552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804

Analysis

max time kernel
149s
max time network
117s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe
Size

1.2MB
MD5

59549e03343a0e7bae882650147b1fc0
SHA1

e03f597de54ad7866f79ece41e264b6a6ad2b923
SHA256

552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804
SHA512

c54a1c114044ef8b94943a636d43afc1580595943c31527f5331b763f6785c0376926015e9f9c972efa437cfd582ecc75c147c0339e8e6c03f548abc97add385
SSDEEP

24576:q7pQ+wJjp6usvOfswwEp1Uk7tGt2TpPjMOHdHWOy+8svvPJwx3:q7pQNJj8u8bwb1Uftq1AwcO2svmJ

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2380	cmd.exe

Executes dropped EXE 3 IoCs

pid	Process
2004	Logo1_.exe
2584	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe
2616	update.exe

Loads dropped DLL 8 IoCs

pid	Process
2380	cmd.exe
2380	cmd.exe
2584	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe
2584	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe
2616	update.exe
2616	update.exe
2616	update.exe
2616	update.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\IRIS\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Servers\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\3082\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Stationery\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOICONS.EXE	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cgg\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\it-IT\_desktop.ini	Logo1_.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File opened for modification	C:\Windows\setupapi.log	update.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2004	Logo1_.exe
2004	Logo1_.exe
2004	Logo1_.exe
2004	Logo1_.exe
2004	Logo1_.exe
2004	Logo1_.exe
2004	Logo1_.exe
2004	Logo1_.exe
2004	Logo1_.exe
2004	Logo1_.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2380	3024	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	28
PID 3024 wrote to memory of 2380	3024	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	28
PID 3024 wrote to memory of 2380	3024	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	28
PID 3024 wrote to memory of 2380	3024	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	28
PID 3024 wrote to memory of 2004	3024	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	29
PID 3024 wrote to memory of 2004	3024	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	29
PID 3024 wrote to memory of 2004	3024	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	29
PID 3024 wrote to memory of 2004	3024	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	29
PID 2004 wrote to memory of 1168	2004	Logo1_.exe	30
PID 2004 wrote to memory of 1168	2004	Logo1_.exe	30
PID 2004 wrote to memory of 1168	2004	Logo1_.exe	30
PID 2004 wrote to memory of 1168	2004	Logo1_.exe	30
PID 1168 wrote to memory of 2604	1168	net.exe	33
PID 1168 wrote to memory of 2604	1168	net.exe	33
PID 1168 wrote to memory of 2604	1168	net.exe	33
PID 1168 wrote to memory of 2604	1168	net.exe	33
PID 2380 wrote to memory of 2584	2380	cmd.exe	34
PID 2380 wrote to memory of 2584	2380	cmd.exe	34
PID 2380 wrote to memory of 2584	2380	cmd.exe	34
PID 2380 wrote to memory of 2584	2380	cmd.exe	34
PID 2380 wrote to memory of 2584	2380	cmd.exe	34
PID 2380 wrote to memory of 2584	2380	cmd.exe	34
PID 2380 wrote to memory of 2584	2380	cmd.exe	34
PID 2584 wrote to memory of 2616	2584	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	35
PID 2584 wrote to memory of 2616	2584	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	35
PID 2584 wrote to memory of 2616	2584	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	35
PID 2584 wrote to memory of 2616	2584	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	35
PID 2584 wrote to memory of 2616	2584	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	35
PID 2584 wrote to memory of 2616	2584	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	35
PID 2584 wrote to memory of 2616	2584	552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe	35
PID 2004 wrote to memory of 1200	2004	Logo1_.exe	21
PID 2004 wrote to memory of 1200	2004	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1200
- C:\Users\Admin\AppData\Local\Temp\552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe
  "C:\Users\Admin\AppData\Local\Temp\552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1545.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe
      "C:\Users\Admin\AppData\Local\Temp\552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2584
    - - \??\c:\a28a4cca1881b99693c703\update\update.exe
        
        c:\a28a4cca1881b99693c703\update\update.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Windows directory
        
        PID:2616
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2004
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1168
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
2e5fdaca779aed13d2e12d75790d0061

SHA1
c16ffd8e12c5b1b0155bb3850446c02ba1fc7da9

SHA256
a09916031169ddff5e3ea3b3ef3bf2c5c5e5416c57e39a1c6d70b4255fcf0386

SHA512
cfbd0b2f09c0169c53dcf2717f1ca007771ae19de67fc6b44359bdd251a1cf7ca300984399e55d7697fc10bb06228ee665a596c9a822f81c470d0ec63cd7b1fc

