4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83

Analysis

max time kernel
151s
max time network
131s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe
Size

806KB
MD5

4db322ec9cefd0b37e9d26b4b21f9b46
SHA1

a68df7c5e0dfc0a3d4fecba1aab62e18962942dd
SHA256

4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83
SHA512

9fbdc1a68afb33fd10c003ee3e08d12209214bdd0af94fbea714eaea033df280cea6a4a481fc029a818fe3ca3a1d90e54df7c96335e0a41e949cabc81288fedc
SSDEEP

12288:e7+XtJt5nIj79qVZMv2nKF3kVI2bovMYl7Vtq5c:e7IXnIf9oxKnEYlJtqa

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2760	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
1932	Logo1_.exe
2796	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe

Loads dropped DLL 2 IoCs

pid	Process
2760	cmd.exe
2760	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn_IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access_output\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\policytool.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ms\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DW\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\spu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Chess\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe
File created	C:\Windows\Logo1_.exe	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1932	Logo1_.exe
1932	Logo1_.exe
1932	Logo1_.exe
1932	Logo1_.exe
1932	Logo1_.exe
1932	Logo1_.exe
1932	Logo1_.exe
1932	Logo1_.exe
1932	Logo1_.exe
1932	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2760	2180	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe	28
PID 2180 wrote to memory of 2760	2180	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe	28
PID 2180 wrote to memory of 2760	2180	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe	28
PID 2180 wrote to memory of 2760	2180	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe	28
PID 2180 wrote to memory of 1932	2180	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe	30
PID 2180 wrote to memory of 1932	2180	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe	30
PID 2180 wrote to memory of 1932	2180	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe	30
PID 2180 wrote to memory of 1932	2180	4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe	30
PID 2760 wrote to memory of 2796	2760	cmd.exe	32
PID 2760 wrote to memory of 2796	2760	cmd.exe	32
PID 2760 wrote to memory of 2796	2760	cmd.exe	32
PID 2760 wrote to memory of 2796	2760	cmd.exe	32
PID 1932 wrote to memory of 2776	1932	Logo1_.exe	31
PID 1932 wrote to memory of 2776	1932	Logo1_.exe	31
PID 1932 wrote to memory of 2776	1932	Logo1_.exe	31
PID 1932 wrote to memory of 2776	1932	Logo1_.exe	31
PID 2776 wrote to memory of 2668	2776	net.exe	34
PID 2776 wrote to memory of 2668	2776	net.exe	34
PID 2776 wrote to memory of 2668	2776	net.exe	34
PID 2776 wrote to memory of 2668	2776	net.exe	34
PID 1932 wrote to memory of 1252	1932	Logo1_.exe	18
PID 1932 wrote to memory of 1252	1932	Logo1_.exe	18

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1252
- C:\Users\Admin\AppData\Local\Temp\4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe
  "C:\Users\Admin\AppData\Local\Temp\4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a59C4.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe
      "C:\Users\Admin\AppData\Local\Temp\4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe"
      4⤵
      Executes dropped EXE
      PID:2796
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1932
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a59C4.bat

Filesize
722B

MD5
39c427139877545c08049e532b475749

SHA1
19c621ce4940192eacb27975cb782b2509601608

SHA256
bc169e15f2e07e43466d539a65860ddb32246d8b785ad31e34146665fbfbb4a5

SHA512
57364793754ca5c1054b39836c2efcaf77e97f6862be6942c13f43f7f016c5667949040eca443c919a502f16301d5872d4c7287d8af2c3db678184d06b5f6510

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a59C4.bat

Filesize
722B

MD5
39c427139877545c08049e532b475749

SHA1
19c621ce4940192eacb27975cb782b2509601608

SHA256
bc169e15f2e07e43466d539a65860ddb32246d8b785ad31e34146665fbfbb4a5

SHA512
57364793754ca5c1054b39836c2efcaf77e97f6862be6942c13f43f7f016c5667949040eca443c919a502f16301d5872d4c7287d8af2c3db678184d06b5f6510

Download Submit
C:\Users\Admin\AppData\Local\Temp\4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe

Filesize
780KB

MD5
6475283568ad278b0e4f0ac03dd85a72

SHA1
5ef270214d6617389c02dbf0869350e76a40e857

SHA256
cc1c3a68c4bc9739a1ea6b832633e409920005c6c7fa933249d5e4f3ad4d9553

SHA512
afc528f8e435a2de4cece460d80311c2b40ae07d3178fdb3fa8a08c60355a8058ffe94f5aeadab84e1a108e01b00e1cf8fd0b09af6c377b611754a7196fe35ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe.exe

