bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe
Size

134KB
MD5

83e940b83a1bf71eae05deb832b7cc43
SHA1

1c9ddc3fc5bc0aeb3f48e7a4100dba5efe1a4fbd
SHA256

bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c
SHA512

a8a7083d27dc8adc8250e4f1a88558ac6e7b30a8cb73d07d0dfabaec31d1a59bf5659fc357437c431c165a6bcf3de83f6358d1dbafdffdf4a417869ce05e7597
SSDEEP

1536:xfgLdQAQfwt7FZJ92Bs4CKBAR2pmU/BGhkp3szGPpbTDblnYVJV1PBsf:xftffepVPv4ARXU/HZ9/D8Dsf

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1576	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2152	Logo1_.exe
2644	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe

Loads dropped DLL 1 IoCs

pid	Process
1576	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\More Games\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DAO\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ps\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Oasis\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ExtExport.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Americana\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Lime\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Colors\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\hrtfs\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe
File created	C:\Windows\Logo1_.exe	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 1576	1260	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe	28
PID 1260 wrote to memory of 1576	1260	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe	28
PID 1260 wrote to memory of 1576	1260	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe	28
PID 1260 wrote to memory of 1576	1260	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe	28
PID 1260 wrote to memory of 2152	1260	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe	30
PID 1260 wrote to memory of 2152	1260	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe	30
PID 1260 wrote to memory of 2152	1260	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe	30
PID 1260 wrote to memory of 2152	1260	bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe	30
PID 2152 wrote to memory of 3040	2152	Logo1_.exe	31
PID 2152 wrote to memory of 3040	2152	Logo1_.exe	31
PID 2152 wrote to memory of 3040	2152	Logo1_.exe	31
PID 2152 wrote to memory of 3040	2152	Logo1_.exe	31
PID 1576 wrote to memory of 2644	1576	cmd.exe	33
PID 1576 wrote to memory of 2644	1576	cmd.exe	33
PID 1576 wrote to memory of 2644	1576	cmd.exe	33
PID 1576 wrote to memory of 2644	1576	cmd.exe	33
PID 3040 wrote to memory of 2772	3040	net.exe	34
PID 3040 wrote to memory of 2772	3040	net.exe	34
PID 3040 wrote to memory of 2772	3040	net.exe	34
PID 3040 wrote to memory of 2772	3040	net.exe	34
PID 2152 wrote to memory of 1212	2152	Logo1_.exe	17
PID 2152 wrote to memory of 1212	2152	Logo1_.exe	17

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1212
- C:\Users\Admin\AppData\Local\Temp\bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe
  "C:\Users\Admin\AppData\Local\Temp\bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3727.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe
      "C:\Users\Admin\AppData\Local\Temp\bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe"
      4⤵
      Executes dropped EXE
      PID:2644
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2152
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3040
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
770e80db366145f997b81f8040496869

SHA1
4d924c50b0c714b97047df34a0bd4adaf2de6a83

SHA256
dccf1246394aab3657a9ebd19ebd4150b9420f438bd50e40aafbc8ac8d51ebdb

SHA512
754b5ee9fdcc4614ad626ece4d684fdc2f4b20d5c20042dba268f4c7b1c913b2b707ac1903bfb85a79598975e4b6ab4eb508660a242cb9feb2196d6368a6ff8d

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
1a0dbecba0dbb963c2f3b0448796d47a

SHA1
5c0b5d378d3614fe984ce2915b5720886992da0c

SHA256
1ea2fb84177a921bc3df4763c3da53a970e192f93f6175d09696ded019e50cf8

SHA512
8e25dc08fa6f280a6bc1ccacb1ce665ab055b5d539f8915915fc7536c90185a221cb0c50a02d34b521b871b8487a155b9c40a5f25df87306e1df24ca7e96da25

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3727.bat

Filesize
722B

MD5
9c3ed12bf8aedf5d3d9698f28f118f3f

SHA1
ddf6efb0b51c72bf7de34b4200470db4aaa583b2

SHA256
9b56dc2d6b7504540bfcb5a95cc1726a6454d3354fb6d20cde89afa19363584b

SHA512
233bc9edebf16716d5699833e8b5a4e164acb929b4c90061a5d926cc0b6c9075bacbc67b0e0e97813d75f3b45ed81e4785dbf9797d7e5439b6ef9930a2b8c94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3727.bat

Filesize
722B

MD5
9c3ed12bf8aedf5d3d9698f28f118f3f

SHA1
ddf6efb0b51c72bf7de34b4200470db4aaa583b2

SHA256
9b56dc2d6b7504540bfcb5a95cc1726a6454d3354fb6d20cde89afa19363584b

SHA512
233bc9edebf16716d5699833e8b5a4e164acb929b4c90061a5d926cc0b6c9075bacbc67b0e0e97813d75f3b45ed81e4785dbf9797d7e5439b6ef9930a2b8c94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe

