bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 05:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe
Size

42KB
MD5

d5b34951a8dca6d489e070518919fd52
SHA1

3116f1092675f9807c3ce194389233c738ba6cfe
SHA256

bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456
SHA512

65bb0e5c3947f2220e9e6865af650056fcb221f32e191b10dc943dd6d42cbffcf9ce0da089b3dd257c48b54a8c8d44807b2ad5aee97debdc240e27b43c7eb55f
SSDEEP

768:3Ak0a1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoLAFIH3cINcTZl+:3Ak0cfgLdQAQfcfymNncIN+0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4048	Logo1_.exe
4996	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_2019.1111.2029.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2019.716.2313.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sr-Latn-RS\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\swidtag\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\af-ZA\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2019.19071.19011.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ml-IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\Microsoft.Wallet.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\ImmersiveVideoPlayback\Content\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Calculator\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe
File created	C:\Windows\Logo1_.exe	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dw20.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dw20.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe
4048	Logo1_.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4268	dw20.exe
Token: SeBackupPrivilege	4268	dw20.exe
Token: SeBackupPrivilege	4268	dw20.exe
Token: SeBackupPrivilege	4268	dw20.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 4900	4616	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe	90
PID 4616 wrote to memory of 4900	4616	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe	90
PID 4616 wrote to memory of 4900	4616	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe	90
PID 4616 wrote to memory of 4048	4616	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe	92
PID 4616 wrote to memory of 4048	4616	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe	92
PID 4616 wrote to memory of 4048	4616	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe	92
PID 4048 wrote to memory of 3028	4048	Logo1_.exe	93
PID 4048 wrote to memory of 3028	4048	Logo1_.exe	93
PID 4048 wrote to memory of 3028	4048	Logo1_.exe	93
PID 3028 wrote to memory of 448	3028	net.exe	95
PID 3028 wrote to memory of 448	3028	net.exe	95
PID 3028 wrote to memory of 448	3028	net.exe	95
PID 4900 wrote to memory of 4996	4900	cmd.exe	96
PID 4900 wrote to memory of 4996	4900	cmd.exe	96
PID 4900 wrote to memory of 4996	4900	cmd.exe	96
PID 4996 wrote to memory of 4268	4996	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe	100
PID 4996 wrote to memory of 4268	4996	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe	100
PID 4996 wrote to memory of 4268	4996	bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe	100
PID 4048 wrote to memory of 3304	4048	Logo1_.exe	59
PID 4048 wrote to memory of 3304	4048	Logo1_.exe	59

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3304
- C:\Users\Admin\AppData\Local\Temp\bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe
  "C:\Users\Admin\AppData\Local\Temp\bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4616
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6CA4.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe
      "C:\Users\Admin\AppData\Local\Temp\bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4996
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
        
        dw20.exe -x -s 796
        5⤵
        Checks processor information in registry
        Enumerates system info in registry
        Suspicious use of AdjustPrivilegeToken
        
        PID:4268
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4048
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3028
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
8d59d582fbbb186f068c2bbfab86bd18

SHA1
7c9851aafb449128fe95bbd8d22c2cb36a9d7ca3

SHA256
7b9a392a5997a7c3539c6663c51f132c678ade99ef36318255babd2ceec896ca

SHA512
bd505d2443e1f262584101c844399c2e0b6d6bead4ee5634be8f73d137bc16bd7c29a4053450be5d180b9172895fdd2439048d5142c1fa5c684f5e086b40b092

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a6CA4.bat

Filesize
722B

MD5
3cf5ac416bb597ba3c6fb37c1e262f65

SHA1
a0d2935ccd73c931a6a0ed01d7b27304ca4c69ac

SHA256
a4e777cf1899c822961d2c0633299044355f5bca3175f1b8e4658e558979a82e

SHA512
14cb54d9085678d120c8b7056f19856a13f98576d0041f2a7c079c0776a9531d3b21656ec2d1bbbb8424c06d7777f0522d73e58600282088641da0e4e9495ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\bb25d2dbc242ffd768317addb9e76363c9a0a460c0163a276bfe87a91f934456.exe.exe

Filesize
16KB

MD5
4d93d50cf21f0f1a84ea1af2996be6c1

SHA1
ec55a931527be18314bf77ae4bd80ee98008f548

SHA256
dd0b0f1530e51f825f3cec81670965f2b491a11ea0a62ae689d6488c8e944604

SHA512
f42957ee7d85d734c7e1fb8a5de33682be24aaba4955b973e79ad6b6943b50da64233e7d2d9a1c9892a5aab78632783ca0e916409c8fd66c1ecc2c31e2e7e6a3

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
8798ef6c65ae81379131a4b496ca5f7e

SHA1
872c6836ef2bc03c931cd6eb09d88253b7595f66

SHA256
3bb3b43db951b65389a3026ee287f6b5eab1fade33c6035b83d9e8be80a92dac

SHA512
7f11f550a995d623555f3b75a506137f44b340caceff986b57e306f10587a1361d80532ee673695e84085685cebb7ed2fe05598f03b1c970e40d053dd53e0521

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-983843758-932321429-1636175382-1000\_desktop.ini

Filesize
10B

MD5
6ae4bbb9d3e346a1434f2d399af100be

SHA1
e63be8fa52fc60a76d359913823a751b817c3148

SHA256
5cf932db5360bfcd95e40b96c6d3dd91dbe41cf392173700635373c4812d3e1c

SHA512
f6037ec9a4bdf0c9ece35134286a6fbad645ab9c99523e1bbab0ed4f478112938f778aab2e9e03a81b71aeb054eb2dbb87f386e171b8d48a000384aa0137f9a3

Download Submit
memory/4048-29-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4048-48-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4048-2153-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4048-1181-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4048-1175-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4048-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4048-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4048-52-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4048-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4048-43-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4616-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4616-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4996-18-0x0000000074F90000-0x0000000075541000-memory.dmp

Filesize
5.7MB

Download
memory/4996-28-0x0000000074F90000-0x0000000075541000-memory.dmp

Filesize
5.7MB

Download
memory/4996-20-0x00000000008D0000-0x00000000008E0000-memory.dmp

Filesize
64KB

Download
memory/4996-19-0x0000000074F90000-0x0000000075541000-memory.dmp

Filesize
5.7MB

Download