9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
Size

2.6MB
MD5

df53ad13aff8929fe1a4ba5b42efd2a1
SHA1

8a0fe7e2db23166ac9d9994af28dbf0904f09709
SHA256

9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670
SHA512

61682899ffbcce870aaa0e8bbf6f12d8926010440bf45542f4cc40edac1efb9593394595f05eda22ebbdc8bc3697e726383d6c83367f7b39d73125c109687124
SSDEEP

49152:zkqQV4PlKqAllllKd1LYguqOxTmRXcObG:qV4PlKqpDYgLsObG

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
280	cmd.exe

Executes dropped EXE 25 IoCs

pid	Process
2336	Logo1_.exe
2636	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2624	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2456	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
3016	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2792	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2816	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
1352	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2536	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
776	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
344	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2140	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
1824	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
1256	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2760	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2572	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2852	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2516	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2432	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
3016	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2508	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2832	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2780	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2028	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2180	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe

Loads dropped DLL 47 IoCs

pid	Process
280	cmd.exe
280	cmd.exe
2728	cmd.exe
2728	cmd.exe
2656	cmd.exe
2656	cmd.exe
2700	cmd.exe
2700	cmd.exe
2476	cmd.exe
2476	cmd.exe
2708	cmd.exe
2708	cmd.exe
1428	cmd.exe
1428	cmd.exe
2008	cmd.exe
2008	cmd.exe
1780	cmd.exe
1780	cmd.exe
588	cmd.exe
588	cmd.exe
2408	cmd.exe
2408	cmd.exe
956	cmd.exe
956	cmd.exe
920	cmd.exe
920	cmd.exe
2944	cmd.exe
2944	cmd.exe
2904	cmd.exe
2904	cmd.exe
280	cmd.exe
280	cmd.exe
2748	cmd.exe
2748	cmd.exe
1432	cmd.exe
1432	cmd.exe
3004	cmd.exe
3004	cmd.exe
2676	cmd.exe
2676	cmd.exe
1528	cmd.exe
1528	cmd.exe
2860	cmd.exe
2860	cmd.exe
1724	cmd.exe
1724	cmd.exe
2420	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\applet\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Internet Explorer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Internet Explorer\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Internet Explorer\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Internet Explorer\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\_desktop.ini	Logo1_.exe

Drops file in Windows directory 27 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\rundl132.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Dll.dll	Logo1_.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
File created	C:\Windows\Logo1_.exe	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2532	2336	WerFault.exe	29

