efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728

Analysis

max time kernel
149s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
Size

617KB
MD5

3636319b73b61f34ecba613b999ef420
SHA1

7f740c71f9f9782393fbb57a4b7d07243b6ec0b9
SHA256

efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728
SHA512

bf6dce53e80c75f80dd08f5c03d07cdba7a417c7c5e9e62a84e8ea879e25a7c7788cca968487bae808f7b7c5e38d1da3c5e3ad34027f2ce1c6e2338a6005cc56
SSDEEP

12288:9xtzfl8EmN95SKTifcNjvYRoo1QBPP2E7ZgT7FoyNjGyDe3mjW:9bl8EmN95KkFvEook2E7ivKyNjGyD3W

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exeefb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe

pid process

1656 Logo1_.exe
624 efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1672 cmd.exe

Loads dropped DLL 4 IoCs

Processes:

cmd.exeefb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe

pid	process
1672	cmd.exe
624	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
624	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
624	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\F:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Common Files\DESIGNER\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EURO\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\vi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\lua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SC_Reader.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Acrobat\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.data\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\sd\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Journal\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PROFILE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENFR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\1033\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exeLogo1_.exe

description	ioc	process
File created	C:\Windows\rundl132.exe	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
File created	C:\Windows\Logo1_.exe	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

Logo1_.exe

pid	process
1656	Logo1_.exe
1656	Logo1_.exe
1656	Logo1_.exe
1656	Logo1_.exe
1656	Logo1_.exe
1656	Logo1_.exe
1656	Logo1_.exe
1656	Logo1_.exe
1656	Logo1_.exe
1656	Logo1_.exe

Suspicious use of WriteProcessMemory 25 IoCs

Processes:

efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.execmd.exeLogo1_.exenet.exe

description	pid	process	target process
PID 1836 wrote to memory of 1672	1836	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe	cmd.exe
PID 1836 wrote to memory of 1672	1836	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe	cmd.exe
PID 1836 wrote to memory of 1672	1836	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe	cmd.exe
PID 1836 wrote to memory of 1672	1836	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe	cmd.exe
PID 1836 wrote to memory of 1656	1836	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe	Logo1_.exe
PID 1836 wrote to memory of 1656	1836	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe	Logo1_.exe
PID 1836 wrote to memory of 1656	1836	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe	Logo1_.exe
PID 1836 wrote to memory of 1656	1836	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe	Logo1_.exe
PID 1672 wrote to memory of 624	1672	cmd.exe	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
PID 1672 wrote to memory of 624	1672	cmd.exe	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
PID 1672 wrote to memory of 624	1672	cmd.exe	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
PID 1672 wrote to memory of 624	1672	cmd.exe	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
PID 1672 wrote to memory of 624	1672	cmd.exe	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
PID 1672 wrote to memory of 624	1672	cmd.exe	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
PID 1672 wrote to memory of 624	1672	cmd.exe	efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
PID 1656 wrote to memory of 1792	1656	Logo1_.exe	net.exe
PID 1656 wrote to memory of 1792	1656	Logo1_.exe	net.exe
PID 1656 wrote to memory of 1792	1656	Logo1_.exe	net.exe
PID 1656 wrote to memory of 1792	1656	Logo1_.exe	net.exe
PID 1792 wrote to memory of 892	1792	net.exe	net1.exe
PID 1792 wrote to memory of 892	1792	net.exe	net1.exe
PID 1792 wrote to memory of 892	1792	net.exe	net1.exe
PID 1792 wrote to memory of 892	1792	net.exe	net1.exe
PID 1656 wrote to memory of 1260	1656	Logo1_.exe	Explorer.EXE
PID 1656 wrote to memory of 1260	1656	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
"C:\Users\Admin\AppData\Local\Temp\efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1836

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a5FBD.bat
3⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1672

C:\Users\Admin\AppData\Local\Temp\efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe
"C:\Users\Admin\AppData\Local\Temp\efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:624

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1656

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:1792

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:892

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a5FBD.bat

Filesize
722B

MD5
75e6acc49a53268cfe4e188b7e0aa12b

SHA1
1f133d42d2b9f9c42456fa61d1a8e37d53e4ca02

SHA256
3f0c45af1af5a7cbf95e34b9e5fa4288869d6cbd6a1177f17b59046f46b09fa8

SHA512
38cfb891eaad75a61d8086824c028880f95f588ac2f3f8914349d37f3a29a93ba9a60e1b89b90f61c86993110bde0884da217e8def5601915b14eef16da1d6d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe

Filesize
588KB

MD5
dd0042f0c3b606a6a8b92d49afb18ad6

SHA1
74fbb38fa923a2db686a7492c2c8feb9a23a7be4

SHA256
8d3be4c93d02af5f42ec46af598d6da40c61d467cb2fee5e222f9c1e7a84b852

SHA512
c36cf2e958c532b9d9b7d943f52e92525ceb4b0d41662ff6652f2929c26ce0afc22dff645bd44fd7878d170e0bf2dfa031d5be666e97498e6dcbe5cb113c51ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe.exe

