d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28/08/2023, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe
Size

374KB
MD5

70eac1a741ba1a6b1d09e40e6bb43e8e
SHA1

ef2a237641adf31b81265b87277d23a0d977a9da
SHA256

d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c
SHA512

923e22cea03d0bbc9676e0c8c0a3f2a3ca84c928a0a48f5f838a1413f6897a5887e85d93521dbb49d660acfb8917f7d644f8bbf3752ccbdbeec1ed39eeb6939b
SSDEEP

6144:tVfjmNmM9FNfmEQqOFZs6NVk+T2L6NTX9loFZe8ZN/ADY10mD46QFCEkUP6r8xlW:L7+mgNZUfk+K6esrKa/zJY1x

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
800	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2408	Logo1_.exe
3004	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe

Loads dropped DLL 1 IoCs

pid	Process
800	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Oasis\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\kinit.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1042\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1033\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Help\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ga\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\ext\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\d3d11\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\More Games\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\extensions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\2052\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tr\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe
File created	C:\Windows\Logo1_.exe	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2408	Logo1_.exe
2408	Logo1_.exe
2408	Logo1_.exe
2408	Logo1_.exe
2408	Logo1_.exe
2408	Logo1_.exe
2408	Logo1_.exe
2408	Logo1_.exe
2408	Logo1_.exe
2408	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 800	2188	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	28
PID 2188 wrote to memory of 800	2188	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	28
PID 2188 wrote to memory of 800	2188	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	28
PID 2188 wrote to memory of 800	2188	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	28
PID 2188 wrote to memory of 2408	2188	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	29
PID 2188 wrote to memory of 2408	2188	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	29
PID 2188 wrote to memory of 2408	2188	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	29
PID 2188 wrote to memory of 2408	2188	d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe	29
PID 2408 wrote to memory of 3012	2408	Logo1_.exe	31
PID 2408 wrote to memory of 3012	2408	Logo1_.exe	31
PID 2408 wrote to memory of 3012	2408	Logo1_.exe	31
PID 2408 wrote to memory of 3012	2408	Logo1_.exe	31
PID 3012 wrote to memory of 2076	3012	net.exe	33
PID 3012 wrote to memory of 2076	3012	net.exe	33
PID 3012 wrote to memory of 2076	3012	net.exe	33
PID 3012 wrote to memory of 2076	3012	net.exe	33
PID 800 wrote to memory of 3004	800	cmd.exe	34
PID 800 wrote to memory of 3004	800	cmd.exe	34
PID 800 wrote to memory of 3004	800	cmd.exe	34
PID 800 wrote to memory of 3004	800	cmd.exe	34
PID 2408 wrote to memory of 1276	2408	Logo1_.exe	21
PID 2408 wrote to memory of 1276	2408	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1276
- C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe
  "C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a81BD.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:800
  - - C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe
      "C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe"
      4⤵
      Executes dropped EXE
      PID:3004
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3012
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
70f949437f8aed88d16c0c5c6b3cf68a

SHA1
2a5156ce4fd7777dd7228c6c1dde2a62429a9cbf

SHA256
edb00aa6ab2df3d13b91f5d3985907a017660ef408128f9d41f1e2fc7082b317

SHA512
a3978fab6c45c86b587c89118a3246b81cb0a31aa8cad8cfe48f20bdf837d21e2f171a8f2a23deddd2b109ef96920332c00df9d181a0d8eaa929f62d4b8105b3

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a81BD.bat

Filesize
722B

MD5
99a7d94e35b21b84ebf1d814212cd296

SHA1
59d6a96004bbe356d1a27ad7fa22e9990d06163c

SHA256
5e0b6d25761c65dc55a45ce6cd7c756b3320bbab11fdf2a790a564fe2b108ef1

SHA512
c1c6834582c8c848ade8de0694fdea17398f2cc9743b6c1795f9681990b0763426603071208e2f85f7f62356f654a5e8439ceb96cb4233b9bbfba1891cf76811

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a81BD.bat

Filesize
722B

MD5
99a7d94e35b21b84ebf1d814212cd296

SHA1
59d6a96004bbe356d1a27ad7fa22e9990d06163c

SHA256
5e0b6d25761c65dc55a45ce6cd7c756b3320bbab11fdf2a790a564fe2b108ef1

SHA512
c1c6834582c8c848ade8de0694fdea17398f2cc9743b6c1795f9681990b0763426603071208e2f85f7f62356f654a5e8439ceb96cb4233b9bbfba1891cf76811

