205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
13/11/2023, 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe
Size

2.0MB
MD5

2ceb9127d57039a9f0c716150d1a8655
SHA1

4412359ec325ff8b6888317453506aad5861b6e0
SHA256

205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf
SHA512

57e3c020b7c6e81e8895a6479d3205ddd008a82caf1c86aac8e2343a3121fbe9a5067114649ace7d1d0362c509fd9a9a8fb96db4ffd2e068fa180ba007d7e853
SSDEEP

49152:d0TW6eM7W0ScPydbhGGLkd1TeidrS10gdN7gIrP7CtEykL5:WHeM7zScP2bhGEYrdnIqxo

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2288	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
856	Logo1_.exe
2948	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe

Loads dropped DLL 1 IoCs

pid	Process
2288	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\browser\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VGX\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\control\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\visualization\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Mail\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Journal\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javacpl.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ko\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe
File created	C:\Windows\Logo1_.exe	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
856	Logo1_.exe
856	Logo1_.exe
856	Logo1_.exe
856	Logo1_.exe
856	Logo1_.exe
856	Logo1_.exe
856	Logo1_.exe
856	Logo1_.exe
856	Logo1_.exe
856	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 1264 wrote to memory of 2288	1264	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe	28
PID 1264 wrote to memory of 2288	1264	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe	28
PID 1264 wrote to memory of 2288	1264	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe	28
PID 1264 wrote to memory of 2288	1264	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe	28
PID 1264 wrote to memory of 856	1264	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe	29
PID 1264 wrote to memory of 856	1264	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe	29
PID 1264 wrote to memory of 856	1264	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe	29
PID 1264 wrote to memory of 856	1264	205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe	29
PID 856 wrote to memory of 2832	856	Logo1_.exe	30
PID 856 wrote to memory of 2832	856	Logo1_.exe	30
PID 856 wrote to memory of 2832	856	Logo1_.exe	30
PID 856 wrote to memory of 2832	856	Logo1_.exe	30
PID 2832 wrote to memory of 2852	2832	net.exe	33
PID 2832 wrote to memory of 2852	2832	net.exe	33
PID 2832 wrote to memory of 2852	2832	net.exe	33
PID 2832 wrote to memory of 2852	2832	net.exe	33
PID 2288 wrote to memory of 2948	2288	cmd.exe	34
PID 2288 wrote to memory of 2948	2288	cmd.exe	34
PID 2288 wrote to memory of 2948	2288	cmd.exe	34
PID 2288 wrote to memory of 2948	2288	cmd.exe	34
PID 856 wrote to memory of 1200	856	Logo1_.exe	22
PID 856 wrote to memory of 1200	856	Logo1_.exe	22

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1200
- C:\Users\Admin\AppData\Local\Temp\205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe
  "C:\Users\Admin\AppData\Local\Temp\205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a5486.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe
      "C:\Users\Admin\AppData\Local\Temp\205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe"
      4⤵
      Executes dropped EXE
      PID:2948
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:856
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
16d53298149f0b043d8bf4fc2e5c221c

SHA1
f02ed855266962faf090c0000271a6140b056585

SHA256
d502cb88273648d7b22eb0c01753662b5354e3909ad31c5c5a3e8d7c379d6367

SHA512
546c568f28aac3c25b2eec81e7bc9562e1a2d1c733164165b91710f3ceda9dfa6d5636d097eb81aa272f36fd45aecd390192534b1ccca52bdc7e9ad094de9b41

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
cd063a49bae945a38047d1627588ee01

SHA1
1608915d38130f68d3398c174f206dc073814e7b

SHA256
ae8ed667c2ef87a5a30302264032701269ee5821aa6b33343ceb404257709f38

SHA512
c789f3def7d88f776b609be95f98a0876f7b1126586603e77ade5554f8538acd22608484ef9978ee6e2e9214393e4c8d3c48ac22ff7ecae9a8dba9fa7cd7a39b

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5486.bat

Filesize
722B

MD5
a79ee48feed4d3812295ef981ddc7e20

SHA1
87083ceebf24db72e20e4a8eb50decbdc7094654

SHA256
c4b9e30a16cf45447c8f00ce4d200e7499b96a912034150c1645b26954ff82bf

SHA512
2b1aa070b1cce5c6f23bf1ac8771a3a09b29603fb29088c95535448c76dd09f7ab64f757362e32776afb4a34d325b1393789f4fca4bee454f5e3a39c437c25ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5486.bat

Filesize
722B

MD5
a79ee48feed4d3812295ef981ddc7e20

SHA1
87083ceebf24db72e20e4a8eb50decbdc7094654

SHA256
c4b9e30a16cf45447c8f00ce4d200e7499b96a912034150c1645b26954ff82bf

SHA512
2b1aa070b1cce5c6f23bf1ac8771a3a09b29603fb29088c95535448c76dd09f7ab64f757362e32776afb4a34d325b1393789f4fca4bee454f5e3a39c437c25ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe

