ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 21:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe
Size

5.7MB
MD5

239bd1e0a3fb91656047fbe28e25bd5f
SHA1

089fc2a3db6256493e46cb4d053a0869864ab8fc
SHA256

ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125
SHA512

ffc078d45ceda7d3cbdabc007e2716deff41778efdc3e15995cd26854cedbeece18a8faa68aaca6794ce37679a94a8a4c0cd6f75da85c1e53912c4409f36b6dc
SSDEEP

49152:VPv94AEsKU8ggw1g+1CART5eBiyKS3EI3wybn20DCYIHvc8ixuZm9+fWsw6dTPBJ:RKUgTH2M2m9UMpu1QfLczqssnKSk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3068	Logo1_.exe
1604	ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Time.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Configuration\Registration\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mai\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe
File created	C:\Windows\Logo1_.exe	ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe
3068	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 4988	2800	ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe	89
PID 2800 wrote to memory of 4988	2800	ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe	89
PID 2800 wrote to memory of 4988	2800	ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe	89
PID 2800 wrote to memory of 3068	2800	ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe	90
PID 2800 wrote to memory of 3068	2800	ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe	90
PID 2800 wrote to memory of 3068	2800	ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe	90
PID 3068 wrote to memory of 440	3068	Logo1_.exe	92
PID 3068 wrote to memory of 440	3068	Logo1_.exe	92
PID 3068 wrote to memory of 440	3068	Logo1_.exe	92
PID 440 wrote to memory of 2460	440	net.exe	94
PID 440 wrote to memory of 2460	440	net.exe	94
PID 440 wrote to memory of 2460	440	net.exe	94
PID 3068 wrote to memory of 3368	3068	Logo1_.exe	57
PID 3068 wrote to memory of 3368	3068	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3368
- C:\Users\Admin\AppData\Local\Temp\ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe
  "C:\Users\Admin\AppData\Local\Temp\ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a6978.bat
    3⤵
    PID:4988
  - - C:\Users\Admin\AppData\Local\Temp\ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe
      "C:\Users\Admin\AppData\Local\Temp\ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe"
      4⤵
      Executes dropped EXE
      PID:1604
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3068
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:440
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
8b9d754f6a062a360f1eca184e4360bd

SHA1
29dff755cbcee35a9daf3b7a548b569c1126b616

SHA256
e17ac11d2dd6a2fa4d9adb98701499f6a0c7f748830c98f6d780cdf1a0af6789

SHA512
2722e3e400b4b27ef20c7a96b64d98fdc729a48b3f199ad87dbf3cef5912b58c6604a2b69f737ef211093b9c0ec99bbc7d5885a07f61a619d4492b5ffbe198ef

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
0510972a56306a9d506bf1dbf5077bc7

SHA1
80068ca53a5fd64daa2939eb3e720939049b316d

SHA256
0103cc134469aeb076a1c452f6d4e6987932edda026b7b21c8904a672ff437d6

SHA512
691066bbf9409ffd1084903f7180ecb83922dd462e7d9c0ef5cd0281597bafc874a138830c59cbaf727e3b97084366b213a5b570dc2558f11c95e1fd2f83211e

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
8c24f57e8169cb30b43a16a13aad3e15

SHA1
d3d0c15c85d32f552f5f4eff910667046d886596

SHA256
ad49a43e57cff5d23ed2e5467974579f711015fa6fd80196991e873a94f37801

SHA512
28a856a62a7cd6af5fd50811421a665bb7fe2c1d41bc2675de6cdbc4b33d2b308e568d27daf7f738923bdb6f812bd1f2db7eeccb629fe2ffe56921655093a645

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a6978.bat

Filesize
722B

MD5
269d7444ebc57f5c893e54de10196c70

SHA1
d004a61fc1fd4120a760ffe7eaec934ce5ae8eb0

SHA256
c0dd211259046c2e53beb52611e3d9021736b7ff43dff6f8fb4a58478ba497ba

SHA512
1bf64525815739b4e0a325b16dc260313039a4dd3ebd893b374f6ecc4d530c9c097fe12188d0b15687942fb4752a7a670f29a1e40e2fbd3bc1f801f8341e4ee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ee89c8b0363b38de075695bd849e4ead1ab1b1194f21cb15c68964f6e8f5f125.exe.exe

Filesize
5.7MB

MD5
ba18e99b3e17adb5b029eaebc457dd89

SHA1
ec0458f3c00d35b323f08d4e1cc2e72899429c38

SHA256
f5ee36de8edf9be2ac2752b219cfdcb7ca1677071b8e116cb876306e9f1b6628

SHA512
1f41929e6f5b555b60c411c7810cbf14e3af26100df5ac4533ec3739a278c1b925687284660efb4868e3741305098e2737836229efc9fe46c97a6057c10e677c

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
24743dc5d84b6ed4f72fe9d489cdc87d

SHA1
0617cf95dbb842ac82434416264c2a8e4cc2e9b0

SHA256
c1d1c76da5241e76615ed163fa7b64feca7463f70cd4f615459788da4705a73d

SHA512
e1b1f1815c661d4287dbfe2f485fbcff90c96e0cd5905a5701527b54fcd36e6cb93f49ce87369a669bc2c5753d78d0af7c889076062f53557600250bb498c25a

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4084619521-2220719027-1909462854-1000\_desktop.ini

Filesize
9B

MD5
f29b71f66ac42a28a8d1e12a13d61861

SHA1
bd61fbc8b6eed4cae3fa29d7b950784258be10cd

SHA256
9a5e4ff44f8f5bb21798074ea03e493911b59680e37191522562dece826da1cf

SHA512
90c31cda60a9a63e3fa78e99f1104d1a9c9f811e11b62f75063b6007ae284c8c233b5d1235defab7ae0deec3b7892c85af9319219405c44d16fa29a3215f50e0

Download Submit
memory/2800-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2800-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3068-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3068-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3068-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3068-1226-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3068-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3068-4792-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3068-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3068-5231-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download