Download Submit
C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe

Filesize
348KB

MD5
13795541b03505e7c80f16fc77f12469

SHA1
6214648f964de2534d76cff4d7ef72e49407bd34

SHA256
261aba70ce4e95070f0b24ae8720378d17458eb999accc65f983647ece1390b3

SHA512
ab2db2f5164ff380dcbec6e07454c417e1d2e2785e6ce6f9bd0a72d95fdafa3505e197d7814a9cceb8176509623d221f77b86ebf033cdc323ec618a3eb6b3974

Download Submit
C:\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe.exe

Filesize
348KB

MD5
13795541b03505e7c80f16fc77f12469

SHA1
6214648f964de2534d76cff4d7ef72e49407bd34

SHA256
261aba70ce4e95070f0b24ae8720378d17458eb999accc65f983647ece1390b3

SHA512
ab2db2f5164ff380dcbec6e07454c417e1d2e2785e6ce6f9bd0a72d95fdafa3505e197d7814a9cceb8176509623d221f77b86ebf033cdc323ec618a3eb6b3974

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
ef8ff2cc0bb4a5c582b66fd67eb0190e

SHA1
70112da16e8340aa1fdd57f69462eac7f9a55437

SHA256
5a97f5b1b4e7cfb5f93e41e0cd3d4035f285e58dcf91b22b4f4369aec6822765

SHA512
d176acec787414edd8764bd7bad2b8d017c198f629c02ab6c42083d6db7e8b7bf56d9296b721fb87896472def2772d4fdc04319193adb86d1d263c9c38d164bf

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
ef8ff2cc0bb4a5c582b66fd67eb0190e

SHA1
70112da16e8340aa1fdd57f69462eac7f9a55437

SHA256
5a97f5b1b4e7cfb5f93e41e0cd3d4035f285e58dcf91b22b4f4369aec6822765

SHA512
d176acec787414edd8764bd7bad2b8d017c198f629c02ab6c42083d6db7e8b7bf56d9296b721fb87896472def2772d4fdc04319193adb86d1d263c9c38d164bf

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
ef8ff2cc0bb4a5c582b66fd67eb0190e

SHA1
70112da16e8340aa1fdd57f69462eac7f9a55437

SHA256
5a97f5b1b4e7cfb5f93e41e0cd3d4035f285e58dcf91b22b4f4369aec6822765

SHA512
d176acec787414edd8764bd7bad2b8d017c198f629c02ab6c42083d6db7e8b7bf56d9296b721fb87896472def2772d4fdc04319193adb86d1d263c9c38d164bf

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
ef8ff2cc0bb4a5c582b66fd67eb0190e

SHA1
70112da16e8340aa1fdd57f69462eac7f9a55437

SHA256
5a97f5b1b4e7cfb5f93e41e0cd3d4035f285e58dcf91b22b4f4369aec6822765

SHA512
d176acec787414edd8764bd7bad2b8d017c198f629c02ab6c42083d6db7e8b7bf56d9296b721fb87896472def2772d4fdc04319193adb86d1d263c9c38d164bf

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3408354897-1169622894-3874090110-1000\_desktop.ini

Filesize
9B

MD5
ec7139d5bb99bcebaf0b91c58a9ec5aa

SHA1
70404362dd74e309722fd282c3492ec95674123c

SHA256
eb17ae1b1de9e95e0d159893048f2de5c1c158467e768cc0ddbaa517c45e0582

SHA512
b0114d8f74b17836819b750cff2b590b652e04bb2dc0e9dc8bffac7ed66bd9ded03cd35abc7fc0fcd0127a994c283dcd162e97e6dd76f5a903ff59e4951dfc48

Download Submit
\Users\Admin\AppData\Local\Temp\d5a9bf63c3318fa32861008a7a4ddbc6055edc89fd844c7377bf0cf940c6f49c.exe

Filesize
348KB

MD5
13795541b03505e7c80f16fc77f12469

SHA1
6214648f964de2534d76cff4d7ef72e49407bd34

SHA256
261aba70ce4e95070f0b24ae8720378d17458eb999accc65f983647ece1390b3

SHA512
ab2db2f5164ff380dcbec6e07454c417e1d2e2785e6ce6f9bd0a72d95fdafa3505e197d7814a9cceb8176509623d221f77b86ebf033cdc323ec618a3eb6b3974

Download Submit
memory/1276-29-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2188-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2188-12-0x00000000005D0000-0x0000000000604000-memory.dmp

Filesize
208KB

Download
memory/2188-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2408-91-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2408-45-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2408-39-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2408-98-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2408-186-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2408-1850-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2408-31-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2408-3310-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2408-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download