decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe
Size

2.1MB
MD5

bdd5b588b161a51dd54a3e9f4c933310
SHA1

e42907ce9f128b1901a370e814754574ebc3faa2
SHA256

decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e
SHA512

30f9c349c28d263f0041f3e19ba230fe96a60fba87c6664eddfd93ce67a593c9f87554774004e93e01018cf99d8fa32e8443848850cb78247996a61913777852
SSDEEP

49152:G7UitFvogMYoqeKa8KJvi2ykvmdNpOXW7mX5XPjkZB9qX6:dinoVqeKiA2qdCXWG5XPjkZBoX6

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2788	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2772	Logo1_.exe
2644	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe

Loads dropped DLL 6 IoCs

pid	Process
2788	cmd.exe
2644	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe
2644	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe
2644	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe
2644	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe
2644	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\Debugger\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1031\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Computers\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ff\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft.NET\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateBroker.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe
File created	C:\Windows\Logo1_.exe	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x003200000001630b-22.dat	nsis_installer_1
behavioral1/files/0x003200000001630b-22.dat	nsis_installer_2

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2772	Logo1_.exe
2772	Logo1_.exe
2772	Logo1_.exe
2772	Logo1_.exe
2772	Logo1_.exe
2772	Logo1_.exe
2772	Logo1_.exe
2772	Logo1_.exe
2772	Logo1_.exe
2772	Logo1_.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2644	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 2788	2832	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe	28
PID 2832 wrote to memory of 2788	2832	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe	28
PID 2832 wrote to memory of 2788	2832	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe	28
PID 2832 wrote to memory of 2788	2832	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe	28
PID 2832 wrote to memory of 2772	2832	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe	29
PID 2832 wrote to memory of 2772	2832	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe	29
PID 2832 wrote to memory of 2772	2832	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe	29
PID 2832 wrote to memory of 2772	2832	decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe	29
PID 2788 wrote to memory of 2644	2788	cmd.exe	32
PID 2788 wrote to memory of 2644	2788	cmd.exe	32
PID 2788 wrote to memory of 2644	2788	cmd.exe	32
PID 2788 wrote to memory of 2644	2788	cmd.exe	32
PID 2788 wrote to memory of 2644	2788	cmd.exe	32
PID 2788 wrote to memory of 2644	2788	cmd.exe	32
PID 2788 wrote to memory of 2644	2788	cmd.exe	32
PID 2772 wrote to memory of 2632	2772	Logo1_.exe	31
PID 2772 wrote to memory of 2632	2772	Logo1_.exe	31
PID 2772 wrote to memory of 2632	2772	Logo1_.exe	31
PID 2772 wrote to memory of 2632	2772	Logo1_.exe	31
PID 2632 wrote to memory of 2512	2632	net.exe	34
PID 2632 wrote to memory of 2512	2632	net.exe	34
PID 2632 wrote to memory of 2512	2632	net.exe	34
PID 2632 wrote to memory of 2512	2632	net.exe	34
PID 2772 wrote to memory of 1200	2772	Logo1_.exe	21
PID 2772 wrote to memory of 1200	2772	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1200
- C:\Users\Admin\AppData\Local\Temp\decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe
  "C:\Users\Admin\AppData\Local\Temp\decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a311E.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe
      "C:\Users\Admin\AppData\Local\Temp\decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: GetForegroundWindowSpam
      PID:2644
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
5eba4680d4eebf14625ab65f5dd70cef

SHA1
22651f51e8d06d14411add1ba9a03444a713d6ae

SHA256
993a84268386b7f0968ae7bb9ec37d797d3b3e1babc0e03eb93ede3525049382

SHA512
e48cd696c9563117e1d78337992aa923eba7f819ad327c348d1ce753617f9e43114ed6e64937d274383fe66d56e775edad03e05c7e686981152b662926fc32be

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
c6c8fde27f649c91ddaab8cb9ca344a6

SHA1
5e4865aec432a18107182f47edda176e8c566152

SHA256
32c3fed53bfc1d890e9bd1d771fdc7e2c81480e03f1425bce07b4045a192d100

SHA512
a8df7d1e852d871d7f16bae10c4ff049359583da88cc85a039f0298525839040d5363ce5ef4cbdb92a12a25785f73df83cf0df07752b78e6e6444f32160a2155