Runs net.exe

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe
2336	Logo1_.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 280	2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	28
PID 2940 wrote to memory of 280	2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	28
PID 2940 wrote to memory of 280	2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	28
PID 2940 wrote to memory of 280	2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	28
PID 2940 wrote to memory of 2336	2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	29
PID 2940 wrote to memory of 2336	2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	29
PID 2940 wrote to memory of 2336	2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	29
PID 2940 wrote to memory of 2336	2940	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	29
PID 2336 wrote to memory of 2040	2336	Logo1_.exe	31
PID 2336 wrote to memory of 2040	2336	Logo1_.exe	31
PID 2336 wrote to memory of 2040	2336	Logo1_.exe	31
PID 2336 wrote to memory of 2040	2336	Logo1_.exe	31
PID 2040 wrote to memory of 2664	2040	net.exe	34
PID 2040 wrote to memory of 2664	2040	net.exe	34
PID 2040 wrote to memory of 2664	2040	net.exe	34
PID 2040 wrote to memory of 2664	2040	net.exe	34
PID 280 wrote to memory of 2636	280	cmd.exe	33
PID 280 wrote to memory of 2636	280	cmd.exe	33
PID 280 wrote to memory of 2636	280	cmd.exe	33
PID 280 wrote to memory of 2636	280	cmd.exe	33
PID 2636 wrote to memory of 2728	2636	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	35
PID 2636 wrote to memory of 2728	2636	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	35
PID 2636 wrote to memory of 2728	2636	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	35
PID 2636 wrote to memory of 2728	2636	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	35
PID 2728 wrote to memory of 2624	2728	cmd.exe	37
PID 2728 wrote to memory of 2624	2728	cmd.exe	37
PID 2728 wrote to memory of 2624	2728	cmd.exe	37
PID 2728 wrote to memory of 2624	2728	cmd.exe	37
PID 2624 wrote to memory of 2656	2624	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	38
PID 2624 wrote to memory of 2656	2624	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	38
PID 2624 wrote to memory of 2656	2624	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	38
PID 2624 wrote to memory of 2656	2624	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	38
PID 2656 wrote to memory of 2456	2656	cmd.exe	40
PID 2656 wrote to memory of 2456	2656	cmd.exe	40
PID 2656 wrote to memory of 2456	2656	cmd.exe	40
PID 2656 wrote to memory of 2456	2656	cmd.exe	40
PID 2456 wrote to memory of 2700	2456	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	41
PID 2456 wrote to memory of 2700	2456	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	41
PID 2456 wrote to memory of 2700	2456	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	41
PID 2456 wrote to memory of 2700	2456	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	41
PID 2700 wrote to memory of 3016	2700	cmd.exe	43
PID 2700 wrote to memory of 3016	2700	cmd.exe	43
PID 2700 wrote to memory of 3016	2700	cmd.exe	43
PID 2700 wrote to memory of 3016	2700	cmd.exe	43
PID 3016 wrote to memory of 2476	3016	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	44
PID 3016 wrote to memory of 2476	3016	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	44
PID 3016 wrote to memory of 2476	3016	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	44
PID 3016 wrote to memory of 2476	3016	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	44
PID 2336 wrote to memory of 1204	2336	Logo1_.exe	21
PID 2336 wrote to memory of 1204	2336	Logo1_.exe	21
PID 2476 wrote to memory of 2792	2476	cmd.exe	46
PID 2476 wrote to memory of 2792	2476	cmd.exe	46
PID 2476 wrote to memory of 2792	2476	cmd.exe	46
PID 2476 wrote to memory of 2792	2476	cmd.exe	46
PID 2792 wrote to memory of 2708	2792	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	47
PID 2792 wrote to memory of 2708	2792	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	47
PID 2792 wrote to memory of 2708	2792	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	47
PID 2792 wrote to memory of 2708	2792	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	47
PID 2708 wrote to memory of 2816	2708	cmd.exe	49
PID 2708 wrote to memory of 2816	2708	cmd.exe	49
PID 2708 wrote to memory of 2816	2708	cmd.exe	49
PID 2708 wrote to memory of 2816	2708	cmd.exe	49
PID 2816 wrote to memory of 1428	2816	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	50
PID 2816 wrote to memory of 1428	2816	9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe	50

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1204
- C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
  "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$aD88.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:280
  - - C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
      "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$aF6C.bat
        5⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        6⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2624
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1101.bat
        7⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        8⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2456
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1287.bat
        9⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        10⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:3016
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a13DE.bat
        11⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        12⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2792
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a15A3.bat
        13⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        14⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2816
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a168D.bat
        15⤵
        Loads dropped DLL
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        16⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1352
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a17C5.bat
        17⤵
        Loads dropped DLL
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        18⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2536
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a18ED.bat
        19⤵
        Loads dropped DLL
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        20⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:776
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1A06.bat
        21⤵
        Loads dropped DLL
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        22⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:344
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1B0F.bat
        23⤵
        Loads dropped DLL
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        24⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1C28.bat
        25⤵
        Loads dropped DLL
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        26⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1824
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a1D50.bat
        27⤵
        Loads dropped DLL
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        28⤵
        Executes dropped EXE
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2118.bat
        29⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        30⤵
        Drops file in Windows directory
        
        PID:2200
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2156.bat
        31⤵
        Loads dropped DLL
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        32⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a21B4.bat
        33⤵
        Loads dropped DLL
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        34⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2202.bat
        35⤵
        Loads dropped DLL
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        36⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2852
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a225F.bat
        37⤵
        Loads dropped DLL
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        38⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2516
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a22DC.bat
        39⤵
        Loads dropped DLL
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        40⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2432
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a232A.bat
        41⤵
        Loads dropped DLL
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        42⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3016
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2368.bat
        43⤵
        Loads dropped DLL
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        44⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a23B6.bat
        45⤵
        Loads dropped DLL
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        46⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2832
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a23F5.bat
        47⤵
        Loads dropped DLL
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        48⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2780
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2443.bat
        49⤵
        Loads dropped DLL
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        50⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2028
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c C:\Users\Admin\AppData\Local\Temp\$$a2481.bat
        51⤵
        Loads dropped DLL
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe"
        52⤵
        Executes dropped EXE
        
