109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc

Analysis

max time kernel
150s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe
Size

573KB
MD5

4c40da2c299470aff4edf636d594d13b
SHA1

6491a499509372897548f7e1e5d58f60b481570a
SHA256

109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc
SHA512

c409c8c2d1741ff3c2419e589d3c9bcdb776d5a5ac174516e7b9a40e9f707ad48ca0036e255e2499845b163575dc838d17614b5341d1b15b29f4a7b887e58af0
SSDEEP

6144:MtuJpE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BHQQG:s7a3iwbihym2g7XO3LWUQfh4Co

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
5104	Logo1_.exe
2600	109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\node_modules\reactxp-experimental-navigation\NavigationExperimental\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_2019.125.2243.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\zh-CN\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\XboxApp.UI\Resources\Images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateOnDemand.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\124.0.2478.80\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-FR\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\TCUI-Toolkit\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\ResiliencyLinks\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Google\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\es-ES\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe
File created	C:\Windows\Logo1_.exe	109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe
5104	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 4348	4856	109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe	89
PID 4856 wrote to memory of 4348	4856	109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe	89
PID 4856 wrote to memory of 4348	4856	109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe	89
PID 4856 wrote to memory of 5104	4856	109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe	90
PID 4856 wrote to memory of 5104	4856	109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe	90
PID 4856 wrote to memory of 5104	4856	109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe	90
PID 5104 wrote to memory of 1084	5104	Logo1_.exe	91
PID 5104 wrote to memory of 1084	5104	Logo1_.exe	91
PID 5104 wrote to memory of 1084	5104	Logo1_.exe	91
PID 1084 wrote to memory of 1880	1084	net.exe	95
PID 1084 wrote to memory of 1880	1084	net.exe	95
PID 1084 wrote to memory of 1880	1084	net.exe	95
PID 4348 wrote to memory of 2600	4348	cmd.exe	97
PID 4348 wrote to memory of 2600	4348	cmd.exe	97
PID 5104 wrote to memory of 3460	5104	Logo1_.exe	56
PID 5104 wrote to memory of 3460	5104	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3460
- C:\Users\Admin\AppData\Local\Temp\109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe
  "C:\Users\Admin\AppData\Local\Temp\109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4856
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF2BC.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe
      "C:\Users\Admin\AppData\Local\Temp\109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe"
      4⤵
      Executes dropped EXE
      PID:2600
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5104
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1084
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3772,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8
1⤵
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
f134d58f0c72c193a05ff5819d09f8d6

SHA1
85c6d5b8cb938c5b8b7437693a4f6e97caa94fdf

SHA256
0b329835e955ce06b673448b91b9bea022bc741cd855123dd5f8988d4385b031

SHA512
27c84f45bacb5c95ca340b6a8da7a81ece4cdb3adf2c3f85726f79c7a35cf7b6eb37c6703b6c275d5861ea0585c43c2bbc95f5331aec240ee234fceb72ed33c6

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
4c40da2c299470aff4edf636d594d13b

SHA1
6491a499509372897548f7e1e5d58f60b481570a

SHA256
109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc

SHA512
c409c8c2d1741ff3c2419e589d3c9bcdb776d5a5ac174516e7b9a40e9f707ad48ca0036e255e2499845b163575dc838d17614b5341d1b15b29f4a7b887e58af0

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
c15cc0560a1f2ab80b80767643b0c1c5

SHA1
351e72917155ff3e811334fd55a35be7c7cdf6ea

SHA256
c17ea05f90a728f32aa972ff92de25f799ce043ba5a3db5f10b5557f31916858

SHA512
11bb18446a38b70dd24c9877ef95d5764d001a8c936cfcb9a5a15275942226cdbb74a1c331d423ccf05b27ea68259e6306dba5ab0ad85b17ec41a15fcdcd4289

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aF2BC.bat

Filesize
722B

MD5
e7f1b9debfe664cd9c067e9740d12eb1

SHA1
e293329e8eb4a5035c2f7cf22d10afd0e4bae7b4

SHA256
1fb15c01786ccadc0ef8518b2aad610ce09ad292f389b0fdc73ee90c1fc0aed6

SHA512
6e0ff36b8d46514b32350b0810a25f363d28b6b89d14432e890b153fd4f5c52a4b2567b4d65fca0b47db5270b987e67bb8ad70b18eb88b9010eb3f403d8c037d

Download Submit
C:\Users\Admin\AppData\Local\Temp\109da4ab2ac58cae981ee416663d723dd0ce0b44bac2f48d101082388ba4c9cc.exe.exe

Filesize
544KB

MD5
9a1dd1d96481d61934dcc2d568971d06

SHA1
f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

SHA256
8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

SHA512
7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
af29fb6a5adf025d9127df13f942d7d2

SHA1
72d13969443440eb123cfb43f924c4959eae7638

SHA256
d83088ef692a221a033bfb31d7178f7f04182df4480ac946b53807fda9cdd040

SHA512
10c6c2a56386b35f52e8b220def9cace7a57a70672a97aeb3c95df14d832416d6057fabccd86c4f473e354a87e378ff0ac3cf0e503ee3db9f909897ef7776079

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1181767204-2009306918-3718769404-1000\_desktop.ini

Filesize
9B

MD5
392ab9dcf5a9daf53626ea1f2e61d0b9

SHA1
0a2cdc7f8f9edf33f9fde3f8b90e0020190c8fb7

SHA256
9bbc94aad502d7d7a7f502ddb9cbd93b1c89eff13e445971c94ac09215ada67d

SHA512
5d1fea63a7793a65dc63c32cfe3ab2e1af941ded8e760f08fbe991e5b30433f86f920d717235a635020740c8f6f7996b4b8e8147e331b29141fcbb7bdc68144d

Download Submit
memory/4856-9-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4856-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5104-26-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5104-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5104-32-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5104-1236-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5104-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5104-4874-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5104-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/5104-5319-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download