b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04/09/2023, 09:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe
Size

61KB
MD5

2224d723081f8600cd557e3e7afa0327
SHA1

6371dba08a4de5c714d5e01815aa237d18ced619
SHA256

b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47
SHA512

6dbda848b02b4b95785d397743c369101afddd797776f6702b09737a6d3b68d3d5773ef48482a9f9beb6be2d4455645a0252a4b43f65c0f582bf6cdd2d92ee74
SSDEEP

1536:Ta13SHuJV9QaxSzc1kVQctbHB1gTXL7heiEE:TkkuJVFSqctbHB1ufQJE

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2784	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2032	Logo1_.exe
2864	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe

Loads dropped DLL 1 IoCs

pid	Process
2784	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VGX\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ckb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ko\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DW\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\policytool.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ast\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATERMAR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Services\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe
File created	C:\Windows\Logo1_.exe	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2032	Logo1_.exe
2032	Logo1_.exe
2032	Logo1_.exe
2032	Logo1_.exe
2032	Logo1_.exe
2032	Logo1_.exe
2032	Logo1_.exe
2032	Logo1_.exe
2032	Logo1_.exe
2032	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2784	2980	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe	28
PID 2980 wrote to memory of 2784	2980	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe	28
PID 2980 wrote to memory of 2784	2980	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe	28
PID 2980 wrote to memory of 2784	2980	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe	28
PID 2980 wrote to memory of 2032	2980	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe	29
PID 2980 wrote to memory of 2032	2980	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe	29
PID 2980 wrote to memory of 2032	2980	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe	29
PID 2980 wrote to memory of 2032	2980	b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe	29
PID 2032 wrote to memory of 2708	2032	Logo1_.exe	31
PID 2032 wrote to memory of 2708	2032	Logo1_.exe	31
PID 2032 wrote to memory of 2708	2032	Logo1_.exe	31
PID 2032 wrote to memory of 2708	2032	Logo1_.exe	31
PID 2708 wrote to memory of 2508	2708	net.exe	33
PID 2708 wrote to memory of 2508	2708	net.exe	33
PID 2708 wrote to memory of 2508	2708	net.exe	33
PID 2708 wrote to memory of 2508	2708	net.exe	33
PID 2784 wrote to memory of 2864	2784	cmd.exe	34
PID 2784 wrote to memory of 2864	2784	cmd.exe	34
PID 2784 wrote to memory of 2864	2784	cmd.exe	34
PID 2784 wrote to memory of 2864	2784	cmd.exe	34
PID 2032 wrote to memory of 1204	2032	Logo1_.exe	16
PID 2032 wrote to memory of 1204	2032	Logo1_.exe	16

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1204
- C:\Users\Admin\AppData\Local\Temp\b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe
  "C:\Users\Admin\AppData\Local\Temp\b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a781D.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe
      "C:\Users\Admin\AppData\Local\Temp\b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe"
      4⤵
      Executes dropped EXE
      PID:2864
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2032
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
b2b6ae1421d2be0d90ea86141066f966

SHA1
a3560801ceaf269bf35fa26f46eefb627247f04d

SHA256
4cbace4b732b3150e3a61a8d7b7abc796ddad3902ecbadb315e7b7b271e18aa0

SHA512
ae1e0fc0cc765f3ea17f72187af6e871445d4cc8e67fd7a023c8ed96633807608ae4437eabbf6e2c84cc2dbfec3785a26f3c17793f31e1701d21b9b82e2d6bc3

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
474KB

MD5
a129ff6e8fb70f53efa3d7ffa661a6c7

SHA1
08cb3f944ac454c45fa7c5dc7b4f3baa676aa427

SHA256
c807165aee414ab50b72e5497f2bfa612636dc7d2596c2e947c0a2985dadeab5

SHA512
93c3a31b918d586c845dbadd7e40ffb991445ec21e9bfe57c375d772d41e35d090ffd6d96718e21f7bae4a760a3895c4584d21f0c71919a031d287ea5f407f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a781D.bat

Filesize
722B

MD5
8f55eee9a9b7bc8267dcd8d73d446184

SHA1
8bf3fa68b3ea9b9521e193cb236d5b26c29d5682

SHA256
ee4bba3b3430dba686ddde0563a417b49307e8c18b8ca0cef59658e0b58b004f

SHA512
4f349a1e4f45a98ae2bb42872d98c1bdcb744c3b840f74466f52a7fa33b663053ea09c5e82b4c8f73151e63309aab5e4b7004f70442ff53a6effa3bdb75fab1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a781D.bat

Filesize
722B

MD5
8f55eee9a9b7bc8267dcd8d73d446184

SHA1
8bf3fa68b3ea9b9521e193cb236d5b26c29d5682

SHA256
ee4bba3b3430dba686ddde0563a417b49307e8c18b8ca0cef59658e0b58b004f

SHA512
4f349a1e4f45a98ae2bb42872d98c1bdcb744c3b840f74466f52a7fa33b663053ea09c5e82b4c8f73151e63309aab5e4b7004f70442ff53a6effa3bdb75fab1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe

