a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085

Analysis

max time kernel
150s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 18:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe
Size

1.1MB
MD5

30c0a764471a246655fa01d60414a085
SHA1

2b63d23e45069b5196e9bc48fda8b749c1567818
SHA256

a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085
SHA512

023d9bac40dfa2913e9f9eb47c90059bb9e6aa6d961aef4209c1a41396341716d70af444d218b60e68dc36ab52119e518d80e8e20110e412281bba1b49b0b4f9
SSDEEP

24576:+71uJmqiy9WWgdJKAJjCtG1j6/Ql55yinxSj:+71qiyXgdZJjWG1m4l55NK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1340	Logo1_.exe
464	a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ach\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\legal\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sl-sl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.187.37\MicrosoftEdgeUpdateCore.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\RTL\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\2.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxTsr.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\sv-se\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\telemetryrules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\IDPValueAssets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\vi-VN\View3d\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\uk-ua\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe
File created	C:\Windows\Logo1_.exe	a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe
1340	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 220	2924	a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe	82
PID 2924 wrote to memory of 220	2924	a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe	82
PID 2924 wrote to memory of 220	2924	a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe	82
PID 2924 wrote to memory of 1340	2924	a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe	83
PID 2924 wrote to memory of 1340	2924	a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe	83
PID 2924 wrote to memory of 1340	2924	a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe	83
PID 1340 wrote to memory of 4636	1340	Logo1_.exe	84
PID 1340 wrote to memory of 4636	1340	Logo1_.exe	84
PID 1340 wrote to memory of 4636	1340	Logo1_.exe	84
PID 4636 wrote to memory of 1652	4636	net.exe	87
PID 4636 wrote to memory of 1652	4636	net.exe	87
PID 4636 wrote to memory of 1652	4636	net.exe	87
PID 1340 wrote to memory of 3480	1340	Logo1_.exe	56
PID 1340 wrote to memory of 3480	1340	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3480
- C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe
  "C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a54B7.bat
    3⤵
    PID:220
  - - C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe
      "C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe"
      4⤵
      Executes dropped EXE
      PID:464
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1340
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4636
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
017b5ff3fe0c3468438be2ec74cebc30

SHA1
6c3d43933b458fc53062a5d51b8d9570be6d3e2d

SHA256
f23e73059d7cbbe7cc9f6a50932f5aa26d25feaf6e1a32c35cd01fa49183a619

SHA512
cb317a0becd259af4982ae63e97a1205c250a9cf09b47fbb0460eb2bcbe93421014f49f72c33b51dcd7517034be9b95b09ab7c0312cd79bf5b41b4fd8df6ac77

Download Submit
C:\Program Files\MountComplete.exe

Filesize
1.1MB

MD5
75ee73d7b8ae94b03b7e1f476f662e0a

SHA1
1f5e4dbbb18d6750ffbdd33c7f9d5cdee5b7fd42

SHA256
19663c27e750a0235629959c48814dad433229df8962b5d5192e4291a5851167

SHA512
51de2366c96a4a903a4fc79cb6bde7aa91dfe1ce9511935d113f29eceba84314c73fac2d3494537ce7a9646a14d768c296f7287390157308b834de6316473034

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
53ee62011469b286a2a1b5658c86b9bf

SHA1
9bdac0b23b0a965947c780c6a6b48fc7122f9ade

SHA256
7125735e4e8595f1c17ff3235bc65dacabc2ec874b29ac7ba8eddd80ad10b3c0

SHA512
c9c24e578da0a38048e71548fac66465bcb624e971f745bba559e8c49fd621752e718d4c983a90a97277407bb23348ca109436e1eeebef030c3b599c712ff236

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a54B7.bat

Filesize
722B

MD5
52774656b021fa64073b9ba5a038a4c0

SHA1
2b25aa4b8e6196fe525546063268be3d8b48469e

SHA256
0c2b075e761e30b9ae386023d0be047a5fe81b2e7589b58b69677edf6b65a6cc

SHA512
e41c01727b1bf2516213b43f0eb8c17d97e27cc93c6264bcc6ecaddd8563e69006577e66b07a5009102eeb6ab1cd48fffb993991186811ea9dbb9b2e8441e3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\a5e26b70c4455cb9e7c4a8bb1e49b2d187f90c959c686b18076a79d0e6352085.exe.exe

Filesize
1.0MB

MD5
cececf542dbb4d973ef7db4a67766443

SHA1
51dad032de6fa604c4591d7e25f1db5dc6705782

SHA256
41efdd1d6119a45e327e66a7be188d6957ce1c5c0cd55023e1edb16c8975b190

SHA512
32ecc50e291332805c775183795b7f0af9c8c7126c7b0cf358cc1853e11957e9417b502f94f13e539dd7ee46c3918ce2ac4b19c36ab16bfc17e6c04e471b08db

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
d375bd04f866e1b3276ba3b9779966ad

SHA1
1da9855e29a5384522563e0c4bdac786712d8b12

SHA256
a540c3c24ac2e3e353f3e0376889b61d7c11c926b29c8f0b8c768aea37daf7be

SHA512
78aa0651eeebb8475328fb7090ef3bdc8984ea22c888365727fd7c09533d59873599fc172d291fbadc55e04034fa62e7be405cd501df063105b0c03d7638de10

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini

Filesize
9B

MD5
ef2876ec14bdb3dc085fc3af9311b015

SHA1
68b64b46b1ff0fdc9f009d8fffb8ee87c597fa56

SHA256
ac2a34b4f2d44d19ca4269caf9f4e71cdb0b95ba8eb89ed52c5bc56eeeb1971c

SHA512
c9998caa062ad5b1da853fabb80e88e41d9f96109af89df0309be20469ca8f5be9dd1c08f3c97030e3a487732e82304f60ee2627462e017579da4204bc163c8f

Download Submit
memory/1340-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1340-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1340-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1340-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1340-1232-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1340-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1340-4798-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1340-5237-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2924-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2924-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download