Filesize
108KB

MD5
47a545692e4cd815111496b18699ef60

SHA1
6d05db7a6e82b286b0fbe3dfdd1d0384c198b3e8

SHA256
fa5cf502c3261eabbbf3f232b6b46004993f83adc098397ae5378d5c3e973c83

SHA512
0c97eeeb59e6452f82077cfb9b0847360d5aa0b000c8cfe7bc96f812b9195f3c0dae4f9d3f1c913e5351dba0816cf856a0fae77eeda97e1543b00419c4f7bb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe.exe

Filesize
108KB

MD5
47a545692e4cd815111496b18699ef60

SHA1
6d05db7a6e82b286b0fbe3dfdd1d0384c198b3e8

SHA256
fa5cf502c3261eabbbf3f232b6b46004993f83adc098397ae5378d5c3e973c83

SHA512
0c97eeeb59e6452f82077cfb9b0847360d5aa0b000c8cfe7bc96f812b9195f3c0dae4f9d3f1c913e5351dba0816cf856a0fae77eeda97e1543b00419c4f7bb04

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8758044db9fce67ea2ad542f86e69e57

SHA1
60cc4d25ea4e17f676e8ac8be10b9dfe2f7ed67d

SHA256
0c91b552dc6db19b6711e32cb8c9c604b60dc9d674be06cccb6adf08b4dbd82d

SHA512
411737be53feaef0829190b6610c729b925949bcc0b4a65063ab393acb1a92c577093e6377a373704ce54d27a593f2faddc23c80c660638f7c304a93f1972c93

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8758044db9fce67ea2ad542f86e69e57

SHA1
60cc4d25ea4e17f676e8ac8be10b9dfe2f7ed67d

SHA256
0c91b552dc6db19b6711e32cb8c9c604b60dc9d674be06cccb6adf08b4dbd82d

SHA512
411737be53feaef0829190b6610c729b925949bcc0b4a65063ab393acb1a92c577093e6377a373704ce54d27a593f2faddc23c80c660638f7c304a93f1972c93

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8758044db9fce67ea2ad542f86e69e57

SHA1
60cc4d25ea4e17f676e8ac8be10b9dfe2f7ed67d

SHA256
0c91b552dc6db19b6711e32cb8c9c604b60dc9d674be06cccb6adf08b4dbd82d

SHA512
411737be53feaef0829190b6610c729b925949bcc0b4a65063ab393acb1a92c577093e6377a373704ce54d27a593f2faddc23c80c660638f7c304a93f1972c93

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
8758044db9fce67ea2ad542f86e69e57

SHA1
60cc4d25ea4e17f676e8ac8be10b9dfe2f7ed67d

SHA256
0c91b552dc6db19b6711e32cb8c9c604b60dc9d674be06cccb6adf08b4dbd82d

SHA512
411737be53feaef0829190b6610c729b925949bcc0b4a65063ab393acb1a92c577093e6377a373704ce54d27a593f2faddc23c80c660638f7c304a93f1972c93

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-686452656-3203474025-4140627569-1000\_desktop.ini

Filesize
10B

MD5
f72d794bbb322d5865b8074038cb8900

SHA1
9e6e5d1e3714686f86670ef6b5a8810d9bb04e44

SHA256
0a4ac5e7118bf826da89694e99e1334547e87fa7608a0e7c83df379d8cd04aa6

SHA512
12992cc499ce1dbb2641a279ce148111e4da49be595af37fb58bdb3870effa7bb81b720df0faf420500ab9ea52a791b425ba77fd1a4547ef3e0665a199ba4cea

Download Submit
\Users\Admin\AppData\Local\Temp\bd0fbfdbe4a315ed33523151ae7295920c017f458aaae65cf4cd7febf9b3413c.exe

Filesize
108KB

MD5
47a545692e4cd815111496b18699ef60

SHA1
6d05db7a6e82b286b0fbe3dfdd1d0384c198b3e8

SHA256
fa5cf502c3261eabbbf3f232b6b46004993f83adc098397ae5378d5c3e973c83

SHA512
0c97eeeb59e6452f82077cfb9b0847360d5aa0b000c8cfe7bc96f812b9195f3c0dae4f9d3f1c913e5351dba0816cf856a0fae77eeda97e1543b00419c4f7bb04

Download Submit
memory/1212-30-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/1260-17-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/1260-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1260-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1576-27-0x0000000000130000-0x0000000000150000-memory.dmp

Filesize
128KB

Download
memory/2152-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-46-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-93-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-94-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-99-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-205-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-1851-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-3311-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-18-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download