27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
21/11/2023, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe
Size

631KB
MD5

b0a88542ec31b27b5a80214dd1f986a0
SHA1

6d84b15665cbba4c93121eb216ac56677477ad10
SHA256

27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679
SHA512

abea5d2e206776362a61fa1e47b530e6f965050deae5112d20d99daa0954821e1229808e4571ecf9a3638b0a9f4b6f98e4c65f18d2ac7ad6095d654d6ebc07fe
SSDEEP

12288:K7+zrVFiAFasywTUzDV7Nwk/dvbKCnGy3tcp98:K7SrszDDwk/ICG2u98

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2064	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2444	Logo1_.exe
2724	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe

Loads dropped DLL 1 IoCs

pid	Process
2064	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javacpl.exe	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Analysis Services\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\Bin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\rmiregistry.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\FreeCell\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\amd64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1036\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Stationery\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Network Sharing\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Lime\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\defaults\pref\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Help\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2444	Logo1_.exe
2444	Logo1_.exe
2444	Logo1_.exe
2444	Logo1_.exe
2444	Logo1_.exe
2444	Logo1_.exe
2444	Logo1_.exe
2444	Logo1_.exe
2444	Logo1_.exe
2444	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2064	2436	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe	28
PID 2436 wrote to memory of 2064	2436	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe	28
PID 2436 wrote to memory of 2064	2436	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe	28
PID 2436 wrote to memory of 2064	2436	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe	28
PID 2436 wrote to memory of 2444	2436	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe	30
PID 2436 wrote to memory of 2444	2436	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe	30
PID 2436 wrote to memory of 2444	2436	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe	30
PID 2436 wrote to memory of 2444	2436	27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe	30
PID 2444 wrote to memory of 2260	2444	Logo1_.exe	31
PID 2444 wrote to memory of 2260	2444	Logo1_.exe	31
PID 2444 wrote to memory of 2260	2444	Logo1_.exe	31
PID 2444 wrote to memory of 2260	2444	Logo1_.exe	31
PID 2064 wrote to memory of 2724	2064	cmd.exe	33
PID 2064 wrote to memory of 2724	2064	cmd.exe	33
PID 2064 wrote to memory of 2724	2064	cmd.exe	33
PID 2064 wrote to memory of 2724	2064	cmd.exe	33
PID 2260 wrote to memory of 2956	2260	net.exe	34
PID 2260 wrote to memory of 2956	2260	net.exe	34
PID 2260 wrote to memory of 2956	2260	net.exe	34
PID 2260 wrote to memory of 2956	2260	net.exe	34
PID 2444 wrote to memory of 1240	2444	Logo1_.exe	15
PID 2444 wrote to memory of 1240	2444	Logo1_.exe	15

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1240
- C:\Users\Admin\AppData\Local\Temp\27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe
  "C:\Users\Admin\AppData\Local\Temp\27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2436
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a403B.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe
      "C:\Users\Admin\AppData\Local\Temp\27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe"
      4⤵
      Executes dropped EXE
      PID:2724
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2260
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
48ee00228e77405f1c8a8ab779c66b3b

SHA1
21900c5d606474cd0b23985bfa2af241671e2492

SHA256
ab5b3c90b8f0aed7dea077fdae0aae58ffa3fef27df5cc40922392e9a047cd42

SHA512
ab67a00c1bebf0a62a384fa920f6db10f73eba0e0c303a90ba76879452a0559ae185a1a5bf7e0f85b11360bf3451f48ee36ce619015d5c368833039ad134fccd

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a403B.bat

Filesize
722B

MD5
0a9ece0ee4ec7fe09743157788f54317

SHA1
1d1214334ed5e9a7a9bcab019c0166fb7a8c8860

SHA256
74b359c3653c98618f08ec0e81d3dd37be217c205220a7a6169abf7687b3153f

SHA512
1b065af0527f2113a547e66760ab8930eb3b409fb38bfa2cebce97649eba73d5ad94a82015b9b638fb25f362019fa5239def8a073bc0167a40e15c673cf6ab91

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a403B.bat

Filesize
722B

MD5
0a9ece0ee4ec7fe09743157788f54317

SHA1
1d1214334ed5e9a7a9bcab019c0166fb7a8c8860

SHA256
74b359c3653c98618f08ec0e81d3dd37be217c205220a7a6169abf7687b3153f

SHA512
1b065af0527f2113a547e66760ab8930eb3b409fb38bfa2cebce97649eba73d5ad94a82015b9b638fb25f362019fa5239def8a073bc0167a40e15c673cf6ab91

