92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2023 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe
Size

641KB
MD5

5f0b50fa48f8975570dc830d328f1737
SHA1

6042a4c423a92e0ed1d08a23e9b1d3021abe6f64
SHA256

92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45
SHA512

26e07352fc1893ac2ca40c77a190110b92335eec718beaa541278cb9a47f4f20201a863e9b544e39b1b3e3bc6eb74108563ea02040d89989bc3ed0eb8eeb4568
SSDEEP

12288:D7+Nyqt7zfAfzN3kQF4dpWlQj8wXeci6usP7BA8fB:D7dquN3k04yieZ6usP7m8J

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2716	Logo1_.exe
8	92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\applet\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\YourPhone.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Mail\wabmig.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe\es-MX\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\sr-latn-cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sw-KE\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javacpl.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe
File created	C:\Windows\Logo1_.exe	92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe
2716	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 772 wrote to memory of 468	772	92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe	88
PID 772 wrote to memory of 468	772	92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe	88
PID 772 wrote to memory of 468	772	92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe	88
PID 772 wrote to memory of 2716	772	92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe	89
PID 772 wrote to memory of 2716	772	92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe	89
PID 772 wrote to memory of 2716	772	92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe	89
PID 2716 wrote to memory of 208	2716	Logo1_.exe	92
PID 2716 wrote to memory of 208	2716	Logo1_.exe	92
PID 2716 wrote to memory of 208	2716	Logo1_.exe	92
PID 208 wrote to memory of 744	208	net.exe	93
PID 208 wrote to memory of 744	208	net.exe	93
PID 208 wrote to memory of 744	208	net.exe	93
PID 468 wrote to memory of 8	468	cmd.exe	94
PID 468 wrote to memory of 8	468	cmd.exe	94
PID 468 wrote to memory of 8	468	cmd.exe	94
PID 2716 wrote to memory of 3528	2716	Logo1_.exe	43
PID 2716 wrote to memory of 3528	2716	Logo1_.exe	43

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3528
- C:\Users\Admin\AppData\Local\Temp\92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe
  "C:\Users\Admin\AppData\Local\Temp\92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:772
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4BBE.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe
      "C:\Users\Admin\AppData\Local\Temp\92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe"
      4⤵
      Executes dropped EXE
      PID:8
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:208
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
567397ffc8e6f313653339d5d01a01a3

SHA1
e4341d07518e961b478160a552e5556127d77687

SHA256
87eecbd152e74de2def9f763dfaef840763879dd37789f5967ee6d8621ec7d12

SHA512
a89363535d5ab684761bb8e30b0a7dba318f8f5929e5563ba908ecaafdc48aabdeb61df179f8ae786e232aab6eb1884ecbc0475bd55c7ecb1975a45b0877e7ee

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
adda844373edb1b9300a60cfed412e21

SHA1
ed714daf6b5d776bae06db80139a6d950d0b3fa4

SHA256
138d6551c93ff7c12346beec55ec23cd5688feac506c7992caa9b873559e00e2

SHA512
76e063ab159b3a580888dfeb5d1378842f454e7014130af02796937fc81db28584dcbc8cd0da0e17cba191a05de0605dfb80fc788fbfa1cbd5784f839fed3641

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
481KB

MD5
1db5b390daa2d070657fbdb4f5d2cc55

SHA1
77e633e49df484b827080753514cc376749b0ceb

SHA256
d5fbaf5c0d8e313d4dad23b28cac4256c5dbed6ab3b0d797e2971f30c5e095ad

SHA512
68aa0152f5aae79a146c1813915fd16ec5454b285bd1781370923f97d6c147d53684192f7f4161e5c1a340959ec432ecaac127b0abe7d08f70c387e08ee4f617

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4BBE.bat

Filesize
722B

MD5
6120ab53f814f70f2dec5ef56ae504c8

SHA1
81423816a3367c33ebd5d8ed9b641baf52d30110

SHA256
64e461fdd8c031d17bcd37de91ed3ef82fecc71040a63700198cb1dec9f6b610

SHA512
5df69b68478a4fbb28046e74f10d792d4c25eeb2d96e20b742032d7b2d75555b7a4136019d0540f401451cee19e362b13fb837089d0d8ecc74fe0c2196b704d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe

Filesize
50KB

MD5
0aabc904f8ff831c4c4c6225af8cf454

SHA1
23c4c438fc5d68173f0bd7bf89ba398b0c7a98f2

SHA256
b15ce635b768c03e7bba1818c57963110f1f024206fa3363bdd84ed6f50465ac

SHA512
67dc5ab60e827fe7256a9af9c7f8314718d81c96ff499a87355d7a0b1173dcae79ef14ec13b6e2e0c81e4a45852616bad8ce861ee02067fbd0f122e4c9bc4547

Download Submit
C:\Users\Admin\AppData\Local\Temp\92b426ffd5e69a7932e348001466d2bda0a5a93c7ca44eadd223dd86fb445b45.exe.exe

Filesize
91KB

MD5
fc99713bc9f526cfbe3a022465ed6ee5

SHA1
68e66e8e7835e876c685fb846aa0204729e6d7dc

SHA256
3f02ed8970e0820b8e55706078b242a3426ae44425a9750c5ee85f0450a58b25

SHA512
4086d29f3d9284167ff1a7fdf03ec67989a6a7e941da435880522939f7446a20e5a50b8d98037ee824ebf9448321309433f8b69e1dcf29fb191a412aa63372d4

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
29989799438a463b62c9deb98951b7bd

SHA1
f416c1209a4faef54928893920def7e8be68a487

SHA256
6113caab166df74a34eaab544b21ea5610739e233e6e62a7e3643bac6443eecc

SHA512
597fae1f1dd044a3871c388a76015ff91572a207803e34fd4eabe6e1f46e05aaba60e1a41ca5e8e281150560a7e319f6f721b841459444927359aa15bd9190fb

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1497073144-2389943819-3385106915-1000\_desktop.ini

Filesize
10B

MD5
7ffaa74dcf5b57082a43c17464e10782

SHA1
c6cf002ebb82e54cb14553d044f6c61463b369a6

SHA256
b3bfda52765f0ec02320ef68e5fca5e0d4bb61e1ec6f062430a5711a41c1be65

SHA512
35ef0f681e44781b5dc20e179918be9dad7be2029093f9537cfe30bff888bc875ad32e6bbb59294dc36779829bab7aa6ebfac9e93c6a1ef5e4e7ddde85bb6de8

Download Submit
memory/772-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/772-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2716-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2716-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2716-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2716-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2716-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2716-924-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2716-1165-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2716-4716-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2716-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download