1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5

Analysis

max time kernel
151s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe
Size

316KB
MD5

7da6d7f75a140a1c16cb7b8cc8cf27fe
SHA1

347e569f06d8b5c797ae8a7c33ff1c0c56f5afeb
SHA256

1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5
SHA512

583c133d0a29e62b5dbf3e58cb719132ecd927543473f2c64246998218b1b2f6fc31022937e4dec9e26e974c0ed22096ecacada4a57a65953668de8ddd69602a
SSDEEP

6144:KdVfjmNIgsm6/SJB2VzS+p5kHcLnZ5RT2vYW4F1MVhsoo04Se2RRp:K7+I3RSJB2lS+4UT1FS3ZLn

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1312	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2220	Logo1_.exe
2144	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe

Loads dropped DLL 1 IoCs

pid	Process
1312	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ENES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OneNote.en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSEnv\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Word.en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Purble Place\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\Debugger\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Mail\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Things\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\SpringGreen\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WksConv\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe
File created	C:\Windows\Logo1_.exe	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2220	Logo1_.exe
2220	Logo1_.exe
2220	Logo1_.exe
2220	Logo1_.exe
2220	Logo1_.exe
2220	Logo1_.exe
2220	Logo1_.exe
2220	Logo1_.exe
2220	Logo1_.exe
2220	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 1312	2152	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe	28
PID 2152 wrote to memory of 1312	2152	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe	28
PID 2152 wrote to memory of 1312	2152	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe	28
PID 2152 wrote to memory of 1312	2152	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe	28
PID 2152 wrote to memory of 2220	2152	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe	30
PID 2152 wrote to memory of 2220	2152	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe	30
PID 2152 wrote to memory of 2220	2152	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe	30
PID 2152 wrote to memory of 2220	2152	1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe	30
PID 1312 wrote to memory of 2144	1312	cmd.exe	32
PID 1312 wrote to memory of 2144	1312	cmd.exe	32
PID 1312 wrote to memory of 2144	1312	cmd.exe	32
PID 1312 wrote to memory of 2144	1312	cmd.exe	32
PID 2220 wrote to memory of 2580	2220	Logo1_.exe	31
PID 2220 wrote to memory of 2580	2220	Logo1_.exe	31
PID 2220 wrote to memory of 2580	2220	Logo1_.exe	31
PID 2220 wrote to memory of 2580	2220	Logo1_.exe	31
PID 2580 wrote to memory of 2744	2580	net.exe	34
PID 2580 wrote to memory of 2744	2580	net.exe	34
PID 2580 wrote to memory of 2744	2580	net.exe	34
PID 2580 wrote to memory of 2744	2580	net.exe	34
PID 2220 wrote to memory of 1260	2220	Logo1_.exe	12
PID 2220 wrote to memory of 1260	2220	Logo1_.exe	12

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1260
- C:\Users\Admin\AppData\Local\Temp\1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe
  "C:\Users\Admin\AppData\Local\Temp\1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a4D55.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe
      "C:\Users\Admin\AppData\Local\Temp\1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe"
      4⤵
      Executes dropped EXE
      PID:2144
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2220
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
823531bbd70233476ca605959cb8d2cc

SHA1
74d878fd6828e77407da2f3c7a4085df4a6911ab

SHA256
9a10abcfd9877c51a6a4bfd5f81681f59537171b37f398571d9ba9cbde784c16

SHA512
08bb43ac1d17d35709a4beafe60fd5074d9ee0c30398e0e934ff3bef0577a19f20be821dbf5d02fcaa0fb1f48fa2defec4b41d6ca99bfb2b7d51f5290f622632

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
99ea9b604a7a734d3087fa6159684c42

SHA1
709fa1068ad4d560fe03e05b68056f1b0bedbfc8

SHA256
3f733f9e6fec7c4165ca8ba41eb23f604a248babe794c4ad2c6c3ce8032aab1c

SHA512
7af8008c7e187f925c62efc97e1891a7a38d089302dba39fbde137fb895e0592847ed0982c824c2075be8e6b95b6ce165ecb848ab85adf53779ebef613410fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4D55.bat

Filesize
722B

MD5
a2face0be237ac08b9a1f68b1fe8489e

SHA1
91898a47ce8ac8191fa806ffd6320a001ef1daf6

SHA256
5b2eb348887dbe36d19d46d32c1e3c8bcdd46b64f5f18aee915510e797bb3f7a

SHA512
87ea397feab1a1518ca907adac875318dada5726e4e3cc253aacd9536551166ec1bf1caf9fa0993bc189a04e013ae94ef9003a08c34bcee35ad02b97b64eccba

