8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b

Analysis

max time kernel
149s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe
Size

66KB
MD5

7ab603a67916126a3aba6422571fb17d
SHA1

916578457c05927c9b2d61f51ff90e85b2be0cad
SHA256

8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b
SHA512

f02bccf3f6ce384f32a68acef037a82a3963563d5e74ae2c72a5dcafc36f2b603a65aef5c11a777ff6d7c957f9bb32d4c777e0417b0d71932e9c91ce961f578e
SSDEEP

1536:AfgLdQAQfcfymNDSVHaxgzwjY/3kPYzcPBGRE/mZ:AftffjmNDmHaxgE2cP0RE/mZ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1072	Logo1_.exe
1132	8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Mail\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\eu-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Portable Devices\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sk-SK\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\MicrosoftEdgeComRegisterShellARM64.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe
File created	C:\Windows\Logo1_.exe	8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe
1072	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 4588	3428	8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe	85
PID 3428 wrote to memory of 4588	3428	8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe	85
PID 3428 wrote to memory of 4588	3428	8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe	85
PID 3428 wrote to memory of 1072	3428	8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe	86
PID 3428 wrote to memory of 1072	3428	8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe	86
PID 3428 wrote to memory of 1072	3428	8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe	86
PID 1072 wrote to memory of 2876	1072	Logo1_.exe	87
PID 1072 wrote to memory of 2876	1072	Logo1_.exe	87
PID 1072 wrote to memory of 2876	1072	Logo1_.exe	87
PID 2876 wrote to memory of 2636	2876	net.exe	89
PID 2876 wrote to memory of 2636	2876	net.exe	89
PID 2876 wrote to memory of 2636	2876	net.exe	89
PID 4588 wrote to memory of 1132	4588	cmd.exe	92
PID 4588 wrote to memory of 1132	4588	cmd.exe	92
PID 4588 wrote to memory of 1132	4588	cmd.exe	92
PID 1072 wrote to memory of 3464	1072	Logo1_.exe	56
PID 1072 wrote to memory of 3464	1072	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3464
- C:\Users\Admin\AppData\Local\Temp\8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe
  "C:\Users\Admin\AppData\Local\Temp\8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3428
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a47C7.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe
      "C:\Users\Admin\AppData\Local\Temp\8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe"
      4⤵
      Executes dropped EXE
      PID:1132
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1072
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2876
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
cda983865cb5bc2fb26463c9ade2dd8a

SHA1
32ab4ef3cf07513f5b32ba6650edcf7768312756

SHA256
5fb9c04c3be90ae86e88c4c300cf2041b78208d7e0bed62610a93a8ad6ed955e

SHA512
0d04f9fee47568c34ba4cda8e165dcebe345755d27b33d8ea0e963ed117e86a094562da447967764193bc93ee244cc4f1a0e6e610ee32d310a1c2e38d1712df9

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
d10fac9bb06189907219a49b311a1058

SHA1
7760745b247bcc0824660b8ff175e29441c1e18a

SHA256
d2438b7f46534f188096ecde9648ad929f4cd5f974bf32de9e347895beae1681

SHA512
ef1849405adf00bef2845c236de1d8d29ae89de7f81dd535f898a64a60e6bd3d9097c3961bb1d8c059d45125cbdefeab64a543903e939d933ead9a339c538255

Download Submit
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

Filesize
481KB

MD5
1db5b390daa2d070657fbdb4f5d2cc55

SHA1
77e633e49df484b827080753514cc376749b0ceb

SHA256
d5fbaf5c0d8e313d4dad23b28cac4256c5dbed6ab3b0d797e2971f30c5e095ad

SHA512
68aa0152f5aae79a146c1813915fd16ec5454b285bd1781370923f97d6c147d53684192f7f4161e5c1a340959ec432ecaac127b0abe7d08f70c387e08ee4f617

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a47C7.bat

Filesize
722B

MD5
77d2248a6f640f3df3a13a51ebe2efb8

SHA1
83dd971010d102e1eff46ef6b0a797b85b335c45

SHA256
16e35830585c51f4bad97fe756a7cd10b2f85e4c9365a0406923300b62ca7cee

SHA512
248c8e3f3d0ff3ca6cc9378a68549bcf524911b06db72db8a1766c7785078b6af2618dbfb95190e015d93f4a8df1726824d1e38ede57f049b49c3995fa10500f

Download Submit
C:\Users\Admin\AppData\Local\Temp\8e4b5f65aa8f1d0977228dfb35af719036e4b92380b0427ab42d52543764b23b.exe.exe

Filesize
40KB

MD5
20bf33a80e41cfdec90f94c4f7417305

SHA1
7534ee093dbb13379d49310304be54c4a66007db

SHA256
046aab6b6008e5d790eeebc31b65f1ee9c8ab4a6a0834cf57ab4679e1e5e86c1

SHA512
07eacb0fb738fce7d1195b908fe7aa64bac9ee9b17fe8814a8829eec2696f75646681689f2cba6cdf19822cce80de4c4bd1e7ea283f94d9d5eefbb81337e5b2b

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
c04efdf02f4d903a4ee4c73836f2bb3d

SHA1
dee65b553a1df85217908ca97f6be42c5375d5e7

SHA256
fca152c317c907959fd230389d37d3b1f6edaa178154a64a53ee94834e843c30

SHA512
cf96bab4a6f53042b2e21b03c3a971a77622be1f7ce667c9ef1d93d72508a9634480a8b56b157d82deca1577d40feca192c64eaf1372b28853b09a5f06e4e55c

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-983155329-280873152-1838004294-1000\_desktop.ini

Filesize
8B

MD5
5f100629144d81dc74c26a0981eb2a00

SHA1
712df1d52fbbd6d84660a9e0c2d53e2b9568bcb8

SHA256
f669f4c43954e911517da8935526966d527e04c88f50563d928ddfc21897d5f5

SHA512
c0ed3cb7eba4e7a0195c0ca982f9d2903a2173375b0c2fd23286d9366dd3b097207564b1c1d26fdc7b86ab30345e9cf5909b7b3ceb1a73ebd70c5d1446a824ef

Download Submit
memory/1072-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1072-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1072-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1072-41-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1072-767-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1072-1175-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1072-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1072-4740-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1072-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3428-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3428-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download