cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe
Size

88KB
MD5

210593a20d9a073d2970ca7ad0880d4e
SHA1

b2c43642549f7666f1afddfeb4a78961d5145213
SHA256

cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664
SHA512

aac56a1529b56fd1ce33ab27b97ad6c11f19867ae639b386d9869121f4827ab06345fd982c613bda11e5cea77440b43f1de22a8fc2cc94aff187ff541663d7eb
SSDEEP

1536:pR3SHuJV9Ntyapmebn4ddJZeY86iLflLJYEIs67rxo:pRkuJVL8LK4ddJMY86ipmns6S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2152	Logo1_.exe
3156	cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\kk-KZ\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-150_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lv-LV\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Shell\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Examples\Validator\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\FileAssociation\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\wabmig.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\ARM\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe
File created	C:\Windows\Logo1_.exe	cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe
2152	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 4312	1520	cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe	81
PID 1520 wrote to memory of 4312	1520	cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe	81
PID 1520 wrote to memory of 4312	1520	cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe	81
PID 1520 wrote to memory of 2152	1520	cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe	82
PID 1520 wrote to memory of 2152	1520	cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe	82
PID 1520 wrote to memory of 2152	1520	cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe	82
PID 2152 wrote to memory of 1940	2152	Logo1_.exe	84
PID 2152 wrote to memory of 1940	2152	Logo1_.exe	84
PID 2152 wrote to memory of 1940	2152	Logo1_.exe	84
PID 1940 wrote to memory of 4540	1940	net.exe	86
PID 1940 wrote to memory of 4540	1940	net.exe	86
PID 1940 wrote to memory of 4540	1940	net.exe	86
PID 4312 wrote to memory of 3156	4312	cmd.exe	87
PID 4312 wrote to memory of 3156	4312	cmd.exe	87
PID 2152 wrote to memory of 3456	2152	Logo1_.exe	56
PID 2152 wrote to memory of 3456	2152	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3456
- C:\Users\Admin\AppData\Local\Temp\cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe
  "C:\Users\Admin\AppData\Local\Temp\cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1520
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a4120.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe
      "C:\Users\Admin\AppData\Local\Temp\cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe"
      4⤵
      Executes dropped EXE
      PID:3156
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2152
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1940
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
241414cd680074da4cdfc268a15625f0

SHA1
de1066ac065ff4771626f2f60bafbad706f075c8

SHA256
3d4634545b222a947a7f6b9d09126445b9a8537ad5cae12b3dc441f718a46c85

SHA512
84f68aaee1f7a11002cfbc659da32b81f365ed3df216270a5dee0e4606595948bf4b72f0626a773f2a32059111c04c0a77f46d3f732d5ae02874566fc0eda482

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
7d6d1c1461d4c5ce38ccb82f0ee279b3

SHA1
4124822ef473059932f70c975fe258392b67e42a

SHA256
55a93de4f9ba6407c747543b1a56393ac3e88eb657708ac749c61fe28497b3de

SHA512
cd8dfc37615a5a09ce2369902e2a5d68da5582db9a0aca06e53b6fe635402fb66327b622e4f17a4b82f5189a7a8a8faeece36c7f5c2b2368fbea58e7a60e253a

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
8e20cd4ac13828acae9e458cea8e8c56

SHA1
794cb8e8b5519214c4d4c89e9d5ff0967e224d72

SHA256
ed2019032918ac1a2a246a501166a13f7f2bda2f2ca354ad2db584c41c774e5c

SHA512
e5e6d2147fb76a7c11e738fbfacbe0b189862cdb35b7de75c82b4ed5784b90953cfda3d1052fceecf3f76a9f873b7ed052c70a4847669b7657bfce522ff907d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a4120.bat

Filesize
722B

MD5
b1ebf2a19a756f4dbb82c382fa125f81

SHA1
3eec873171d32a4b40cab028beabb24f52ba44aa

SHA256
5a372c55242043f17d18c3b2a38fcab5925a0a7fa7e4405c73444efe25a2f93b

SHA512
139721ab2d457039228e10e8f97330ebd24b68959399297c89a72ea84cd9370046d71b2e520a79f2f3c29ccc33987fa0f12dcc6227c481172cdb257a33b01d78

Download Submit
C:\Users\Admin\AppData\Local\Temp\cc66df67b1f01797dca97cc461075e3b96f8c541dd6f2e0cbd4b24f0f2a1b664.exe.exe

Filesize
59KB

MD5
dfc18f7068913dde25742b856788d7ca

SHA1
cbaa23f782c2ddcd7c9ff024fd0b096952a2b387

SHA256
ff4ac75c02247000da084de006c214d3dd3583867bd3533ba788e22734c7a2bf

SHA512
d0c7ec1dae41a803325b51c12490c355ed779d297daa35247889950491e52427810132f0829fc7ffa3022f1a106f4e4ba78ed612223395313a6f267e9ab24945

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
8f31b087dee0080eff5bd98ab64c279f

SHA1
bd654b71a9c046caaeec82360c54b3dcf8f53f64

SHA256
004ac05c9561846720eb220b0be8409b8fe25a8bc792d5165f271b4ca7437363

SHA512
d6caa14c72b2aa7b3f9e3ac6fa129b1b37ad0e4a24ca3a66bbe11962f0241cab067db7548680e918381753ad0db1a5d91940630c93b3756275da110c1ea4913f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2539840389-1261165778-1087677076-1000\_desktop.ini

Filesize
9B

MD5
4d28283e4d415600ffc2f8fda6d8c91e

SHA1
053dcb8d5d84b75459bc82d8740ee4684d680016

SHA256
b855effeaf01610130d3f38de35bc7f98bfc6643d98d4198af18534f048e8df7

SHA512
73a758cd5e5ac48d62dd89719be604214895e0cc9a10ff7464a6cf9161a37fd27d15dd2d2565f18198b381ac6442bcb36f38614df7b1176061a83616517a7edb

Download Submit
memory/1520-8-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1520-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2152-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2152-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2152-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2152-1231-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2152-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2152-4787-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2152-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2152-5226-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download