60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07-11-2023 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe
Size

138KB
MD5

3f441ded9a1c9287b8f44f37ce4fb731
SHA1

f3bab6962f655c9be2b4d93b1a666015fd1e0ea3
SHA256

60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75
SHA512

2b4cd6da22344e762f172ee95820763110a66cd58c37304a7f05dd2e16ee804f8dd9b4f745d71a887e3d32f14869fdfd9b0e3ef453cf32bba935cc72f9ff3c1a
SSDEEP

3072:JftffjmNvmZWXyaiedMbrN6pnoXPBsr5ZrR:hVfjmNvSNaPM4loo5Zd

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2308	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2636	Logo1_.exe
2776	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe

Loads dropped DLL 2 IoCs

pid	Process
2308	cmd.exe
2308	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FRAR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\groove.net\ManagedObjects\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Discussion\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\ONELEV.EXE	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\More Games\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Triedit\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Filters\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\Publisher\Backgrounds\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PAPYRUS\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\ssvagent.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\EURO\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Synchronization Services\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\CSharp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe
File created	C:\Windows\Logo1_.exe	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2636	Logo1_.exe
2636	Logo1_.exe
2636	Logo1_.exe
2636	Logo1_.exe
2636	Logo1_.exe
2636	Logo1_.exe
2636	Logo1_.exe
2636	Logo1_.exe
2636	Logo1_.exe
2636	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2308	2072	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe	28
PID 2072 wrote to memory of 2308	2072	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe	28
PID 2072 wrote to memory of 2308	2072	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe	28
PID 2072 wrote to memory of 2308	2072	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe	28
PID 2072 wrote to memory of 2636	2072	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe	29
PID 2072 wrote to memory of 2636	2072	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe	29
PID 2072 wrote to memory of 2636	2072	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe	29
PID 2072 wrote to memory of 2636	2072	60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe	29
PID 2636 wrote to memory of 2652	2636	Logo1_.exe	30
PID 2636 wrote to memory of 2652	2636	Logo1_.exe	30
PID 2636 wrote to memory of 2652	2636	Logo1_.exe	30
PID 2636 wrote to memory of 2652	2636	Logo1_.exe	30
PID 2652 wrote to memory of 2748	2652	net.exe	33
PID 2652 wrote to memory of 2748	2652	net.exe	33
PID 2652 wrote to memory of 2748	2652	net.exe	33
PID 2652 wrote to memory of 2748	2652	net.exe	33
PID 2308 wrote to memory of 2776	2308	cmd.exe	34
PID 2308 wrote to memory of 2776	2308	cmd.exe	34
PID 2308 wrote to memory of 2776	2308	cmd.exe	34
PID 2308 wrote to memory of 2776	2308	cmd.exe	34
PID 2636 wrote to memory of 1212	2636	Logo1_.exe	17
PID 2636 wrote to memory of 1212	2636	Logo1_.exe	17

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1212
- C:\Users\Admin\AppData\Local\Temp\60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe
  "C:\Users\Admin\AppData\Local\Temp\60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a755F.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe
      "C:\Users\Admin\AppData\Local\Temp\60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe"
      4⤵
      Executes dropped EXE
      PID:2776
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
297160084c262a26ccab2ba072d0161b

SHA1
92630954df4a9487d700003663bc27cccff7b9a4

SHA256
cd84ac59fdbafc1ac2fcf783fb04ba0a16b598c184f6e881e31874d5238de74d

SHA512
7e19a99e419038d1b319e993a300e418cfd1be2794fe0c1b4dc7d14b11a1342c509217c4282e8376d3d144d31103bc8e03e4c82f1c36727f43069e56f7a858a6

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a755F.bat

Filesize
722B

MD5
4b2b60d1d11acf19773102a1a4da4096

SHA1
8befd459037a1ddb388d807f4f618c5623967db9

SHA256
684c28336c0d0bce911104859c7aa7b7f82f696e1cf8dbd428819892150a7e60

SHA512
5b45a6d03ac8244cd6606b50257e03e074dcfbd8ba7775f967e6dadf7e583e782ce404a891572ffcf7d86eeb4640db10ac39a30e90c5ab29748e79674738c4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a755F.bat

Filesize
722B

MD5
4b2b60d1d11acf19773102a1a4da4096

SHA1
8befd459037a1ddb388d807f4f618c5623967db9

SHA256
684c28336c0d0bce911104859c7aa7b7f82f696e1cf8dbd428819892150a7e60

SHA512
5b45a6d03ac8244cd6606b50257e03e074dcfbd8ba7775f967e6dadf7e583e782ce404a891572ffcf7d86eeb4640db10ac39a30e90c5ab29748e79674738c4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe

