3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53

Analysis

max time kernel
151s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 01:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe
Size

631KB
MD5

d8caf645182782061ac4d15d67e67b8f
SHA1

4e03ed5bee7b9d153e24ed6833562ebbc3b9071d
SHA256

3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53
SHA512

c4c97226b99938471137086cea1eef2a8bcc422870f94751a36ffe439f1014e31c0e81f3532da374befae8d66f479f916a5f8d158232f131dcdbb3c419a80155
SSDEEP

12288:w7+gx51llsmpM0HOgcbT3QIRvv+oH8iVdpUY7z3kk+U65QgQx/F2:w7t5PpM0HrwTgIRX+oH8iuszkk+1QNt2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
960	Logo1_.exe
3516	3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\et-EE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\dev\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\or\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Lumia.MagicEdit\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\telemetryrules\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sw-KE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Multimedia Platform\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\SlowMotionEditor\UserControls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\id\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\beeps\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe
File created	C:\Windows\Logo1_.exe	3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe
960	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 1724	2564	3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe	83
PID 2564 wrote to memory of 1724	2564	3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe	83
PID 2564 wrote to memory of 1724	2564	3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe	83
PID 2564 wrote to memory of 960	2564	3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe	86
PID 2564 wrote to memory of 960	2564	3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe	86
PID 2564 wrote to memory of 960	2564	3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe	86
PID 960 wrote to memory of 2384	960	Logo1_.exe	84
PID 960 wrote to memory of 2384	960	Logo1_.exe	84
PID 960 wrote to memory of 2384	960	Logo1_.exe	84
PID 2384 wrote to memory of 4720	2384	net.exe	88
PID 2384 wrote to memory of 4720	2384	net.exe	88
PID 2384 wrote to memory of 4720	2384	net.exe	88
PID 1724 wrote to memory of 3516	1724	cmd.exe	89
PID 1724 wrote to memory of 3516	1724	cmd.exe	89
PID 1724 wrote to memory of 3516	1724	cmd.exe	89
PID 960 wrote to memory of 2572	960	Logo1_.exe	46
PID 960 wrote to memory of 2572	960	Logo1_.exe	46

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2572
- C:\Users\Admin\AppData\Local\Temp\3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe
  "C:\Users\Admin\AppData\Local\Temp\3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aC0CF.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe
      "C:\Users\Admin\AppData\Local\Temp\3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe"
      4⤵
      Executes dropped EXE
      PID:3516
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:960

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
1⤵
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\SysWOW64\net1.exe
  C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
  2⤵
  PID:4720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
484KB

MD5
9401276c0e9186114cd3e571fe031d4e

SHA1
0f2a73bf7aedc9aebee4244b0eab49ff8f61d2d7

SHA256
6bd72ff55538749ca17d70c51cfdf9f87cae0465da43a06c005d659172e7b5f8

SHA512
999523b0d62094539182eba21ad6baf220a493f5d2f466107ed188bb9f74d4fc77070848d49f51931d2dbd79c043be82674ada15e9e0bc3a3d0df404c9e42c83

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aC0CF.bat

Filesize
722B

MD5
aac2cb1c62fb9c2465c9a334f3bc6e55

SHA1
1a930266b337a805e800d81ce2dd84564f037f16

SHA256
3461298a4deae69d7699ff34ea8d421bc04fc565c4db66d20dafe49c299fce1b

SHA512
48e92e4c2187485ece9f8801e702ff7b5c4fc0725913137e3345250a08e611d4b4aa4c8d01b12d0b50de5de5cfe123ab1a56ead764a459447a0c26e3419d40da

Download Submit
C:\Users\Admin\AppData\Local\Temp\3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe

Filesize
604KB

MD5
cff5df9c111d056a4f113ad0a7a71509

SHA1
9c02a4ac6193391efef707fe6c278bf7a6d40a53

SHA256
dd532e5981ef12c8831bb9116014f397bec115d113f9ea065215aa6ec9e8d9ae

SHA512
f7139c1c1f588680c8b458b50669895e7d7f6d75b53c5821c51b9212da64e2639059434fc020ccb4b51b5019fbfdbbcd3eb305c4418bf61ecc46f28aa8bad393

Download Submit
C:\Users\Admin\AppData\Local\Temp\3de38a0ffc7b368fffd7ff69e311f0155859ce092b57a9f704521c2ef6043f53.exe.exe

Filesize
604KB

MD5
cff5df9c111d056a4f113ad0a7a71509

SHA1
9c02a4ac6193391efef707fe6c278bf7a6d40a53

SHA256
dd532e5981ef12c8831bb9116014f397bec115d113f9ea065215aa6ec9e8d9ae

SHA512
f7139c1c1f588680c8b458b50669895e7d7f6d75b53c5821c51b9212da64e2639059434fc020ccb4b51b5019fbfdbbcd3eb305c4418bf61ecc46f28aa8bad393

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
5128e7fe9ab673fb178f784bd8e33e26

SHA1
76a623b600839a75146b4f36f58c60d3647ace5e

SHA256
ebd0863585b4cd4d8078ed464df33cffbc4c770543c928741759b17f2a5a5f3f

SHA512
c7cdc200b632c6ac2b6b78d19afbbd458314053cb43d6b717fba6025571f6a1c255426f66bdc137a0b3e330124e061d62dadc20b5f98f30638a30f6937732f7e

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
5128e7fe9ab673fb178f784bd8e33e26

SHA1
76a623b600839a75146b4f36f58c60d3647ace5e

SHA256
ebd0863585b4cd4d8078ed464df33cffbc4c770543c928741759b17f2a5a5f3f

SHA512
c7cdc200b632c6ac2b6b78d19afbbd458314053cb43d6b717fba6025571f6a1c255426f66bdc137a0b3e330124e061d62dadc20b5f98f30638a30f6937732f7e

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
5128e7fe9ab673fb178f784bd8e33e26

SHA1
76a623b600839a75146b4f36f58c60d3647ace5e

SHA256
ebd0863585b4cd4d8078ed464df33cffbc4c770543c928741759b17f2a5a5f3f

SHA512
c7cdc200b632c6ac2b6b78d19afbbd458314053cb43d6b717fba6025571f6a1c255426f66bdc137a0b3e330124e061d62dadc20b5f98f30638a30f6937732f7e

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3027552071-446050021-1254071215-1000\_desktop.ini

Filesize
10B

MD5
743754b59d55d26c081d8f839a3662c8

SHA1
8e88e3bda53f58b9122f6f9c9a5f23f80e7be6c7

SHA256
bbb0f1aae4572c821fac1d6b7890df67d9f4a7576af30e70925192dded063e8b

SHA512
1e8d9e5e1651bd2aaef969713d949cc4ddab58c53d0be31392d660aedeb621a0f968196e4938d2ba75e40ebdb7557cee23bf5587877268cb087fdd09a8abba1b

Download Submit
memory/960-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/960-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/960-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/960-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/960-38-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/960-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/960-44-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/960-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/960-1279-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/960-1303-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2564-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2564-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download