        PID:2180
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2336
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2040
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 604
      4⤵
      Program crash
      PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a1101.bat

Filesize
722B

MD5
6fefc4a77c3b9f67e63a5bdb8ee33a14

SHA1
3816f49febe2060e179d0c61d44b850ad03ba804

SHA256
2e6e74191eb64b4ad8d35b54d45b8ff8d708c8ac788a04fb07d543f99999af08

SHA512
ecbaac82c6501bb130ddc4e6ddc7b930559c5798c8b01e8ab919c1e879b11f145ef51df23af64fa219b6dfe4d72f211ea3c285995bfb76778f2d96391dad31e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a1287.bat

Filesize
722B

MD5
ae5b45c5991aad5cbedadb14e4880dac

SHA1
624fd5551be35f45f8d4cadc72dc17b7e7da28ec

SHA256
f1d4c167ba2c3512e7bbdc945710ee70553f87680bf94809ffa2dc302775b962

SHA512
ed259cedacc1d51fc81d575b77ed2c1629254e285d3da9adce6f68c446ef7c8a3e0040d419c89ad0a604d2768f5a2e3ce85a7be56586d74bc280641cff47cc76

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a13DE.bat

Filesize
722B

MD5
b2c3657b0471ce9c6dc5dc128ff757ba

SHA1
16766e2c2b0c2e8926227ca9ee1c2a6cd327b702

SHA256
52d55408af0263f208ffa92f638fd4436b73fa849c1cb1795c4e3b2952261780

SHA512
e531335e16935324f8db4ebee2ff089a2ac207272514effaa8ba1077d803f28c09ca9a031b52a8ea7f621009c94a5611b1be73ed1d1cf74fee337f65e24a19af

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a15A3.bat

Filesize
722B

MD5
2709d1a2a771369b871a10e799bb4a25

SHA1
afce108521f65611215d66bdb85dcf39a7755476

SHA256
83b5c09031f088eca677b9d56e818b72d7bed95e1ead30edc6f18e9f90eb1f51

SHA512
9f7da300afc740c13731c685078d795de003d759a77e08d36a376adbbbf2cb1d7ad5425153a47a85f2560a0344d5a842f656d78c7e20ef7a14880e49e24a5f4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a168D.bat

Filesize
722B

MD5
dcadaf8565961e2404a53959ac86861c

SHA1
8d74bbe73fd72f10ec7458a032a93d87f0e47036

SHA256
769a9e2a5f61b16eaa54a1fd29cf33e1446d0a6dbea2b8097c5b06ddbde32e4c

SHA512
222ed37b8b43d9cd36c838ff9b694b203e1cf2017dd1eeecdcbd43c93e737a98d4557a3eb7f9cf07d14bac701357c452d018eafd773722a0bdcb357f34022060

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a17C5.bat

Filesize
722B

MD5
bebf9469c8af050e99ff61821b1ef92e

SHA1
06cce802b4f757e83e2ff3ee7df4d9e254b5ff38

SHA256
fe2a5861b046994f7322d2f2c94bfdb16357fa0f6643a2f45335f0c526dc3cea

SHA512
85bbcbcc737b7c6ea937b76ffdf3fc5bb9e910a1e8d867b7f8365dc7f6cc264c029d711d18eef39706a5adc27e0dc68b0f81dc62481920adaded0d7b1d9c963d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a18ED.bat

Filesize
722B

MD5
e24521804ec382e541dbd4aa6f59380d

SHA1
d6fece6537d0f9eb3d758c1d70f5df7ad78f75b8

SHA256
61e961129bec6baa5a3dc6768aaca04f4cb501b912e7ecadda0a9586df2a1e8d

SHA512
992b81531614f04885188ce02a5f1f0b74206a634682d2596cb3d135c9dfcbf89f1cd9aab87336018bdf9499787ce43f00f2ac2807b210ca2692cb5e5ee8e6dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a1A06.bat

Filesize
722B

MD5
0650d75845e91e7c7ea9f20e5c2c68f5

SHA1
48ccec0f1b4af73e7cc8c5eb39c1c650c480d717

SHA256
7bb244fb861f8da57deb91906ad603e5a509895bf5c8caacfe68b1bd137023af

SHA512
ef215d96ab67a6a961b46496dd387cf92c4908e7ac2a7d2168a9de1edf4f35f6c745183182d4f1ad8d623a1c15a63da36e9ae71c357fc0404e7a8ef820f561b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a1B0F.bat

