0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 12:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe
Size

88KB
MD5

efcfb2d46703f473faa5a26e9a96745e
SHA1

fbcc2d19459ae9abe8c6a31a57066a7bc156f0fc
SHA256

0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918
SHA512

02f9fb5940812324a688588d5d11086fbfb41916883d1d99b32efdf46147a49a0e2458c0d53f54dd419e5d147ed112329badec666fce82484f3479d476e58c68
SSDEEP

1536:p83SHuJV9Ntyapmebn4ddJZeY86iLflLJYEIs67rxo:p8kuJVL8LK4ddJMY86ipmns6S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3856	Logo1_.exe
3148	0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\km\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\css\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Defender\uk-UA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_2019.305.632.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\am-ET\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\EnsoUI\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es_MX\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Defender\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Multimedia Platform\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hu-HU\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\nl-nl\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Logo1_.exe	0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe
3856	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 3036	212	0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe	84
PID 212 wrote to memory of 3036	212	0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe	84
PID 212 wrote to memory of 3036	212	0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe	84
PID 212 wrote to memory of 3856	212	0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe	85
PID 212 wrote to memory of 3856	212	0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe	85
PID 212 wrote to memory of 3856	212	0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe	85
PID 3856 wrote to memory of 2000	3856	Logo1_.exe	86
PID 3856 wrote to memory of 2000	3856	Logo1_.exe	86
PID 3856 wrote to memory of 2000	3856	Logo1_.exe	86
PID 2000 wrote to memory of 3196	2000	net.exe	89
PID 2000 wrote to memory of 3196	2000	net.exe	89
PID 2000 wrote to memory of 3196	2000	net.exe	89
PID 3036 wrote to memory of 3148	3036	cmd.exe	90
PID 3036 wrote to memory of 3148	3036	cmd.exe	90
PID 3856 wrote to memory of 3448	3856	Logo1_.exe	57
PID 3856 wrote to memory of 3448	3856	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3448
- C:\Users\Admin\AppData\Local\Temp\0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe
  "C:\Users\Admin\AppData\Local\Temp\0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:212
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4A96.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe
      "C:\Users\Admin\AppData\Local\Temp\0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe"
      4⤵
      Executes dropped EXE
      PID:3148
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3856
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2000
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
5fb694ecbaef4c0dbc2e7bc518550f95

SHA1
2f5c13851c068b6ab3395f9ea4f5d685f5bde652

SHA256
69c1afb6878ac4461a1725f33fa5bd3f4942b6cccdf9a695cbd4c1d3ce959542

SHA512
e1d9908f8fe26125f9735e54be97c08be95b8a970916b4dff2c65a79988e7b8a6fab96dcb7379b885918c460fca2b08e29032ddd7fdf48311f8ee5b73b6860cf

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
0f4644de76fc4208d5d881fd23aae25e

SHA1
8c46b99f7215cb23fbe3e2ad4c4dfaf6910e0802

SHA256
89d06fb3d417ba96dcb9066c9f4b97126a87472ec64adb517d76cf1d30ca70c3

SHA512
c731ae84c8fed86f9b86f2798a11b098672586338a599342ad5fa2bafe8ccb63e83292b36015eb47e53c2b0c8e8dc0a080387b7b14d19ba34cb8b4658cc3c15a

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
8bb26e9fcfbbdbbc9221602a5b79c6c9

SHA1
b4e8b033f9ea5fee307f49cc17600459f7d2e274

SHA256
62cedb0af2d0bae545c154ef021c79e44d56c1f7a4b3772853bf4863085053bd

SHA512
10182f47c2c887975475d8c718dd265dfc238e4d5535c0e0c023cdab5f16126eef7d3241228453eefd71943d96ac6f2bb5a6f7e292418f9b661e5edbddd89db2

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4A96.bat

Filesize
722B

MD5
84e6aee3b1688e25ccefbf437aae80a6

SHA1
b8aa77dd5d7bf857ad0cf20e16709611d06269ec

SHA256
bda40027be3256170d6eecf32cbb0aa2a177a40a20cc8f98760c6d66942af7c6

SHA512
c64be00a02eab497b1a8c716d5b600c3afce7418928eca23c3f7e289025a58addc2e16718e229987d4f2ab75ef31077db5cc42a6bab87186548f72279ca872c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\0c7d879081654e4ccf4b89abb9a6dd235657734ea6dd140a24d4faffe3769918.exe.exe

Filesize
59KB

MD5
dfc18f7068913dde25742b856788d7ca

SHA1
cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

SHA256
ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

SHA512
d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
1d0bc41b21bb6c98d73c7f1ae0112ada

SHA1
c5ce0d2a9250fcc5c6db8cb885fb0fc240cc6592

SHA256
6a949b2880d6134bcd51ec556b319aad204d33e058bf572bfffeac77f5e92727

SHA512
16e1d37a92c0ad2f8479def373f2c60372a05b010a88320e50d30f10d35322525f61d1b921333dd18607691731d306cceec6cd9a4894d6c24a45a92492680b8f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2288054676-1871194608-3559553667-1000\_desktop.ini

Filesize
9B

MD5
2be02af4dacf3254e321ffba77f0b1c6

SHA1
d8349307ec08d45f2db9c9735bde8f13e27a551d

SHA256
766fe9c47ca710d9a00c08965550ee7de9cba2d32d67e4901e8cec7e33151d16

SHA512
57f61e1b939ed98e6db460ccdbc36a1460b727a99baac0e3b041666dedcef11fcd72a486d91ec7f0ee6e1aec40465719a6a5c22820c28be1066fe12fcd47ddd0

Download Submit
memory/212-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/212-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3856-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3856-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3856-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3856-1060-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3856-1227-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3856-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3856-4792-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3856-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3856-5231-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download