341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c

Analysis

max time kernel
150s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe
Size

84KB
MD5

643728a4f0251aa53eae065f3ba727f9
SHA1

0c2cad3f1694588662982b8fcb45885e3ce50713
SHA256

341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c
SHA512

fba3f94e7973f7d58fe4540f28b7254e9f4c36fc0dbb270baa6e0f4a561e24d7e8daa8cce73f7adbae95cc2b230050179be14c5ac8f87a6b9bf0553945070412
SSDEEP

1536:AfgLdQAQfcfymNsL4p5nkjXut+Mm6Q498gQwRFbBijuz9YCxrfZQIUk04Xf:AftffjmNsL4p5nkjXut+MtQ498gtRDrD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3336	Logo1_.exe
3188	341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_2019.904.1644.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\notetagsUI\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Retail\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Retail\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\home-view\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\core\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nl-nl\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe
3336	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 3192	384	341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe	85
PID 384 wrote to memory of 3192	384	341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe	85
PID 384 wrote to memory of 3192	384	341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe	85
PID 384 wrote to memory of 3336	384	341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe	87
PID 384 wrote to memory of 3336	384	341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe	87
PID 384 wrote to memory of 3336	384	341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe	87
PID 3336 wrote to memory of 2216	3336	Logo1_.exe	88
PID 3336 wrote to memory of 2216	3336	Logo1_.exe	88
PID 3336 wrote to memory of 2216	3336	Logo1_.exe	88
PID 2216 wrote to memory of 4476	2216	net.exe	90
PID 2216 wrote to memory of 4476	2216	net.exe	90
PID 2216 wrote to memory of 4476	2216	net.exe	90
PID 3192 wrote to memory of 3188	3192	cmd.exe	91
PID 3192 wrote to memory of 3188	3192	cmd.exe	91
PID 3192 wrote to memory of 3188	3192	cmd.exe	91
PID 3336 wrote to memory of 3384	3336	Logo1_.exe	57
PID 3336 wrote to memory of 3384	3336	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3384
- C:\Users\Admin\AppData\Local\Temp\341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe
  "C:\Users\Admin\AppData\Local\Temp\341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:384
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3D95.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe
      "C:\Users\Admin\AppData\Local\Temp\341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe"
      4⤵
      Executes dropped EXE
      PID:3188
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3336
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2216
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
7bccc2687df85a1835e6bbcf1b5ebdd4

SHA1
1a925ae4a0c41080cd05c90996666142c6c02119

SHA256
feca718c189c33d8766c401d21b38e8eb079893a4a98b0384f43892918d11bde

SHA512
58d00e2e1d6d1c067f3dd7600f6e60efe543f431f537132bac83e35f09cf8f22d7c5db80f7ce8382714eb94cd3c7c5fd73374c03ce0a9bb62327a0cb77a2ec3a

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
c5a88e3597217a1f626e9d7f21ef017c

SHA1
20065f6da3ba04ad7f0d4981beec62a2a7202d06

SHA256
7a785cb0ec6396135525b3a873444a18b1770489b2fc5c5abb6c07eed4ae77af

SHA512
908e2a4513cc156eace5747c326b9483aee09413070e4763e224e63ee3038fd095dff884e6cd84da055abb5301c164562d6355231f15e4554fee7ab70a28e5f7

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
481KB

MD5
1db5b390daa2d070657fbdb4f5d2cc55

SHA1
77e633e49df484b827080753514cc376749b0ceb

SHA256
d5fbaf5c0d8e313d4dad23b28cac4256c5dbed6ab3b0d797e2971f30c5e095ad

SHA512
68aa0152f5aae79a146c1813915fd16ec5454b285bd1781370923f97d6c147d53684192f7f4161e5c1a340959ec432ecaac127b0abe7d08f70c387e08ee4f617

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3D95.bat

Filesize
722B

MD5
d485d76de818164406d7a5a275f32e37

SHA1
dddc0c2d0a5765af7c42731798d8b8e98759a468

SHA256
a96eb6b33c4681aed6bf0a33d804df71ec1045cd173e7b44904eecb15e22b083

SHA512
39b9554f5873a49d49da8d1e64448fb042dd61890ce59134a10b13b445224269de342c3e9f6be739603a454922eedef207a1f04a2ce4af091ead961f8cda8a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\341e37a9516c9b21c4d353881dee71c15bb8372b427a5d514c2e1d4624744a5c.exe.exe

Filesize
58KB

MD5
7cf88ab9caf907ad8343eb90aa543812

SHA1
64e7c7a02968d9c0e6978dae303877091753dcb0

SHA256
6ed4924969f26ab0cf8119c3a15579314213bc6bf634d2e369b6082d6faceb4b

SHA512
e544b214b2ac2c7fdcac41664b335f3bbdea0dcb5e01913cc8be326f9daecae8524727894819fb6cf45e311b1c91de93e695e3a26c70903d51afbaa43e0ed08c

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
f131c8a61871d776a2bd93bd9c68f965

SHA1
85a2d2377f7b90bb4387dcbbae3ad0dec87f8ada

SHA256
0bfaec6d73d24f0736ee92b9deba61082f08cdba8482866361fbb57acae7c3d4

SHA512
087e9f83e8a9b3c050de6e8fa4989bf614f23a515710f151b84a15f1444e1352b8ef1d7e4e2ae3bcae98bf7281c8597ed85ec9ea84da27651304577a0b7d32d7

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-275798769-4264537674-1142822080-1000\_desktop.ini

Filesize
9B

MD5
9d515d16952bdb1cf51672ad091046bc

SHA1
5fe954c6d41499122182eb48cf6f9d203b9eae7c

SHA256
12ddf5d72be26a3f4fb46d905661e24bf30948454c9701f20e50436a238a25db

SHA512
d0f7522406355a837e55f5a99b6969ed4b0ccbc2e427b83a917eedffc37899b139c2b33ea73a90469a6045b3b71848bf97641528644a4a3f55d666223fa31d4b

Download Submit
memory/384-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/384-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3188-35-0x0000000005A90000-0x0000000005AA0000-memory.dmp

Filesize
64KB

Download
memory/3188-21-0x0000000005800000-0x0000000005892000-memory.dmp

Filesize
584KB

Download
memory/3188-23-0x00000000058C0000-0x00000000058CA000-memory.dmp

Filesize
40KB

Download
memory/3188-24-0x0000000005A90000-0x0000000005AA0000-memory.dmp

Filesize
64KB

Download
memory/3188-19-0x0000000000E10000-0x0000000000E24000-memory.dmp

Filesize
80KB

Download
memory/3188-20-0x0000000005EA0000-0x0000000006444000-memory.dmp

Filesize
5.6MB

Download
memory/3188-22-0x0000000005A90000-0x0000000005AA0000-memory.dmp

Filesize
64KB

Download
memory/3188-34-0x0000000074C80000-0x0000000075430000-memory.dmp

Filesize
7.7MB

Download
memory/3188-18-0x0000000074C80000-0x0000000075430000-memory.dmp

Filesize
7.7MB

Download
memory/3188-36-0x0000000005A90000-0x0000000005AA0000-memory.dmp

Filesize
64KB

Download
memory/3336-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3336-47-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3336-51-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3336-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3336-122-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3336-1185-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3336-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3336-4750-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3336-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download