055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28/08/2023, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe
Size

97KB
MD5

11c5b899bc2eec52ed990a8013e7ef10
SHA1

f6eac0a0cba5ef91708c038a3fb091fc8f34e55b
SHA256

055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95
SHA512

d866efb6c17da9c2a588ed5add29593ebc5a9bf4ecd69d8c3bb33d4a4a2864dc1f81842117558544098fd26e8d86c73b44205f8038bff438c05768b72605e64b
SSDEEP

3072:KDftffjmN+CTlvbhgdgTIMV/Vo7Bsxrkx:qVfjmNL1gd7y0

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1240	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2600	Logo1_.exe
764	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe

Loads dropped DLL 1 IoCs

pid	Process
1240	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\sd\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\Debugger\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\cmm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Portable Devices\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Runtime\x86\resources\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\el\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\STS2\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cgg\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe
File created	C:\Windows\Logo1_.exe	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2600	Logo1_.exe
2600	Logo1_.exe
2600	Logo1_.exe
2600	Logo1_.exe
2600	Logo1_.exe
2600	Logo1_.exe
2600	Logo1_.exe
2600	Logo1_.exe
2600	Logo1_.exe
2600	Logo1_.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
764	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 1240	2672	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe	29
PID 2672 wrote to memory of 1240	2672	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe	29
PID 2672 wrote to memory of 1240	2672	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe	29
PID 2672 wrote to memory of 1240	2672	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe	29
PID 2672 wrote to memory of 2600	2672	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe	28
PID 2672 wrote to memory of 2600	2672	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe	28
PID 2672 wrote to memory of 2600	2672	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe	28
PID 2672 wrote to memory of 2600	2672	055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe	28
PID 2600 wrote to memory of 2828	2600	Logo1_.exe	31
PID 2600 wrote to memory of 2828	2600	Logo1_.exe	31
PID 2600 wrote to memory of 2828	2600	Logo1_.exe	31
PID 2600 wrote to memory of 2828	2600	Logo1_.exe	31
PID 1240 wrote to memory of 764	1240	cmd.exe	33
PID 1240 wrote to memory of 764	1240	cmd.exe	33
PID 1240 wrote to memory of 764	1240	cmd.exe	33
PID 1240 wrote to memory of 764	1240	cmd.exe	33
PID 2828 wrote to memory of 992	2828	net.exe	34
PID 2828 wrote to memory of 992	2828	net.exe	34
PID 2828 wrote to memory of 992	2828	net.exe	34
PID 2828 wrote to memory of 992	2828	net.exe	34
PID 2600 wrote to memory of 1216	2600	Logo1_.exe	18
PID 2600 wrote to memory of 1216	2600	Logo1_.exe	18

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1216
- C:\Users\Admin\AppData\Local\Temp\055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe
  "C:\Users\Admin\AppData\Local\Temp\055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:992
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a7BA5.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe
      "C:\Users\Admin\AppData\Local\Temp\055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: GetForegroundWindowSpam
      PID:764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
a62e5904662bb6c9a29b53a19d13d040

SHA1
c9ed0d957af094ef0fbad84c0025cd9f644543f4

SHA256
7a011941e62775b5340608b0768f27b52465acd7793134a2746379cb724d4562

SHA512
94faac9cab8db5771da07eb1137f93eb56d77676281d86152bcfebb14be52e51e677efb55285218d5ceeb172896f1be0a12de34226a490b545ccacec21d395ee

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a7BA5.bat

Filesize
722B

MD5
7592c5c9b80520ed625ec65a7e3fcb97

SHA1
470467df63f98956ad21a23517e69a562266c2cd

SHA256
6357f497b805b17e6697a63a9f94a59c18bd279ddfe12cdcfa28cad9c85fe1ec

SHA512
d6d549c68611df530fc59ef97b7c9caee933a9d77dbb8386ca0dbed29fca30ccf47c6000bc60143669daeb96cd9cac1922b3cd90efdd22b2c59437a6cfa6b927

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a7BA5.bat

Filesize
722B

MD5
7592c5c9b80520ed625ec65a7e3fcb97

SHA1
470467df63f98956ad21a23517e69a562266c2cd

SHA256
6357f497b805b17e6697a63a9f94a59c18bd279ddfe12cdcfa28cad9c85fe1ec

SHA512
d6d549c68611df530fc59ef97b7c9caee933a9d77dbb8386ca0dbed29fca30ccf47c6000bc60143669daeb96cd9cac1922b3cd90efdd22b2c59437a6cfa6b927

Download Submit
C:\Users\Admin\AppData\Local\Temp\055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe

Filesize
71KB

MD5
12db3a3d8e38797243fbf460a465cdcc

SHA1
8764ae88d483d4580e7edadd145f6e0cacb61d95

SHA256
5eb76f8d21129085c18cfef50c790b95df7d4f371f6bcf2705449e3f972d2bea

SHA512
eec9bd6e0216a895efd4264590f15743e144bb4132b94d662c379a6ae679180df164547caa508f533a7aacbd4c244b7b3b2425717a7a1ebe8564bddf569558a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe.exe

