0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe
Size

83KB
MD5

9455b9f6832cdcbac081d594f3b0ffa8
SHA1

de8849aee6c697801be70ee835a88fb0e8e71009
SHA256

0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af
SHA512

f6b6272af9be6c3eb31228046ae77c6a8efea9c35e4591ff5518c55f297bacf9d13b5179993f301503aa5d92254886f6e9de6a8cbbf9e173541724f36bfffbed
SSDEEP

1536:2fgLdQAQfhJIJ0IO61oPeacurY7Rc/a/ysfq2hltssjWpVCVuM0nm:2ftffhJCuUorcUY7zvhfsGuKuMGm

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2600	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2656	Logo1_.exe
2724	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe

Loads dropped DLL 2 IoCs

pid	Process
2600	cmd.exe
2600	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\MSBuild\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1040\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\BrightOrange\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STRTEDGE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Desert\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Portable Devices\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Portal\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\Desktop\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Journal\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\GrayCheck\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\unpack200.exe	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\security\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Analysis Services\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\es-ES\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe
File created	C:\Windows\Logo1_.exe	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2656	Logo1_.exe
2656	Logo1_.exe
2656	Logo1_.exe
2656	Logo1_.exe
2656	Logo1_.exe
2656	Logo1_.exe
2656	Logo1_.exe
2656	Logo1_.exe
2656	Logo1_.exe
2656	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2600	3040	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe	28
PID 3040 wrote to memory of 2600	3040	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe	28
PID 3040 wrote to memory of 2600	3040	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe	28
PID 3040 wrote to memory of 2600	3040	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe	28
PID 3040 wrote to memory of 2656	3040	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe	30
PID 3040 wrote to memory of 2656	3040	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe	30
PID 3040 wrote to memory of 2656	3040	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe	30
PID 3040 wrote to memory of 2656	3040	0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe	30
PID 2656 wrote to memory of 1664	2656	Logo1_.exe	31
PID 2656 wrote to memory of 1664	2656	Logo1_.exe	31
PID 2656 wrote to memory of 1664	2656	Logo1_.exe	31
PID 2656 wrote to memory of 1664	2656	Logo1_.exe	31
PID 2600 wrote to memory of 2724	2600	cmd.exe	33
PID 2600 wrote to memory of 2724	2600	cmd.exe	33
PID 2600 wrote to memory of 2724	2600	cmd.exe	33
PID 2600 wrote to memory of 2724	2600	cmd.exe	33
PID 1664 wrote to memory of 2968	1664	net.exe	34
PID 1664 wrote to memory of 2968	1664	net.exe	34
PID 1664 wrote to memory of 2968	1664	net.exe	34
PID 1664 wrote to memory of 2968	1664	net.exe	34
PID 2656 wrote to memory of 1236	2656	Logo1_.exe	10
PID 2656 wrote to memory of 1236	2656	Logo1_.exe	10

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1236
- C:\Users\Admin\AppData\Local\Temp\0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe
  "C:\Users\Admin\AppData\Local\Temp\0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a6EF9.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe
      "C:\Users\Admin\AppData\Local\Temp\0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe"
      4⤵
      Executes dropped EXE
      PID:2724
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1664
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
74cb2130c3c6ea6afe222eec4414e766

SHA1
c52ded7d46afc3fd31f57120aa11dca7ad48aa27

SHA256
7e9a000693830c2569cca018e73d01d25e2b18190db07e9e549860e41e7005e3

SHA512
cb076d63b1b18fb441d8f95ca115835c5be4acef6e6179403740623a4370e18ea8276a512c6c662f9059d3bf53de119fdbb0b7c9ec41b8efc281de1a6b465289

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a6EF9.bat

Filesize
722B

MD5
31e12fdf315856fd52bfc574138b662a

SHA1
0ac8937a5e572d2fe22dc3ac1c8c151334a609af

SHA256
a7c230a5f84338f8996db3a66d67bb93ca277884adb2300e6b255a86065b9b57

SHA512
14002584fa1971a107ad2a6b93984fa16c8dd7a21a75ee6ee2e717edab94e4c8bb9f3442a0e4ac6843c3d1d5fbd9db0113c671a514f27a101c74e04b76d39cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a6EF9.bat

Filesize
722B

MD5
31e12fdf315856fd52bfc574138b662a

SHA1
0ac8937a5e572d2fe22dc3ac1c8c151334a609af

SHA256
a7c230a5f84338f8996db3a66d67bb93ca277884adb2300e6b255a86065b9b57

SHA512
14002584fa1971a107ad2a6b93984fa16c8dd7a21a75ee6ee2e717edab94e4c8bb9f3442a0e4ac6843c3d1d5fbd9db0113c671a514f27a101c74e04b76d39cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe

Filesize
57KB

MD5
f20120319812bf92cffc6a7f5f8134d0

SHA1
7d6b2b23d3e0791ce9f646e1b7c00a815e29ccdf

SHA256
ddc3bc440c3ab581e4968dad35e0f43b15be9c6690c701e702d9f615adf86606

SHA512
820137b5b94676bb1937f68b5947ed7ffbdc5bc15f6e21ccc1cc67c8c2226dd157469dd039a7bbaa04096f46f2c7919c0e5c7d9c53e7343568969ab02785cafa