Filesize
32KB

MD5
3de16cea01950aac6a7a5eeb8cb102b0

SHA1
c89dd3ce02600d1ef68a83e85947d7e8c4e62cc8

SHA256
cd60e89b2ff2743bad3c298ab6f44e005e4986413d1cf97bede0185ac3f12280

SHA512
7120b8226aac32933bc1561b432093422a4d708b3c75bd4eea506f7f6586b0014ce2debf7da71874947274632db6f7ffd67b5ec0c88dd9d8f2ecff0b34e12df2

Download Submit
C:\Users\Admin\AppData\Local\Temp\b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe.exe

Filesize
32KB

MD5
3de16cea01950aac6a7a5eeb8cb102b0

SHA1
c89dd3ce02600d1ef68a83e85947d7e8c4e62cc8

SHA256
cd60e89b2ff2743bad3c298ab6f44e005e4986413d1cf97bede0185ac3f12280

SHA512
7120b8226aac32933bc1561b432093422a4d708b3c75bd4eea506f7f6586b0014ce2debf7da71874947274632db6f7ffd67b5ec0c88dd9d8f2ecff0b34e12df2

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
a784c027199a4a152e6bda9335389b6d

SHA1
1471692fc01a6efbcdd85bddecb7f189dc2a0223

SHA256
ba4901782d6a771d84a51d248b886ac5635c84f353de97c47770667301ee484e

SHA512
6eef613061deb1a53d47021aba5861ff6d79efb794b290bee7e2d4e5f20febf1a31cf76da43db53ec0b33d8f19a633c4d5a82fe5efda3887e06472fe8d787999

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
a784c027199a4a152e6bda9335389b6d

SHA1
1471692fc01a6efbcdd85bddecb7f189dc2a0223

SHA256
ba4901782d6a771d84a51d248b886ac5635c84f353de97c47770667301ee484e

SHA512
6eef613061deb1a53d47021aba5861ff6d79efb794b290bee7e2d4e5f20febf1a31cf76da43db53ec0b33d8f19a633c4d5a82fe5efda3887e06472fe8d787999

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
a784c027199a4a152e6bda9335389b6d

SHA1
1471692fc01a6efbcdd85bddecb7f189dc2a0223

SHA256
ba4901782d6a771d84a51d248b886ac5635c84f353de97c47770667301ee484e

SHA512
6eef613061deb1a53d47021aba5861ff6d79efb794b290bee7e2d4e5f20febf1a31cf76da43db53ec0b33d8f19a633c4d5a82fe5efda3887e06472fe8d787999

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
a784c027199a4a152e6bda9335389b6d

SHA1
1471692fc01a6efbcdd85bddecb7f189dc2a0223

SHA256
ba4901782d6a771d84a51d248b886ac5635c84f353de97c47770667301ee484e

SHA512
6eef613061deb1a53d47021aba5861ff6d79efb794b290bee7e2d4e5f20febf1a31cf76da43db53ec0b33d8f19a633c4d5a82fe5efda3887e06472fe8d787999

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-86725733-3001458681-3405935542-1000\_desktop.ini

Filesize
8B

MD5
587438ba3214d6958f23eced1b2cd39c

SHA1
56d9150b977089419b026aaf6ee032981c437dfd

SHA256
4a9d4c3f321c10e2bb0319dca7695b9b3252a0e1d35cfc2a09bac15d5c36e090

SHA512
31309fcfa73bf18bb138cbe3744414acc13498184290586c8f185e828027f7b0c647f3f102826099465c7995a29e8a33d95f832ffac8d16b619b53f037e4fd63

Download Submit
\Users\Admin\AppData\Local\Temp\b9075508755ff209b4b4d621dc2e60dd3e5b1400b456ac4dc91ba2a2fd902f47.exe

Filesize
32KB

MD5
3de16cea01950aac6a7a5eeb8cb102b0

SHA1
c89dd3ce02600d1ef68a83e85947d7e8c4e62cc8

SHA256
cd60e89b2ff2743bad3c298ab6f44e005e4986413d1cf97bede0185ac3f12280

SHA512
7120b8226aac32933bc1561b432093422a4d708b3c75bd4eea506f7f6586b0014ce2debf7da71874947274632db6f7ffd67b5ec0c88dd9d8f2ecff0b34e12df2

Download Submit
memory/1204-29-0x0000000001CE0000-0x0000000001CE1000-memory.dmp

Filesize
4KB

Download
memory/2032-92-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2032-31-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2032-39-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2032-45-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2032-98-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2032-172-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2032-1851-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2032-3311-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2032-21-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2980-15-0x0000000000220000-0x0000000000256000-memory.dmp

Filesize
216KB

Download
memory/2980-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2980-16-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download