7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
29/10/2023, 02:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe
Size

306KB
MD5

02b9be89335e91f1f514263fae443f65
SHA1

4566531e994f12b41f4475d9691b9934a4013484
SHA256

7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11
SHA512

fc36dbcfd747939626c58f43fe6c586ace4323a25e60388ea8ca351b935adc5ae03e5bd89c73831154d6f208e788688d437f3040f0404cdb45df0a388d6e8559
SSDEEP

6144:MVfgPZxJfXaybsYYT6A+TeuL+5/XohWY8/ZPy:OYXJPaS2Td+Tez5/XoYNy

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2600	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
940	Logo1_.exe
3060	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe

Loads dropped DLL 1 IoCs

pid	Process
2600	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Update\Install\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\d3d11\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ne\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1041\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RMNSQUE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Mail\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Mail\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ta\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
940	Logo1_.exe
940	Logo1_.exe
940	Logo1_.exe
940	Logo1_.exe
940	Logo1_.exe
940	Logo1_.exe
940	Logo1_.exe
940	Logo1_.exe
940	Logo1_.exe
940	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2600	2296	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe	28
PID 2296 wrote to memory of 2600	2296	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe	28
PID 2296 wrote to memory of 2600	2296	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe	28
PID 2296 wrote to memory of 2600	2296	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe	28
PID 2296 wrote to memory of 940	2296	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe	29
PID 2296 wrote to memory of 940	2296	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe	29
PID 2296 wrote to memory of 940	2296	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe	29
PID 2296 wrote to memory of 940	2296	7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe	29
PID 940 wrote to memory of 2720	940	Logo1_.exe	30
PID 940 wrote to memory of 2720	940	Logo1_.exe	30
PID 940 wrote to memory of 2720	940	Logo1_.exe	30
PID 940 wrote to memory of 2720	940	Logo1_.exe	30
PID 2720 wrote to memory of 2800	2720	net.exe	33
PID 2720 wrote to memory of 2800	2720	net.exe	33
PID 2720 wrote to memory of 2800	2720	net.exe	33
PID 2720 wrote to memory of 2800	2720	net.exe	33
PID 2600 wrote to memory of 3060	2600	cmd.exe	34
PID 2600 wrote to memory of 3060	2600	cmd.exe	34
PID 2600 wrote to memory of 3060	2600	cmd.exe	34
PID 2600 wrote to memory of 3060	2600	cmd.exe	34
PID 940 wrote to memory of 1224	940	Logo1_.exe	13
PID 940 wrote to memory of 1224	940	Logo1_.exe	13

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1224
- C:\Users\Admin\AppData\Local\Temp\7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe
  "C:\Users\Admin\AppData\Local\Temp\7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a8601.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe
      "C:\Users\Admin\AppData\Local\Temp\7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe"
      4⤵
      Executes dropped EXE
      PID:3060
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:940
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
8ce669e0c5c16e39c632994123c0b7ab

SHA1
5edcc020a13794046f13bfe895d38fc14851a913

SHA256
4dd26f92c626b4b76622575336966f31d944aee9a848de1599072656a176a3ae

SHA512
b28a4bca6c759c4fdec69753e7113781d3f025e4b1697ab6a2e1705f40921b35ffe42fd2f858f809c0159789d0884fa416732ced303e5249e617d927f8b8df0d

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
1a0dbecba0dbb963c2f3b0448796d47a

SHA1
5c0b5d378d3614fe984ce2915b5720886992da0c

SHA256
1ea2fb84177a921bc3df4763c3da53a970e192f93f6175d09696ded019e50cf8

SHA512
8e25dc08fa6f280a6bc1ccacb1ce665ab055b5d539f8915915fc7536c90185a221cb0c50a02d34b521b871b8487a155b9c40a5f25df87306e1df24ca7e96da25

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a8601.bat

Filesize
722B

MD5
46b8235eb9820764129f36abf8028882

SHA1
ccdc0556170c76de31d4b6da9e22118987388674

SHA256
2a7e1a8c7c0c5aa3dbe45f65da2486191743f4f914134d7ac7e5dff1b8169397

SHA512
417fa1daa0d5432e3492912285f14596ef55518833a23f74cf90c128238caea6ff1cc6891e905a623e4fd86e772a6f9080c05604c28927bd83ec6911f78bc760

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a8601.bat

Filesize
722B

MD5
46b8235eb9820764129f36abf8028882

SHA1
ccdc0556170c76de31d4b6da9e22118987388674

SHA256
2a7e1a8c7c0c5aa3dbe45f65da2486191743f4f914134d7ac7e5dff1b8169397

SHA512
417fa1daa0d5432e3492912285f14596ef55518833a23f74cf90c128238caea6ff1cc6891e905a623e4fd86e772a6f9080c05604c28927bd83ec6911f78bc760