Download Submit
C:\Users\Admin\AppData\Local\Temp\27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe

Filesize
604KB

MD5
a879a9af3f7d91226e4ad82f9ac6436a

SHA1
b5f2ed114f222fe5c0ba2c9049e9191810905442

SHA256
63f8208e1f2560186063455c8a01f5e41e3ab40280b43c49cd4d557956b25a35

SHA512
688c9dc57cbe707ab42ebbd43a84ac2a7950f887f580bd686b368eecc921b2134689fcacbe8636c641b00d8fdb7d68f77d6439b6a9b0d1e9501e5e8b8324635d

Download Submit
C:\Users\Admin\AppData\Local\Temp\27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe.exe

Filesize
604KB

MD5
a879a9af3f7d91226e4ad82f9ac6436a

SHA1
b5f2ed114f222fe5c0ba2c9049e9191810905442

SHA256
63f8208e1f2560186063455c8a01f5e41e3ab40280b43c49cd4d557956b25a35

SHA512
688c9dc57cbe707ab42ebbd43a84ac2a7950f887f580bd686b368eecc921b2134689fcacbe8636c641b00d8fdb7d68f77d6439b6a9b0d1e9501e5e8b8324635d

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
deeeb79dbcdd21896392c99148c76a1b

SHA1
583ffea0d38c41c7c4ce94dc67c04f8cba670ad0

SHA256
15ddeadbca3438d54d250d169706de6ff313ac3b68e80c13a8466b897153047d

SHA512
1050b72c6faf603c07420e6dd0cd6e49d6b0b695356fa489297d0ad4af7d728fc474d32f71eea895b9a77d15eb405fbf5882cd50afed698593ea23b001320047

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
deeeb79dbcdd21896392c99148c76a1b

SHA1
583ffea0d38c41c7c4ce94dc67c04f8cba670ad0

SHA256
15ddeadbca3438d54d250d169706de6ff313ac3b68e80c13a8466b897153047d

SHA512
1050b72c6faf603c07420e6dd0cd6e49d6b0b695356fa489297d0ad4af7d728fc474d32f71eea895b9a77d15eb405fbf5882cd50afed698593ea23b001320047

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
deeeb79dbcdd21896392c99148c76a1b

SHA1
583ffea0d38c41c7c4ce94dc67c04f8cba670ad0

SHA256
15ddeadbca3438d54d250d169706de6ff313ac3b68e80c13a8466b897153047d

SHA512
1050b72c6faf603c07420e6dd0cd6e49d6b0b695356fa489297d0ad4af7d728fc474d32f71eea895b9a77d15eb405fbf5882cd50afed698593ea23b001320047

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
deeeb79dbcdd21896392c99148c76a1b

SHA1
583ffea0d38c41c7c4ce94dc67c04f8cba670ad0

SHA256
15ddeadbca3438d54d250d169706de6ff313ac3b68e80c13a8466b897153047d

SHA512
1050b72c6faf603c07420e6dd0cd6e49d6b0b695356fa489297d0ad4af7d728fc474d32f71eea895b9a77d15eb405fbf5882cd50afed698593ea23b001320047

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3425689832-2386927309-2650718742-1000\_desktop.ini

Filesize
10B

MD5
964ac8d4b418c88016736343238e671b

SHA1
bb68a3642be99aa9c113d48e397ad6578a3e9953

SHA256
930485019ca5a8337ebfc670ff859a8a828e8d23578a93af9ef0ec302cc4bc2f

SHA512
6e17b4086ac2efc6d57f97534b73f6a1465a75d213d0ddabf113c6b669b452ddac6ac43adeaabc3e67be53f1515fd9ff526f065d472d3f1f9a5fea16a6200846

Download Submit
\Users\Admin\AppData\Local\Temp\27552837e8a2fabd3edbae9fb9f9d0d1306524f84a2c0c5ee03e3130ebd40679.exe

Filesize
604KB

MD5
a879a9af3f7d91226e4ad82f9ac6436a

SHA1
b5f2ed114f222fe5c0ba2c9049e9191810905442

SHA256
63f8208e1f2560186063455c8a01f5e41e3ab40280b43c49cd4d557956b25a35

SHA512
688c9dc57cbe707ab42ebbd43a84ac2a7950f887f580bd686b368eecc921b2134689fcacbe8636c641b00d8fdb7d68f77d6439b6a9b0d1e9501e5e8b8324635d

Download Submit
memory/1240-29-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/2436-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2436-16-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2436-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2444-38-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2444-44-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2444-90-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2444-96-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2444-241-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2444-1849-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2444-31-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2444-3309-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2444-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download