234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
26-08-2023 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe
Size

819KB
MD5

17500fa3d5f63cf1a86f8083b817484b
SHA1

833dbc681e704dfc22bc38254c42aaf9b97b15cb
SHA256

234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261
SHA512

765d742872e2639f8b269df8666d13a629fd649db15a9bcb67056af55323b75c7feedefd4e6a8d30e6800244f6a0d20742b20aca693722ffc49e27ba3b50abe7
SSDEEP

12288:E7+osN4Vtk0zVF6HzERkfGBVrPJxZv6crpKa+Q0M2n9uAnPAW25yYTfDEAfA:E76yLyHY6fGrPJXvd+Qx29uh1yGEAfA

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2400	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2328	Logo1_.exe
2140	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe

Loads dropped DLL 1 IoCs

pid	Process
2400	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sv\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Network Sharing\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\More Games\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DW\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Biscay\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\he\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\Install\_desktop.ini	Logo1_.exe
File created	C:\Program Files\7-Zip\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Mahjong\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\de-DE\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2328	Logo1_.exe
2328	Logo1_.exe
2328	Logo1_.exe
2328	Logo1_.exe
2328	Logo1_.exe
2328	Logo1_.exe
2328	Logo1_.exe
2328	Logo1_.exe
2328	Logo1_.exe
2328	Logo1_.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2140	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2140	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe
2140	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe
2140	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe
2140	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 2400	1568	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe	28
PID 1568 wrote to memory of 2400	1568	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe	28
PID 1568 wrote to memory of 2400	1568	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe	28
PID 1568 wrote to memory of 2400	1568	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe	28
PID 1568 wrote to memory of 2328	1568	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe	30
PID 1568 wrote to memory of 2328	1568	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe	30
PID 1568 wrote to memory of 2328	1568	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe	30
PID 1568 wrote to memory of 2328	1568	234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe	30
PID 2400 wrote to memory of 2140	2400	cmd.exe	32
PID 2400 wrote to memory of 2140	2400	cmd.exe	32
PID 2400 wrote to memory of 2140	2400	cmd.exe	32
PID 2400 wrote to memory of 2140	2400	cmd.exe	32
PID 2328 wrote to memory of 2800	2328	Logo1_.exe	31
PID 2328 wrote to memory of 2800	2328	Logo1_.exe	31
PID 2328 wrote to memory of 2800	2328	Logo1_.exe	31
PID 2328 wrote to memory of 2800	2328	Logo1_.exe	31
PID 2800 wrote to memory of 2992	2800	net.exe	34
PID 2800 wrote to memory of 2992	2800	net.exe	34
PID 2800 wrote to memory of 2992	2800	net.exe	34
PID 2800 wrote to memory of 2992	2800	net.exe	34
PID 2328 wrote to memory of 1256	2328	Logo1_.exe	21
PID 2328 wrote to memory of 1256	2328	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1256
- C:\Users\Admin\AppData\Local\Temp\234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe
  "C:\Users\Admin\AppData\Local\Temp\234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1568
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a75BC.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe
      "C:\Users\Admin\AppData\Local\Temp\234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:2140
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
e29368905a100d96162dcc78c1af61fd

SHA1
d72d6df28ab47529e6f44692566e91ca04a2751f

SHA256
caf1a884e5421d183108d5ea579f65ef2545cfc3e69169bb0f053d49db27ff87

SHA512
1e143cf4d4a93488e2419a940a05b3e60ada76a0e1260d196b46bb3757bd138edfc6fce5c3f5aa9e7ca6daf9af21e35e430c3ee28bd2aa5f0096d4ed6c4000d9

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a75BC.bat

Filesize
722B

MD5
8956c1a6c3f7a189c7e17ee260888936

SHA1
5126b8fbbfedd4d42b7a0f18b1438f98431b7231

SHA256
b77b5747d1e680e3048676e5d517eb8bc18d82b6c6b9e18c09693f1b10225e21

SHA512
5ba45df64c175df04a138c65c74450def85f6a09006f8493405c194ed8e083d6f847036b22ca8bb6f147bcb738e5a107faa85522dbb9877e1d9dfdae72f5253f

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a75BC.bat

Filesize
722B

MD5
8956c1a6c3f7a189c7e17ee260888936

SHA1
5126b8fbbfedd4d42b7a0f18b1438f98431b7231

SHA256
b77b5747d1e680e3048676e5d517eb8bc18d82b6c6b9e18c09693f1b10225e21

SHA512
5ba45df64c175df04a138c65c74450def85f6a09006f8493405c194ed8e083d6f847036b22ca8bb6f147bcb738e5a107faa85522dbb9877e1d9dfdae72f5253f

