b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 22:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe
Size

683KB
MD5

953493f38b60389250b5e0860dfb0b74
SHA1

be78812e2623df7c518e79bbb374e97ea1041fc6
SHA256

b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487
SHA512

006ae9badaaaf647eb9ec1e9f546ec732e07545f13516c78178548f91bb61fd8b40d04e8df7421072fc72efa092e740ea7fa6098bfee9e01e022ba94ef41312b
SSDEEP

12288:67+rX+9w78ram/BfkkHQ08KsRsVzaVtSCUcoMk:67fkAhQ0bsRsVzctSC/o

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2168	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2264	Logo1_.exe
2860	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe

Loads dropped DLL 2 IoCs

pid	Process
2168	cmd.exe
2168	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\Components\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\FAX\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\BrightYellow\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\extensions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\VSTA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2264	Logo1_.exe
2264	Logo1_.exe
2264	Logo1_.exe
2264	Logo1_.exe
2264	Logo1_.exe
2264	Logo1_.exe
2264	Logo1_.exe
2264	Logo1_.exe
2264	Logo1_.exe
2264	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2168	2480	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe	30
PID 2480 wrote to memory of 2168	2480	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe	30
PID 2480 wrote to memory of 2168	2480	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe	30
PID 2480 wrote to memory of 2168	2480	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe	30
PID 2480 wrote to memory of 2264	2480	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe	31
PID 2480 wrote to memory of 2264	2480	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe	31
PID 2480 wrote to memory of 2264	2480	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe	31
PID 2480 wrote to memory of 2264	2480	b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe	31
PID 2264 wrote to memory of 2788	2264	Logo1_.exe	33
PID 2264 wrote to memory of 2788	2264	Logo1_.exe	33
PID 2264 wrote to memory of 2788	2264	Logo1_.exe	33
PID 2264 wrote to memory of 2788	2264	Logo1_.exe	33
PID 2788 wrote to memory of 2856	2788	net.exe	35
PID 2788 wrote to memory of 2856	2788	net.exe	35
PID 2788 wrote to memory of 2856	2788	net.exe	35
PID 2788 wrote to memory of 2856	2788	net.exe	35
PID 2168 wrote to memory of 2860	2168	cmd.exe	36
PID 2168 wrote to memory of 2860	2168	cmd.exe	36
PID 2168 wrote to memory of 2860	2168	cmd.exe	36
PID 2168 wrote to memory of 2860	2168	cmd.exe	36
PID 2264 wrote to memory of 1252	2264	Logo1_.exe	21
PID 2264 wrote to memory of 1252	2264	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1252
- C:\Users\Admin\AppData\Local\Temp\b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe
  "C:\Users\Admin\AppData\Local\Temp\b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$aEB58.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe
      "C:\Users\Admin\AppData\Local\Temp\b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2860
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2788
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
854089a16fd0c4536cba939b68a98abd

SHA1
21cbe4f8ed3dc625893e8a0f4fb4bc58aa2ee416

SHA256
aa180d32892050735a6d65dab08c9b909696f7c8ba4fad078d3275bc2df35ca4

SHA512
9e62d9a03694cea549ec1104e4f054df36ee6f7f01a5e364777babc03aa00dc6476e78eb8be7722bfeb53d463b60560c50707135e90feeeecbcbb31d623272e8

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aEB58.bat

Filesize
722B

MD5
2b3952c66f047d4e782e17c9f9527753

SHA1
6b81b492ffd3a3dc512898090edb7db63a9dc201

SHA256
7f1d1a3413c884857ccc79c5f6c37c7b85872623de81052a3d53410036cff700

SHA512
0227bf2fa35cd515f839c8990220393acfeffafb99b018e13e8ef50c70f06b02522afcc003b01bdf859843a519ed8dd62ca5f674983aa708770f96fddf0c32b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\b5bd77c874fcb03bce84fc8b0c3e12a12f71005424c21b566d0aa7ca55dba487.exe.exe

Filesize
657KB

MD5
e12f1573bbbf4fdbdb6098b7bd29b7e6

SHA1
1d60a1221943ad232711b6a386975408c6b643b8

SHA256
148aaa37cf09b1c4e7e77260f68508764453024cf9459a516391dbe0c05725e8

SHA512
5df38b90d6063aa44d9afd1e2a46b7ab769a31551280d8b1bb930772b7d3610df6ebf3e43c76789340c4fab70ed34b02f45a0891a4834df06e8a33f810c175a4

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
124d94cf184d582ecb41f289161354a9

SHA1
39aa3c128897ac70bb643a62a2c3626bf8486ce9

SHA256
ec960aa28d0a480b70df60617c52d0b7d82d5234003254a2aac7b62339824239

SHA512
04169d2cc456c4ddd1ea3640d408426191ff3879774fe235e61a0d4f612939fbd6e5833070ba9f9bd081de37eecf5b48c08beee41afa6fdc2de4b424bec45c30

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2212144002-1172735686-1556890956-1000\_desktop.ini

Filesize
9B

MD5
79a2fb76ad00a8ac07f11b6a179f5297

SHA1
72b4f589fd7945d8c80b370d1d3a1f2467f3eb81

SHA256
2f723e98c3a3556269a4d81d4a27d6a0ab13a84c5ba737493c07354a2608684f

SHA512
3a21c2e60e8e035fb90d428e86bb927077d8354a16f1abc291ccba4a4d7fee4f51cf781fa9202e5602a88ca70a6ba264ac49762100be5f6e09a2ec930e098168

Download Submit
memory/1252-32-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download
memory/2264-51-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2264-99-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2264-34-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2264-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2264-3349-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2264-1887-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2264-460-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2264-109-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2480-19-0x00000000003A0000-0x00000000003D4000-memory.dmp

Filesize
208KB

Download
memory/2480-12-0x00000000003A0000-0x00000000003D4000-memory.dmp

Filesize
208KB

Download
memory/2480-17-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2480-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2860-100-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-461-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-102-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-108-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-54-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-110-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-52-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-30-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2860-46-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-1888-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-1890-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-44-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2860-43-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-3350-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-3352-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/2860-35-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download