Download Submit
C:\Users\Admin\AppData\Local\Temp\0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe.exe

Filesize
57KB

MD5
f20120319812bf92cffc6a7f5f8134d0

SHA1
7d6b2b23d3e0791ce9f646e1b7c00a815e29ccdf

SHA256
ddc3bc440c3ab581e4968dad35e0f43b15be9c6690c701e702d9f615adf86606

SHA512
820137b5b94676bb1937f68b5947ed7ffbdc5bc15f6e21ccc1cc67c8c2226dd157469dd039a7bbaa04096f46f2c7919c0e5c7d9c53e7343568969ab02785cafa

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8d52fa03a0b7e8a6766b2d769aacd7e6

SHA1
f2b8804c1efd0a2544a5c59dd1d2a0589a336761

SHA256
d3a5d60f78a59fcdfe9f0cc7fd087c0fbccb338a78a193f0da0fe0661cf5a8cd

SHA512
d0771b56e9c8b0a998a9730d68fe5c362512d5ffb8c0e06d4dee8bedd4f455e61ae08d346388ec9abd6350aa26d49298720aea3de112dfaa9687bc6d136a62a2

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8d52fa03a0b7e8a6766b2d769aacd7e6

SHA1
f2b8804c1efd0a2544a5c59dd1d2a0589a336761

SHA256
d3a5d60f78a59fcdfe9f0cc7fd087c0fbccb338a78a193f0da0fe0661cf5a8cd

SHA512
d0771b56e9c8b0a998a9730d68fe5c362512d5ffb8c0e06d4dee8bedd4f455e61ae08d346388ec9abd6350aa26d49298720aea3de112dfaa9687bc6d136a62a2

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8d52fa03a0b7e8a6766b2d769aacd7e6

SHA1
f2b8804c1efd0a2544a5c59dd1d2a0589a336761

SHA256
d3a5d60f78a59fcdfe9f0cc7fd087c0fbccb338a78a193f0da0fe0661cf5a8cd

SHA512
d0771b56e9c8b0a998a9730d68fe5c362512d5ffb8c0e06d4dee8bedd4f455e61ae08d346388ec9abd6350aa26d49298720aea3de112dfaa9687bc6d136a62a2

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
8d52fa03a0b7e8a6766b2d769aacd7e6

SHA1
f2b8804c1efd0a2544a5c59dd1d2a0589a336761

SHA256
d3a5d60f78a59fcdfe9f0cc7fd087c0fbccb338a78a193f0da0fe0661cf5a8cd

SHA512
d0771b56e9c8b0a998a9730d68fe5c362512d5ffb8c0e06d4dee8bedd4f455e61ae08d346388ec9abd6350aa26d49298720aea3de112dfaa9687bc6d136a62a2

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-86725733-3001458681-3405935542-1000\_desktop.ini

Filesize
10B

MD5
dbf19ca54500e964528b156763234c1d

SHA1
05376f86423aec8badf0adbc47887234ac83ef5a

SHA256
bfa0ad2e861e2369dc239edf8f62fbe1c4507d877ec2f76e46e48f1e68fdd5ae

SHA512
fb8ce1253ad6d3c1b7d970614dbc2d21574576336a490b54a8dc705a3d8637c0669747ba821fb2f4da14d7447dc24607aca988b0cd3bd9fc4d9d5988b4b631d0

Download Submit
\Users\Admin\AppData\Local\Temp\0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe

Filesize
57KB

MD5
f20120319812bf92cffc6a7f5f8134d0

SHA1
7d6b2b23d3e0791ce9f646e1b7c00a815e29ccdf

SHA256
ddc3bc440c3ab581e4968dad35e0f43b15be9c6690c701e702d9f615adf86606

SHA512
820137b5b94676bb1937f68b5947ed7ffbdc5bc15f6e21ccc1cc67c8c2226dd157469dd039a7bbaa04096f46f2c7919c0e5c7d9c53e7343568969ab02785cafa

Download Submit
\Users\Admin\AppData\Local\Temp\0b5f785a6d61624fb5618c310421f09847d9eeee481a9d15df5d67326f03e4af.exe

Filesize
57KB

MD5
f20120319812bf92cffc6a7f5f8134d0

SHA1
7d6b2b23d3e0791ce9f646e1b7c00a815e29ccdf

SHA256
ddc3bc440c3ab581e4968dad35e0f43b15be9c6690c701e702d9f615adf86606

SHA512
820137b5b94676bb1937f68b5947ed7ffbdc5bc15f6e21ccc1cc67c8c2226dd157469dd039a7bbaa04096f46f2c7919c0e5c7d9c53e7343568969ab02785cafa

Download Submit
memory/1236-31-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2656-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-47-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-3312-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-3165-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-1851-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-93-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2656-99-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3040-17-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3040-15-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/3040-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3040-12-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download