8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee

Analysis

max time kernel
103s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe
Size

27KB
MD5

696252bf4ef3f2dc2d681d29831ba9c0
SHA1

1d9c5459618ba685b71cb7045805322c60610bbd
SHA256

8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee
SHA512

c90e155a8870b8572044637014ea39ba9aaa2f9cbe0c6a3eea84b750d16ff41a1ca528f9be568f4f5b2f4354aa50211f666c004b5c83d84a75bed7ac28861af5
SSDEEP

384:PHMjN+qnOob52aYyd5Qj5+EBRQb7+rJCXZHD8BcM/px9WiHD5ljSGN:0jN+qjMC5yAEBRQMYXZHDV2znSGN

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1528	ati2evxx.EXE

Sets file execution options in registry 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-NT.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FESCUE.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVW.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPWATCH.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DVP95_0.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1_.exe\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LOOKOUT.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVP32.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\F-STOPW.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVKSERV.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVSCHED.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rising.exe	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ÐÞ¸´¹¤¾ß.exe\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPP95.EXE	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGCTRL.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1_.exe	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\THGUARD.EXE	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFIADMIN.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCHED32.EXE	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TDS2-98.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC95.EXE	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPWATCH.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ACKWIN32.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN95.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ECENGINE.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CLAW95CF.EXE	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKD.EXE	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSvcUI.exe	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVtimer.exe\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTI-TROJAN.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PAVSCHED.EXE	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPUPD.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CFINET32.EXE	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVPTC32.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NORMIST.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FINDVIRU.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BLACKICE.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_AVPM.EXE	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVFW.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.EXE\Debugger = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.exe	ati2evxx.EXE

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SoftWare\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	ati2evxx.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\TBMonEx = "C:\\Windows\\Fonts\\system\\ati2evxx.EXE"	ati2evxx.EXE

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	ati2evxx.EXE
File opened (read-only)	\??\Q:	ati2evxx.EXE
File opened (read-only)	\??\U:	ati2evxx.EXE
File opened (read-only)	\??\E:	ati2evxx.EXE
File opened (read-only)	\??\K:	ati2evxx.EXE
File opened (read-only)	\??\M:	ati2evxx.EXE
File opened (read-only)	\??\P:	ati2evxx.EXE
File opened (read-only)	\??\W:	ati2evxx.EXE
File opened (read-only)	\??\X:	ati2evxx.EXE
File opened (read-only)	\??\B:	ati2evxx.EXE
File opened (read-only)	\??\F:	ati2evxx.EXE
File opened (read-only)	\??\J:	ati2evxx.EXE
File opened (read-only)	\??\O:	ati2evxx.EXE
File opened (read-only)	\??\R:	ati2evxx.EXE
File opened (read-only)	\??\T:	ati2evxx.EXE
File opened (read-only)	\??\G:	ati2evxx.EXE
File opened (read-only)	\??\H:	ati2evxx.EXE
File opened (read-only)	\??\S:	ati2evxx.EXE
File opened (read-only)	\??\V:	ati2evxx.EXE
File opened (read-only)	\??\Y:	ati2evxx.EXE
File opened (read-only)	\??\Z:	ati2evxx.EXE
File opened (read-only)	\??\I:	ati2evxx.EXE
File opened (read-only)	\??\N:	ati2evxx.EXE

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File opened for modification	C:\autorun.inf	ati2evxx.EXE
File created	C:\autorun.inf	ati2evxx.EXE

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\7z.exe	ati2evxx.EXE

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Fonts\system\ati2evxx.EXE	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe
File created	C:\Windows\Fonts\system\ati2evxx.EXE	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe

Modifies Control Panel 3 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\Cursors\	ati2evxx.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\Cursors\AppStarting = "%SYSTEMROOT%\\Cursors\\vanisher.ani"	ati2evxx.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\Cursors\AppStarting	ati2evxx.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4116	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe
4116	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4116	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 1528	4116	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe	81
PID 4116 wrote to memory of 1528	4116	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe	81
PID 4116 wrote to memory of 1528	4116	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe	81
PID 4116 wrote to memory of 1004	4116	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe	82
PID 4116 wrote to memory of 1004	4116	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe	82
PID 4116 wrote to memory of 1004	4116	8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe	82

C:\Users\Admin\AppData\Local\Temp\8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe
"C:\Users\Admin\AppData\Local\Temp\8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Windows\Fonts\system\ati2evxx.EXE
  C:\Windows\Fonts\system\ati2evxx.EXE
  2⤵
  - Executes dropped EXE
  - Sets file execution options in registry
  - Adds Run key to start application
  - Enumerates connected drives
  - Drops autorun.inf file
  - Drops file in Program Files directory
  - Modifies Control Panel
  PID:1528
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe.bat""
  2⤵
  PID:1004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee.exe.bat

Filesize
354B

MD5
bfec32b209c2b4fb57793ae21f2ca46f

SHA1
da3400e8ffedccefc2957ce1176cd8229556dc91

SHA256
01deca0a5e81e42b91e6e6d7b873e905c2aa3e50a1832ad0962c50dcf876a0b8

SHA512
cb4fd3e121a035356c11b34691774681236cac9ced874009c439dccfb89f150daa1621eba18dbc4c2efbcf067a1352cc879d46caec13c255dfa8352e6f5a29e2

Download Submit
C:\Windows\Fonts\system\ati2evxx.EXE

Filesize
27KB

MD5
696252bf4ef3f2dc2d681d29831ba9c0

SHA1
1d9c5459618ba685b71cb7045805322c60610bbd

SHA256
8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee

SHA512
c90e155a8870b8572044637014ea39ba9aaa2f9cbe0c6a3eea84b750d16ff41a1ca528f9be568f4f5b2f4354aa50211f666c004b5c83d84a75bed7ac28861af5

Download Submit
C:\Windows\Fonts\system\ati2evxx.EXE

Filesize
27KB

MD5
696252bf4ef3f2dc2d681d29831ba9c0

SHA1
1d9c5459618ba685b71cb7045805322c60610bbd

SHA256
8d9a9097a08280c4e84f9abde6512360d533fd3071a0ee524008101f7ec35eee

SHA512
c90e155a8870b8572044637014ea39ba9aaa2f9cbe0c6a3eea84b750d16ff41a1ca528f9be568f4f5b2f4354aa50211f666c004b5c83d84a75bed7ac28861af5

Download Submit
memory/1004-135-0x0000000000000000-mapping.dmp

Download
memory/1528-132-0x0000000000000000-mapping.dmp

Download
memory/1528-137-0x0000000000800000-0x0000000000825000-memory.dmp

Filesize
148KB

Download
memory/1528-138-0x0000000000800000-0x0000000000825000-memory.dmp

Filesize
148KB

Download
memory/4116-136-0x0000000000800000-0x0000000000825000-memory.dmp

Filesize
148KB

Download