5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28/08/2023, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe
Size

105KB
MD5

c7f20f2ea02d32028cb87da47ebbd315
SHA1

926961abea8ed83c57a725ed7393382b276c4e06
SHA256

5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26
SHA512

39eecbf7bdb4f5d4209c114058a884054bf174d83cd30ba7a001c4afbca815e138bd428ff848694261cae089295f6032bd5ea3099f405105ba86c5eb8d2797fd
SSDEEP

1536:s12fgLdQAQfcfymNAge/CfbcTODD1nXiN3Rxr3laihF4O7W:sMftffjmNAgTyODhXs3RxrsijRW

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2900	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2500	Logo1_.exe
2976	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe

Loads dropped DLL 2 IoCs

pid	Process
2900	cmd.exe
2900	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\7-Zip\Lang\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\orbd.exe	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\ext\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\MpCmdRun.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightYellow\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Journal\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Visualizations\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Network Sharing\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Swirl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe
File created	C:\Windows\Logo1_.exe	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2500	Logo1_.exe
2500	Logo1_.exe
2500	Logo1_.exe
2500	Logo1_.exe
2500	Logo1_.exe
2500	Logo1_.exe
2500	Logo1_.exe
2500	Logo1_.exe
2500	Logo1_.exe
2500	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 2900	1580	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe	7
PID 1580 wrote to memory of 2900	1580	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe	7
PID 1580 wrote to memory of 2900	1580	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe	7
PID 1580 wrote to memory of 2900	1580	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe	7
PID 1580 wrote to memory of 2500	1580	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe	5
PID 1580 wrote to memory of 2500	1580	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe	5
PID 1580 wrote to memory of 2500	1580	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe	5
PID 1580 wrote to memory of 2500	1580	5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe	5
PID 2500 wrote to memory of 2904	2500	Logo1_.exe	4
PID 2500 wrote to memory of 2904	2500	Logo1_.exe	4
PID 2500 wrote to memory of 2904	2500	Logo1_.exe	4
PID 2500 wrote to memory of 2904	2500	Logo1_.exe	4
PID 2904 wrote to memory of 1520	2904	net.exe	2
PID 2904 wrote to memory of 1520	2904	net.exe	2
PID 2904 wrote to memory of 1520	2904	net.exe	2
PID 2904 wrote to memory of 1520	2904	net.exe	2
PID 2900 wrote to memory of 2976	2900	cmd.exe	1
PID 2900 wrote to memory of 2976	2900	cmd.exe	1
PID 2900 wrote to memory of 2976	2900	cmd.exe	1
PID 2900 wrote to memory of 2976	2900	cmd.exe	1
PID 2500 wrote to memory of 1400	2500	Logo1_.exe	14
PID 2500 wrote to memory of 1400	2500	Logo1_.exe	14

C:\Users\Admin\AppData\Local\Temp\5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe
"C:\Users\Admin\AppData\Local\Temp\5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe"
1⤵
- Executes dropped EXE
PID:2976

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
1⤵
PID:1520

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2500

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a8CA6.bat
1⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2900

C:\Users\Admin\AppData\Local\Temp\5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe
"C:\Users\Admin\AppData\Local\Temp\5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1580

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
edd7239c5b64ba6848e9f712fd38bb73

SHA1
2a542831454d9d692d8ca9356dc7f53d15c018a0

SHA256
1ac939cbf23f45f7a495703a3d06b5937338a7087812ce04b50fa68108b1a7d8

SHA512
74eb6e5229805edd2d94d6bc4c67df3809d29bf3ffbfa4668d2b2d3ffbbe9948edd2696eaa1211e4763a2f46be88220eb7e040cc30662199b79c949e3bff47bf

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a8CA6.bat

Filesize
722B

MD5
69e279e12e774b7a0c98065cb7d91951

SHA1
038490d5cd0ad37f3de9b243406c9d2b8f90e5dc

SHA256
06e60e7449ede09ac441ab5e3cf38e08d528c60b356beb1d3a67cb7461350960

SHA512
786728a8f2b0fef448b9577e64ba671b6fe8fd1f78822002c250c17929b7f5d6cfdea1a5e951bb5f07af22fb134287646f36825d7bafad644fb17581de072444

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a8CA6.bat

Filesize
722B

MD5
69e279e12e774b7a0c98065cb7d91951

SHA1
038490d5cd0ad37f3de9b243406c9d2b8f90e5dc

SHA256
06e60e7449ede09ac441ab5e3cf38e08d528c60b356beb1d3a67cb7461350960

SHA512
786728a8f2b0fef448b9577e64ba671b6fe8fd1f78822002c250c17929b7f5d6cfdea1a5e951bb5f07af22fb134287646f36825d7bafad644fb17581de072444

Download Submit
C:\Users\Admin\AppData\Local\Temp\5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe

Filesize
79KB

MD5
0eef488df0e3b2ed497315d6ae2111c6

SHA1
dc5764dd42d60a772456fb231327cbfbdd4886e3

SHA256
8f584354d11cc729c0e113c940fce111e881f0fa6c506770759693a5cab7d918

SHA512
105c626d921379ec500e575aeb164ada4852935a54140f123e05c31c5ad707f19921fb842b1ae33f2a0a71b3b30b77312fae5ed24fdc9ccc4580a9952eba52c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe.exe

