1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d

Analysis

max time kernel
150s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe
Size

387KB
MD5

0abbe3bd344e67b0bc54b886949d17de
SHA1

c9640320888b79b7fd998137a2518ecc33974899
SHA256

1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d
SHA512

9c785be0601fbd5a255b17a3bc9a3e50c54d0092a141ce580ec7178efdc0e3a18a875aebf1d8dc378c8d270d67e2400f87da22b428ce2b8bb9db456363e71208
SSDEEP

6144:wVfjmNaYVGfI8iej2CSwBmsYJ66UGLilZIN107HFxHG7:a7+aYVGPic2CA6w4xx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4440	Logo1_.exe
1152	1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fa-IR\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sv\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\en-GB\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_77343\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Services\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.29\MicrosoftEdgeUpdate.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\WCChromeExtn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\PhotosApp\Assets\ThirdPartyNotices\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\IDPValueAssets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ar-SA\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ru-RU\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe
File created	C:\Windows\Logo1_.exe	1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe
4440	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 4252	1600	1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe	85
PID 1600 wrote to memory of 4252	1600	1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe	85
PID 1600 wrote to memory of 4252	1600	1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe	85
PID 1600 wrote to memory of 4440	1600	1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe	86
PID 1600 wrote to memory of 4440	1600	1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe	86
PID 1600 wrote to memory of 4440	1600	1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe	86
PID 4440 wrote to memory of 4024	4440	Logo1_.exe	87
PID 4440 wrote to memory of 4024	4440	Logo1_.exe	87
PID 4440 wrote to memory of 4024	4440	Logo1_.exe	87
PID 4024 wrote to memory of 1212	4024	net.exe	89
PID 4024 wrote to memory of 1212	4024	net.exe	89
PID 4024 wrote to memory of 1212	4024	net.exe	89
PID 4252 wrote to memory of 1152	4252	cmd.exe	91
PID 4252 wrote to memory of 1152	4252	cmd.exe	91
PID 4252 wrote to memory of 1152	4252	cmd.exe	91
PID 4440 wrote to memory of 3532	4440	Logo1_.exe	56
PID 4440 wrote to memory of 3532	4440	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3532
- C:\Users\Admin\AppData\Local\Temp\1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe
  "C:\Users\Admin\AppData\Local\Temp\1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1600
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2E82.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe
      "C:\Users\Admin\AppData\Local\Temp\1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe"
      4⤵
      Executes dropped EXE
      PID:1152
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4440
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4024
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
bcc29caaca6b900200dd926488279eb6

SHA1
66d3dd19be102552937338febde08b8c6e336cd1

SHA256
aecc8287bb11d89180558523fa5bb81fb9d31d011fb3ba1b40dc1208d7b7b6ab

SHA512
a82a6db08fdcd58fd96ed1aabc8c9e14c09a674152bdfb0e77e500afbac214c7ac8f36df9d7af975e28a39ccdef7b273357ce540d0d7880a71f10163bd54a68e

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
a0bd906f86e896b3927f5e8e899ad986

SHA1
e757255adedfc5c69000f7672318973fef76f9c3

SHA256
18c40556e4540db4a6d6c4d33e9a39b8b3c85a7889a79894bb31a73e388a176d

SHA512
aa72c0e8b4963d6351a2ead978bebd4c4a03efed466d68a85c5e3bf6be00f033a815d0d583207e14bfec143b3ec8512f1c4d76eabd06c1db35238f1ed0a5e655

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a2E82.bat

Filesize
722B

MD5
3407231fedf98f9f34c10b2a4cd79357

SHA1
9ff39a48100ba71ffa572ccab8c4f7a651257cb0

SHA256
11e2d4509fe24210e3937f7a242353bb64b58f8d260884186f39781a697c1eff

SHA512
1de39825cd2e9ecfaafb49a672ff84570307ed67a3c2f175fe456a7f0d9ab2ad19eadc7c2639b53c0ecdac4f2818394bb2fd39b67b0d90ffa0d7677afdc5b513

Download Submit
C:\Users\Admin\AppData\Local\Temp\1b681805714dca807e4c4e5d625cfdd18a9cc60f26ed3f105cb8db996bca999d.exe.exe

Filesize
361KB

MD5
f3f201bf438a3b9f6d240484c584de12

SHA1
b24df00861f9dafcb54e4e138d4f4b28b940ebc0

SHA256
9e513852ac3d838316360702c7926a6ad4b8e150085480177b9236a5de3d2686

SHA512
b05a45143131a31703602cb63ae8fa7a73ab0e8f047095f281cee881387bd05a9026abbee5f563e69140d8e2e843a0edfc8d9d02f946e89ceb7b5a004d2472a0

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
94182ab36b79f1cbcebd672d69be79b1

SHA1
b72fe3968d5003790213f4e0b4d3eed51665d26d

SHA256
844863241e5cbcbc20f4006b2dbcbc1412cd27bdd57f087add2757e509df59ce

SHA512
1a6ccdc1f0ee5fa8a4cba7c16bbfc0d399d9b43379267ac57748f2bc9170b0b17bf464686bac4f4dee1d6fafe1b3aee709b05bff4dd2fdd520bcdf4a5b9b238c

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-259785868-298165991-4178590326-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/1600-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1600-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4440-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4440-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4440-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4440-566-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4440-1227-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4440-1869-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4440-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4440-4792-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4440-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4440-5231-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download