b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
23/11/2023, 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe
Size

53KB
MD5

2e34dd0ecf1ec0bdafaf10829df52683
SHA1

d52e9d4efdcf6928ee4cbdcb09c518fac51ce42d
SHA256

b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598
SHA512

3d58dfd45786b2ba1162aecbc1560011fceae1a2d5fe17deef2889f3fa4495517b4c933edc9c69b5106e2ae2e2ecee2d52a47012089d3de95d7f211d0b6d853a
SSDEEP

768:q9n1ODKAaDMG8H92RwZNQSw+JnbmQj3FZJ9Vs9XnsDs+Tw/Y112YbtVYsap3o5vo:o1fgLdQAQfwt7FZJ92BsooAYPJwPo5y7

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2752	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2800	Logo1_.exe
2488	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe

Loads dropped DLL 1 IoCs

pid	Process
2752	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Solutions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ACCWIZ\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Document Parts\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Journal\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SPRING\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\sd\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\cmm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\HWRCustomization\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Mail\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\az\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe
File created	C:\Windows\Logo1_.exe	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2800	Logo1_.exe
2800	Logo1_.exe
2800	Logo1_.exe
2800	Logo1_.exe
2800	Logo1_.exe
2800	Logo1_.exe
2800	Logo1_.exe
2800	Logo1_.exe
2800	Logo1_.exe
2800	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2752	2140	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe	28
PID 2140 wrote to memory of 2752	2140	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe	28
PID 2140 wrote to memory of 2752	2140	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe	28
PID 2140 wrote to memory of 2752	2140	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe	28
PID 2140 wrote to memory of 2800	2140	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe	30
PID 2140 wrote to memory of 2800	2140	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe	30
PID 2140 wrote to memory of 2800	2140	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe	30
PID 2140 wrote to memory of 2800	2140	b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe	30
PID 2800 wrote to memory of 2740	2800	Logo1_.exe	31
PID 2800 wrote to memory of 2740	2800	Logo1_.exe	31
PID 2800 wrote to memory of 2740	2800	Logo1_.exe	31
PID 2800 wrote to memory of 2740	2800	Logo1_.exe	31
PID 2752 wrote to memory of 2488	2752	cmd.exe	33
PID 2752 wrote to memory of 2488	2752	cmd.exe	33
PID 2752 wrote to memory of 2488	2752	cmd.exe	33
PID 2752 wrote to memory of 2488	2752	cmd.exe	33
PID 2740 wrote to memory of 2556	2740	net.exe	34
PID 2740 wrote to memory of 2556	2740	net.exe	34
PID 2740 wrote to memory of 2556	2740	net.exe	34
PID 2740 wrote to memory of 2556	2740	net.exe	34
PID 2800 wrote to memory of 1368	2800	Logo1_.exe	20
PID 2800 wrote to memory of 1368	2800	Logo1_.exe	20

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1368
- C:\Users\Admin\AppData\Local\Temp\b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe
  "C:\Users\Admin\AppData\Local\Temp\b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2140
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a5216.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe
      "C:\Users\Admin\AppData\Local\Temp\b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe"
      4⤵
      Executes dropped EXE
      PID:2488
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
8ce669e0c5c16e39c632994123c0b7ab

SHA1
5edcc020a13794046f13bfe895d38fc14851a913

SHA256
4dd26f92c626b4b76622575336966f31d944aee9a848de1599072656a176a3ae

SHA512
b28a4bca6c759c4fdec69753e7113781d3f025e4b1697ab6a2e1705f40921b35ffe42fd2f858f809c0159789d0884fa416732ced303e5249e617d927f8b8df0d

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
1a0dbecba0dbb963c2f3b0448796d47a

SHA1
5c0b5d378d3614fe984ce2915b5720886992da0c

SHA256
1ea2fb84177a921bc3df4763c3da53a970e192f93f6175d09696ded019e50cf8

SHA512
8e25dc08fa6f280a6bc1ccacb1ce665ab055b5d539f8915915fc7536c90185a221cb0c50a02d34b521b871b8487a155b9c40a5f25df87306e1df24ca7e96da25

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5216.bat

Filesize
722B

MD5
cb03c6ae0eb9f2e59314203eacd63952

SHA1
00d4a755932539525022649abe992fd9dbac0657

SHA256
5ad5e368f72d65894bc390b355fccaac0f279d42a6af5be633e8b8eeceec613b

SHA512
215d629213dba65c03c5efeddd0b1e29bead511996fda0822acba07e970095328008182a9e55b0a71cc1aa458be850dc5e58dfb7b09559a21f59a44eadf0f6a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a5216.bat

Filesize
722B

MD5
cb03c6ae0eb9f2e59314203eacd63952

SHA1
00d4a755932539525022649abe992fd9dbac0657

SHA256
5ad5e368f72d65894bc390b355fccaac0f279d42a6af5be633e8b8eeceec613b

SHA512
215d629213dba65c03c5efeddd0b1e29bead511996fda0822acba07e970095328008182a9e55b0a71cc1aa458be850dc5e58dfb7b09559a21f59a44eadf0f6a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe

