e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a

Analysis

max time kernel
149s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe
Size

387KB
MD5

8a0e0bfed338bd4b4a7972fdcd556f7b
SHA1

8c02962667a90024f8f72fcdfbda8e3438bac05b
SHA256

e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a
SHA512

1b56301e8c27cdb3381b73659d88d72d51adb1b09f7b7e50cf87315df83e70c95b95216a9910cfd94db064ec733988886ed305829519bd3cf0555836fd716eed
SSDEEP

6144:7FpIP2zPVz7jUBs8hqcBCi6dbfra4erJlt9A+xX1oOAisEIWmGeNkfGuYF1moHXG:RpFahVy41

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4948	Logo1_.exe
3440	e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\PeopleApp.exe	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files-select\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tt\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\xaml\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hi-IN\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\bin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\th\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe
File created	C:\Windows\Logo1_.exe	e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe
4948	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 4384	2580	e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe	83
PID 2580 wrote to memory of 4384	2580	e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe	83
PID 2580 wrote to memory of 4384	2580	e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe	83
PID 2580 wrote to memory of 4948	2580	e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe	84
PID 2580 wrote to memory of 4948	2580	e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe	84
PID 2580 wrote to memory of 4948	2580	e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe	84
PID 4948 wrote to memory of 3260	4948	Logo1_.exe	86
PID 4948 wrote to memory of 3260	4948	Logo1_.exe	86
PID 4948 wrote to memory of 3260	4948	Logo1_.exe	86
PID 3260 wrote to memory of 4624	3260	net.exe	88
PID 3260 wrote to memory of 4624	3260	net.exe	88
PID 3260 wrote to memory of 4624	3260	net.exe	88
PID 4384 wrote to memory of 3440	4384	cmd.exe	89
PID 4384 wrote to memory of 3440	4384	cmd.exe	89
PID 4948 wrote to memory of 3392	4948	Logo1_.exe	56
PID 4948 wrote to memory of 3392	4948	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3392
- C:\Users\Admin\AppData\Local\Temp\e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe
  "C:\Users\Admin\AppData\Local\Temp\e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a32F7.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe
      "C:\Users\Admin\AppData\Local\Temp\e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe"
      4⤵
      Executes dropped EXE
      PID:3440
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4948
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3260
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
244KB

MD5
92ac08dfd8aba9ab11abc432c36da910

SHA1
8d71f7218638e2d2dd73b680c6815f89b4df692a

SHA256
4da993b28ccb28fc216018c63f7d934a80ccf28f61adbe3358a6d293b10e253a

SHA512
28bc097124db7cbf3f7572168cbe1d24029f946ae2e6d22b3c0b35a053b61b8bf13609dc7f69f3a94573735e7d465f6c37db7159241e2129ec855a1d1b0d97e5

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
571KB

MD5
2150d7bc330f86983750eb25596db6f9

SHA1
62c01d83891babf8b2c2ebf3deacdf30ad5f4c98

SHA256
450c7ee042f16357a0ab253c697bc00d96758a219ff540a334368d0c283dfa81

SHA512
b0ac9fd1418cbe5d20b9ebaf828e74d1b97ab3d0abb0c439a9b7123c1949314ed575e3b5e8f1da686021898db758a5f6159eab731203b2304466c85ab82b9225

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
637KB

MD5
9cba1e86016b20490fff38fb45ff4963

SHA1
378720d36869d50d06e9ffeef87488fbc2a8c8f7

SHA256
a22e6d0f5c7d44fefc2204e0f7c7b048e1684f6cf249ba98c006bbf791c22d19

SHA512
2f3737d29ea3925d10ea5c717786425f6434be732974586328f03691a35cd1539828e3301685749e5c4135b8094f15b87fb9659915de63678a25749e2f8f5765

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a32F7.bat

Filesize
722B

MD5
74610e4314307044c90511c3bb98ee6f

SHA1
3c7a8b0cefc847eb95443671f1a898570cd8aa3e

SHA256
3bdc9642318a20b13ac937d8233ffe90f11e12422d478fdb1041c5fcc9466b0c

SHA512
75ad308524500b960a76ddeadea88e6cd0532c3055affc40da3ea725eabdfe14334ea6b5abc01b2956f49219f483beb2a7502fd98fb083aef058cd5a144714f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\e446e6c2dd1b3dec2cd5a4d8b397ea2683238a86786dcbc3ee2d80b36026ad0a.exe.exe

Filesize
360KB

MD5
5fbd45261a2de3bb42f489e825a9a935

SHA1
ff388f6e9efe651ec62c4152c1739783e7899293

SHA256
9e63701598199d5c47217e23b44d0e3ec5d53f5419166b1b6c68a7e9e8fc47a4

SHA512
7f22b1995a07016adb342c551454d602bfbe511525139aee8581b62116608e9e278fd81c26382f1333c7eccded4474196e73c093bb5cbf8e8f203e865024c058

Download Submit
C:\Windows\rundl132.exe

Filesize
27KB

MD5
b9e22a1c417b7befad06c94c41f3d31f

SHA1
b63d12c3e0f4eba2b6b329e6e839825060fa6036

SHA256
7eb74a6fd3032fa6b334f0316736facdacae70bfea264e745fc5694fa167094e

SHA512
46d5be95fac0e3abb6eabdb413cfac120e9cdd535b60c6aa0291e2171f8bb1496581ff3a077791faaa20250cc4f21ed18a27eec0a80110b3df7a574f1482d626

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2860750803-256193626-1801997576-1000\_desktop.ini

Filesize
8B

MD5
0282826728a8bfe9c3f290391e4f323c

SHA1
ab69946ecc2824015e04a669b8434e8eb2a658aa

SHA256
0c3ddb95f5308286721e2d55c16a3170674b54fc8d17c1f02bee1b6850ce2ee9

SHA512
fde2cb3a9b14fa79fdb7615c094a85aee3baf100511872c0b3986349edefe5a2dc4513929587852c1672e9632c8a6c95284fab82397133dec597bb8fe618fb0e

Download Submit
memory/2580-12-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2580-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4948-27-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4948-37-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4948-33-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4948-1237-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4948-20-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4948-4801-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4948-13-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4948-5264-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download