Filesize
588KB

MD5
dd0042f0c3b606a6a8b92d49afb18ad6

SHA1
74fbb38fa923a2db686a7492c2c8feb9a23a7be4

SHA256
8d3be4c93d02af5f42ec46af598d6da40c61d467cb2fee5e222f9c1e7a84b852

SHA512
c36cf2e958c532b9d9b7d943f52e92525ceb4b0d41662ff6652f2929c26ce0afc22dff645bd44fd7878d170e0bf2dfa031d5be666e97498e6dcbe5cb113c51ba

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
486b2ec07e9305329ba6058d9ef9d6b1

SHA1
90aea0a417079569be2dfcd369c92d7c9a016ece

SHA256
57fed882e20017888230812e229df6a0b404777c262c1b56a424dfdc95b91d58

SHA512
91da07899ad08d3f1e9dff3d8af0522ba1cc6bd75dfb1191b4eabfc5099c2e2477b6008f8cea18a366b0e14217d38660258be1d495269ef3caca3a4a4ff2c441

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
486b2ec07e9305329ba6058d9ef9d6b1

SHA1
90aea0a417079569be2dfcd369c92d7c9a016ece

SHA256
57fed882e20017888230812e229df6a0b404777c262c1b56a424dfdc95b91d58

SHA512
91da07899ad08d3f1e9dff3d8af0522ba1cc6bd75dfb1191b4eabfc5099c2e2477b6008f8cea18a366b0e14217d38660258be1d495269ef3caca3a4a4ff2c441

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
486b2ec07e9305329ba6058d9ef9d6b1

SHA1
90aea0a417079569be2dfcd369c92d7c9a016ece

SHA256
57fed882e20017888230812e229df6a0b404777c262c1b56a424dfdc95b91d58

SHA512
91da07899ad08d3f1e9dff3d8af0522ba1cc6bd75dfb1191b4eabfc5099c2e2477b6008f8cea18a366b0e14217d38660258be1d495269ef3caca3a4a4ff2c441

Download Submit
\Users\Admin\AppData\Local\Temp\efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe

Filesize
588KB

MD5
dd0042f0c3b606a6a8b92d49afb18ad6

SHA1
74fbb38fa923a2db686a7492c2c8feb9a23a7be4

SHA256
8d3be4c93d02af5f42ec46af598d6da40c61d467cb2fee5e222f9c1e7a84b852

SHA512
c36cf2e958c532b9d9b7d943f52e92525ceb4b0d41662ff6652f2929c26ce0afc22dff645bd44fd7878d170e0bf2dfa031d5be666e97498e6dcbe5cb113c51ba

Download Submit
\Users\Admin\AppData\Local\Temp\efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe

Filesize
588KB

MD5
dd0042f0c3b606a6a8b92d49afb18ad6

SHA1
74fbb38fa923a2db686a7492c2c8feb9a23a7be4

SHA256
8d3be4c93d02af5f42ec46af598d6da40c61d467cb2fee5e222f9c1e7a84b852

SHA512
c36cf2e958c532b9d9b7d943f52e92525ceb4b0d41662ff6652f2929c26ce0afc22dff645bd44fd7878d170e0bf2dfa031d5be666e97498e6dcbe5cb113c51ba

Download Submit
\Users\Admin\AppData\Local\Temp\efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe

Filesize
588KB

MD5
dd0042f0c3b606a6a8b92d49afb18ad6

SHA1
74fbb38fa923a2db686a7492c2c8feb9a23a7be4

SHA256
8d3be4c93d02af5f42ec46af598d6da40c61d467cb2fee5e222f9c1e7a84b852

SHA512
c36cf2e958c532b9d9b7d943f52e92525ceb4b0d41662ff6652f2929c26ce0afc22dff645bd44fd7878d170e0bf2dfa031d5be666e97498e6dcbe5cb113c51ba

Download Submit
\Users\Admin\AppData\Local\Temp\efb57c2615b89c0335152d9427e447b259c8855270760cd6a25de82b63e89728.exe

Filesize
588KB

MD5
dd0042f0c3b606a6a8b92d49afb18ad6

SHA1
74fbb38fa923a2db686a7492c2c8feb9a23a7be4

SHA256
8d3be4c93d02af5f42ec46af598d6da40c61d467cb2fee5e222f9c1e7a84b852

SHA512
c36cf2e958c532b9d9b7d943f52e92525ceb4b0d41662ff6652f2929c26ce0afc22dff645bd44fd7878d170e0bf2dfa031d5be666e97498e6dcbe5cb113c51ba

Download Submit
memory/624-63-0x0000000000000000-mapping.dmp

Download
memory/624-67-0x0000000075C51000-0x0000000075C53000-memory.dmp

Filesize
8KB

Download
memory/892-68-0x0000000000000000-mapping.dmp

Download
memory/1656-55-0x0000000000000000-mapping.dmp

Download
memory/1656-66-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1656-72-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1672-54-0x0000000000000000-mapping.dmp

Download
memory/1792-64-0x0000000000000000-mapping.dmp

Download
memory/1836-57-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download