4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e

Analysis

max time kernel
151s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2023, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe
Size

119KB
MD5

9213ceb5b8e792cf51e86b3f2c05ea6d
SHA1

1d241e1f36ced816990fc688cf841e67460052ee
SHA256

4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e
SHA512

d062566423fef774e4be3d3be35e5f7fa02da9b8dea81161f9ee164f6084836ae1c86f8fea29842849166afc871164f157c7f1b97c0376f8b4f9b2371ffabe69
SSDEEP

3072:pvkuJVL9Jo/FQXy+uc//korlDFtNel3kaIFH/B0CyPvO3c0gCajNCg:quJTJo/qi+k

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1952	Logo1_.exe
4420	4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\rmiregistry.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\he-IL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Lumia.MagicEdit\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-CA\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\Json\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\kinit.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\lib\deployed\jdk15\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Store.Purchase\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\dc-annotations\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\db\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fi-FI\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe
File created	C:\Windows\Logo1_.exe	4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe
1952	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 3064	2976	4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe	84
PID 2976 wrote to memory of 3064	2976	4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe	84
PID 2976 wrote to memory of 3064	2976	4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe	84
PID 2976 wrote to memory of 1952	2976	4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe	85
PID 2976 wrote to memory of 1952	2976	4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe	85
PID 2976 wrote to memory of 1952	2976	4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe	85
PID 1952 wrote to memory of 4692	1952	Logo1_.exe	87
PID 1952 wrote to memory of 4692	1952	Logo1_.exe	87
PID 1952 wrote to memory of 4692	1952	Logo1_.exe	87
PID 4692 wrote to memory of 3756	4692	net.exe	89
PID 4692 wrote to memory of 3756	4692	net.exe	89
PID 4692 wrote to memory of 3756	4692	net.exe	89
PID 3064 wrote to memory of 4420	3064	cmd.exe	91
PID 3064 wrote to memory of 4420	3064	cmd.exe	91
PID 1952 wrote to memory of 3236	1952	Logo1_.exe	46
PID 1952 wrote to memory of 3236	1952	Logo1_.exe	46

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3236
- C:\Users\Admin\AppData\Local\Temp\4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe
  "C:\Users\Admin\AppData\Local\Temp\4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a692A.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe
      "C:\Users\Admin\AppData\Local\Temp\4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe"
      4⤵
      Executes dropped EXE
      PID:4420
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1952
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4692
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
487KB

MD5
4b4a02045e48ab51de6cb2fecc851228

SHA1
e5a070a180689bcb9595850b5b4b5e81668d392f

SHA256
3e96e04c35a2b4b93049845f43f7505b4e92eacbce4497e69f290fc037463ef3

SHA512
94f2effb15b931f2b2fa9e2da74c7e416fc39cea70587af611e8c3a09d98a85b819fb55d701a684679176658180fcf901ad488f7072b9773fffab8c3335a37e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a692A.bat

Filesize
722B

MD5
049ae81e8a83e36e6e6dfd4ff32b1689

SHA1
673b0de4f9ca2f4ad6f91649f650d07efa36e901

SHA256
f005443fa8f7e7ab92e5cead33870baf4fc3c67534ec1d9817d37b77e81981c5

SHA512
37375af3a0580ecce0e00ee9a81398fca33f0445d5521820724384bee7f43394f8ed8f7ca768de666973d8e2b92ba7ab3680596182dc6dffe37d7ce057323cb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe

Filesize
90KB

MD5
c8c3b8fb878ce29b75a69219abff4ccf

SHA1
e2e5d4feb0dff20ad1d83f72062f5816d365bc37

SHA256
4656a73e3e8ae7ab4dc9bcdcda922f18787978c758871c9bd51e4340d46e5113

SHA512
70c68e1c770cc806b2d2edf5d40cc86dd1781d8a01849cffc08a511133c1efcf892bd8a56dd4a7f8e307c46b038fff3a309ce9c1d78feb6190347ae6d77d6ad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\4c1f92077122a38299ae26d3b5d2af93df64bf6db585c76cb708bd8551a3bb0e.exe.exe

Filesize
90KB

MD5
c8c3b8fb878ce29b75a69219abff4ccf

SHA1
e2e5d4feb0dff20ad1d83f72062f5816d365bc37

SHA256
4656a73e3e8ae7ab4dc9bcdcda922f18787978c758871c9bd51e4340d46e5113

SHA512
70c68e1c770cc806b2d2edf5d40cc86dd1781d8a01849cffc08a511133c1efcf892bd8a56dd4a7f8e307c46b038fff3a309ce9c1d78feb6190347ae6d77d6ad1

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
5570496f1582daebe7e692ae729aa575

SHA1
2e70d7b5674046a19bdd4d3b4f3f8c03fe13f3be

SHA256
6433b585bd1b15cbfd16c8b832c1881d8d836768cbe154d8afdd625977c2c0a9

SHA512
e4c31e47f0845172fffe1f005ba2bd0e11d234020f50f724c81a2aba70d1b302b2f1a503bc8c733c9be27005bd3b100e59f55b9958400a6f3078cf4f47b7b8b4

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
5570496f1582daebe7e692ae729aa575

SHA1
2e70d7b5674046a19bdd4d3b4f3f8c03fe13f3be

SHA256
6433b585bd1b15cbfd16c8b832c1881d8d836768cbe154d8afdd625977c2c0a9

SHA512
e4c31e47f0845172fffe1f005ba2bd0e11d234020f50f724c81a2aba70d1b302b2f1a503bc8c733c9be27005bd3b100e59f55b9958400a6f3078cf4f47b7b8b4

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
5570496f1582daebe7e692ae729aa575

SHA1
2e70d7b5674046a19bdd4d3b4f3f8c03fe13f3be

SHA256
6433b585bd1b15cbfd16c8b832c1881d8d836768cbe154d8afdd625977c2c0a9

SHA512
e4c31e47f0845172fffe1f005ba2bd0e11d234020f50f724c81a2aba70d1b302b2f1a503bc8c733c9be27005bd3b100e59f55b9958400a6f3078cf4f47b7b8b4

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4078585466-1563564224-3678410669-1000\_desktop.ini

Filesize
8B

MD5
95127a81ba5781b47158c7bade11f958

SHA1
fa289ca07d3998db8f732dc188ff099b7dcefd86

SHA256
4b413fdd0fc873cb5cf1b957078e2786827cb8d3665159e02b7bfda486133aaf

SHA512
c1403a7b2e462b09a03f09ba4ecff788db0d0402c09086b65c435c606a5c898ebc9959e47f77a5985881eee0e4364b035a3fa926672e8b61e2cc9bf7c3b169a0

Download Submit
memory/1952-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1952-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1952-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1952-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1952-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1952-41-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1952-342-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1952-1278-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1952-2381-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2976-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2976-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download