dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 04:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe
Size

713KB
MD5

6fa304e57b82fe1ca4723bfede7fad3b
SHA1

082e3f10104da09ee1a90d415320ae0008338f3e
SHA256

dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791
SHA512

a7db02c4eecd7578d64cb12ba9f3da42540d917cf64b070875cb0586203f5d6e89baa443191b98f1fd0b8ba4d94dc866c3df56238578c7871b208b4219e748ca
SSDEEP

12288:TfC6Aj+TN5uixZN+8rKhUdTC/wE1ZD0Ca5ZIXV:DLOS2opPIXV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
736	Logo1_.exe
4564	dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\meta\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\MutableBackup\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Configuration\Schema\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInSideAdapters\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.1813.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\CortanaApp.ViewElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\vi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bg-BG\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Java\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\locimages\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.Telemetry\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\Spacer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Toolkit\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ja-jp\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe
File created	C:\Windows\Logo1_.exe	dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe
736	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 4656	3660	dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe	88
PID 3660 wrote to memory of 4656	3660	dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe	88
PID 3660 wrote to memory of 4656	3660	dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe	88
PID 3660 wrote to memory of 736	3660	dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe	89
PID 3660 wrote to memory of 736	3660	dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe	89
PID 3660 wrote to memory of 736	3660	dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe	89
PID 736 wrote to memory of 4612	736	Logo1_.exe	91
PID 736 wrote to memory of 4612	736	Logo1_.exe	91
PID 736 wrote to memory of 4612	736	Logo1_.exe	91
PID 4612 wrote to memory of 3384	4612	net.exe	93
PID 4612 wrote to memory of 3384	4612	net.exe	93
PID 4612 wrote to memory of 3384	4612	net.exe	93
PID 4656 wrote to memory of 4564	4656	cmd.exe	94
PID 4656 wrote to memory of 4564	4656	cmd.exe	94
PID 736 wrote to memory of 3448	736	Logo1_.exe	56
PID 736 wrote to memory of 3448	736	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3448
- C:\Users\Admin\AppData\Local\Temp\dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe
  "C:\Users\Admin\AppData\Local\Temp\dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3660
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aD542.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe
      "C:\Users\Admin\AppData\Local\Temp\dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe"
      4⤵
      Executes dropped EXE
      PID:4564
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:736
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4612
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:3384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
5df7d71f76653d1424f76d2459c0df88

SHA1
6bed2cda3aeea77eb61655d5941ce68ac39ecdc3

SHA256
a7da72da0d848255881a4d0d4ad14eb95ab8291c75b8869eeb013c543add50d7

SHA512
8f0f7c553a96365b55a68e5097c9bbb2c4f1803769c762341ca2f2102d595126b4084047a7db062faa6bf6ebc001e6ee66dfcaa4da67ff18fd6acd06d98ab879

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
0411eb91ccb4121f1d41f3b924e66a0d

SHA1
5d36bb417410ad1df4eacafed64a67cca3bfe25d

SHA256
02af6d458a3cbdcf094a5945cd2b17b0b7dff0c6562536bf7621b95802ef90c8

SHA512
79a1cb3da7c7a3ab20601b2b234e3e55cb4104338f720d21ae23dd27c490db708da1e0d22dcb120bc194c3d86f79330df9cc1b70c988fd4641c28f8e72c5bfb6

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
c8d281da4c32df16eef470c27c8cb459

SHA1
00efc9f6844bfaa37c264b6452c6a7356638ab10

SHA256
058c81e5a07f2c6c33cf28dff71d07ad8f179046108d945159957e891bfd9c62

SHA512
e3c79e19f620068f668d4ebaa5097f1a95a30dabb8dce75f3787171dddbea9f684fc7ce8d1011a398f38084d7af96dd1ff9a02d25906aab9b13861b8363d24bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aD542.bat

Filesize
722B

MD5
baa3c0a842e34164a662fb6338b39440

SHA1
5eee9400f66a6ca199abd2e3fdd7b9e87e1f13e6

SHA256
2d6e487c4fe2469dbb8e66796c8a4a61d8f9d62f28320891f1da8f3e227c4e13

SHA512
cef1f528073ea2947fa696349390134338b5c257ef888971b06fc94f296ad152368f5466e7b51604ca561907f6f1c9a569916e45eb7d306f9c42130dfb685d30

Download Submit
C:\Users\Admin\AppData\Local\Temp\dbe53c00d5bcb0bb1bd2f3ad4c0944407554b494228c1cd5e4e0c0ac5bb5c791.exe.exe

Filesize
684KB

MD5
50f289df0c19484e970849aac4e6f977

SHA1
3dc77c8830836ab844975eb002149b66da2e10be

SHA256
b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305

SHA512
877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
dda4e3f1662f8124f797c06dd6a1e115

SHA1
ac8eb50097a78c25d97a7c217ba8528fdaa9e631

SHA256
7c7ac21a3134e5c7a096fce44496008c984795d8cac6d19314fbc2fa1c66a7f7

SHA512
456bda7c7095eb82016a5ecf55ba43f5024287a0a27aa5b373f15f69e2a0238cdfeafb02e2d48a394cd9a2be927eda6b10ee0aacc87861a93a363a45ecb258dc

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2177723727-746291240-1644359950-1000\_desktop.ini

Filesize
9B

MD5
8c34dc99037d2222f90612d7a5e52499

SHA1
fda1121fbbb4ed65e2bbf0b7d7c9847d6f47fe7c

SHA256
5b74167b62086b62f2f1540c9601d4c70c005e86ff72d5d514f87c82df3cb468

SHA512
999a3f71583131a044764079e1d6c447190f81bdb3b32d3f423f97ea6f5a4cf431ddf0b5ad61a2f72e9aa280a859555c131c9b89a4713cdaf955a7f90b6258cf

Download Submit
memory/736-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/736-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/736-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/736-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/736-1227-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/736-4794-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/736-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/736-5233-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3660-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3660-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download