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4D55.bat

Filesize
722B

MD5
a2face0be237ac08b9a1f68b1fe8489e

SHA1
91898a47ce8ac8191fa806ffd6320a001ef1daf6

SHA256
5b2eb348887dbe36d19d46d32c1e3c8bcdd46b64f5f18aee915510e797bb3f7a

SHA512
87ea397feab1a1518ca907adac875318dada5726e4e3cc253aacd9536551166ec1bf1caf9fa0993bc189a04e013ae94ef9003a08c34bcee35ad02b97b64eccba

Download Submit
C:\Users\Admin\AppData\Local\Temp\1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe

Filesize
289KB

MD5
2e0a4e779b0bc3249632a2ee142abea1

SHA1
49396629e30100ad2a29cc46ca738cf4165e4aa2

SHA256
34464f94ae95d0be898172f344565f4f5220d10a921a9c9098a1f65b6234dd03

SHA512
3e58456b4f8bccf1b9807e3e2202deae17f6a7ad78415fbc2013a4fe437cd729624c101da0d24637d6c5a09e5aa3be64ee84cd718d70bb84c826c37ad777c265

Download Submit
C:\Users\Admin\AppData\Local\Temp\1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe.exe

Filesize
289KB

MD5
2e0a4e779b0bc3249632a2ee142abea1

SHA1
49396629e30100ad2a29cc46ca738cf4165e4aa2

SHA256
34464f94ae95d0be898172f344565f4f5220d10a921a9c9098a1f65b6234dd03

SHA512
3e58456b4f8bccf1b9807e3e2202deae17f6a7ad78415fbc2013a4fe437cd729624c101da0d24637d6c5a09e5aa3be64ee84cd718d70bb84c826c37ad777c265

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
b16f445581f1c84748e3ef64f127b97d

SHA1
b5eee38ce13635f35a781926f8434a07ca295872

SHA256
b3fe889ff71155b7882670d7a2197a75cc11601a7a1003eb1948be8a87f916f8

SHA512
de97b113bed31ba85a533a4f8bc6a6f25df09403299e45a23cd908cbd6dded5b033fc0dbd800f143045871f57dff198036bc1a539b1d44527fca2cb7cb195e54

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
b16f445581f1c84748e3ef64f127b97d

SHA1
b5eee38ce13635f35a781926f8434a07ca295872

SHA256
b3fe889ff71155b7882670d7a2197a75cc11601a7a1003eb1948be8a87f916f8

SHA512
de97b113bed31ba85a533a4f8bc6a6f25df09403299e45a23cd908cbd6dded5b033fc0dbd800f143045871f57dff198036bc1a539b1d44527fca2cb7cb195e54

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
b16f445581f1c84748e3ef64f127b97d

SHA1
b5eee38ce13635f35a781926f8434a07ca295872

SHA256
b3fe889ff71155b7882670d7a2197a75cc11601a7a1003eb1948be8a87f916f8

SHA512
de97b113bed31ba85a533a4f8bc6a6f25df09403299e45a23cd908cbd6dded5b033fc0dbd800f143045871f57dff198036bc1a539b1d44527fca2cb7cb195e54

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
b16f445581f1c84748e3ef64f127b97d

SHA1
b5eee38ce13635f35a781926f8434a07ca295872

SHA256
b3fe889ff71155b7882670d7a2197a75cc11601a7a1003eb1948be8a87f916f8

SHA512
de97b113bed31ba85a533a4f8bc6a6f25df09403299e45a23cd908cbd6dded5b033fc0dbd800f143045871f57dff198036bc1a539b1d44527fca2cb7cb195e54

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2180306848-1874213455-4093218721-1000\_desktop.ini

Filesize
10B

MD5
a2f55d4dd0965430ceab2e112f7ee0a8

SHA1
d5e114f97985141a73b1e325728e5fd21e432f60

SHA256
f905d8a1cc369898067bdb4538843b91eb17d0d84032e2b5766ef438e25f807f

SHA512
8bce44ff59da58c0f9a3fdec7edb997a6781cd8f6aa4bc8ef0945c0a4dcde1db93092b88d2e114cd29d58931265b2aa1055dab677716cf75f1482faaa4c9bcdc

Download Submit
\Users\Admin\AppData\Local\Temp\1bdb80742c8681822df0355155826fd50aebdf83c9a8f17ecc895b5c7aec3ec5.exe

Filesize
289KB

MD5
2e0a4e779b0bc3249632a2ee142abea1

SHA1
49396629e30100ad2a29cc46ca738cf4165e4aa2

SHA256
34464f94ae95d0be898172f344565f4f5220d10a921a9c9098a1f65b6234dd03

SHA512
3e58456b4f8bccf1b9807e3e2202deae17f6a7ad78415fbc2013a4fe437cd729624c101da0d24637d6c5a09e5aa3be64ee84cd718d70bb84c826c37ad777c265

Download Submit
memory/1260-29-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2152-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2152-12-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2220-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2220-44-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2220-48-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2220-91-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2220-97-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2220-1849-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2220-38-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2220-3309-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2220-31-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download