47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
27/08/2023, 04:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
Size

26KB
MD5

7bb3062b6f5e801b2672a2d65ae97931
SHA1

97ef6f7c5e4534b05c95b3bebf1b331ca9caa094
SHA256

47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541
SHA512

5aad8e727af325d64a7c6a8bb9969b5f92470552532e2795fc00fd92361ee2f2e85c1c9ff9d99ee1a37297e8300d72b31529b53f8cbb6b91bc890fd36de2d855
SSDEEP

768:Zs1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoZw:Z2fgLdQAQfcfymN

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\T:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\R:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\O:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\M:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\K:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\E:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\W:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\P:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\N:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\L:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\V:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\I:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\G:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\Y:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\X:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\U:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\S:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\Q:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\J:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened (read-only)	\??\H:	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaw.exe	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Mozilla Firefox\browser\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Google\Update\Install\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\LC_MESSAGES\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Microsoft Sync Framework\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Network Sharing\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Publisher.en-us\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Stationery\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Windows Defender\en-US\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Javascripts\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Outlook.en-us\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Acrobat\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\DVD Maker\en-US\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\_desktop.ini	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2600	1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe	28
PID 1244 wrote to memory of 2600	1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe	28
PID 1244 wrote to memory of 2600	1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe	28
PID 1244 wrote to memory of 2600	1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe	28
PID 2600 wrote to memory of 2972	2600	net.exe	30
PID 2600 wrote to memory of 2972	2600	net.exe	30
PID 2600 wrote to memory of 2972	2600	net.exe	30
PID 2600 wrote to memory of 2972	2600	net.exe	30
PID 1244 wrote to memory of 1212	1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe	22
PID 1244 wrote to memory of 1212	1244	47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe	22

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1212
- C:\Users\Admin\AppData\Local\Temp\47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe
  "C:\Users\Admin\AppData\Local\Temp\47219947aa603eaffce71b44c846852122cf38c8095fe13c9dabc5d139cf5541.exe"
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1244
- - C:\Windows\SysWOW64\net.exe
    net stop "Kingsoft AntiVirus Service"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
      4⤵
      PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
bc0055f5012653b4153153534d522a42

SHA1
9bbef8bcb6a50053890e121ca461f5af084e9a4f

SHA256
201d3dcbd4438b69da09a82f7b97bb3b8eceb8236b1cbead1817efb6c3c2e98f

SHA512
2f118ffb5787d60c46039a4d394d928367c0b005cbdfb9560bb379be391188f31c986605c52f57ad8b9757b178c3191aa3daf174f6fb2810156c238dd01b7649

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
873KB

MD5
2c4fc79243cba05f7b5af06912c2cad7

SHA1
1d80c044a2b8d40b2c81ba9437a6926960138027

SHA256
3abe75cf00c019e4a06171ca3b0fd6244f3b0ddea27ecbbb52186524b337643c

SHA512
fdd48d5dae5bb7b7d37057f536a79cd04b606d0c48561f19f0f44324637125970247320e9391d97cac265d6ca60189a2de5c3dc4e1b722f61cc44d544ef47a5d

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
99ea9b604a7a734d3087fa6159684c42

SHA1
709fa1068ad4d560fe03e05b68056f1b0bedbfc8

SHA256
3f733f9e6fec7c4165ca8ba41eb23f604a248babe794c4ad2c6c3ce8032aab1c

SHA512
7af8008c7e187f925c62efc97e1891a7a38d089302dba39fbde137fb895e0592847ed0982c824c2075be8e6b95b6ce165ecb848ab85adf53779ebef613410fbb

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4159544280-4273523227-683900707-1000\_desktop.ini

Filesize
9B

MD5
c0232c2f01c543d260713210da47a57b

SHA1
63f2c13c2c5c83091133c2802e69993d52e3ec65

SHA256
278e1b8fd3f40d95faaecf548098b8d9ee4b32e98a8878559c8c8dfcd5cd1197

SHA512
2ccfd67393a63f03f588296bb798d7a7d4ec2ea5d6ac486cb7bdf8a5a66b1df944d8b548f317e58bfe17dea2ae54e536ffe77bc11a43c931f3d10e299ab3fca0

Download Submit
memory/1212-5-0x00000000021C0000-0x00000000021C1000-memory.dmp

Filesize
4KB

Download
memory/1244-66-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-73-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-81-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-1825-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-14-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-3285-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-7-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download