9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd

Analysis

max time kernel
160s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 15:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe
Size

907KB
MD5

ea43c5b21e1c160ce356a37e336e52ec
SHA1

93cc19051c632f983bd0f599be079fe729b1187f
SHA256

9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd
SHA512

f8f232ef969ffe5e777657c25e1588faaced0a4b521f5153b1fa3fe8f8cd95509c4f377dd11dc2235eb42b6a1dc42691391f45b9ac974ac277e16b5360c06539
SSDEEP

12288:o7+Sbvnf8UaJEjEKUBKuJyECjDW76LS/Uc7xX0gmbKgPdr/uduQXqOFuzsj5uJZj:o7tvoTKUsEyEyK+LS3g9KXqKtu73aBi

Score

7^/10

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe

Executes dropped EXE 2 IoCs

pid	Process
1244	Logo1_.exe
2776	9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	Logo1_.exe
File created	C:\Program Files (x86)\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge.exe	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\zh-CN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Validator\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\skins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bg-BG\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.17\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hr-HR\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe
1244	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 3076	2320	9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe	88
PID 2320 wrote to memory of 3076	2320	9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe	88
PID 2320 wrote to memory of 3076	2320	9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe	88
PID 2320 wrote to memory of 1244	2320	9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe	89
PID 2320 wrote to memory of 1244	2320	9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe	89
PID 2320 wrote to memory of 1244	2320	9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe	89
PID 1244 wrote to memory of 1948	1244	Logo1_.exe	91
PID 1244 wrote to memory of 1948	1244	Logo1_.exe	91
PID 1244 wrote to memory of 1948	1244	Logo1_.exe	91
PID 1948 wrote to memory of 4732	1948	net.exe	93
PID 1948 wrote to memory of 4732	1948	net.exe	93
PID 1948 wrote to memory of 4732	1948	net.exe	93
PID 3076 wrote to memory of 2776	3076	cmd.exe	96
PID 3076 wrote to memory of 2776	3076	cmd.exe	96
PID 3076 wrote to memory of 2776	3076	cmd.exe	96
PID 1244 wrote to memory of 3464	1244	Logo1_.exe	57
PID 1244 wrote to memory of 3464	1244	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3464
- C:\Users\Admin\AppData\Local\Temp\9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe
  "C:\Users\Admin\AppData\Local\Temp\9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9A0D.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe
      "C:\Users\Admin\AppData\Local\Temp\9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe"
      4⤵
      Checks BIOS information in registry
      Executes dropped EXE
      PID:2776
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1244
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1948
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
a3c011069110618bf098b77b5a86a52e

SHA1
06c2bbf8a84d0d40810d222a82e6db1a24e6eb89

SHA256
8fc694ae580c6028aee0055c92016e20e00ca053b251d49897f14c0335493d4e

SHA512
61a21b631b200456df60a659c72ecf9dcb7e8c73cbb6a3b58a00ec403a09d9a616f10374fe54b20cd765f51e172026759c56f5244deaf0e38ed86387fb147c89

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
f18fda380ac7fa927bb594194e8f36bf

SHA1
cb2648054e916bce05bfa65e0eefaa14591d2202

SHA256
587913acede62b4d90e1116447be252d01c6cbbf19f4b8aac3fd2808f47e3c68

SHA512
1eb2c135617b3b726f2d64a6f0c48974fba834cc903c8393a440d56900e083bd5094f9d195f9ddbd5eab18fa7ca241004e4a5858a647871e9b727cfa68611852

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a9A0D.bat

Filesize
722B

MD5
6d36fca0370e68444ec6c221bf8dd87a

SHA1
e4144dd70a4c2c30fdf4fbfba42f8be9ab64603f

SHA256
396da2efdc14d73625b53b5e3831d3dfac20f94043685b89414be1704b2698dd

SHA512
58594d198a89a4cd5d6ba868a706dad3d4015503e4f09af5514b448bb5e86cc9194a5ef7e838510a45b5ab61f8a8b93bdada6fed050f057df800ea2a803bec3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe

Filesize
881KB

MD5
86c7984b07ffb690e0c4009e9d9c5db5

SHA1
eb64223925209c5be7525b2767367bf6f2df41ee

SHA256
4685db307fb2fc7d6489cca067ef879252177c577b9d95b3fad02b39a5866490

SHA512
d0a3445ca41003402322c03d0f9305ed97543273419f52fd9baba94f9c3f5cd733be3d6cc45937e59cd0a845ce1e151a4cf27f9ae66ce09fe71477e458e9fe24

Download Submit
C:\Users\Admin\AppData\Local\Temp\9e2480019570e10b4aea0a39fd475407065951a9ffad9e6f866e8187218087fd.exe.exe

Filesize
832KB

MD5
df123e076f94bc58fabcae467c77d0c9

SHA1
1c2a563150f908fd4730e1947a13b19761f2656b

SHA256
2d2462beb9189f1d00aa35dfd606d8b09590892be5429f26456cb9ad5d771d76

SHA512
0e12109a0fb37ab4c957f52b9f0b6a20e28cb4400ae8513d945cf689c5f8e2c1fada53177e94d3d6f18b76387a63dc5f86499103dd9ca8cab174e8b9e619e441

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
d2a74bc19286d7ef7820c36781f07a13

SHA1
02800dd9efee007c405e9d3d6340615b08ea9cd2

SHA256
10b61d177f43992c67d9366659c9cbe06d44c15257a70eff1182aaa64df6e22e

SHA512
c06041332d2cea75c3f1e9a12433e95d1c1ba1b49482c5a20a3823fb00caf48663e6c70ba8a0d60321f173bf7f14dd1c21b6c520f055c6b50e554affc7721727

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3045580317-3728985860-206385570-1000\_desktop.ini

Filesize
9B

MD5
b2c5a70d0c0f7486eb7bcd691664669b

SHA1
0be0eb4afb44c300b16181ffb981db5d2e6563e8

SHA256
3369ac2d9926df9466c914d7bafae58764696319b1584f9f83202267db0f8799

SHA512
5d9ec62e9872989b928f4372fe35a4fec4ab6ae308a2d0191b487cfa1bdca276bb5ac54c7d3ba59d081128dcfb40252e40089e03ca4600ee428714a322628d14

Download Submit
memory/1244-53-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-459-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-4757-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-2349-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-29-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-1188-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-45-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1244-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2320-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2320-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2776-20-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/2776-31-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/2776-19-0x0000000000400000-0x0000000000689000-memory.dmp

Filesize
2.5MB

Download
memory/2776-22-0x0000000000400000-0x0000000000689000-memory.dmp

Filesize
2.5MB

Download