cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232

Analysis

max time kernel
151s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15/10/2023, 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe
Size

310KB
MD5

2489375ecfdf8a8812f3a48a93bf62ae
SHA1

f70daba692854f24e6a6a7bfd6b6cd710ef62fcd
SHA256

cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232
SHA512

4a85b35485d032c02d071714aa37c03192616b54e4f0ccc6a78e2938f585cda810baa8f65cbd216c2f5cff37921c72af2a910e1447df950c6b29a2b1d4fbf7fd
SSDEEP

6144:kVfjmNyEq64tWRYCjhOhn7n4T5Bblt5RSZhlMIoEPsK:m7+yQhC7i5BtR0oEPsK

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2608	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2720	Logo1_.exe
2664	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe

Loads dropped DLL 1 IoCs

pid	Process
2608	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\SIGNUP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BOLDSTRI\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Portable Devices\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Library\SOLVER\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft.NET\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Library\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Biscay\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Journal\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\10\Cartridges\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBBA\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe
File created	C:\Windows\Logo1_.exe	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2720	Logo1_.exe
2720	Logo1_.exe
2720	Logo1_.exe
2720	Logo1_.exe
2720	Logo1_.exe
2720	Logo1_.exe
2720	Logo1_.exe
2720	Logo1_.exe
2720	Logo1_.exe
2720	Logo1_.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2664	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe
2664	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2608	2112	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe	29
PID 2112 wrote to memory of 2608	2112	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe	29
PID 2112 wrote to memory of 2608	2112	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe	29
PID 2112 wrote to memory of 2608	2112	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe	29
PID 2112 wrote to memory of 2720	2112	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe	30
PID 2112 wrote to memory of 2720	2112	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe	30
PID 2112 wrote to memory of 2720	2112	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe	30
PID 2112 wrote to memory of 2720	2112	cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe	30
PID 2720 wrote to memory of 2636	2720	Logo1_.exe	31
PID 2720 wrote to memory of 2636	2720	Logo1_.exe	31
PID 2720 wrote to memory of 2636	2720	Logo1_.exe	31
PID 2720 wrote to memory of 2636	2720	Logo1_.exe	31
PID 2608 wrote to memory of 2664	2608	cmd.exe	32
PID 2608 wrote to memory of 2664	2608	cmd.exe	32
PID 2608 wrote to memory of 2664	2608	cmd.exe	32
PID 2608 wrote to memory of 2664	2608	cmd.exe	32
PID 2608 wrote to memory of 2664	2608	cmd.exe	32
PID 2608 wrote to memory of 2664	2608	cmd.exe	32
PID 2608 wrote to memory of 2664	2608	cmd.exe	32
PID 2636 wrote to memory of 2688	2636	net.exe	33
PID 2636 wrote to memory of 2688	2636	net.exe	33
PID 2636 wrote to memory of 2688	2636	net.exe	33
PID 2636 wrote to memory of 2688	2636	net.exe	33
PID 2720 wrote to memory of 1392	2720	Logo1_.exe	9
PID 2720 wrote to memory of 1392	2720	Logo1_.exe	9

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1392
- C:\Users\Admin\AppData\Local\Temp\cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe
  "C:\Users\Admin\AppData\Local\Temp\cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2112
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a7974.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe
      "C:\Users\Admin\AppData\Local\Temp\cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2664
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
8a9ff864a5a78cfe1e4ef69c9bc98a7b

SHA1
783eb6119a656ad3318f12c3eb1bb1a9df5bce8a

SHA256
415270a11156bfa5f8b0f7f5679e35e8d9c3690936e675fe12855798fd49123b

SHA512
139c6628ddf4155fc7943db45bf2320d2db23fd127eedd4e69eb48c2404a42f34c34f1689b03d625112235e148cd142d9a5fd35f17e1865e4c3d41fa14b1eaca

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a7974.bat

Filesize
722B

MD5
cf40582969bfe77a6333018f378425fb

SHA1
6222b89aef328c268b9d17b0f1be9daff9675c44

SHA256
6789a392a5fa602b199a1bc78a2734887e358935db36425608dd7aef15fb94aa

SHA512
c922d3742e3002cfe7e292b4a88ada97dec26792b7b27334189881d5bf25c35eb03d93f58a0311d492eac43f2803a1a59d6753f41976b98b9f8ca9f330ca23e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a7974.bat

Filesize
722B

MD5
cf40582969bfe77a6333018f378425fb

SHA1
6222b89aef328c268b9d17b0f1be9daff9675c44

SHA256
6789a392a5fa602b199a1bc78a2734887e358935db36425608dd7aef15fb94aa

SHA512
c922d3742e3002cfe7e292b4a88ada97dec26792b7b27334189881d5bf25c35eb03d93f58a0311d492eac43f2803a1a59d6753f41976b98b9f8ca9f330ca23e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe

