3020-17-0x0000000000320000-0x0000000000354000-memory.dmp

Filesize
208KB

Download
memory/3020-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3020-12-0x0000000000320000-0x0000000000354000-memory.dmp

Filesize
208KB

Download