Filesize
722B

MD5
d13189f0bcdba60326910537276ca411

SHA1
69cc92fa816efb05ddfd7521f465953970c20cf0

SHA256
0da3fc25d8fc9906b88dba40b9555c11e5f204943049515b7fb20ab192b63129

SHA512
445ae23673b3c387c4b8876adc7174c8bd3ead82691a4dbca2991a22e548aa6623106eaf72019e943293288083f8e420a96e3277ec8758add29c30621640c636

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a1C28.bat

Filesize
722B

MD5
aa4b81c0d58d43d145105e8626431e8e

SHA1
cee97a432688f8799f296c63b8317b027dfaf1f4

SHA256
166aca403e83d472fcf440d35e6a81663ab7dca9cda9ce5c54346a2d23b0e197

SHA512
155c15007b6df7d7e10fb31cafb94a401504f9157def70a58e428b71342f501a3197e82e7f117fa3c510d58d16493541da1b65e1bb1be34a417c7f10c20a5597

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a1D50.bat

Filesize
722B

MD5
c798ec0d519f5ed63c65391a686f542f

SHA1
648b7ef0af0172e5742d62a99502b34a7f0204dd

SHA256
7d0c83009e5c7852fd9f65d2b1f1ac1be9511ac6b6a14cf4ea117585c57c1bea

SHA512
53cdb65906573bb72e73a10798e55eefce6da29cd7e7879519021850aa9b9f05b943facf36ae0e1958f044254daad801a664af8e2a7cbf060a8787935eb7fb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a2156.bat

Filesize
722B

MD5
e8d18384e8593e3c61f53c42a5eaa665

SHA1
af3bd62517d03f5ebae0e2978b8fcc9728eb01ab

SHA256
5c9116d37a5f03301c2e669aab66b21f5d317f2114ce175c73fe58ffa5bdc41c

SHA512
2c9e15cc54b5e8934516901d8265ce3dc3ca992ee61b2ac8a23f5c370a59820e149e124fe260b4d9fbf99353074268fe1bafeba437bfdfe4d7b16018906f7486

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a21B4.bat

Filesize
722B

MD5
2e449bcb1d75474898154d6dcbd7cb1e

SHA1
74646031b9bf6418b2512d52488208bfe0f180ab

SHA256
e7114c947594a59f2aa0a8bc6bab4a104752e81c678e7b04cfaee4e23b42485a

SHA512
d18b7eb9ebe4869c87618c9fd675ba55b38648b9354481de3fb8ec7ea3f4013cfbaec3fe0d8bb2b0e70c107a77a3157bc5231bb39f29d2dda8a08339f7208a7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a2202.bat

Filesize
722B

MD5
29d11084d2d7f24fcdaae84bcffb832f

SHA1
1e6d0416e7e56028e278e062606417c728827884

SHA256
c69bd7a936a3bd4fd30ffeb2067a413746e95767931e75acc63ca613b025f7e5

SHA512
0492a8ab8d07d161c97aea1e8c59b8be0b36aa77615b47931cf92270c7b4dc901402d1905e7feaafd1ab56d5cd8e76c9d2c430c38a8080edb265e44667f4c456

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a225F.bat

Filesize
722B

MD5
9cbeb7a6a962b68822be958da8a049fd

SHA1
d2b7d3b804a04e4625d51e1e2495d85608a88b15

SHA256
1f64de59089e91b7973be2718d51f6f6d2863803e221f4f261bd03c63ec77473

SHA512
d32cac39e23f81aa56d86c00ed6471348167131a7d11511e6aabb216b388e64f73e8256676d3e02377b1ec88aa380b9408a7bb9cbc0356092601eb3acd836ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a22DC.bat

Filesize
722B

MD5
212003969193da143887605aaa1f88a1

SHA1
7f87e75a3e1e6acad493bc3bce80ae20c1b998e4

SHA256
def4c1eb7e0099ba31739bf8b305c48fab610c97c4a30ab675aca33665f52a39

SHA512
8ea6d31ba56f81e206ccfbd69f993325e0f1bdd9d056c5bc86a62ec0d23aae0f56cda767e5e09b5abd4f11b63fc97cf21f4ce5c35a74148579fb86ee5ce4c9e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a232A.bat

