365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27/08/2023, 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe
Size

84KB
MD5

ec375170c3bb1f3e0de2fbf1f2ebb955
SHA1

18c7b70bbb66168b7b62a543191e4f54ef36eadd
SHA256

365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85
SHA512

b465870bff2fba4e616d910e423b3e58174c9f67ead54fd0d95df7ac9cb0c2798a81aba6dd24abe4d4eb424574e6c63618bddbc85665f8196f590d0699537ea8
SSDEEP

1536:o/3SHuJV97RyiD9Yd1PlVUN1vJvOO17rtuHNQ2I:o/kuJVzhUTUN10O17hutTI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4204	Logo1_.exe
2184	365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sk-SK\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\SoundRec.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\intf\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bg\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Store.Purchase\Controls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_Resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\d3d11\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ckb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ml-IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_2019.729.2301.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\loc_archives\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe
File created	C:\Windows\Logo1_.exe	365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe
4204	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 4472	3916	365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe	83
PID 3916 wrote to memory of 4472	3916	365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe	83
PID 3916 wrote to memory of 4472	3916	365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe	83
PID 3916 wrote to memory of 4204	3916	365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe	84
PID 3916 wrote to memory of 4204	3916	365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe	84
PID 3916 wrote to memory of 4204	3916	365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe	84
PID 4204 wrote to memory of 5028	4204	Logo1_.exe	86
PID 4204 wrote to memory of 5028	4204	Logo1_.exe	86
PID 4204 wrote to memory of 5028	4204	Logo1_.exe	86
PID 5028 wrote to memory of 2232	5028	net.exe	88
PID 5028 wrote to memory of 2232	5028	net.exe	88
PID 5028 wrote to memory of 2232	5028	net.exe	88
PID 4472 wrote to memory of 2184	4472	cmd.exe	89
PID 4472 wrote to memory of 2184	4472	cmd.exe	89
PID 4472 wrote to memory of 2184	4472	cmd.exe	89
PID 4204 wrote to memory of 696	4204	Logo1_.exe	58
PID 4204 wrote to memory of 696	4204	Logo1_.exe	58

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:696
- C:\Users\Admin\AppData\Local\Temp\365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe
  "C:\Users\Admin\AppData\Local\Temp\365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3916
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a98C5.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe
      "C:\Users\Admin\AppData\Local\Temp\365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe"
      4⤵
      Executes dropped EXE
      PID:2184
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4204
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5028
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
487KB

MD5
5af24d0c491e228e5fbe9d8825f8fc55

SHA1
5b3f20b9eb3ce7b6fa137c278c59ec3c913f2320

SHA256
12d3d32139991755bfa0dd7774c44a5ac867c0c466a0ed0e34c59f35d2d92ddb

SHA512
917b7e354fd0b94054e8d94372155b897f355b073b6551b26a56a0225510968350bf0f995031d5ff72e093f4226adb5e77a4175229dc7a29cf1ac5d97a4a57a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a98C5.bat

Filesize
722B

MD5
d72993c08778b1baba00fd559ad76d3e

SHA1
588793d36492ebda4b9331092f9ee3568f5a5d29

SHA256
b9e8fde6f98b890a03991c2284af5e494350008d6a7b534c7f15af0ca3dec158

SHA512
68f4ba16c5b22937a6178de8174de16a5f06d62fc10f45ff3e8b391f66b9aaef7dfb5a1c2dda461b25bb4706a7e45d92449818f3610df4afecf8daaf135b9961

Download Submit
C:\Users\Admin\AppData\Local\Temp\365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe

Filesize
55KB

MD5
99d5c053b1c04109888150458a606043

SHA1
a7e08a60cf6d73bfec0c55e4dffc02a4d62b081e

SHA256
4f0c361001ea7566a40a78c4a78cc83632cd079c8b04bad7be8d3a61e5a556b8

SHA512
3f8fca8695337753eebbe8e0d1df70825d91c2476ecbf783692418395f8374f0f89462acd957fa53020b93c1d131201945a1d7f2cb3d827e63812c5773c059ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\365c0f6fa701140fce2fc50efbd521a955e3d8ce43bd3fcb464b99a2a4bbea85.exe.exe

Filesize
55KB

MD5
99d5c053b1c04109888150458a606043

SHA1
a7e08a60cf6d73bfec0c55e4dffc02a4d62b081e

SHA256
4f0c361001ea7566a40a78c4a78cc83632cd079c8b04bad7be8d3a61e5a556b8

SHA512
3f8fca8695337753eebbe8e0d1df70825d91c2476ecbf783692418395f8374f0f89462acd957fa53020b93c1d131201945a1d7f2cb3d827e63812c5773c059ae

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
93a131e5add617dbf24be45af11a3206

SHA1
1a84617107e53bce3f4c6f9d952811df1d242da0

SHA256
a023deb2681fc378384cc9c444e130da8a5218576d40e0998df9343a5dc22205

SHA512
5fac22126c93b94ba48963ac87b6bd6c8902c00e6e2b32045ff008acc9c6562fe0cfdbd3abeb418d02ab2de34d0f13ac19489368143dce661a5b03ff294b10a4

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
93a131e5add617dbf24be45af11a3206

SHA1
1a84617107e53bce3f4c6f9d952811df1d242da0

SHA256
a023deb2681fc378384cc9c444e130da8a5218576d40e0998df9343a5dc22205

SHA512
5fac22126c93b94ba48963ac87b6bd6c8902c00e6e2b32045ff008acc9c6562fe0cfdbd3abeb418d02ab2de34d0f13ac19489368143dce661a5b03ff294b10a4

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
93a131e5add617dbf24be45af11a3206

SHA1
1a84617107e53bce3f4c6f9d952811df1d242da0

SHA256
a023deb2681fc378384cc9c444e130da8a5218576d40e0998df9343a5dc22205

SHA512
5fac22126c93b94ba48963ac87b6bd6c8902c00e6e2b32045ff008acc9c6562fe0cfdbd3abeb418d02ab2de34d0f13ac19489368143dce661a5b03ff294b10a4

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1722984668-1829624581-3022101259-1000\_desktop.ini

Filesize
9B

MD5
c0232c2f01c543d260713210da47a57b

SHA1
63f2c13c2c5c83091133c2802e69993d52e3ec65

SHA256
278e1b8fd3f40d95faaecf548098b8d9ee4b32e98a8878559c8c8dfcd5cd1197

SHA512
2ccfd67393a63f03f588296bb798d7a7d4ec2ea5d6ac486cb7bdf8a5a66b1df944d8b548f317e58bfe17dea2ae54e536ffe77bc11a43c931f3d10e299ab3fca0

Download Submit
memory/3916-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3916-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4204-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4204-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4204-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4204-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4204-41-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4204-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4204-1116-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4204-1279-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4204-2216-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download