47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe
Size

577KB
MD5

c5a3b44ea543351c4ed6f327c16cfb0a
SHA1

a9efb7b530f6c7d796fe4af7b1f88919cc2d3787
SHA256

47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834
SHA512

83921fc1464610c6ea640505ba9a797d07815a57e676af5b803ac8de17fa9fb274b88fd90f9674c258c6b0ee4a603b925fed0c16e495a3eef25f9f6909387f8f
SSDEEP

6144:RVuJTI79NH//QYLq2wNf2lGEz9QqSkZf6UD:eIrH//Q12Un69QhkZT

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1444	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2248	Logo1_.exe
2252	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe

Loads dropped DLL 3 IoCs

pid	Process
1444	cmd.exe
1444	cmd.exe
2908	dw20.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\images\cursors\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\sd\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Portable Devices\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\SIGNUP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\rmid.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BabyBlue\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\is\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\More Games\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\Fancy\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe
File created	C:\Windows\Logo1_.exe	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dw20.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2248	Logo1_.exe
2248	Logo1_.exe
2248	Logo1_.exe
2248	Logo1_.exe
2248	Logo1_.exe
2248	Logo1_.exe
2248	Logo1_.exe
2248	Logo1_.exe
2248	Logo1_.exe
2248	Logo1_.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1444	2084	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	31
PID 2084 wrote to memory of 1444	2084	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	31
PID 2084 wrote to memory of 1444	2084	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	31
PID 2084 wrote to memory of 1444	2084	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	31
PID 2084 wrote to memory of 2248	2084	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	32
PID 2084 wrote to memory of 2248	2084	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	32
PID 2084 wrote to memory of 2248	2084	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	32
PID 2084 wrote to memory of 2248	2084	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	32
PID 2248 wrote to memory of 3060	2248	Logo1_.exe	34
PID 2248 wrote to memory of 3060	2248	Logo1_.exe	34
PID 2248 wrote to memory of 3060	2248	Logo1_.exe	34
PID 2248 wrote to memory of 3060	2248	Logo1_.exe	34
PID 1444 wrote to memory of 2252	1444	cmd.exe	36
PID 1444 wrote to memory of 2252	1444	cmd.exe	36
PID 1444 wrote to memory of 2252	1444	cmd.exe	36
PID 1444 wrote to memory of 2252	1444	cmd.exe	36
PID 3060 wrote to memory of 2780	3060	net.exe	37
PID 3060 wrote to memory of 2780	3060	net.exe	37
PID 3060 wrote to memory of 2780	3060	net.exe	37
PID 3060 wrote to memory of 2780	3060	net.exe	37
PID 2252 wrote to memory of 2908	2252	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	38
PID 2252 wrote to memory of 2908	2252	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	38
PID 2252 wrote to memory of 2908	2252	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	38
PID 2252 wrote to memory of 2908	2252	47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe	38
PID 2248 wrote to memory of 1188	2248	Logo1_.exe	21
PID 2248 wrote to memory of 1188	2248	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1188
- C:\Users\Admin\AppData\Local\Temp\47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe
  "C:\Users\Admin\AppData\Local\Temp\47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$aDD83.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe
      "C:\Users\Admin\AppData\Local\Temp\47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2252
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
        
        dw20.exe -x -s 412
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2908
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2248
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3060
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
bd1c5f10a79541124a32209a82776583

SHA1
199f2135cd82c469b7d9d02b851e7eef3e5ef9b6

SHA256
4bc8149c1af0c33db3cf7ce59b78e6a0562c2e58f55de50cca71296f990068fe

SHA512
501cbf5c830a6169c0555540fc2f2eb30d08737879e28ddf71e262a8c8586958c5ff87b64cc55c5a74923c2ec12f8a7af2e2d7386df87e62eada14853c88d8c0

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
474KB

MD5
17e5de36cf448d652adab881a4557ec2

SHA1
c45337444120f4cc4a9a65b2bee63cd61618ca2a

SHA256
32568fb07078e0d4e77efac9ad862454dba63de5c5f920d9a14de709372f2430

SHA512
22678c9ca2d70d9a3377d1f2c6c91d7649adcaccee564acdf1bd6373e60f13f6e21fc09feed5b590475889996287961a1450542741ef0888a4a0b5e9c9812b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aDD83.bat

Filesize
722B

MD5
8e52914bb1a273bda309200312d7e16a

SHA1
eb176e70032730082af4a0aa5ea924abc2dfbc2e

SHA256
baa1c63bac8808aadf38c224d6e2f6f8261acb77e77807a6540a2517ca8cd017

SHA512
6f43d97f1b1b77c0a600728346ccd25e462904b4236bd57ccc4082277c8699f3a57f9ec9571cfa06045d771708b074d800b2b137516cda77a97ea0c0facb6cfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\47a3c9fcb4a059cf7ef91367307b86ce502550c03f7d64b18f6a7afdb6c5c834.exe.exe

Filesize
548KB

MD5
99f5ad280275b636ca54950ef479e41f

SHA1
5b3444cee5ba2eedbf176557ef80bc3be9f2e612

SHA256
0da0e49fb3d4e6861a71466def49924841a478ab3d1798730f51b2c6421c20b2

SHA512
22ed742d47ce75e11b49af8aaa7e8ff98e36d41ae9c58563d5f3cd23d29e1a5833a887ad0487ad6715e23fcae506db0f9421263b5431fdcbffb3b6cd7e15d4d3

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
e60d42b1d6a0f2cad24978c2b6d1f97b

SHA1
475ffcfa24cc1592f4df365e812de3cc9b7fab1e

SHA256
0659547e92dee1b004fe2e5892411d4b6aa740a76fc0830f968b75527c1a5b55

SHA512
fa2ca1553e4351657355646090a4ee23a14e3c68f01516aff097f9b119736205f5dde54630f0dd141ec8eaf8e5f4e4c08e8989801863b14879043b715838b25d

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1846800975-3917212583-2893086201-1000\_desktop.ini

Filesize
8B

MD5
646a1be8fae9210cfba53ee1aab14c96

SHA1
8677ff347131a9c8304f10b48012ebd8b075030c

SHA256
660d57a3dc71884e70a9cbd6ca26d02872f4706abeb098c6d35f6b217462edf5

SHA512
812b716a422628d486a4c78c66a85c641f13976537fbd452e14fab9a6c440b442632df04de8437c485c9c8164e3b3499201d3dbe681b36fe6bec749df1ab75e4

Download Submit
memory/1188-35-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

Filesize
4KB

Download
memory/2084-17-0x0000000000220000-0x0000000000256000-memory.dmp

Filesize
216KB

Download
memory/2084-16-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2084-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2248-38-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2248-1883-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2248-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2248-3343-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2248-712-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2248-48-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2248-54-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2248-100-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2248-106-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2252-31-0x0000000074CD0000-0x000000007527B000-memory.dmp

Filesize
5.7MB

Download
memory/2252-32-0x0000000074CD0000-0x000000007527B000-memory.dmp

Filesize
5.7MB

Download
memory/2252-30-0x0000000074CD1000-0x0000000074CD2000-memory.dmp

Filesize
4KB

Download
memory/2252-40-0x0000000074CD0000-0x000000007527B000-memory.dmp

Filesize
5.7MB

Download
memory/2252-39-0x0000000074CD1000-0x0000000074CD2000-memory.dmp

Filesize
4KB

Download