Filesize
722B

MD5
598c419adebf0b9724b90d931e7a4ba7

SHA1
7b6e3d5b9db41860a52b0160238539eab9336a46

SHA256
473921a564907a62d629c7a695c7df7e82c9b9fcd35a709d2b7e2aa3805e9e39

SHA512
6c780c9180ca3778563d5e2593e0cc809a87ba5acfc256e4400019ce57f0982e0aab444d0dcea3c0f5ba8d08a5e81638ac66ad77e957a0c7a39d827313ad0a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a2368.bat

Filesize
722B

MD5
4853b45a4b042e51cca116b1ccef03df

SHA1
461d0291385f253d568bc117c9b12be0aa9a132a

SHA256
42e1d0152ef552e67ec438217cfc0532532fda5f409d31494a9822a5a709c9ac

SHA512
87d03a0b2b575141b688d17172b79c9b3663fea95fea52f215338916351481fee0c6cd240b51e1ead85aaa269ab6c32515c4d9144435367f0941d483b7f4cea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a23B6.bat

Filesize
722B

MD5
9e4cdc55702bc3916621758b94339549

SHA1
007e6b1b6b547e8767d04255f5e69a290a317f7c

SHA256
36dadcf7db47d6dd0f7be909da5a5053b67351381e58abc1bf908803101bc251

SHA512
994d64b882971ff0608a0c714122aa78606748b33893fdf5c9f2c3515e76ac8641fffb63790346702c2f449ae8415368c9ea430cfa7c0b160a2f04e21fa5cec3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a23F5.bat

Filesize
722B

MD5
f45789fa3ef687f7ac4a92eb416e10aa

SHA1
d08011b7ce11592645a7b3c7e123fb5ddced16ff

SHA256
7c6fbe3f1dbc4075fd7f42aeb0e745c2818acaa3479c23c04d66d43b7526abc7

SHA512
71553f683af7686c0f1491deaac477b970f9464099f8992c4ae41178f70a963b0c711fdee1a836254ae86f458afda4d7d551adfac2c90db8d95824ddc1054d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a2443.bat

Filesize
722B

MD5
8dbe3fb26ea7d52a8acd43603d600a9a

SHA1
ef493f5972bbde104860dd1ae9d6c962e576f13b

SHA256
5315ecfed4a0a9ffa1e475731a96a3e2fce74fa2fff4ab5518ba8b978d00435b

SHA512
8bfe24bb99a8f2caf3a8ccec1e35c4766a93b5a73033316b71154a1b66e7e2f073bd987074260a1afa7d274c8cfaa31e15b0c5da601cf2d57c62815874cb65c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a2481.bat

Filesize
722B

MD5
4eeb1bde1235c82c122e9c39f7f1cc9e

SHA1
117fbafd0ddcdca8900e461ce2cdfa064afc1c3d

SHA256
298ba928e466c7a8efda49913c8eac71c604d8f113ffb392fcd184470fa7fdea

SHA512
a064e8584c5040cef6d7e6e949f600006c1297bb425b904a14170bb9c8e0f3fe10575c94c653726b2d053e7643bd0bff8ffdc6a1a6816e9dc1997c6d07eaee2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aD88.bat

Filesize
721B

MD5
ccee0732428bb027cb5dce8957a33383

SHA1
ae3fe314ee009e5ee62ab4991bb7dddcb7e4c6ae

SHA256
e4916141f8d86575dbf99ff83a5fb809d437d37fcaf4529cd77bef2b69e507bc

SHA512
04a207413f24fd443441c69f943ec99ad1ac25117141939c237cc58d649cd8b30aaa151cbed2f4adc86b8f0e3ae836215717ad204e34349f716d11d2f9de2489

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aF6C.bat

Filesize
721B

MD5
296f65acb7b8ecef3f0f46a49e9983b9

SHA1
537c954733b17710f98f59fedcf61366251725c3

SHA256
0ce098cb867232f214780fdf7daf0ac0efe7d323f3f5157f14c1a41e9df8c220

SHA512
1cd37677cd24622a7f321a46d2bbab81787d855cdd8384186d443acf99a9819b9cf7c6902c61f30bda5a54d0e018adc5a057e81d6f75edc7a0b2fa8463660fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe

Filesize
778KB

MD5
2704506711190242c41bbc4e06ae2cb5

SHA1
150dd281a06b4555327f6170c88bcbd6e2538c3c

SHA256
f8a4c65a27cd956705d94b01abccc84e971774135180bd6c9753b0c88ba2c602

SHA512
902dc28ec60c825b191e6a2fefa6ea198dd23a10c5dd7c4fc280eba8a50f0fd6040302d00e70f4c44150d4e39567b56d629c3db2da4877bce882f449e11add04

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe

Filesize
339KB

MD5
abb72e9956a2c5ee3bc2310fb28fd5f8

SHA1
2d8949a4b721519f56cfd144e8f4ac4184d0579b

SHA256
44dfbab65ddfd67872f5bbaa5d60b6b701c5fcdf26c7448b96f43750351aabdf

SHA512
67c6ca70e79330ea0ee411df44f8414dead846c18c9662a9a6c5fe7d3031b8dbfa865d3e0d8514c7fbe00176d2e8460477eafec653082e5acac4431191fc0713

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
2.3MB

MD5
d594273d3304cbe37d86fa008272e12c

SHA1
28134a64147e0e016525f0447496d031ab24e578

SHA256
f13e0c2e4990347fe8a54b12272c9c1ad33fb54e7e40bad2dc0b1d94d199c636

SHA512
08c09f50a6c3af8a8f5b0d103465e109e99232aee2f75c08c16e5e793d6d537d6773c593a4acf435c4c676ef05eeeeadab1f3623e3a86c8e10e2af477d1276c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
2.2MB

MD5
883f7f0eff9adbd00856bc3eae4748cb

SHA1
5fd1adc12e06fe09727d70f871caadac8732568b

SHA256
8ef1c8e484d0431528a0f797d4d7cb84d6c9a8e81f91cff0d2711219ac1e5d36

SHA512
097905f6bde885266828b0c6534b74db64f9df68de0ee8730c7d692bed12d8fa2131cce010e97a81e3b3d12a65c0b0169d93fe991505551d7ad146ca2eed09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
2.1MB

MD5
11cdc308cc35ef78a14b0bff1f62bbfe

SHA1
6f5fc77b3e3ada468e792d513763f5d67ac71d53

SHA256
27ddb7fb50a34a5f186ccef2e5106b04ae64950024efebc56b59227cc57fbbbc

SHA512
600d75614df72c264fec2d97c0ac62b43f876ddcdb3ddcf9e161ff0c20c2e956f86044b3b2de17a3832873ab02d60951f63b0e04d4eface4d5a148b8f8ea5006

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
2.6MB

MD5
9662571dc3d8da26d4e5ac5f89b3298c

SHA1
798fcce5109809f37caf931a2774ddec134a61d3

SHA256
31b83becdd1c700d6df8ccddb384d5b460ea18bd90eeb8a4f7157053e9517a83

SHA512
e3a541f33ed5923248b1d217532e405f6bff47955f8f5d7229415af63931713de91b444d61c447540625367550fd7b933e6c40521385637d6df02e4f7dd60f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
2.5MB

MD5
976c902fe1ae2832c8f2c107c6d68f42

SHA1
86b9f55a99bdf56b71521326b1540565c14b2efd

SHA256
9ffd071b0006b29bd839c9d3e636341944d453f62a1912103afccc255db9f38a

SHA512
90baa160124e4b8696bd884fa3380d89e059c685251aa1fe952376413ebf8100828cf9cb9282d1124c692ed616e47e112da07de6a7eeb139c677442c8f3190ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
2.5MB

MD5
882ced1c0feb3e0ca7fd742e248ae3ad

SHA1
8b8e3988a1de63e79f06728828c31fc80bf5849a

SHA256
c61572e20416ac16d5681f8f93816593435c9a673c549498ca4ea2fd95d59087

SHA512
b90009c36bb689811fd162b26eb2ec6809bb0e5ce166237fba001248833ffca8d21962b521e94cce69d57ffb9107ddd46a87104a081f436b87e1d039a2309b8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
2.4MB

MD5
d148d5bfce90972db98567fb0817fbbd

SHA1
8d8e928d36e7d09ef29cb4b21f233f6ddaa14203

SHA256
db7ef20a52f681ebffaf76dfa65d3e39bc1f6cf7f323d06911d7c6bcafd8ac0e

SHA512
3e3d936a9e5efdbbdf7143e736249626edf00b31e1018a3222337ef02e8cca03b8e78794d865bc4eaf434af258d6811ad4e00129d6f811d058701a11019954ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
2.4MB