Filesize
112KB

MD5
e9cc8c20b0e682c77b97e6787de16e5d

SHA1
8be674dec4fcf14ae853a5c20a9288bff3e0520a

SHA256
ef854d21cbf297ee267f22049b773ffeb4c1ff1a3e55227cc2a260754699d644

SHA512
1a3b9b2d16a4404b29675ab1132ad542840058fd356e0f145afe5d0c1d9e1653de28314cd24406b85f09a9ec874c4339967d9e7acb327065448096c5734502c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe.exe

Filesize
112KB

MD5
e9cc8c20b0e682c77b97e6787de16e5d

SHA1
8be674dec4fcf14ae853a5c20a9288bff3e0520a

SHA256
ef854d21cbf297ee267f22049b773ffeb4c1ff1a3e55227cc2a260754699d644

SHA512
1a3b9b2d16a4404b29675ab1132ad542840058fd356e0f145afe5d0c1d9e1653de28314cd24406b85f09a9ec874c4339967d9e7acb327065448096c5734502c7

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
af0c706a448d6505bdeb6fb74812134a

SHA1
4f6ea88f4f96b608684fa6e3557e3ca1c99d3b1d

SHA256
ede6bdb38934293d17445e859e07ba77a047c62dae51d0ed70340ee9b69b5739

SHA512
9c2145526c439ae5d9a1acab270c9313c4ecc18d07ce51986bc92844b8099f5edbcab53d7be49402b37071f4830e41d5ac0b9e40d2c08b325b63759296f0f3f7

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
af0c706a448d6505bdeb6fb74812134a

SHA1
4f6ea88f4f96b608684fa6e3557e3ca1c99d3b1d

SHA256
ede6bdb38934293d17445e859e07ba77a047c62dae51d0ed70340ee9b69b5739

SHA512
9c2145526c439ae5d9a1acab270c9313c4ecc18d07ce51986bc92844b8099f5edbcab53d7be49402b37071f4830e41d5ac0b9e40d2c08b325b63759296f0f3f7

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
af0c706a448d6505bdeb6fb74812134a

SHA1
4f6ea88f4f96b608684fa6e3557e3ca1c99d3b1d

SHA256
ede6bdb38934293d17445e859e07ba77a047c62dae51d0ed70340ee9b69b5739

SHA512
9c2145526c439ae5d9a1acab270c9313c4ecc18d07ce51986bc92844b8099f5edbcab53d7be49402b37071f4830e41d5ac0b9e40d2c08b325b63759296f0f3f7

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
af0c706a448d6505bdeb6fb74812134a

SHA1
4f6ea88f4f96b608684fa6e3557e3ca1c99d3b1d

SHA256
ede6bdb38934293d17445e859e07ba77a047c62dae51d0ed70340ee9b69b5739

SHA512
9c2145526c439ae5d9a1acab270c9313c4ecc18d07ce51986bc92844b8099f5edbcab53d7be49402b37071f4830e41d5ac0b9e40d2c08b325b63759296f0f3f7

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2085049433-1067986815-1244098655-1000\_desktop.ini

Filesize
9B

MD5
35dff1b2d2822022424940d4487e8d0d

SHA1
cf3c5e0326ffacd39689a35b566c8d3c626cc96b

SHA256
0432a628b4273444218f05d7d906b391ab84e1d51bc1b084c37456324e0f84ae

SHA512
91c1e3f5497c8c249e695b9e6f844f141b8747d5d1c5d23d09a2e39aae974cfcfe26b6a4580904b87aa495d452df942937fd721ff8189016a59f61c0835e1665

Download Submit
\Users\Admin\AppData\Local\Temp\60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe

Filesize
112KB

MD5
e9cc8c20b0e682c77b97e6787de16e5d

SHA1
8be674dec4fcf14ae853a5c20a9288bff3e0520a

SHA256
ef854d21cbf297ee267f22049b773ffeb4c1ff1a3e55227cc2a260754699d644

SHA512
1a3b9b2d16a4404b29675ab1132ad542840058fd356e0f145afe5d0c1d9e1653de28314cd24406b85f09a9ec874c4339967d9e7acb327065448096c5734502c7

Download Submit
\Users\Admin\AppData\Local\Temp\60f67041534887917e5349cf0290a6388f034dafa1fac2fcab50543d4d769c75.exe

Filesize
112KB

MD5
e9cc8c20b0e682c77b97e6787de16e5d

SHA1
8be674dec4fcf14ae853a5c20a9288bff3e0520a

SHA256
ef854d21cbf297ee267f22049b773ffeb4c1ff1a3e55227cc2a260754699d644

SHA512
1a3b9b2d16a4404b29675ab1132ad542840058fd356e0f145afe5d0c1d9e1653de28314cd24406b85f09a9ec874c4339967d9e7acb327065448096c5734502c7

Download Submit
memory/1212-31-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/2072-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2072-41-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2072-21-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2072-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2072-16-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2636-93-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2636-48-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2636-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2636-99-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2636-326-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2636-1852-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2636-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2636-3312-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2636-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download