Filesize
1.9MB

MD5
ddcaa8742bd6d3c80e52517866e3778b

SHA1
95c35c3be7131e89676946d4bfc7ad92e46d9d07

SHA256
63ed4675ef51c8917b9b5223d043dfda60643c6a7f2771780790a2abbc140990

SHA512
467d54c2d8361019f84eb1595ee4e480f8113093a1abbc0dc5da075cfa7b4033e8aa10368c52fc881fa1c162cb99a1058f020560315d4607d0f0316ab2292d99

Download Submit
C:\Users\Admin\AppData\Local\Temp\205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe.exe

Filesize
1.9MB

MD5
ddcaa8742bd6d3c80e52517866e3778b

SHA1
95c35c3be7131e89676946d4bfc7ad92e46d9d07

SHA256
63ed4675ef51c8917b9b5223d043dfda60643c6a7f2771780790a2abbc140990

SHA512
467d54c2d8361019f84eb1595ee4e480f8113093a1abbc0dc5da075cfa7b4033e8aa10368c52fc881fa1c162cb99a1058f020560315d4607d0f0316ab2292d99

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
a9dc4a172100eccd1c7ff84e66719574

SHA1
c7ff20b4ee5562c514f504318a0f72f12b1d84d3

SHA256
9e9d44f576105feeea2201d9809027bd049d3f38101dcd85b9dcd11b86a037d9

SHA512
a3e5f460fc8bd397a277e1480e8863d9ec3245f5b7b18849c15289473db10e5f429e82c7a89e4323a637f9b570685f9677efcbeaad2d8a26f160a42967785284

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
a9dc4a172100eccd1c7ff84e66719574

SHA1
c7ff20b4ee5562c514f504318a0f72f12b1d84d3

SHA256
9e9d44f576105feeea2201d9809027bd049d3f38101dcd85b9dcd11b86a037d9

SHA512
a3e5f460fc8bd397a277e1480e8863d9ec3245f5b7b18849c15289473db10e5f429e82c7a89e4323a637f9b570685f9677efcbeaad2d8a26f160a42967785284

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
a9dc4a172100eccd1c7ff84e66719574

SHA1
c7ff20b4ee5562c514f504318a0f72f12b1d84d3

SHA256
9e9d44f576105feeea2201d9809027bd049d3f38101dcd85b9dcd11b86a037d9

SHA512
a3e5f460fc8bd397a277e1480e8863d9ec3245f5b7b18849c15289473db10e5f429e82c7a89e4323a637f9b570685f9677efcbeaad2d8a26f160a42967785284

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
a9dc4a172100eccd1c7ff84e66719574

SHA1
c7ff20b4ee5562c514f504318a0f72f12b1d84d3

SHA256
9e9d44f576105feeea2201d9809027bd049d3f38101dcd85b9dcd11b86a037d9

SHA512
a3e5f460fc8bd397a277e1480e8863d9ec3245f5b7b18849c15289473db10e5f429e82c7a89e4323a637f9b570685f9677efcbeaad2d8a26f160a42967785284

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1154728922-3261336865-3456416385-1000\_desktop.ini

Filesize
10B

MD5
7af371ae7aad351d505f1b26382de243

SHA1
0a19bf0a1ccfb902a03b3da68bdd289190e62f5f

SHA256
4fcc643d52dbc25dd57a011e27cbb0503711cf1a2ad1610a4f9e7b9f17c5bc1b

SHA512
1127b9c88de9e2d58f7a512dd52c31bb9d96b0543f13e4cfff59ca2b73e60307538dd9bcd1c480e6d260fe45b44208a5554a5a60e8c2e3da8385b2cdd0e77d3e

Download Submit
\Users\Admin\AppData\Local\Temp\205da77afffb72db57453424281b05d995b425cbd9300a69745480a5ba881faf.exe

Filesize
1.9MB

MD5
ddcaa8742bd6d3c80e52517866e3778b

SHA1
95c35c3be7131e89676946d4bfc7ad92e46d9d07

SHA256
63ed4675ef51c8917b9b5223d043dfda60643c6a7f2771780790a2abbc140990

SHA512
467d54c2d8361019f84eb1595ee4e480f8113093a1abbc0dc5da075cfa7b4033e8aa10368c52fc881fa1c162cb99a1058f020560315d4607d0f0316ab2292d99

Download Submit
memory/856-47-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/856-93-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/856-3312-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/856-34-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/856-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/856-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/856-1852-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/856-787-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/856-99-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1200-30-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/1264-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1264-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1264-16-0x0000000000340000-0x0000000000374000-memory.dmp

Filesize
208KB

Download
memory/2948-28-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download