Filesize
71KB

MD5
12db3a3d8e38797243fbf460a465cdcc

SHA1
8764ae88d483d4580e7edadd145f6e0cacb61d95

SHA256
5eb76f8d21129085c18cfef50c790b95df7d4f371f6bcf2705449e3f972d2bea

SHA512
eec9bd6e0216a895efd4264590f15743e144bb4132b94d662c379a6ae679180df164547caa508f533a7aacbd4c244b7b3b2425717a7a1ebe8564bddf569558a0

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
ba368f8c05d08e18b8f6665dfa445a38

SHA1
aef67dd8cf4cc4c263aa83ffd71e57399ea8c080

SHA256
eebabcf5f40532ff91cbf026fa8c5e3618c8f3089b754749541c4ca2cfefcfe2

SHA512
2dd56b8be5b530cb408149bac9e5a029dce0b476c5651423691c99f813d35972997471eefbfc39a37891b71367f25c04350bcd3e25183eeda9c9c78e37aa21bd

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
ba368f8c05d08e18b8f6665dfa445a38

SHA1
aef67dd8cf4cc4c263aa83ffd71e57399ea8c080

SHA256
eebabcf5f40532ff91cbf026fa8c5e3618c8f3089b754749541c4ca2cfefcfe2

SHA512
2dd56b8be5b530cb408149bac9e5a029dce0b476c5651423691c99f813d35972997471eefbfc39a37891b71367f25c04350bcd3e25183eeda9c9c78e37aa21bd

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
ba368f8c05d08e18b8f6665dfa445a38

SHA1
aef67dd8cf4cc4c263aa83ffd71e57399ea8c080

SHA256
eebabcf5f40532ff91cbf026fa8c5e3618c8f3089b754749541c4ca2cfefcfe2

SHA512
2dd56b8be5b530cb408149bac9e5a029dce0b476c5651423691c99f813d35972997471eefbfc39a37891b71367f25c04350bcd3e25183eeda9c9c78e37aa21bd

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
ba368f8c05d08e18b8f6665dfa445a38

SHA1
aef67dd8cf4cc4c263aa83ffd71e57399ea8c080

SHA256
eebabcf5f40532ff91cbf026fa8c5e3618c8f3089b754749541c4ca2cfefcfe2

SHA512
2dd56b8be5b530cb408149bac9e5a029dce0b476c5651423691c99f813d35972997471eefbfc39a37891b71367f25c04350bcd3e25183eeda9c9c78e37aa21bd

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2969888527-3102471180-2307688834-1000\_desktop.ini

Filesize
9B

MD5
ec7139d5bb99bcebaf0b91c58a9ec5aa

SHA1
70404362dd74e309722fd282c3492ec95674123c

SHA256
eb17ae1b1de9e95e0d159893048f2de5c1c158467e768cc0ddbaa517c45e0582

SHA512
b0114d8f74b17836819b750cff2b590b652e04bb2dc0e9dc8bffac7ed66bd9ded03cd35abc7fc0fcd0127a994c283dcd162e97e6dd76f5a903ff59e4951dfc48

Download Submit
\Users\Admin\AppData\Local\Temp\055099ebbe7a6a6fceba9cbcbee15df02b7bbd7dd0ea987140fce7df353dff95.exe

Filesize
71KB

MD5
12db3a3d8e38797243fbf460a465cdcc

SHA1
8764ae88d483d4580e7edadd145f6e0cacb61d95

SHA256
5eb76f8d21129085c18cfef50c790b95df7d4f371f6bcf2705449e3f972d2bea

SHA512
eec9bd6e0216a895efd4264590f15743e144bb4132b94d662c379a6ae679180df164547caa508f533a7aacbd4c244b7b3b2425717a7a1ebe8564bddf569558a0

Download Submit
memory/764-31-0x000007FEF5030000-0x000007FEF59CD000-memory.dmp

Filesize
9.6MB

Download
memory/764-38-0x0000000001F00000-0x0000000001F80000-memory.dmp

Filesize
512KB

Download
memory/764-29-0x00000000001F0000-0x000000000020A000-memory.dmp

Filesize
104KB

Download
memory/764-30-0x000007FEF5030000-0x000007FEF59CD000-memory.dmp

Filesize
9.6MB

Download
memory/764-41-0x0000000001F00000-0x0000000001F80000-memory.dmp

Filesize
512KB

Download
memory/764-32-0x0000000001F00000-0x0000000001F80000-memory.dmp

Filesize
512KB

Download
memory/764-40-0x000007FEF5030000-0x000007FEF59CD000-memory.dmp

Filesize
9.6MB

Download
memory/764-36-0x0000000000240000-0x000000000024A000-memory.dmp

Filesize
40KB

Download
memory/764-37-0x0000000001F00000-0x0000000001F80000-memory.dmp

Filesize
512KB

Download
memory/1216-34-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/2600-1860-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-49-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-55-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-102-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-105-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-218-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-39-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2600-3320-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2672-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2672-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2672-17-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2672-12-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download