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
99ea9b604a7a734d3087fa6159684c42

SHA1
709fa1068ad4d560fe03e05b68056f1b0bedbfc8

SHA256
3f733f9e6fec7c4165ca8ba41eb23f604a248babe794c4ad2c6c3ce8032aab1c

SHA512
7af8008c7e187f925c62efc97e1891a7a38d089302dba39fbde137fb895e0592847ed0982c824c2075be8e6b95b6ce165ecb848ab85adf53779ebef613410fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a1545.bat

Filesize
722B

MD5
dcf13bf70682b092bb887a86632fe054

SHA1
3b4d115d960c7f7ec606c3e1e4c8836e33441458

SHA256
365c30ee2d44cdb919976bbf4631749a526f7da8ac18d60f2ee0e7219775a4bc

SHA512
ea25149515c99ac5e2905ba742c67534e7866dbf55a7b5ff751236a62d4000d6696a4df946d5aca856b9faba23c2965fb6ac2df1a5b7986d48dbe135224a367f

Download Submit
C:\Users\Admin\AppData\Local\Temp\552b314058f6d5e749ef545a70e29b8ef1064c9ed279c013ada72065f374f804.exe.exe

Filesize
1.2MB

MD5
53f5ccbe5fe06c3b40cc9e34ac909df7

SHA1
53c18652ac2f8a51303deb48a1b7abbdb1db427f

SHA256
196868b09d87ae04e4ab42b4a3e0abbb160500e8ff13deb38e2956ee854868b1

SHA512
e3f8a50cec53e150fbe62dcaace343336e2cc0d97cd52a2eafe050bf5d02fd8ec6dad2f913f84dc3d6cb3dbcb8074070e3c1fd29ccdb0a40f53158237e056ab9

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
7f1a318b813b5ff794963da6ce837e93

SHA1
4e384f63d235b29d7e0f6c044fd0b2615d1c03dd

SHA256
b8dd7154aaba311f2b245ca4803e25f240186ccafe75347c2175b7ab17c38833

SHA512
9e5f7fe580629e1ca373abc27a7f3023f14d477c3947ef11c880de284ad3e681fe077a12f537d6e22bb14f322db4e2e90ca8f2078cd03f7e1c9ec1c280c36cc7

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2248906074-2862704502-246302768-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
\??\c:\a28a4cca1881b99693c703\update\UPDSPAPI.dll

Filesize
370KB

MD5
8bd49e73d58ca387b7b5e9d4fd0fe0cf

SHA1
4f02de05b58f3c6601e4a84dd755c9c59cf3736c

SHA256
56e9579a2dc53fecfb54adac7d92a935e196e7e6c8b5cd812b9412303e1fccdd

SHA512
1a8c93fffccb946bb4a9db78782af819b565c9db5f3668cda90b1c5e4a142d9fe5c3ae30446b910d152fcc7a60e7bde9529cf434c827d4fdc4a9d44bbfe0b47b

Download Submit
\??\c:\a28a4cca1881b99693c703\update\updatebr.inf

Filesize
226B

MD5
7ac542f123f07b5c120378c525396ab5

SHA1
023fbb67777e33ed7ca2fdd48c55c1fb03cf723a

SHA256
60836a0db93476ea393983dbdbbb139c496360ef391d53e9fd81f3fc277b9c02

SHA512
30cbe7a9c9ac40d28a30082ac508b4dc946cbdbb378b4b3584111367281d7b497edd2746faf70217ec0e7e31f468c77f6f1644d5909a33c8fc94132ca4f7be00

Download Submit
\a28a4cca1881b99693c703\update\update.exe

Filesize
724KB

MD5
d2c47c22a213aa04336f9ed8a5444865

SHA1
d345140eb433a8c5df491741211c4df35d7404f8

SHA256
6b9ce67765c4948b34e648b483a049abd36f3f64646f6b599cdbaed79274e813

SHA512
b5dfa51810fb4867d8bde33d46b1ccb6ff591bfb302b824b74470caf13279f3149a9428f402f622f3c342a5bb5dbff3a285cdda10999295e7a186caaf9338453

Download Submit
memory/1200-59-0x0000000002DC0000-0x0000000002DC1000-memory.dmp

Filesize
4KB

Download
memory/2004-88-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2004-75-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2004-82-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2004-134-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2004-140-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2004-1184-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2004-1893-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2004-3352-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2004-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3024-16-0x00000000003A0000-0x00000000003D4000-memory.dmp

Filesize
208KB

Download
memory/3024-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3024-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3024-21-0x00000000003A0000-0x00000000003D4000-memory.dmp

Filesize
208KB

Download