d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/09/2024, 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe
Size

570KB
MD5

9f279f3bb96dcf0bdb72b1a52e723336
SHA1

3e209c0396a41a3290c83426f86ae6524861426d
SHA256

d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6
SHA512

bcc62dd396837318312600afcf425851b77deaf528b1443cded90631f50c612d10d7fd85ea29840e62c38f27dc3d631985ddfd9a286176dffc9353f62c2c5b9d
SSDEEP

6144:wsVfjmNCE7cV3iwbAFRWAbd4nf0H05yqE6Hl0ChW0+ksllAXBu0lWGWUJJQ4t0BE:v7+57a3iwbihym2g7XO3LWUQfh4Co

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4800	Logo1_.exe
4000	d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\dotnet\shared\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Views\Utilities\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Notifications\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\bin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-si\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\themes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Internet Explorer\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Configuration\Registration\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplore.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\am-ET\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Bundle\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pt_BR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_neutral_split.scale-100_8wekyb3d8bbwe\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Modules\Example1.Diagnostics\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\eu-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe
File created	C:\Windows\Logo1_.exe	d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe
4800	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 1700	3940	d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe	83
PID 3940 wrote to memory of 1700	3940	d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe	83
PID 3940 wrote to memory of 1700	3940	d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe	83
PID 3940 wrote to memory of 4800	3940	d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe	84
PID 3940 wrote to memory of 4800	3940	d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe	84
PID 3940 wrote to memory of 4800	3940	d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe	84
PID 4800 wrote to memory of 3260	4800	Logo1_.exe	86
PID 4800 wrote to memory of 3260	4800	Logo1_.exe	86
PID 4800 wrote to memory of 3260	4800	Logo1_.exe	86
PID 3260 wrote to memory of 3936	3260	net.exe	88
PID 3260 wrote to memory of 3936	3260	net.exe	88
PID 3260 wrote to memory of 3936	3260	net.exe	88
PID 1700 wrote to memory of 4000	1700	cmd.exe	89
PID 1700 wrote to memory of 4000	1700	cmd.exe	89
PID 4800 wrote to memory of 3440	4800	Logo1_.exe	56
PID 4800 wrote to memory of 3440	4800	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3440
- C:\Users\Admin\AppData\Local\Temp\d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe
  "C:\Users\Admin\AppData\Local\Temp\d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3940
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a8378.bat
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe
      "C:\Users\Admin\AppData\Local\Temp\d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe"
      4⤵
      Executes dropped EXE
      PID:4000
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4800
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3260
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe

Filesize
244KB

MD5
40097abf8572ce90d99c616007eee1c0

SHA1
bc7e07781fe1424d9ce94cbf8f39656b17ba3ec1

SHA256
9853552b50b120f9a3330b435f15181b500b2a510731c868b608602b7763f98d

SHA512
9738fd3ab8e02ba00b396074eec6b318eafa385d3d7b96281f770762a13d0d8a6cb2f8b38fc65437996e1355df759ab943adc50e4cc92c13152b1b8ac9d2d131

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
9f279f3bb96dcf0bdb72b1a52e723336

SHA1
3e209c0396a41a3290c83426f86ae6524861426d

SHA256
d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6

SHA512
bcc62dd396837318312600afcf425851b77deaf528b1443cded90631f50c612d10d7fd85ea29840e62c38f27dc3d631985ddfd9a286176dffc9353f62c2c5b9d

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
2500f702e2b9632127c14e4eaae5d424

SHA1
8726fef12958265214eeb58001c995629834b13a

SHA256
82e5b0001f025ca3b8409c98e4fb06c119c68de1e4ef60a156360cb4ef61d19c

SHA512
f420c62fa1f6897f51dd7a0f0e910fb54ad14d51973a2d4840eeea0448c860bf83493fb1c07be65f731efc39e19f8a99886c8cfd058cee482fe52d255a33a55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a8378.bat

Filesize
722B

MD5
bddab2ae4e164a8f6ae29b45f3c9276d

SHA1
28b252fced4a61924224dcc72ae0b369ab8b7160

SHA256
d0344780a78f535159a373339bf511f7df9d5e99332c3efe519e09c441a4ede9

SHA512
36065f40ade95f6a737fd46206e36320e595e832008198aaf5d66f35d9b5ed457395f73c1d6eb184c8746b4c3727717397e2e73a15bef1e1dded2eab205c647e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d48ef1f6ee74dcf82cf81b6ff609f63d754b320efd69ae50714f93c446b911b6.exe.exe

Filesize
544KB

MD5
9a1dd1d96481d61934dcc2d568971d06

SHA1
f136ef9bf8bd2fc753292fb5b7cf173a22675fb3

SHA256
8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525

SHA512
7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
f840b7fc997e1545a0af493debb80730

SHA1
68d2c2e571748727d05c214028b1de3bea3fce7d

SHA256
49a34f007cecef2b47f106a0d40acb46d55602ad1d7bc01e8c0d268cbb6583f5

SHA512
2e8c07ec6aefd6194925769847e38b05620efe7249afcdcf24bfe1cdd6e2586efe1cf48ecf4130fe0bdf42fd05aefe8e15fcd23c62897ba7bdf3762fcabd3b72

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-656926755-4116854191-210765258-1000\_desktop.ini

Filesize
8B

MD5
646a1be8fae9210cfba53ee1aab14c96

SHA1
8677ff347131a9c8304f10b48012ebd8b075030c

SHA256
660d57a3dc71884e70a9cbd6ca26d02872f4706abeb098c6d35f6b217462edf5

SHA512
812b716a422628d486a4c78c66a85c641f13976537fbd452e14fab9a6c440b442632df04de8437c485c9c8164e3b3499201d3dbe681b36fe6bec749df1ab75e4

Download Submit
memory/3940-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3940-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4800-26-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4800-36-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4800-32-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4800-560-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4800-1233-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4800-19-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4800-4791-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4800-9-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4800-5236-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download