226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-08-2024 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe
Size

81KB
MD5

fb2077bd5a2d8082333044c8fef11f7b
SHA1

e7219a002232d2a760e3695e1ed68602e46b36c2
SHA256

226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432
SHA512

77fbc382a4b6f066e62b83942fc54a79120e8c01a07df61522d58f70ca31ec4a2bf53f6a0b88224d6a2118cd528b965f03d8db1a809be2ebf7442cf4dc4a6654
SSDEEP

1536:pA3SHuJV9NZccXoqKSkFXHM4H5uw/a+q:pAkuJVL+cXoqKSicIa

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1888	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2244	Logo1_.exe
2768	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe

Loads dropped DLL 6 IoCs

pid	Process
1888	cmd.exe
2932	WerFault.exe
2932	WerFault.exe
2932	WerFault.exe
2932	WerFault.exe
2932	WerFault.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EXPEDITN\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Atlantic\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\InfoPathOM\InfoPathOMV12\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SKY\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Mail\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\WinMail.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaw.exe	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\1.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LEVEL\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BabyBlue\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1036\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe
File created	C:\Windows\Logo1_.exe	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2932	2768	WerFault.exe	36

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2244	Logo1_.exe
2244	Logo1_.exe
2244	Logo1_.exe
2244	Logo1_.exe
2244	Logo1_.exe
2244	Logo1_.exe
2244	Logo1_.exe
2244	Logo1_.exe
2244	Logo1_.exe
2244	Logo1_.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1888	1976	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	30
PID 1976 wrote to memory of 1888	1976	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	30
PID 1976 wrote to memory of 1888	1976	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	30
PID 1976 wrote to memory of 1888	1976	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	30
PID 1976 wrote to memory of 2244	1976	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	32
PID 1976 wrote to memory of 2244	1976	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	32
PID 1976 wrote to memory of 2244	1976	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	32
PID 1976 wrote to memory of 2244	1976	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	32
PID 2244 wrote to memory of 1672	2244	Logo1_.exe	33
PID 2244 wrote to memory of 1672	2244	Logo1_.exe	33
PID 2244 wrote to memory of 1672	2244	Logo1_.exe	33
PID 2244 wrote to memory of 1672	2244	Logo1_.exe	33
PID 1672 wrote to memory of 2200	1672	net.exe	35
PID 1672 wrote to memory of 2200	1672	net.exe	35
PID 1672 wrote to memory of 2200	1672	net.exe	35
PID 1672 wrote to memory of 2200	1672	net.exe	35
PID 1888 wrote to memory of 2768	1888	cmd.exe	36
PID 1888 wrote to memory of 2768	1888	cmd.exe	36
PID 1888 wrote to memory of 2768	1888	cmd.exe	36
PID 1888 wrote to memory of 2768	1888	cmd.exe	36
PID 1888 wrote to memory of 2768	1888	cmd.exe	36
PID 1888 wrote to memory of 2768	1888	cmd.exe	36
PID 1888 wrote to memory of 2768	1888	cmd.exe	36
PID 2768 wrote to memory of 2932	2768	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	37
PID 2768 wrote to memory of 2932	2768	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	37
PID 2768 wrote to memory of 2932	2768	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	37
PID 2768 wrote to memory of 2932	2768	226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe	37
PID 2244 wrote to memory of 1200	2244	Logo1_.exe	21
PID 2244 wrote to memory of 1200	2244	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1200
- C:\Users\Admin\AppData\Local\Temp\226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe
  "C:\Users\Admin\AppData\Local\Temp\226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a8DDE.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1888
  - - C:\Users\Admin\AppData\Local\Temp\226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe
      "C:\Users\Admin\AppData\Local\Temp\226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 548
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2932
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2244
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1672
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
746f8de78fb0f5b6cb4c9295bafb8aec

SHA1
f1b846705268d9d76a965c13093dee9d840b990e

SHA256
b0550e768b9025ce493d883e0573fad951cee10d233374c8ccd3bc67b8566e16

SHA512
f8ebff12cab27c01271a8239306a106b205255a3f0cbc2165220e5de50bc2793b4df0b2180c5f195128e3e5d8c8432b224d0cd992e56b7c16074bfd44f3bc00d

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
474KB

MD5
6eabc463f8025a7e6e65f38cba22f126

SHA1
3e430ee5ec01c5509ed750b88d3473e7990dfe95

SHA256
cc8da3ecd355b519d81415d279ed037c725ba221bf323d250aa92ee2b2b88ca7

SHA512
c8fde7026ac8633403bbefee4b044457184388fb7343d8c46f5f7f272724227976bf485ea91da49e2a85dd0cfb73f260ac705d8007333dd3e5539fe5ed67e3ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a8DDE.bat

Filesize
722B

MD5
b4225891d87c70fbc9f2bfc359161776

SHA1
7f540eade0ddac19409ba0b86398a3af95b7cea4

SHA256
4c0c4ed71ca580add854a8f9832737fd9068ebfdb8290b1df8c0a075e8fd7330

SHA512
18ebeb0c3b3f756de3d8c85b10a0c8a98ecc46630acf1df3bfdf4454479b57fde44562a0f35778478125a6fab059e12db2fc4aafab78c3c547801f7f9330f5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\226fe02d796929c60c381721d79c3954cb8aa528b37524e635595eb84933d432.exe.exe

Filesize
52KB

MD5
ab594a013f13b863dfab4631a70d11d8

SHA1
a07ecf665eaf9718a37372bd7590ca04742e663f

SHA256
3013bd7f6f46b2f76c4fe4dc2ea374fa609539d258b2f7b450d9c5e25ef72015

SHA512
8d0ff0883c2a94e7c64eda393572a11b709f2a6d0b701dacc4b792bae3ff6397eaad9693535f8634d003189bda1e76944b2403259c36ba17eb42cf85f82c94e8

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
b5500add829762ff2dc7a543ea060ae3

SHA1
8d8a330081665b1c07b2caf8194c4d833ada1b2e

SHA256
e768fe66128b25403b91b91c0de524286cc487ab6195ecef7420126b7905cda8

SHA512
97026e69e5f159559c1e22f8896a630d1ca469a6b13d65a75acff76354117ead4c518b6174a2aee3d1c4636d63e0ed23b01343879ffb01724dc5c075c1517c4f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1506706701-1246725540-2219210854-1000\_desktop.ini

Filesize
9B

MD5
79a2fb76ad00a8ac07f11b6a179f5297

SHA1
72b4f589fd7945d8c80b370d1d3a1f2467f3eb81

SHA256
2f723e98c3a3556269a4d81d4a27d6a0ab13a84c5ba737493c07354a2608684f

SHA512
3a21c2e60e8e035fb90d428e86bb927077d8354a16f1abc291ccba4a4d7fee4f51cf781fa9202e5602a88ca70a6ba264ac49762100be5f6e09a2ec930e098168

Download Submit
memory/1200-36-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/1976-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1976-16-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2244-99-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2244-39-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2244-46-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2244-53-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2244-105-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2244-1161-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2244-1882-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2244-18-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2244-2651-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2244-3342-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2768-47-0x0000000073D3E000-0x0000000073D3F000-memory.dmp

Filesize
4KB

Download
memory/2768-28-0x0000000073D3E000-0x0000000073D3F000-memory.dmp

Filesize
4KB

Download
memory/2768-29-0x0000000000050000-0x0000000000062000-memory.dmp

Filesize
72KB

Download