dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b

Analysis

max time kernel
153s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 22:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe
Size

2.1MB
MD5

9eed886de3f29d71d775c913f691a86f
SHA1

5f64c18bb211f6eb70eb4022ac87818d5f17a095
SHA256

dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b
SHA512

f6ccfa620f111e883662bb4fa2577d7a5737d8fb89b7f283ae778b5e126ccb2ea65deaceae3456c564be31ea10de6aaa76036585ecb2afe1d4fb055b32c1a09e
SSDEEP

49152:m70YQMYnARJSE77ApcJu1FhtnYxLTsQcS54B/VXieDst5:m7qMYnoSE7Vu1F/nYx3/cS54B/V0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3812	Logo1_.exe
1856	dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hu-HU\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\whatsnewsrc\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\swidtag\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\Scripts\Me\MeControl\offline\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\root\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Microsoft.Msn.Controls\EndOfLife\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Oracle\Java\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Temp\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Examples\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pt-BR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe
File created	C:\Windows\Logo1_.exe	dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe
3812	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 2412	4404	dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe	90
PID 4404 wrote to memory of 2412	4404	dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe	90
PID 4404 wrote to memory of 2412	4404	dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe	90
PID 4404 wrote to memory of 3812	4404	dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe	91
PID 4404 wrote to memory of 3812	4404	dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe	91
PID 4404 wrote to memory of 3812	4404	dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe	91
PID 3812 wrote to memory of 3996	3812	Logo1_.exe	93
PID 3812 wrote to memory of 3996	3812	Logo1_.exe	93
PID 3812 wrote to memory of 3996	3812	Logo1_.exe	93
PID 2412 wrote to memory of 1856	2412	cmd.exe	95
PID 2412 wrote to memory of 1856	2412	cmd.exe	95
PID 2412 wrote to memory of 1856	2412	cmd.exe	95
PID 3996 wrote to memory of 4548	3996	net.exe	96
PID 3996 wrote to memory of 4548	3996	net.exe	96
PID 3996 wrote to memory of 4548	3996	net.exe	96
PID 3812 wrote to memory of 3364	3812	Logo1_.exe	57
PID 3812 wrote to memory of 3364	3812	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3364
- C:\Users\Admin\AppData\Local\Temp\dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe
  "C:\Users\Admin\AppData\Local\Temp\dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4404
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a10B4.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe
      "C:\Users\Admin\AppData\Local\Temp\dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe"
      4⤵
      Executes dropped EXE
      PID:1856
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3812
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3996
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
252KB

MD5
1c6af1e36561c169cf88d4ce64147d09

SHA1
27f58d4bdc35b883367e0782e92e789c4adec86e

SHA256
0c7eaffd658dad1be9f878bffea48d1389f4c98f09f4c5763f46dbeb60b7c111

SHA512
88e973617a66c81adc1bbcdb8b7ac3deec3ae19c860f4bb35c3667ca0c2b23bdf1755be1a1fa6b8ecedf9b86ad9018255f5cdb84509e0fc773a3bfe26e1b479f

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
571KB

MD5
d0e110d91cb9c9dd33e09cb696e5c81d

SHA1
446a54d9e9c233900576365b7751590498308641

SHA256
6beb8591b43664f3667dd761ff6043e415df10afa792641fab65996037865aad

SHA512
5306a8e57990ffccbad10a58837566c7993d9c75dbbca15413f93879f2adcfcd4bc00e15f995aaf1f404df141e6369ad9748db7c1cd00e54398733d458158c28

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a10B4.bat

Filesize
722B

MD5
d393d955b0a0a4fa034780e2d8575d17

SHA1
a4240f5a0e07b75994bc8de2476500f4e994cbc2

SHA256
8d1a4f5bf1fe0b533d193c29db345df6c963da6b87a1c498e28b821ad9e58114

SHA512
101dfd48010d45fcff63ef660cbb65d4565be947e9a086f6d1962fd898b969fd616e46ae3c54d74a1b2fd354daa9ac32a6499e5dfaf7f62ef3b3e7cd03006dc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcce9ca116bda9423d5bf9efde130a45ae6574a9259775cd99a9016c45c3448b.exe.exe

Filesize
2.1MB

MD5
993dcaf6cc43f07bff530e40b181271e

SHA1
07bc58563dfc2e947fe69619a742ac6ee3893b9a

SHA256
cc63b96382fc5578d13938436eff9921a9241c79d14037775885467a28464604

SHA512
4f099a36000acafadb44a2bab95396722f080f695142547fdcb623d715c0d2f4907f7b69b7295aaf99d9b76a816062fc9b7b56541359ce518c16434ce7912909

Download Submit
C:\Windows\Logo1_.exe

Filesize
27KB

MD5
633f0bc964782e7374770507b22b5bee

SHA1
12dac9815a5c5a198e99b23faeda8f244c7e490a

SHA256
f470bdb95f4d5fd35b5d4109f46b7a0cd88e45356b39b6c9a1988b5a9100a0e6

SHA512
cdde8689bf17d0c76d3b0dd73350ec3a7a5c11fd7ccf49d893f19e32593a777319b85c89fb5dc3cdae01dfaabfaf426cea7e2df86ee15a0adf3cb4f78b4ebc9f

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini

Filesize
8B

MD5
82a7f41bbfacde9bfc22c86efc188f54

SHA1
445b2c21bc88b703c56a75a7ff13824e3b591ce2

SHA256
23782f2f38924bcdb9fe6f43ee03ec7349b4998d80b0d9ebe9f1190b0570739b

SHA512
2d4609cb1d2b6a786c1fcd377afa2ff16fffff3502a3f03d0f5e1f5c9f1bdfe274eec778d922dcea8cbb1d30a33edbc848ee043dbd55d9e2aa5b751741d76780

Download Submit
memory/3812-33-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3812-20-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3812-27-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3812-38-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3812-42-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3812-9-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3812-69-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3812-1016-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3812-1183-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3812-4217-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4404-11-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4404-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download