e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe
Size

171KB
MD5

5a160c1012c2a073b094506c298fa390
SHA1

de38838d386774f1418fb7c92be789655f4267e3
SHA256

e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f
SHA512

f5c3c8215a448f0989a159643935c0c2fbb596f2bfa8ea3c501d72dc48dbf2cd7bf96bf11e6d116bb077b2b9d8658694083badaa9a679e4f1f2fe7bbe3355dcd
SSDEEP

3072:PftffjmN0vo/rE+Ep8UsG+Un/VwnFS7EArdUYVS7gng:3VfjmNzrRI84aFSYAfUgng

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1216	Logo1_.exe
4680	e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\typing\bubble\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Notifications\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\x86\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\de-DE\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kn-IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\loc_archives\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Media Player\uk-UA\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\da\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\root\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe
File created	C:\Windows\Logo1_.exe	e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe
1216	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 2564	3732	e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe	81
PID 3732 wrote to memory of 2564	3732	e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe	81
PID 3732 wrote to memory of 2564	3732	e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe	81
PID 3732 wrote to memory of 1216	3732	e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe	83
PID 3732 wrote to memory of 1216	3732	e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe	83
PID 3732 wrote to memory of 1216	3732	e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe	83
PID 1216 wrote to memory of 4172	1216	Logo1_.exe	84
PID 1216 wrote to memory of 4172	1216	Logo1_.exe	84
PID 1216 wrote to memory of 4172	1216	Logo1_.exe	84
PID 4172 wrote to memory of 1668	4172	net.exe	86
PID 4172 wrote to memory of 1668	4172	net.exe	86
PID 4172 wrote to memory of 1668	4172	net.exe	86
PID 2564 wrote to memory of 4680	2564	cmd.exe	87
PID 2564 wrote to memory of 4680	2564	cmd.exe	87
PID 2564 wrote to memory of 4680	2564	cmd.exe	87
PID 1216 wrote to memory of 3548	1216	Logo1_.exe	56
PID 1216 wrote to memory of 3548	1216	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3548
- C:\Users\Admin\AppData\Local\Temp\e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe
  "C:\Users\Admin\AppData\Local\Temp\e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3732
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a689D.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe
      "C:\Users\Admin\AppData\Local\Temp\e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe"
      4⤵
      Executes dropped EXE
      PID:4680
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1216
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4172
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
8e8cd41d53a370eb0924cff1cec33108

SHA1
0f485162a7178544bb0f1aec25478c5686ef5d62

SHA256
ad2a12d8dd700de0d2678bd43d36b6a95f2d131755f5502c2a0b89c1c988cafe

SHA512
5af061d47f51e8f1e5a6554e1debfb5fce2a4893392b8819b5da2fd492f8fd07802c356b81ab680fe7fbc3eebde6fcc73736f7ac4ad6f409e6de19279239625b

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
37e80e5647ffe4a03ff20056dec2c92d

SHA1
0b425466fd5cd33a6b39cb88c2d7135f43d457a9

SHA256
a7627f5ea0c560c5bd662d33dd15c86fe3f3aae5b4ed477f6108ea9ce57feab0

SHA512
82864c854c83816493b606c9cb7e4ead9a93ad0c3093c6c459d1ff69add988561df8adafee803289e8e1c5218f8958d9607b99b9bc563871820163dad9514a28

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a689D.bat

Filesize
722B

MD5
79a6a95418247e337fd645090a27fc35

SHA1
00b705f153d28b89d236bd59bd56124c5f4766ea

SHA256
11bf234ff1aef8d3b3296278949c990d25b8a3a9986a2020fd8a56fcebdecfe0

SHA512
8365df19db7f4cebe3c2edf862ca546dcd49e540130baa1adaf136c2102c183cd616f91e0bfbed7fa047b897e7491648d0c0bfb80838023e437b1781237d269e

Download Submit
C:\Users\Admin\AppData\Local\Temp\e089b314f4d4b0bf6a3e0b64f295ca99ab632f9f37ee718210f3fd80fb38b02f.exe.exe

Filesize
145KB

MD5
86e33710975609e514578283713bcbcc

SHA1
fe0de2efd205c944f0599fb055e1621b8e5f01e6

SHA256
a041c9e2a54b4dd665bd874e6b3ebb149671e1c4ea738acc17b7891e0db2fa5b

SHA512
98bbf5c20859c288b12b76930f037befec7edfa168e089a0977164f5ad8db0a72cdd5bb8365aa2d20af0c47a831f82ee62aafa7f935917461fff0486becf3aa0

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
89fd2182835f21139c0306b0912f9134

SHA1
1b3222fb6f550a36544e327db4a167b46d262c2b

SHA256
bcde8f5a95298325a8ce453924ec77add7f9adeaf212594e587001478f3a849e

SHA512
5888f20a5f2109597c36d16be8e86e6a00025354e2a2aa478c2fc2eb7af89c4fb4f54f07c59caa74504c0554048c2ccb942c98ca288e9a6a8dc847729577ff5d

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1826666146-2574340311-1877551059-1000\_desktop.ini

Filesize
9B

MD5
2be02af4dacf3254e321ffba77f0b1c6

SHA1
d8349307ec08d45f2db9c9735bde8f13e27a551d

SHA256
766fe9c47ca710d9a00c08965550ee7de9cba2d32d67e4901e8cec7e33151d16

SHA512
57f61e1b939ed98e6db460ccdbc36a1460b727a99baac0e3b041666dedcef11fcd72a486d91ec7f0ee6e1aec40465719a6a5c22820c28be1066fe12fcd47ddd0

Download Submit
memory/1216-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1216-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1216-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1216-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1216-954-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1216-1227-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1216-4322-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1216-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1216-4793-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1216-5232-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3732-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download