Filesize
284KB

MD5
db474d3a9ba1c0d73820bdd68b4ffcc0

SHA1
231ebf1696f15152b94030e62c0d3d3a3cbc884f

SHA256
e1f802890faf1ea6b8136ab1536bfd94d0ee221370e9213df85140b58a8be165

SHA512
847ad4103e50d41fbe13e82eafc0b6a904bde05cf770c80f4356c2f0d418c6f1a5fc195a03649b551f030cf7c5177d5db192debc2545abed1c432f1e56c0765d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe.exe

Filesize
284KB

MD5
db474d3a9ba1c0d73820bdd68b4ffcc0

SHA1
231ebf1696f15152b94030e62c0d3d3a3cbc884f

SHA256
e1f802890faf1ea6b8136ab1536bfd94d0ee221370e9213df85140b58a8be165

SHA512
847ad4103e50d41fbe13e82eafc0b6a904bde05cf770c80f4356c2f0d418c6f1a5fc195a03649b551f030cf7c5177d5db192debc2545abed1c432f1e56c0765d

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
fdc7e51ff8752125309e31c936ec4915

SHA1
27b2025690e916335f77af39a93a43427e440882

SHA256
c30125ebe9c5a24363ddc0a430f52a78f6e3e171ec2d041d977f08b5077a429c

SHA512
43eeef47306514417d5e84b79095a61970e1dcd09551df624d38dacbd1fbc3c1abba7639a577ec671d41b30576b3f3690f81e427e4e8201e30e1e2af611cd13a

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
fdc7e51ff8752125309e31c936ec4915

SHA1
27b2025690e916335f77af39a93a43427e440882

SHA256
c30125ebe9c5a24363ddc0a430f52a78f6e3e171ec2d041d977f08b5077a429c

SHA512
43eeef47306514417d5e84b79095a61970e1dcd09551df624d38dacbd1fbc3c1abba7639a577ec671d41b30576b3f3690f81e427e4e8201e30e1e2af611cd13a

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
fdc7e51ff8752125309e31c936ec4915

SHA1
27b2025690e916335f77af39a93a43427e440882

SHA256
c30125ebe9c5a24363ddc0a430f52a78f6e3e171ec2d041d977f08b5077a429c

SHA512
43eeef47306514417d5e84b79095a61970e1dcd09551df624d38dacbd1fbc3c1abba7639a577ec671d41b30576b3f3690f81e427e4e8201e30e1e2af611cd13a

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
fdc7e51ff8752125309e31c936ec4915

SHA1
27b2025690e916335f77af39a93a43427e440882

SHA256
c30125ebe9c5a24363ddc0a430f52a78f6e3e171ec2d041d977f08b5077a429c

SHA512
43eeef47306514417d5e84b79095a61970e1dcd09551df624d38dacbd1fbc3c1abba7639a577ec671d41b30576b3f3690f81e427e4e8201e30e1e2af611cd13a

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-86725733-3001458681-3405935542-1000\_desktop.ini

Filesize
10B

MD5
3fa5f43b227b96d6334e4649982d21b7

SHA1
aaca225fe44f532099d2d7d7b00d80ebc3dd003b

SHA256
d8fdb800da5ad9cc8b64df32df8c6006127fb46c590ee39f84bfd8b4f8912358

SHA512
2bf18238a4b94cb61fdd22c61007bc5cbb7fc712b69685cc03efc548622dc365f07159a6599192b1aed0c2ffa9911fbeb321323f7bf24c8706d52adff07e432e

Download Submit
\Users\Admin\AppData\Local\Temp\cf63e09f3f0b9d566d26ab408d868ee8721b8062e99e832542be4dc7f2a72232.exe

Filesize
284KB

MD5
db474d3a9ba1c0d73820bdd68b4ffcc0

SHA1
231ebf1696f15152b94030e62c0d3d3a3cbc884f

SHA256
e1f802890faf1ea6b8136ab1536bfd94d0ee221370e9213df85140b58a8be165

SHA512
847ad4103e50d41fbe13e82eafc0b6a904bde05cf770c80f4356c2f0d418c6f1a5fc195a03649b551f030cf7c5177d5db192debc2545abed1c432f1e56c0765d

Download Submit
memory/1392-30-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/2112-17-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2112-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2112-11-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2112-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2720-39-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2720-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2720-45-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2720-91-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2720-98-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2720-103-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2720-1850-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2720-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2720-2584-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2720-3311-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download