MD5
edb4b946d39535a15156eb777693fff0

SHA1
bf4ee6f323855bc98d5a91b748abc57473dc5b08

SHA256
153a5cce3e88a09542f135b3f4927f1f239fea8fb193685c247c11eaa3a8d2ab

SHA512
942b2df1c496ee3a20a4b2d190b7fed9d49ff8ff9d4f78c8b5573b38ddcb84da96ccd60c6738744688c6b84f50b05f4b7951f8ad7706f9c36a421154059ded8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
2.4MB

MD5
685bd6d85292dfdfcbcdaff6c5b4f684

SHA1
afedab79bded497ca1247b72543bfe97e65f74b4

SHA256
ee7ccd243b03daf78a707b4de719ad14ae43ebec0f8b50cbba09f3189654d61f

SHA512
88c86f27fb6d97b1866f98a5364d8b23196eade06bfbdf466bfccb28a81cb391bc0c94304284055383b59869d9cc8f7a383c812cc1ccbb974b7ebd6f5844d4a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
1.7MB

MD5
0ef23f8898adcf10583be3975136ecb1

SHA1
f598f4cd5f4ae597948f58afd4de0e05a6a5897f

SHA256
b0d6b618887cb8defc30070652c108f8bbcb6cee942b178f88be55f7af59ff04

SHA512
ff7c24dd7abb79cd05ceffd0fc5c6c87c742c986b9395330a3c24de203a5269a3d929fbe05c3f4631706839067baf6f83b6064bc2649e0caec18f59cbda6b2ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe.exe

Filesize
1.2MB

MD5
0ba9a2024ff1f121429e783e522937f8

SHA1
a903a7ee216930ae433063f943bc730f94021360

SHA256
375d81cdc801ab749d76f5719a5e2a0e301cb377fb7788b7e5dd367149b57494

SHA512
f3ac1c25105d24aef1d309087101967b00d4de82f32a24f344ce7362a8ff0efa53425a2cdf12d591118bb321399a270f958be91962a8a6d96cbdcc62bea035a6

Download Submit
C:\Windows\Logo1_.exe

Filesize
44KB

MD5
c340af03b6fc6879c606337af57dfbb0

SHA1
c3c50e1d66d5239ec39352d1fc2703a484f73ca7

SHA256
424cb3abf9ab63440a69cec3819103e643b46812f6fc382e299ee08d73f6e5c8

SHA512
6d493eb54f8c4bb65474dc929c05071df7202306fac08f5e9338fe728f27c8e44e486abec6cbf0c71ff1bda75972506e11636256f2af44768f662fc4badd9747

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2297530677-1229052932-2803917579-1000\_desktop.ini

Filesize
9B

MD5
ffee50c69ce4733057892ab912ba2f08

SHA1
09ffe94208f4dbeac5a20bad25ffae158e3fc6dc

SHA256
c1b6255859813f192c8648418d3923dc540ce2566fac2a17a736f33014438abc

SHA512
cb68a272d6d7941417a7dddd9988b5b1f2245fbfeb8df4876b59f7b4157e75a8328dc68cbc0b81c3d6386f75d1632a271635eca276bd274c9a5cd54b34e5c72f

Download Submit
\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe

Filesize
1.4MB

MD5
0cb9d401a017938ed68f1bb1c84e0d48

SHA1
b5adcf43eb013d382f493627a0cb433b75f71176

SHA256
f705b528bed25055664c31c4a7613c26760bfeb3d912c96c4e4c23ea168a76c2

SHA512
7a5f14a502b9bbf45d35a10090322e3ffff758b1dac5e9a6d21b95c81cdf40dd8d98e943daa83e35bea4b2bd02a73dcaf3a16af872e9677ef832f9aaa5de8314

Download Submit
\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe

Filesize
2.1MB

MD5
95d6ad0e461dca7c9c2815c962c3b137

SHA1
316c1a650e2d107ffb1926cb99694952d343f77c

SHA256
d96cd41f64b4faa287f0be2714100391af9ff5006446c2d5e072932538d45fa7

SHA512
ef6e351e220a641234818e2c037c5012b744fc45015ef87616a429833525802feda7b399b2ed69785c241878194deffb055022fcb6cc28c87f11f4ab5526357e