Download Submit
C:\Users\Admin\AppData\Local\Temp\234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe

Filesize
792KB

MD5
81311d13023830cb0f1373c9ff74ca70

SHA1
29fef76ad974c002ba011223cc5cb57d23b7c8c0

SHA256
63aed075c6f4c7add62c3c50e9487272c5f387290ba5718a56bf579ab5b0da86

SHA512
61172ffe0a48e2ae819615660444f284a05d98ad31e84a70bcf8d8b9bf6d91f89cb87fda6209077eb788a3b6a9137efb7cfa776a2d0595c1dc29fa8da03a9fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe.exe

Filesize
792KB

MD5
81311d13023830cb0f1373c9ff74ca70

SHA1
29fef76ad974c002ba011223cc5cb57d23b7c8c0

SHA256
63aed075c6f4c7add62c3c50e9487272c5f387290ba5718a56bf579ab5b0da86

SHA512
61172ffe0a48e2ae819615660444f284a05d98ad31e84a70bcf8d8b9bf6d91f89cb87fda6209077eb788a3b6a9137efb7cfa776a2d0595c1dc29fa8da03a9fd1

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
de0dae37e3ab0f247fd76004c786aecf

SHA1
91432f8210ec7bf7be785129a7e78c78bc0d9c10

SHA256
ced55110287736a436b221a78374b59a0d7798e3babe3729bebe21f5e69533f0

SHA512
9bfc3a5228cfe4294f0b3ac73591b37925bf48c2366662d63b98837f91348868d17c973314a8472744dc8bb3fa25c22718d5fa8dcd71c8295cba959e0886d21a

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
de0dae37e3ab0f247fd76004c786aecf

SHA1
91432f8210ec7bf7be785129a7e78c78bc0d9c10

SHA256
ced55110287736a436b221a78374b59a0d7798e3babe3729bebe21f5e69533f0

SHA512
9bfc3a5228cfe4294f0b3ac73591b37925bf48c2366662d63b98837f91348868d17c973314a8472744dc8bb3fa25c22718d5fa8dcd71c8295cba959e0886d21a

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
de0dae37e3ab0f247fd76004c786aecf

SHA1
91432f8210ec7bf7be785129a7e78c78bc0d9c10

SHA256
ced55110287736a436b221a78374b59a0d7798e3babe3729bebe21f5e69533f0

SHA512
9bfc3a5228cfe4294f0b3ac73591b37925bf48c2366662d63b98837f91348868d17c973314a8472744dc8bb3fa25c22718d5fa8dcd71c8295cba959e0886d21a

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
de0dae37e3ab0f247fd76004c786aecf

SHA1
91432f8210ec7bf7be785129a7e78c78bc0d9c10

SHA256
ced55110287736a436b221a78374b59a0d7798e3babe3729bebe21f5e69533f0

SHA512
9bfc3a5228cfe4294f0b3ac73591b37925bf48c2366662d63b98837f91348868d17c973314a8472744dc8bb3fa25c22718d5fa8dcd71c8295cba959e0886d21a

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3408354897-1169622894-3874090110-1000\_desktop.ini

Filesize
9B

MD5
f69e51f788b9591cc1a5c32b5d8555e0

SHA1
8690c2639d514f6a56d096f7729496ef0e7dbccf

SHA256
9c946a7ed190442c6c3cab3b0c1324cee605d4e233e75fc2192f4cff06c92c28

SHA512
2db2a58e8a4bb5db019f8a378abf6e12526810029bd9540474ff68cca7e9dc6705f4de550106bfd7f4ba33308da7722c641bb3d5d1b13a2d972609fbb3fb8c34

Download Submit
\Users\Admin\AppData\Local\Temp\234eaad9ff475134113331bb8bc02bde0564c131e84656468d33ff417eeb8261.exe

Filesize
792KB

MD5
81311d13023830cb0f1373c9ff74ca70

SHA1
29fef76ad974c002ba011223cc5cb57d23b7c8c0

SHA256
63aed075c6f4c7add62c3c50e9487272c5f387290ba5718a56bf579ab5b0da86

SHA512
61172ffe0a48e2ae819615660444f284a05d98ad31e84a70bcf8d8b9bf6d91f89cb87fda6209077eb788a3b6a9137efb7cfa776a2d0595c1dc29fa8da03a9fd1

Download Submit
memory/1256-29-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/1568-16-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download
memory/1568-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1568-18-0x00000000003B0000-0x00000000003E4000-memory.dmp

Filesize
208KB

Download
memory/1568-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2328-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2328-92-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2328-98-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2328-1850-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2328-45-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2328-3310-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2328-31-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download