d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06

Analysis

max time kernel
149s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 14:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe
Size

959KB
MD5

b72ceb491a41901ee0c0e9bd61776101
SHA1

057adbb01682d3594359397614365dacfb3c58c7
SHA256

d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06
SHA512

40d41d09166b750992a049a43fce07efa2887b7306f824b698c6b1df393fd52276b1732b867e8b940bdd6f0efbdb96f817c08c4d3ab80c16b2408ed64cd7d100
SSDEEP

12288:ORKcv8Nh7py6Rmi78gkPH3aPI9vyVg/0paQuj3IdD02fKBjtp/:nBpDRmi78gkPXlyo0G/jr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1104	Logo1_.exe
2532	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\da-dk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.0_2.1810.18004.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\AppCore\Location\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Media Player\Skins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl\Assets\OfflinePages\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example3.Diagnostics\1.1.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\_desktop.ini	Logo1_.exe
File created	C:\Program Files\ModifiableWindowsApps\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\host\fxr\6.0.27\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\cs-cz\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\hu-hu\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\zh-TW\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Configuration\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe
File created	C:\Windows\Logo1_.exe	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe
1104	Logo1_.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeRestorePrivilege	2532	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe
Token: 35	2532	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 4744	4728	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe	84
PID 4728 wrote to memory of 4744	4728	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe	84
PID 4728 wrote to memory of 4744	4728	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe	84
PID 4728 wrote to memory of 1104	4728	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe	85
PID 4728 wrote to memory of 1104	4728	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe	85
PID 4728 wrote to memory of 1104	4728	d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe	85
PID 1104 wrote to memory of 4936	1104	Logo1_.exe	87
PID 1104 wrote to memory of 4936	1104	Logo1_.exe	87
PID 1104 wrote to memory of 4936	1104	Logo1_.exe	87
PID 4936 wrote to memory of 1488	4936	net.exe	89
PID 4936 wrote to memory of 1488	4936	net.exe	89
PID 4936 wrote to memory of 1488	4936	net.exe	89
PID 4744 wrote to memory of 2532	4744	cmd.exe	90
PID 4744 wrote to memory of 2532	4744	cmd.exe	90
PID 1104 wrote to memory of 3520	1104	Logo1_.exe	56
PID 1104 wrote to memory of 3520	1104	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3520
- C:\Users\Admin\AppData\Local\Temp\d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe
  "C:\Users\Admin\AppData\Local\Temp\d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4728
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a9A9A.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe
      "C:\Users\Admin\AppData\Local\Temp\d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2532
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1104
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4936
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
6a762e3cb6d6766c29af3a746e285234

SHA1
d68a29115c2e4ab48b1f14ce3a97d2689b036b6c

SHA256
70e8482d3906740b713ac53296e7e36c4446d5f56579bfa22774313696267766

SHA512
3142834a11a88b138a97cc945ce0cac49f5a5ba17087cd4d644a82c997d1a88015751e2e24171964bd300ffc9434e68333d5e6f6b98f5f1e9638c5069775ebff

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
c213849d0139a23f9c02688691d2636e

SHA1
378ed18f00b9d117b829bd94974b4e7b00824fc3

SHA256
ca730312f855501ae5e562ac8999cbbf10fcd0a9727ea78756c757b1203acd31

SHA512
cdfe37893b895ff394803bc4794786fb8e6c5baad4781aa38cfa7b71ab7ea446f6169105463decd4e680ff38e3dc81b8d10e40e9d3d4b763907934f0049241ca

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
cda7714d2ec36fbd5dfd358b3cc885ce

SHA1
410c57ed71630d168738f40cea3ccc65529b0ae1

SHA256
d2c7832ddb52cfbb750dfffae048fd9c6a9cf06a52b7de91a0be255dffadef4e

SHA512
89cc9f52ae02711a9f90f2ba8e6b62c8ac442b967903067e1f3c5c12ff3ca012b62b8af4e4e7c3762b4c3ee255826b509fdb064c0d2861a2c2953a02c4fc1714

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a9A9A.bat

Filesize
722B

MD5
578a83dbd70b9cde0e2fcc0b875313de

SHA1
a5a680b6157f23892d765fc911320f07f1298079

SHA256
4a7b3993cce69f7bb70f1ed8570ac59a0e54acae5a302c60d62776b4f840cbe6

SHA512
203086af2c51d265fc23ffe69ff3c39419f5afff23a2d12bf63e41da6217cae3721b17478bd53c49ce9edbed5c911f4ed8aab9b664378206f7a93acbe50d6374

Download Submit
C:\Users\Admin\AppData\Local\Temp\d5b164728c7d159e52208628584bb523d7a4f20b3961bbf2edf63994a0d6dd06.exe.exe

Filesize
930KB

MD5
30ac0b832d75598fb3ec37b6f2a8c86a

SHA1
6f47dbfd6ff36df7ba581a4cef024da527dc3046

SHA256
1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

SHA512
505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
02a50d1db542d3bccaad7fbd689d00db

SHA1
50f36cabe08f5b187f8402861fd57876bf9aff16

SHA256
41d58400b38e4513ac54cab35f8e5fe85e2ea85b6803cefdd77a382be0e6ed07

SHA512
4076302911a50e8e5f59b0ee652a849bc7e33a3eca82816bd178b8e5757c353cc0d2cace7b761c01bd190405961a496cd90776867ef7cc177c2e22e462e7df26

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1403246978-718555486-3105247137-1000\_desktop.ini

Filesize
9B

MD5
ee036d7bfecde982d31263f77044a72f

SHA1
d575db536fac53ad7f9e8f28fbf32a34aaa54afd

SHA256
6bd2c0216839f407cec78332e286e5649b2f99169f532db4197696fb125339ee

SHA512
7fe9f2de5fb89d0f7d9ddd7a9196ac54c8d159b403a428ffaea985d6bcb73e8e98a9fe36ec4cd102aa76b37f96dcd5c7a2b1abd04634a3489cc3074b57914863

Download Submit
memory/1104-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1104-34-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1104-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1104-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1104-1228-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1104-11-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1104-4794-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1104-5239-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4728-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4728-10-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download