Download Submit
\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe

Filesize
2.2MB

MD5
2dd12a18f60a9d89c7b230c8b44245b7

SHA1
0dad6372d19520ed3b3ca404327317e7d6968d67

SHA256
2a2e4fecad4bd26e5344a53bca9e01a2e7f8ce43569338a9cd5c2511490b401b

SHA512
7c31f462f5219b5d34abca99a29a8097d773cbf4eabcfb7cbe2952b90674db04e62ff41c480cd9471d6c9a1713c32fdd854c976d9296a282c9a74f61e42887d7

Download Submit
\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe

Filesize
896KB

MD5
e1dfebab7c747cc19193d14a8ef96a5c

SHA1
cc5c931ed99840c727341b38d51f2207e76125b1

SHA256
f0ea91621b282799c759ba2befd5a0ce1a1505edd17a84874160ab3edd31d99c

SHA512
fec1505705fa59f0553f42d098dc7c994d5df605aaf91f0dade8c2e7a40db4a4dd770af509df060d84c328d8058e4d02eaa74d4a97cb672e478e360ef3c814ce

Download Submit
\Users\Admin\AppData\Local\Temp\9c832042abf62cb72ffb52d8900c89c37528dcb126d3e6db6726ed51f0b19670.exe

Filesize
562KB

MD5
fc587f80ed83bced1a9283e47aa6ed13

SHA1
659bdce86a2f72837384cbf1dee77f1a913b8032

SHA256
e2c2c378382be1b4e531239e97338d39b227aafb0b339fc39650ad851c2fa036

SHA512
c573092e594655e9490b3dc228dce9e9130a715c02211fccd197a60fe84dcbf0a6f537a86276335676320f5bef3141318501d0d5ebfc10a14c27f60eb18a9ec5

Download Submit
memory/280-300-0x0000000000170000-0x00000000001BD000-memory.dmp

Filesize
308KB

Download
memory/280-28-0x0000000000540000-0x000000000058D000-memory.dmp

Filesize
308KB

Download
memory/280-25-0x0000000000540000-0x000000000058D000-memory.dmp

Filesize
308KB

Download
memory/280-302-0x0000000000170000-0x00000000001BD000-memory.dmp

Filesize
308KB

Download
memory/344-187-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/776-173-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/920-259-0x0000000000390000-0x00000000003DD000-memory.dmp

Filesize
308KB

Download
memory/1204-86-0x0000000002D60000-0x0000000002D61000-memory.dmp

Filesize
4KB

Download
memory/1256-260-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/1352-139-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/1432-324-0x0000000000770000-0x00000000007BD000-memory.dmp

Filesize
308KB

Download
memory/1432-323-0x0000000000770000-0x00000000007BD000-memory.dmp

Filesize
308KB

Download
memory/1528-356-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/1596-263-0x00000000003C0000-0x000000000040D000-memory.dmp

Filesize
308KB

Download
memory/1724-378-0x0000000000410000-0x000000000045D000-memory.dmp

Filesize
308KB

Download
memory/1780-160-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/1824-216-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2028-379-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2028-388-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2140-202-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2200-272-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2336-581-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2336-116-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2336-18-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2408-193-0x0000000000430000-0x000000000047D000-memory.dmp

Filesize
308KB

Download
memory/2432-333-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2456-71-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2508-353-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2516-322-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2536-154-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2536-145-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2572-295-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2572-286-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2624-55-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2624-46-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2636-38-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2636-29-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2676-345-0x0000000000270000-0x00000000002BD000-memory.dmp

Filesize
308KB

Download
memory/2728-43-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2728-44-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2748-313-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2748-312-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2760-284-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2760-276-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2780-368-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2780-377-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2792-104-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2816-125-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2832-357-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2832-366-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2852-311-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2860-367-0x0000000000140000-0x000000000018D000-memory.dmp

Filesize
308KB

Download
memory/2904-285-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2940-15-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2940-16-0x0000000000230000-0x000000000027D000-memory.dmp

Filesize
308KB

Download
memory/2940-0-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/2944-273-0x00000000002D0000-0x000000000031D000-memory.dmp

Filesize
308KB

Download
memory/2944-275-0x00000000002D0000-0x000000000031D000-memory.dmp

Filesize
308KB

Download
memory/3004-334-0x0000000000250000-0x000000000029D000-memory.dmp

Filesize
308KB

Download
memory/3016-335-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/3016-344-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download
memory/3016-87-0x0000000000400000-0x000000000044D000-memory.dmp

Filesize
308KB

Download