a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe
Size

660KB
MD5

0d9c90532c6ddcc0db641042fe66e031
SHA1

3ef0d8fd2c2e44feef74ed8a24921ac1f8ea1d2c
SHA256

a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47
SHA512

72c7861fa2c1d9fe388446ae88d6c38ff5a7ce15674b57674a48340b1116eeecbfa269cacce4070ba9010f0fe7573da9f470a6f6a64f7ac97d3ef61bca6d5975
SSDEEP

12288:Pp7+znMwHskY7gjcjhVIEhqgM7bWvcsi6aVtrIyzU40vy3W/ceKSHMsiFyY6XN9:R7SMysZgjS1hqgSC/izJfojymk4HM5yJ

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2536	cmd.exe

Executes dropped EXE 3 IoCs

pid	Process
2552	Logo1_.exe
2868	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe
3020	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe

Loads dropped DLL 3 IoCs

pid	Process
2536	cmd.exe
2868	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe
3020	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\MSBuild\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\Contracts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\SoftBlue\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\javaws.exe	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\Style\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\GrayCheck\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\skins\fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\Media Renderer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\ProjectTool\Project Report Type\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\airappinstaller.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe
File created	C:\Windows\Logo1_.exe	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe
2552	Logo1_.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2536	2548	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	30
PID 2548 wrote to memory of 2536	2548	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	30
PID 2548 wrote to memory of 2536	2548	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	30
PID 2548 wrote to memory of 2536	2548	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	30
PID 2548 wrote to memory of 2552	2548	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	31
PID 2548 wrote to memory of 2552	2548	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	31
PID 2548 wrote to memory of 2552	2548	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	31
PID 2548 wrote to memory of 2552	2548	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	31
PID 2552 wrote to memory of 2336	2552	Logo1_.exe	33
PID 2552 wrote to memory of 2336	2552	Logo1_.exe	33
PID 2552 wrote to memory of 2336	2552	Logo1_.exe	33
PID 2552 wrote to memory of 2336	2552	Logo1_.exe	33
PID 2336 wrote to memory of 2864	2336	net.exe	35
PID 2336 wrote to memory of 2864	2336	net.exe	35
PID 2336 wrote to memory of 2864	2336	net.exe	35
PID 2336 wrote to memory of 2864	2336	net.exe	35
PID 2536 wrote to memory of 2868	2536	cmd.exe	36
PID 2536 wrote to memory of 2868	2536	cmd.exe	36
PID 2536 wrote to memory of 2868	2536	cmd.exe	36
PID 2536 wrote to memory of 2868	2536	cmd.exe	36
PID 2536 wrote to memory of 2868	2536	cmd.exe	36
PID 2536 wrote to memory of 2868	2536	cmd.exe	36
PID 2536 wrote to memory of 2868	2536	cmd.exe	36
PID 2868 wrote to memory of 3020	2868	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	37
PID 2868 wrote to memory of 3020	2868	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	37
PID 2868 wrote to memory of 3020	2868	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	37
PID 2868 wrote to memory of 3020	2868	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	37
PID 2868 wrote to memory of 3020	2868	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	37
PID 2868 wrote to memory of 3020	2868	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	37
PID 2868 wrote to memory of 3020	2868	a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe	37
PID 2552 wrote to memory of 1208	2552	Logo1_.exe	21
PID 2552 wrote to memory of 1208	2552	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1208
- C:\Users\Admin\AppData\Local\Temp\a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe
  "C:\Users\Admin\AppData\Local\Temp\a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a9D39.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe
      "C:\Users\Admin\AppData\Local\Temp\a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Windows\Temp\{7E37C5B7-8C71-4B4A-8EC8-38B30DA0E96B}\.cr\a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe
        
        "C:\Windows\Temp\{7E37C5B7-8C71-4B4A-8EC8-38B30DA0E96B}\.cr\a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3020
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2336
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
c8815a0def060805cd68b27911b50324

SHA1
7679abbdb549b6f2e55019d01f45601d60177c42

SHA256
75f96336b6f31fb604f361a304076c9636a01d3dfe806e36736f875d71248eb2

SHA512
292c67e8ad8d04f552f8d7a77bb8639db5b71e608138164ed8770c80b620ec442bafd53d1a11b9bbc22abd45ed9505ddbe4618c499bed2fe53c2bf5db67aafac

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a9D39.bat

Filesize
722B

MD5
a5720594d88e2b07be54fe771ed095f5

SHA1
0296b9997ea7856d972efeaf8b82fd31537c8f93

SHA256
a684575b141969c85675ba4a4bf49e4b0e920ce05ad41e96406eb467d5c0aca5

SHA512
2e930ca26f608ac1cf7867c31de6f2f25e5cf2b086dfe330f3c53882a1be452cc09b1d4ff1dd42125b0e2212c5c1921ee0ab0e330ce56f4368292a01e2f3c341

Download Submit
C:\Users\Admin\AppData\Local\Temp\a33ff0fbf40f2a77a95b70ba499d0efe12131b471f27efe68509fbe2ba287a47.exe.exe

Filesize
634KB

MD5
3cfb3ae4a227ece66ce051e42cc2df00

SHA1
0a2bb202c5ce2aa8f5cda30676aece9a489fd725

SHA256
54fbe7fdf0fd2e95c38822074e77907e6a3c8726e4ab38d2222deeffa6c0ccaf

SHA512
60d808d08afd4920583e540c3740d71e4f9dc5b16a0696537fea243cb8a79fb1df36004f560742a541761b0378bf0b5bc5be88569cd828a11afe9c3d61d9d4f1

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
aaffa63d279b442bf6447d8e27477be7

SHA1
ce128e98423d5e0dd1b35c0e8e8eb854d5599a0f

SHA256
acca897ac28f597801df59bd1343785f7bea8c1013821c44d2f1878ee5ef1488

SHA512
b8521588339c507b10c473aaa8aca314598962588da0014b00f413f9874a425534eb20260ed39484728bd4466fb3d7f516b6cfccc56d51e026f5365030b81c26

Download Submit
C:\Windows\Temp\{B4334210-10B9-418E-9028-1B7BD90CE378}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3450744190-3404161390-554719085-1000\_desktop.ini

Filesize
9B

MD5
1368e4d784ef82633de86fa6bc6e37f9

SHA1
77c7384e886b27647bb4f2fd364e7947e7b6abc6

SHA256
57507bed6cf91d70e66bd4cc287634889ef30b648cb7c44a4edec0e2cb68b772

SHA512
3cb7168e776eb564768e30eba43174014a85108ab306a7c07a1522fb42173c381a5bff9ac10944fd345dd5308061cbe2878c60d1e878f8768281c1adcf5dd85b

Download Submit
\Windows\Temp\{B4334210-10B9-418E-9028-1B7BD90CE378}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
memory/1208-80-0x00000000021E0000-0x00000000021E1000-memory.dmp

Filesize
4KB

Download
memory/2548-16-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2548-15-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2548-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2548-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-90-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-96-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-142-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-148-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-773-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-1925-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-83-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-2776-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2552-3385-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download