Filesize
27KB

MD5
827a092884efbae20acbaa713a5c87c5

SHA1
3edac2e7b2f1adc6701ccc14a99f8050e73eb7b6

SHA256
77ed5d76c4185fa34b444b99859c80d4f5773c4c5a76fecca12abea40f749046

SHA512
25943ce74ea644a7e8a1ceb8157008c39475eec97d5f3bb1d73538f33b1a3ca6cd7cb89f81f15a0239bea35999cb949b8854db4c80f0eb2cf3ff0c2243974731

Download Submit
C:\Users\Admin\AppData\Local\Temp\b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe.exe

Filesize
27KB

MD5
827a092884efbae20acbaa713a5c87c5

SHA1
3edac2e7b2f1adc6701ccc14a99f8050e73eb7b6

SHA256
77ed5d76c4185fa34b444b99859c80d4f5773c4c5a76fecca12abea40f749046

SHA512
25943ce74ea644a7e8a1ceb8157008c39475eec97d5f3bb1d73538f33b1a3ca6cd7cb89f81f15a0239bea35999cb949b8854db4c80f0eb2cf3ff0c2243974731

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
fb302bb3e9a63790b545fbae9cf76e95

SHA1
36a3ff29e20e8c6a98e0ed0b62facf588e0de5c1

SHA256
e431f29fd728f254e78f03cb50ddea4203ab6863abe479d5cd89127a2a2ef391

SHA512
3c7b9db7a7030479e800f51971a223773c249758f4e38cff51214034b207cdcf427005476b3177662060e1d049d23d67627baa0548c16cc4db4236d4126d79b4

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
fb302bb3e9a63790b545fbae9cf76e95

SHA1
36a3ff29e20e8c6a98e0ed0b62facf588e0de5c1

SHA256
e431f29fd728f254e78f03cb50ddea4203ab6863abe479d5cd89127a2a2ef391

SHA512
3c7b9db7a7030479e800f51971a223773c249758f4e38cff51214034b207cdcf427005476b3177662060e1d049d23d67627baa0548c16cc4db4236d4126d79b4

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
fb302bb3e9a63790b545fbae9cf76e95

SHA1
36a3ff29e20e8c6a98e0ed0b62facf588e0de5c1

SHA256
e431f29fd728f254e78f03cb50ddea4203ab6863abe479d5cd89127a2a2ef391

SHA512
3c7b9db7a7030479e800f51971a223773c249758f4e38cff51214034b207cdcf427005476b3177662060e1d049d23d67627baa0548c16cc4db4236d4126d79b4

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
fb302bb3e9a63790b545fbae9cf76e95

SHA1
36a3ff29e20e8c6a98e0ed0b62facf588e0de5c1

SHA256
e431f29fd728f254e78f03cb50ddea4203ab6863abe479d5cd89127a2a2ef391

SHA512
3c7b9db7a7030479e800f51971a223773c249758f4e38cff51214034b207cdcf427005476b3177662060e1d049d23d67627baa0548c16cc4db4236d4126d79b4

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3425689832-2386927309-2650718742-1000\_desktop.ini

Filesize
10B

MD5
1ac6500de33f973231298e1a1e1e7b38

SHA1
ab3a765fb39e758f638f6b49a841300ec61ff961

SHA256
f1e760f9e9b5eaeaa02cb5ca5dfc3ef6a19147a66053ed02ac52b7e2ce05a050

SHA512
25253907de7da7ecca0a76dfd1fb864992bc6bc092f29efb789ec2ad4d70aba377e0e28b4f64f602818ba9aefa83dc3454f07c58efdb90f38e0831354ce53f37

Download Submit
\Users\Admin\AppData\Local\Temp\b0aed24f29b84a824b9e3bb3a84ce386b7c8a25e9a480b29f0b28de023672598.exe

Filesize
27KB

MD5
827a092884efbae20acbaa713a5c87c5

SHA1
3edac2e7b2f1adc6701ccc14a99f8050e73eb7b6

SHA256
77ed5d76c4185fa34b444b99859c80d4f5773c4c5a76fecca12abea40f749046

SHA512
25943ce74ea644a7e8a1ceb8157008c39475eec97d5f3bb1d73538f33b1a3ca6cd7cb89f81f15a0239bea35999cb949b8854db4c80f0eb2cf3ff0c2243974731

Download Submit
memory/1368-29-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2140-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2140-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2140-12-0x00000000001B0000-0x00000000001E4000-memory.dmp

Filesize
208KB

Download
memory/2140-18-0x00000000001B0000-0x00000000001E4000-memory.dmp

Filesize
208KB

Download
memory/2140-39-0x00000000001B0000-0x00000000001E4000-memory.dmp

Filesize
208KB

Download
memory/2800-45-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2800-91-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2800-97-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2800-220-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2800-1850-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2800-38-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2800-3310-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2800-31-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download