Download Submit
C:\Users\Admin\AppData\Local\Temp\7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe

Filesize
279KB

MD5
eb17e14675dd5c97d4781c246831a1c2

SHA1
95ba8daa75dc5169688fbe91ea17aa52d8e7be2d

SHA256
cd5fc12ef8d4a49393fe425b80d299058442d242d4c1ccb4dffb1d69a6b219fc

SHA512
8ac7ddea3edf5265e678219e07ab22b4739d11beeeb267ebc8d71cfa6bcabf93b7dfd0273cff566d5e51ce0af68dad3ec70b6f24382c19cc1a427c7a076cfe9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe.exe

Filesize
279KB

MD5
eb17e14675dd5c97d4781c246831a1c2

SHA1
95ba8daa75dc5169688fbe91ea17aa52d8e7be2d

SHA256
cd5fc12ef8d4a49393fe425b80d299058442d242d4c1ccb4dffb1d69a6b219fc

SHA512
8ac7ddea3edf5265e678219e07ab22b4739d11beeeb267ebc8d71cfa6bcabf93b7dfd0273cff566d5e51ce0af68dad3ec70b6f24382c19cc1a427c7a076cfe9e

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
fb302bb3e9a63790b545fbae9cf76e95

SHA1
36a3ff29e20e8c6a98e0ed0b62facf588e0de5c1

SHA256
e431f29fd728f254e78f03cb50ddea4203ab6863abe479d5cd89127a2a2ef391

SHA512
3c7b9db7a7030479e800f51971a223773c249758f4e38cff51214034b207cdcf427005476b3177662060e1d049d23d67627baa0548c16cc4db4236d4126d79b4

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
fb302bb3e9a63790b545fbae9cf76e95

SHA1
36a3ff29e20e8c6a98e0ed0b62facf588e0de5c1

SHA256
e431f29fd728f254e78f03cb50ddea4203ab6863abe479d5cd89127a2a2ef391

SHA512
3c7b9db7a7030479e800f51971a223773c249758f4e38cff51214034b207cdcf427005476b3177662060e1d049d23d67627baa0548c16cc4db4236d4126d79b4

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
fb302bb3e9a63790b545fbae9cf76e95

SHA1
36a3ff29e20e8c6a98e0ed0b62facf588e0de5c1

SHA256
e431f29fd728f254e78f03cb50ddea4203ab6863abe479d5cd89127a2a2ef391

SHA512
3c7b9db7a7030479e800f51971a223773c249758f4e38cff51214034b207cdcf427005476b3177662060e1d049d23d67627baa0548c16cc4db4236d4126d79b4

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
fb302bb3e9a63790b545fbae9cf76e95

SHA1
36a3ff29e20e8c6a98e0ed0b62facf588e0de5c1

SHA256
e431f29fd728f254e78f03cb50ddea4203ab6863abe479d5cd89127a2a2ef391

SHA512
3c7b9db7a7030479e800f51971a223773c249758f4e38cff51214034b207cdcf427005476b3177662060e1d049d23d67627baa0548c16cc4db4236d4126d79b4

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2085049433-1067986815-1244098655-1000\_desktop.ini

Filesize
10B

MD5
17de2acd7b02442c9cb0e8c0fccf8e96

SHA1
e062bd3af8ffe48988392987af8cbbddddffb804

SHA256
af7f402fe1458d28f48714376dd0e26175e667690e61b41c8bd0e61d818822d3

SHA512
e04d6d828edc3ef3443dfd40f72f76351bf981a16566cf0f31e60015f588440764461b52be088f549e8a2a6fa41370129e60d36b63b66f9a63c6df89f44fdbd8

Download Submit
\Users\Admin\AppData\Local\Temp\7e42bfc91df6de95aa241b7eae0d9b9c5c2b720160f45e211ab8aa1c12e19d11.exe

Filesize
279KB

MD5
eb17e14675dd5c97d4781c246831a1c2

SHA1
95ba8daa75dc5169688fbe91ea17aa52d8e7be2d

SHA256
cd5fc12ef8d4a49393fe425b80d299058442d242d4c1ccb4dffb1d69a6b219fc

SHA512
8ac7ddea3edf5265e678219e07ab22b4739d11beeeb267ebc8d71cfa6bcabf93b7dfd0273cff566d5e51ce0af68dad3ec70b6f24382c19cc1a427c7a076cfe9e

Download Submit
memory/940-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/940-46-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/940-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/940-3311-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/940-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/940-1851-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/940-188-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/940-99-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/940-93-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1224-30-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2296-21-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2296-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2296-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2296-16-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2296-32-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download