695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9

Analysis

max time kernel
150s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe
Size

100KB
MD5

28623d2e7b99de1cd5865b065e1bfd0b
SHA1

ef6d7994ae64c63a727129dbcede9337f6051c05
SHA256

695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9
SHA512

ea27385d80ed0b884e9f738867bd30799f7fb04f8ddadd867cc110359548c5c817c732906b3682173af25f32aa860cc8965297cc31b1e42a4c712fde389ed2a8
SSDEEP

3072:lftffjmN/GfKDBgbNY+JMrK+0o7IJfuuaM1IxG+:lVfjmN6SBgUr0o7I1+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1324	Logo1_.exe
3916	695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\extensions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example2.Diagnostics\1.0.1\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_2019.807.41.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe
File created	C:\Windows\Logo1_.exe	695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe
1324	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 2628	4804	695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe	85
PID 4804 wrote to memory of 2628	4804	695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe	85
PID 4804 wrote to memory of 2628	4804	695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe	85
PID 4804 wrote to memory of 1324	4804	695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe	86
PID 4804 wrote to memory of 1324	4804	695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe	86
PID 4804 wrote to memory of 1324	4804	695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe	86
PID 1324 wrote to memory of 2644	1324	Logo1_.exe	87
PID 1324 wrote to memory of 2644	1324	Logo1_.exe	87
PID 1324 wrote to memory of 2644	1324	Logo1_.exe	87
PID 2644 wrote to memory of 4992	2644	net.exe	90
PID 2644 wrote to memory of 4992	2644	net.exe	90
PID 2644 wrote to memory of 4992	2644	net.exe	90
PID 2628 wrote to memory of 3916	2628	cmd.exe	91
PID 2628 wrote to memory of 3916	2628	cmd.exe	91
PID 2628 wrote to memory of 3916	2628	cmd.exe	91
PID 1324 wrote to memory of 3444	1324	Logo1_.exe	57
PID 1324 wrote to memory of 3444	1324	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3444
- C:\Users\Admin\AppData\Local\Temp\695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe
  "C:\Users\Admin\AppData\Local\Temp\695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4804
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4E20.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe
      "C:\Users\Admin\AppData\Local\Temp\695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe"
      4⤵
      Executes dropped EXE
      PID:3916
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1324
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
2df1418d5d93ba658c5bf738f86f2c57

SHA1
6d3d7210a0abbc91c89a15c300c4f095d6831dc2

SHA256
83ba73a5b0133a543ab3c508f3927b373cc033a8d1741e9239939881097d5330

SHA512
d213e966a95f0a119b1f4cc85f4435d19795e419024790195f3d73d3b1755de25a5cb80acf3c28f8e6aa89ece57dc4e3d79e3fbc4bfab0fe83265b7c268904d8

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
e9444d87b0b9b0ff5e65e1dc74bfc643

SHA1
37bc759772f60a8f941c2785f4ee5a31edbf8d39

SHA256
9768f0643f6aee6b3e9d50071a906e21b4036697dd3a06162e852a07aeb7af39

SHA512
2310228a2c76341ca31025ced9d980f8f74825a6f94491581ec0d2a377a9cf5acfbcd8bcd7c15573892ec74d3591f22c133762a15c223327d1e2f13184682deb

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4E20.bat

Filesize
722B

MD5
f2565bda0ea9de87370d90f103da8526

SHA1
4f8c91b6967cb2701922e69017fc583fd777167f

SHA256
48922a8a1b1be7321119b339d9779aabebb812e1af26d4371681f446f25fb7d3

SHA512
fbd19ef397d7060f15b053327071e92f25dc08820c4a74c19a2e7d16aa643ca9bae7db1b83e1cf94a84b473ab0727c2aa660be72ee89dae568bfce316b654bbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\695253efeb94cdf31e8dd46590af2d3a4b54258685cc7c1a77499483b1fa7bd9.exe.exe

Filesize
74KB

MD5
97ae91a7a15bbe0b49b5b99b32a91b71

SHA1
d64bdd1dae5fc1c2b07e3cea8c509eccc443a305

SHA256
1cd2bdcddabde5c477f01e7c059dd39d9925d1369ad88dc888989a25965c944b

SHA512
02073c5b2590989bd36eebbc521146177802fca6aa0193a2149ee74d1e59f69dcc79f8d7692a8ab593872cdf366f4c159aedac69b5292afa16c7ca778bbcd3c7

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
75e4764d2ab25c5ddd76e779117c0243

SHA1
46f4018cd51d0e742730469d59389927ecd0eb0e

SHA256
ec383ea6b7dd7cdfc13d98cf0d1327685a046d851621b08e2dbaabdebd502396

SHA512
8215c629947d5b663b32742ac2ea09a20b227a7cf9f4e82bd0b53e5dfcdc34a5b0a179dc5f3d3472b590b08fe4dfbc3aa073e46988880a3b1ce3fbec18d5ec4b

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2288054676-1871194608-3559553667-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/1324-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1324-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1324-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1324-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1324-1060-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1324-1227-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1324-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1324-4792-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1324-5231-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4804-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4804-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download