b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c

Analysis

max time kernel
149s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe
Size

49KB
MD5

ccff02730a6e77d47591a7aba6cf6e1d
SHA1

2feb1affda81b9aee5ecfd39babe546300e36e7e
SHA256

b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c
SHA512

2e7d88bc0b2bdeceb522befc22eddef3ab49dbb1ec7e2643c66b168855f243a62c80c4f4afb146ce5ec414855ed541b7708de63970e397e38c889de497c80fef
SSDEEP

768:I1ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL31SFUZP5TYi+UAMxkE8:afgLdQAQfcfymNr1dZP5T7lxI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1640	Logo1_.exe
4104	b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sk-SK\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\bg-BG\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sk-sk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\hr-hr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\PlayReadyCdm\_platform_specific\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\WinMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\wab.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe
File created	C:\Windows\Logo1_.exe	b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe
1640	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 636	3216	b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe	81
PID 3216 wrote to memory of 636	3216	b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe	81
PID 3216 wrote to memory of 636	3216	b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe	81
PID 3216 wrote to memory of 1640	3216	b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe	82
PID 3216 wrote to memory of 1640	3216	b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe	82
PID 3216 wrote to memory of 1640	3216	b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe	82
PID 1640 wrote to memory of 1620	1640	Logo1_.exe	83
PID 1640 wrote to memory of 1620	1640	Logo1_.exe	83
PID 1640 wrote to memory of 1620	1640	Logo1_.exe	83
PID 1620 wrote to memory of 1940	1620	net.exe	86
PID 1620 wrote to memory of 1940	1620	net.exe	86
PID 1620 wrote to memory of 1940	1620	net.exe	86
PID 636 wrote to memory of 4104	636	cmd.exe	87
PID 636 wrote to memory of 4104	636	cmd.exe	87
PID 1640 wrote to memory of 3508	1640	Logo1_.exe	56
PID 1640 wrote to memory of 3508	1640	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3508
- C:\Users\Admin\AppData\Local\Temp\b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe
  "C:\Users\Admin\AppData\Local\Temp\b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3216
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3A88.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe
      "C:\Users\Admin\AppData\Local\Temp\b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe"
      4⤵
      Executes dropped EXE
      PID:4104
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1640
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1620
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
533ce215a7c274602dc456ca375cef93

SHA1
76c502d7c45eca3fd96f6b04eb850e751bc785dd

SHA256
d70c9f73bbeed5cbc0df4a4d14bae68789f84d8092281337d2919322b288ce9c

SHA512
09d9dee36c48567921de4b7c31c4a822d5f9ed5e0b1cb0330031b320f40b5ba9b15e89dc37d52561094642c0ff16c14d32e81ed5b1dac06150fefbbd6f3365bf

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
e3cafc7557cf7a03b7d8dac8da969d35

SHA1
b78ea56fb133598f5cc60176d0d6fafbfde5d966

SHA256
edbd4ee1f536fbb25d4920792aed7d91b26b1629fcebad22ca41b69b271595de

SHA512
c46a3a9b014a7d158585799590f2c17ce40e0eac938589f0da2b3476f444419925312be8caba3dbde3f7a4b5466062ca319d8f2ab0d10ae6b516ba4fc30b144e

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3A88.bat

Filesize
722B

MD5
ded7a424877f47f30ff2f0024a9c822f

SHA1
54be4aa463a56ec151213027429da6d960a86c99

SHA256
a0591179f8eb7f0c9529d74e505c5c894f8750dd6fac8eac24754a1a1cf5fbce

SHA512
b533b660ffa00df91f4f148141269ad10927f3dd6659ef771d5007dc0c042f8171bf8ca0334ac49727680ef3b42b9967407af8e3b0c2a20ca748296851594c26

Download Submit
C:\Users\Admin\AppData\Local\Temp\b7c665a943995a9e3df1600d7ca2eeddd0d5d80bc22e03150b590c48aca9984c.exe.exe

Filesize
23KB

MD5
3c85f5e1f38b3b8176c0580debb48d38

SHA1
422e4f21186268066d30ad882ec66ed41c322a5c

SHA256
bf12b0043439b9ec8542e60374a4956b21cf300c94a779875f1715a10326353a

SHA512
2c8d3375ea1dbfabef36df5e22e22a1204545c86fae81c402abe55628d2b6617099f2713b1dbbcaba81c94d1788de25909ca162fed03a8d161f6008927c61889

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
925efa8e6ec043b04fdaf9e6c9f95b9f

SHA1
4bb883e016bdeecc3f21b562df6364944b777ae3

SHA256
6513ef9968b68f982fb83460b5919e55470f514db71c3831c2ea5c7b3a2721db

SHA512
bf4978b5b10932de14d0c64566768708331f89a815f153323173506aecc296236a22d387b5caceba100c72b44e6b870e879f7350f1abce413bb92d54e70b133e

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-4124900551-4068476067-3491212533-1000\_desktop.ini

Filesize
9B

MD5
2822854d33e24347f613c750df46b810

SHA1
c2ea2529c032aa552d5a8301900cf27fc0f6045c

SHA256
73f2f888bdeaf9427c7aa3355fbe711e6570fb5e9e48c3f64cd229198ce85ad2

SHA512
21fff5d14e03a0420d9242a095c2e93ac2b7e6b9e49d12da907394ac9725bb746896721ceded88411895e9630a8ffbface168f0c02630b33300647d3d9e3326c

Download Submit
memory/1640-27-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1640-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1640-37-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1640-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1640-1231-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1640-4797-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1640-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1640-5236-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3216-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3216-13-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download