Filesize
79KB

MD5
0eef488df0e3b2ed497315d6ae2111c6

SHA1
dc5764dd42d60a772456fb231327cbfbdd4886e3

SHA256
8f584354d11cc729c0e113c940fce111e881f0fa6c506770759693a5cab7d918

SHA512
105c626d921379ec500e575aeb164ada4852935a54140f123e05c31c5ad707f19921fb842b1ae33f2a0a71b3b30b77312fae5ed24fdc9ccc4580a9952eba52c8

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
52e4c61229e7c9fe66eb518f3954cbd7

SHA1
2708e1cc9f919dff86a26ded1a976ab43ce9ca9b

SHA256
8a2e2e8530d9a948d83c71df446483bc4da4f965bfe121a98b9df496404d2ca2

SHA512
ecc9eee4615857054a449a597862c52cec3be0cc1ecffc797ed8a2a08520095bd523e9517cf64c65faaed4ce4a6ab9e5da21047301b32c5dbae043e05af5ec64

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
52e4c61229e7c9fe66eb518f3954cbd7

SHA1
2708e1cc9f919dff86a26ded1a976ab43ce9ca9b

SHA256
8a2e2e8530d9a948d83c71df446483bc4da4f965bfe121a98b9df496404d2ca2

SHA512
ecc9eee4615857054a449a597862c52cec3be0cc1ecffc797ed8a2a08520095bd523e9517cf64c65faaed4ce4a6ab9e5da21047301b32c5dbae043e05af5ec64

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
52e4c61229e7c9fe66eb518f3954cbd7

SHA1
2708e1cc9f919dff86a26ded1a976ab43ce9ca9b

SHA256
8a2e2e8530d9a948d83c71df446483bc4da4f965bfe121a98b9df496404d2ca2

SHA512
ecc9eee4615857054a449a597862c52cec3be0cc1ecffc797ed8a2a08520095bd523e9517cf64c65faaed4ce4a6ab9e5da21047301b32c5dbae043e05af5ec64

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
52e4c61229e7c9fe66eb518f3954cbd7

SHA1
2708e1cc9f919dff86a26ded1a976ab43ce9ca9b

SHA256
8a2e2e8530d9a948d83c71df446483bc4da4f965bfe121a98b9df496404d2ca2

SHA512
ecc9eee4615857054a449a597862c52cec3be0cc1ecffc797ed8a2a08520095bd523e9517cf64c65faaed4ce4a6ab9e5da21047301b32c5dbae043e05af5ec64

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-722410544-1258951091-1992882075-1000\_desktop.ini

Filesize
9B

MD5
ec7139d5bb99bcebaf0b91c58a9ec5aa

SHA1
70404362dd74e309722fd282c3492ec95674123c

SHA256
eb17ae1b1de9e95e0d159893048f2de5c1c158467e768cc0ddbaa517c45e0582

SHA512
b0114d8f74b17836819b750cff2b590b652e04bb2dc0e9dc8bffac7ed66bd9ded03cd35abc7fc0fcd0127a994c283dcd162e97e6dd76f5a903ff59e4951dfc48

Download Submit
\Users\Admin\AppData\Local\Temp\5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe

Filesize
79KB

MD5
0eef488df0e3b2ed497315d6ae2111c6

SHA1
dc5764dd42d60a772456fb231327cbfbdd4886e3

SHA256
8f584354d11cc729c0e113c940fce111e881f0fa6c506770759693a5cab7d918

SHA512
105c626d921379ec500e575aeb164ada4852935a54140f123e05c31c5ad707f19921fb842b1ae33f2a0a71b3b30b77312fae5ed24fdc9ccc4580a9952eba52c8

Download Submit
\Users\Admin\AppData\Local\Temp\5a83c17dddf568dfab1205b0df92b596c474460174c77298ff1596ca4d017d26.exe

Filesize
79KB

MD5
0eef488df0e3b2ed497315d6ae2111c6

SHA1
dc5764dd42d60a772456fb231327cbfbdd4886e3

SHA256
8f584354d11cc729c0e113c940fce111e881f0fa6c506770759693a5cab7d918

SHA512
105c626d921379ec500e575aeb164ada4852935a54140f123e05c31c5ad707f19921fb842b1ae33f2a0a71b3b30b77312fae5ed24fdc9ccc4580a9952eba52c8

Download Submit
memory/1400-31-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/1580-21-0x0000000000270000-0x00000000002A4000-memory.dmp

Filesize
208KB

Download
memory/1580-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1580-33-0x0000000000270000-0x00000000002A4000-memory.dmp

Filesize
208KB

Download
memory/1580-20-0x0000000000270000-0x00000000002A4000-memory.dmp

Filesize
208KB

Download
memory/1580-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2500-95-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2500-48-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2500-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2500-101-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2500-177-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2500-1853-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2500-34-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2500-3313-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2500-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download