Filesize
780KB

MD5
6475283568ad278b0e4f0ac03dd85a72

SHA1
5ef270214d6617389c02dbf0869350e76a40e857

SHA256
cc1c3a68c4bc9739a1ea6b832633e409920005c6c7fa933249d5e4f3ad4d9553

SHA512
afc528f8e435a2de4cece460d80311c2b40ae07d3178fdb3fa8a08c60355a8058ffe94f5aeadab84e1a108e01b00e1cf8fd0b09af6c377b611754a7196fe35ee

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
9ad92124bbe38e2706efcedebb82bd08

SHA1
ea1478dc19d256bcaa2926c0908534e9750815f5

SHA256
c8bca955a769c0b6a83bb24db3f4bf97514ab3a27cd1b7da7891b5755a822126

SHA512
d41fcbab676e089bacfb249294f0fe6b04f93ff9bebfdd97a5f9ab8a2e5ba487fa8f6c36b3477a36ba22110343a7decbef061003c4b03ef48963350c85819ab7

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
9ad92124bbe38e2706efcedebb82bd08

SHA1
ea1478dc19d256bcaa2926c0908534e9750815f5

SHA256
c8bca955a769c0b6a83bb24db3f4bf97514ab3a27cd1b7da7891b5755a822126

SHA512
d41fcbab676e089bacfb249294f0fe6b04f93ff9bebfdd97a5f9ab8a2e5ba487fa8f6c36b3477a36ba22110343a7decbef061003c4b03ef48963350c85819ab7

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
9ad92124bbe38e2706efcedebb82bd08

SHA1
ea1478dc19d256bcaa2926c0908534e9750815f5

SHA256
c8bca955a769c0b6a83bb24db3f4bf97514ab3a27cd1b7da7891b5755a822126

SHA512
d41fcbab676e089bacfb249294f0fe6b04f93ff9bebfdd97a5f9ab8a2e5ba487fa8f6c36b3477a36ba22110343a7decbef061003c4b03ef48963350c85819ab7

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
9ad92124bbe38e2706efcedebb82bd08

SHA1
ea1478dc19d256bcaa2926c0908534e9750815f5

SHA256
c8bca955a769c0b6a83bb24db3f4bf97514ab3a27cd1b7da7891b5755a822126

SHA512
d41fcbab676e089bacfb249294f0fe6b04f93ff9bebfdd97a5f9ab8a2e5ba487fa8f6c36b3477a36ba22110343a7decbef061003c4b03ef48963350c85819ab7

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3513876443-2771975297-1923446376-1000\_desktop.ini

Filesize
10B

MD5
a592e6708558f3dc0ad1608608da69c5

SHA1
69a1224ba3b2f2ab2f2ce8b8287809f3282d20d0

SHA256
24c83924da516d8acac4cdc96680306f1e34a8a54696bf5bf24106eeb562195a

SHA512
38724fff525de3d5b413bb962c2f81369068403f761f69d00f25cd03b5d8cb83603cd6d23c87faf458f157acf585ca4db031fe6640704a4158cb5ead56ce79f1

Download Submit
\Users\Admin\AppData\Local\Temp\4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe

Filesize
780KB

MD5
6475283568ad278b0e4f0ac03dd85a72

SHA1
5ef270214d6617389c02dbf0869350e76a40e857

SHA256
cc1c3a68c4bc9739a1ea6b832633e409920005c6c7fa933249d5e4f3ad4d9553

SHA512
afc528f8e435a2de4cece460d80311c2b40ae07d3178fdb3fa8a08c60355a8058ffe94f5aeadab84e1a108e01b00e1cf8fd0b09af6c377b611754a7196fe35ee

Download Submit
\Users\Admin\AppData\Local\Temp\4b17e12d9d462e7ec508e20cdeec19b3a41422ce15bec1d00180e7cd7881df83.exe

Filesize
780KB

MD5
6475283568ad278b0e4f0ac03dd85a72

SHA1
5ef270214d6617389c02dbf0869350e76a40e857

SHA256
cc1c3a68c4bc9739a1ea6b832633e409920005c6c7fa933249d5e4f3ad4d9553

SHA512
afc528f8e435a2de4cece460d80311c2b40ae07d3178fdb3fa8a08c60355a8058ffe94f5aeadab84e1a108e01b00e1cf8fd0b09af6c377b611754a7196fe35ee

Download Submit
memory/1252-31-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/1932-45-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1932-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1932-1879-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1932-1865-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1932-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1932-1653-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1932-109-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1932-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1932-101-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1932-53-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2180-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2180-11-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2180-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2796-36-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2796-35-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download
memory/2796-29-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download