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a311E.bat

Filesize
722B

MD5
bfc2fe9aa33106bb5ffdfa3ca4f47826

SHA1
62f6b8aba7b585211706e063a93f7cd75399f770

SHA256
d2dfd72d68f345fb50787de1173451315215fd047d2e09d2e8bc11cfa778add2

SHA512
a5a57a4f5e63a422dd53863d3beed7a8c9ba4355d46737ebf41d1ce97ef7667dd93dce2b051b4ba44f9ee5fe4b3ceaab1e315acab06044c1b93a0843ef7d2c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\decf3fcdea2cc7b8a499606fe0c0608a32daf542b8c9dece8da8a85ebcd9a68e.exe.exe

Filesize
2.0MB

MD5
a69ea69919aeae2d563f23bc6c97f179

SHA1
1a1f9d631573ec52e438a0730bd3b09ae8caebe2

SHA256
4b14a8f3096ed929d94756a8003a2d5c75e41268e02453214410e2d6503c86f6

SHA512
ddadc2df257f33eeaa3ec616f9eb3b20f86740d00ed946d338524db16bfc46c3b8a30ae1147a614a874cd4ddd5fd54cf175932f2acc9ec61a25c367d6fe1352d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3381.tmp\ioSpecial.ini

Filesize
728B

MD5
137c4bb597bb87191881b139a28d2515

SHA1
798430924b72b7df578e3e4b73f988fd255fe0dc

SHA256
448f286e1b47e913d09311c39431e2817f94153226adc2f12294484ecdf7d4f9

SHA512
e5e95c2a688c58f6500cedc7e4590767309dd6b912d255b723ba5f42c6e511882963b5d5cc7778a6744c7224a060d2a5e8eaa549c62f5235ee0b0bb4a69b0324

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
acc80e286f75b7b56c346fd4f2be6dd3

SHA1
b30f317400d4d51d47844f4e243e541179aca02a

SHA256
bea45eb5ffc6d0e209f96a3a84e4d78770af77041469ea916a42cadab3f9ff9e

SHA512
7ba7b60bba498579562d3c2bdc47fb09888212434a86308cc05478084f0b96d889de00627bf6fc47e2088b49d1d9ccea58c2b4cfbfea24b09a8e4c9000097a4d

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1298544033-3225604241-2703760938-1000\_desktop.ini

Filesize
8B

MD5
d970a2bfcaa076939c06270d1a48dec8

SHA1
7a558f4d64c3e98bcfd2af83f28e6fbd207a39e1

SHA256
bdc6872f9a0a011a670907f0fedad9b88e283c5af545cf9f6bd73c3709967d44

SHA512
ea4c16930628455852ce343f8ae248b6df869b8da10b10928ebb802129f73d9761971811de317c7d3121b815340027782ec15d385d1d2d7df8fd0a46b62974c2

Download Submit
\Users\Admin\AppData\Local\Temp\nst3381.tmp\InstallOptions.dll

Filesize
14KB

MD5
107737e3282fefd85684f2fa3df6d1c3

SHA1
3befbcae116a644ae28cebdc1d7dfe6be5c8ca5f

SHA256
21042be362d4073053bffcc90511b3ecf77902243525b56bb159581b5ece43a0

SHA512
439ac2f3066902e08d63dc3061f55063089857e765feb29fe47ba5819a9bebdff3fe2fe55fc8bfcfddb729d340f006ee95b5aa4422d712f9dcc07cc02ec410b4

Download Submit
\Users\Admin\AppData\Local\Temp\nst3381.tmp\LangDLL.dll

Filesize
5KB

MD5
9530f18694fca38d744280f34ae08d41

SHA1
00aaedf6e5dab916dc9f1281cae0bb4f207dbd8b

SHA256
88d3bebbc9b98f393be97d8d984696ab860e5ad59ea85036c8276e91ecf9eda0

SHA512
e7682d601e585b2fd6a47d4c7a3895e8bb3c2c1ac80aaae78ee9ff896b37ed91cb4371ba8e8631e176ed8486ee00574f62688c460aa6173b669f9c853370ff9e

Download Submit
memory/1200-39-0x0000000002F80000-0x0000000002F81000-memory.dmp

Filesize
4KB

Download
memory/2772-131-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2772-118-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2772-125-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2772-177-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2772-183-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2772-293-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2772-1937-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2772-3397-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2772-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2832-16-0x00000000002A0000-0x00000000002D4000-memory.dmp

Filesize
208KB

Download
memory/2832-17-0x00000000002A0000-0x00000000002D4000-memory.dmp

Filesize
208KB

Download
memory/2832-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2832-18-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download