b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe
Size

43KB
MD5

ef0a29e6e6363507e4fff88083e810e9
SHA1

d36e51f9c7f55277782be73021ef1c2a2f8c05c8
SHA256

b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345
SHA512

1ad4f878c155abff0da800ce1d837536c0237fd4f6c5db9d523592a265f277c44a6466d6616739f5ebe389ec14ff1cd6cb2b11773f42c502c1af6185c82c96c7
SSDEEP

768:pox16GVRu1yK9fMnJG2V9dHS8/WQ3655Kv1X/qY1MSd:pM3SHuJV9NDHqaNrFd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1048	Logo1_.exe
2120	b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Temp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\122.0.2365.52\BHO\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\Locales\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\SIGNUP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_x64__8wekyb3d8bbwe\Assets\MixerBranding\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\ResiliencyLinks\MEIPreload\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.Xbox.SmartGlass.Controls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_proxy\win11\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\commerce\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PlaceCard\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe
File created	C:\Windows\Logo1_.exe	b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe
1048	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 4168	3012	b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe	90
PID 3012 wrote to memory of 4168	3012	b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe	90
PID 3012 wrote to memory of 4168	3012	b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe	90
PID 3012 wrote to memory of 1048	3012	b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe	92
PID 3012 wrote to memory of 1048	3012	b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe	92
PID 3012 wrote to memory of 1048	3012	b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe	92
PID 1048 wrote to memory of 4824	1048	Logo1_.exe	93
PID 1048 wrote to memory of 4824	1048	Logo1_.exe	93
PID 1048 wrote to memory of 4824	1048	Logo1_.exe	93
PID 4824 wrote to memory of 1860	4824	net.exe	95
PID 4824 wrote to memory of 1860	4824	net.exe	95
PID 4824 wrote to memory of 1860	4824	net.exe	95
PID 4168 wrote to memory of 2120	4168	cmd.exe	96
PID 4168 wrote to memory of 2120	4168	cmd.exe	96
PID 4168 wrote to memory of 2120	4168	cmd.exe	96
PID 1048 wrote to memory of 3364	1048	Logo1_.exe	57
PID 1048 wrote to memory of 3364	1048	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3364
- C:\Users\Admin\AppData\Local\Temp\b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe
  "C:\Users\Admin\AppData\Local\Temp\b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aED9C.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe
      "C:\Users\Admin\AppData\Local\Temp\b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe"
      4⤵
      Executes dropped EXE
      PID:2120
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1048
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4824
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
e8d86b98e2be1b151860ffad788c98f6

SHA1
a77001e28103aa64f8d99a552c109a5e8238c3cb

SHA256
754198155d59585c13493a5c8aff04617021d27d7a4d1eba2a424bc4d361d6fa

SHA512
c8bb8dae9af41bf3c4a7073b2274e9358af7da14a8f3cc990b2408af1ed2b0e0af6e603b78b34679a7da8e2d34b765e5a7aedd71fc78ac24e602fbe52430c074

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
f44dd2f7135f580716f0c8ec202f3279

SHA1
2dda3d51cb852cb55bd179376b1b50395e5de6d0

SHA256
c6606169637646f6b9bae32b11093df4fc5fc0877991d9a83e933c9daae32eb4

SHA512
e2f89de979107e6beace3a7c1d1b94edcefe5bee1ee88a7b36662cf5f10b7c1e76ceefb1b4ef2c24bf25386b1a8de696bae872a82fc617cab3ee8735535fd35e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aED9C.bat

Filesize
722B

MD5
459bc816264954b64efad2b6c28692a6

SHA1
56209cb0bc5155353d1ac71d9047b4b5c2954e49

SHA256
3a758479bb2f333f03f7f08a720d16be752b9f1770af0d96e9d446cf2ad6423d

SHA512
5e711aec8f183191188c1b1de172448efdde5e5508da949bfa444b4fc1b631effe2201ce2fe6c6a82e5d4ac1a1ae7518c2df28a6b2ce4747407f7003cf0f1eea

Download Submit
C:\Users\Admin\AppData\Local\Temp\b8544ba9a5413644392904c57913001d88babd969f619c3c33831bf942c2b345.exe.exe

Filesize
14KB

MD5
ad782ffac62e14e2269bf1379bccbaae

SHA1
9539773b550e902a35764574a2be2d05bc0d8afc

SHA256
1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8

SHA512
a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
949e828fcf304b8b742f865a83728420

SHA1
e535024bef758c1bc206374283432981f39d8558

SHA256
fa8d0548528793612b7d70b0b76a5c9eaef6be1b5e537023ab80dca5d5908197

SHA512
71ad782d1cd3a28ba2ec6818cf19c8ec19b808fe80648b6e96b9fbec19e524fc7da35b8eee44241de120df40d7986141fbafb63c54f14aa3d193d6c1437f46bf

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini

Filesize
9B

MD5
7ef570b2b21e58fd906ef1a980d64425

SHA1
18502489f652e74f8972bbfa100d5c163d719ab7

SHA256
c3ce1b9216b58ac7d9ed3b93e5e3a1d6a2473b53b5bc1f008a621def49517055

SHA512
e1175d861a79d62b85cd18661375f1c956dcc97e958765dc225f3aa4b0f0100ca9e17b9c61f5e18fc2a96e5167c0563f60645033aff1be1ec2f372c1b9a8b35f

Download Submit
memory/1048-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-42-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-167-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-1015-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-1182-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-1216-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-3143-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1048-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3012-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3012-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download