Malware Analysis Report

2024-10-19 09:04

Sample ID 240317-cqyc6acb99
Target dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe
SHA256 dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08
Tags
purelogstealer stealer zgrat persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08

Threat Level: Known bad

The file dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe was found to be: Known bad.

Malicious Activity Summary

purelogstealer stealer zgrat persistence rat

ZGRat

PureLog Stealer payload

Purelogstealer family

PureLog Stealer

Detect ZGRat V1

Adds Run key to start application

Suspicious use of SetThreadContext

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-17 02:17

Signatures

PureLog Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Purelogstealer family

purelogstealer

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-17 02:17

Reported

2024-03-17 02:20

Platform

win7-20240221-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe"

Signatures

PureLog Stealer

stealer purelogstealer

PureLog Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe

"C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 firstbaptiststjoe.org udp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp

Files

memory/2472-0-0x00000000003E0000-0x000000000045C000-memory.dmp

memory/2472-1-0x0000000074030000-0x000000007471E000-memory.dmp

memory/2472-2-0x0000000004B70000-0x0000000004BB0000-memory.dmp

memory/2472-3-0x0000000000460000-0x000000000046A000-memory.dmp

memory/2472-4-0x0000000074030000-0x000000007471E000-memory.dmp

memory/2472-5-0x0000000004B70000-0x0000000004BB0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-17 02:17

Reported

2024-03-17 02:20

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe"

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

PureLog Stealer

stealer purelogstealer

PureLog Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

ZGRat

rat zgrat

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ckje = "C:\\Users\\Admin\\AppData\\Roaming\\deebf\\ckje.exe" C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ozhvdskglxw = "C:\\Users\\Admin\\AppData\\Roaming\\Ozhvdskglxw.exe" C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1872 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe
PID 1872 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe
PID 1872 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe
PID 1872 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe
PID 1872 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe
PID 1872 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe
PID 1872 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe
PID 1872 wrote to memory of 4748 N/A C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe

Processes

C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe

"C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe"

C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe

C:\Users\Admin\AppData\Local\Temp\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 firstbaptiststjoe.org udp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 154.252.215.44.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 170.253.116.51.in-addr.arpa udp

Files

memory/1872-0-0x0000000000950000-0x00000000009CC000-memory.dmp

memory/1872-1-0x0000000074740000-0x0000000074EF0000-memory.dmp

memory/1872-2-0x0000000005420000-0x0000000005430000-memory.dmp

memory/1872-3-0x00000000052C0000-0x00000000052CA000-memory.dmp

memory/1872-4-0x0000000074740000-0x0000000074EF0000-memory.dmp

memory/1872-5-0x0000000005D30000-0x0000000005FB6000-memory.dmp

memory/1872-6-0x0000000005420000-0x0000000005430000-memory.dmp

memory/1872-7-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-8-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-10-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-12-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-14-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-16-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-18-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-20-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-22-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-24-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-26-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-28-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-30-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-32-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-34-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-36-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-38-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-40-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-42-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-44-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-46-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-48-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-50-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-52-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-54-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-56-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-58-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-60-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-62-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-64-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-66-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-68-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-70-0x0000000005D30000-0x0000000005FB0000-memory.dmp

memory/1872-4783-0x0000000000D90000-0x0000000000D91000-memory.dmp

memory/1872-4784-0x00000000013C0000-0x000000000148E000-memory.dmp

memory/1872-4785-0x0000000000FA0000-0x0000000000FEC000-memory.dmp

memory/1872-4786-0x00000000071D0000-0x0000000007262000-memory.dmp

memory/1872-4787-0x0000000007820000-0x0000000007DC4000-memory.dmp

memory/1872-4788-0x00000000073E0000-0x0000000007446000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08.exe.log

MD5 435e0068bcb9090064eedccd2e18bfca
SHA1 9329bc444452d8ac807b085e0428b159e8eed352
SHA256 5721053800850afc4469bf2d079768d6d3444c6cb64394978830355ec1babdc6
SHA512 6c26cac18fff415ce13c12cef4656596b32d41d918c34419e39de16b27fecd4c4c912301c2293bb9c101df41ebf08a996fa26c2460c5934c5de44f01f8aab9f6

memory/4748-4793-0x0000000000400000-0x00000000004A8000-memory.dmp

memory/4748-4794-0x0000000074740000-0x0000000074EF0000-memory.dmp

memory/4748-4796-0x0000000004F90000-0x0000000004FA0000-memory.dmp

memory/1872-4795-0x0000000074740000-0x0000000074EF0000-memory.dmp

memory/4748-4797-0x0000000004DF0000-0x0000000004EB4000-memory.dmp

memory/4748-5646-0x0000000002990000-0x0000000002991000-memory.dmp

memory/4748-5647-0x0000000004F30000-0x0000000004F86000-memory.dmp

memory/4748-5649-0x00000000052F0000-0x00000000052FA000-memory.dmp

memory/4748-5650-0x0000000074740000-0x0000000074EF0000-memory.dmp

memory/4748-5651-0x0000000004F90000-0x0000000004FA0000-memory.dmp