nanocore | a3bff9b4fb3f28a222c1c9658440b31e57d53b1c0ce9e36fda779726f75daa71

Analysis

max time kernel
657s
max time network
663s
platform
windows10-1703_x64
resource
win10-20220718-en
resource tags

arch:x64arch:x86image:win10-20220718-enlocale:en-usos:windows10-1703-x64system
submitted
21-07-2022 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

orxVwulQulmYSAf.exe
Size

968KB
MD5

99b689cff9e00db87bbcf91174b8b7f3
SHA1

0ee1d70a16c7d6b6c1c87a1ce4f76db76eb4b153
SHA256

a3bff9b4fb3f28a222c1c9658440b31e57d53b1c0ce9e36fda779726f75daa71
SHA512

29973550ca4bef56a3d54d61d89717af98f62ec5e6ec480e3bc93dd6917a16d4abb8e27787232651fc41897f196c4e729190c91542af0feac73535d16e7aedae

Score

10^/10

nanocore keylogger persistence spyware stealer suricata trojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

smithcity123.ddns.net:57689

194.5.98.180:57689

Mutex

c01c81ab-6469-4a53-a74b-1d51499279d4

Attributes

activate_away_mode
true
backup_connection_host
194.5.98.180
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2022-03-06T19:31:37.368246236Z
bypass_user_account_control
false
bypass_user_account_control_data
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+
clear_access_control
true
clear_zone_identifier
false
connect_delay
4000
connection_port
57689
default_group
GREAT
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
c01c81ab-6469-4a53-a74b-1d51499279d4
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
smithcity123.ddns.net
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
suricata: ET MALWARE Possible NanoCore C2 60B
suricata: ET MALWARE Possible NanoCore C2 60B
suricata
Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

vbc.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\NAT Service = "C:\\Program Files (x86)\\NAT Service\\natsvc.exe"	vbc.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

orxVwulQulmYSAf.exe

description pid process target process

PID 1076 set thread context of 3400 1076 orxVwulQulmYSAf.exe vbc.exe

description	pid	process	target process
PID 1076 set thread context of 3400	1076	orxVwulQulmYSAf.exe	vbc.exe

Drops file in Program Files directory 2 IoCs

Processes:

vbc.exe

description	ioc	process
File created	C:\Program Files (x86)\NAT Service\natsvc.exe	vbc.exe
File opened for modification	C:\Program Files (x86)\NAT Service\natsvc.exe	vbc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 3 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exeschtasks.exeschtasks.exe

pid process

220 schtasks.exe
3720 schtasks.exe
3140 schtasks.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

orxVwulQulmYSAf.exevbc.exe

pid process

1076 orxVwulQulmYSAf.exe
1076 orxVwulQulmYSAf.exe
1076 orxVwulQulmYSAf.exe
3400 vbc.exe
3400 vbc.exe
3400 vbc.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vbc.exe

pid process

3400 vbc.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

orxVwulQulmYSAf.exevbc.exe

description pid process

Token: SeDebugPrivilege 1076 orxVwulQulmYSAf.exe
Token: SeDebugPrivilege 3400 vbc.exe

pid	process
220	schtasks.exe
3720	schtasks.exe
3140	schtasks.exe

pid	process
1076	orxVwulQulmYSAf.exe
1076	orxVwulQulmYSAf.exe
1076	orxVwulQulmYSAf.exe
3400	vbc.exe
3400	vbc.exe
3400	vbc.exe

pid	process
3400	vbc.exe

description	pid	process
Token: SeDebugPrivilege	1076	orxVwulQulmYSAf.exe
Token: SeDebugPrivilege	3400	vbc.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

orxVwulQulmYSAf.exevbc.exe

description	pid	process	target process
PID 1076 wrote to memory of 220	1076	orxVwulQulmYSAf.exe	schtasks.exe
PID 1076 wrote to memory of 220	1076	orxVwulQulmYSAf.exe	schtasks.exe
PID 1076 wrote to memory of 220	1076	orxVwulQulmYSAf.exe	schtasks.exe
PID 1076 wrote to memory of 1480	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 1076 wrote to memory of 1480	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 1076 wrote to memory of 1480	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 1076 wrote to memory of 3400	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 1076 wrote to memory of 3400	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 1076 wrote to memory of 3400	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 1076 wrote to memory of 3400	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 1076 wrote to memory of 3400	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 1076 wrote to memory of 3400	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 1076 wrote to memory of 3400	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 1076 wrote to memory of 3400	1076	orxVwulQulmYSAf.exe	vbc.exe
PID 3400 wrote to memory of 3720	3400	vbc.exe	schtasks.exe
PID 3400 wrote to memory of 3720	3400	vbc.exe	schtasks.exe
PID 3400 wrote to memory of 3720	3400	vbc.exe	schtasks.exe
PID 3400 wrote to memory of 3140	3400	vbc.exe	schtasks.exe
PID 3400 wrote to memory of 3140	3400	vbc.exe	schtasks.exe
PID 3400 wrote to memory of 3140	3400	vbc.exe	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\orxVwulQulmYSAf.exe
"C:\Users\Admin\AppData\Local\Temp\orxVwulQulmYSAf.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1076

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kXNiPNjdbyLARR" /XML "C:\Users\Admin\AppData\Local\Temp\tmp530.tmp"
2⤵
- Creates scheduled task(s)
PID:220

C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"{path}"
2⤵
PID:1480

C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"{path}"
2⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3400

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "NAT Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmpFEE.tmp"
3⤵
- Creates scheduled task(s)
PID:3720

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "NAT Service Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp10F9.tmp"
3⤵
- Creates scheduled task(s)
PID:3140

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

T1064

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Scripting

T1064

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp10F9.tmp
Filesize
1KB

MD5
45cb9fac03bbbeb9a6e82b85eb3efbda

SHA1
4d6c00b68434d11f346ce844ccbc2ed7b7d4acff

SHA256
185deb301fb4155d92e158bad5a52722c63ae7399a5b9d3d875050d5389b933a

SHA512
00713c53d7193660ba223a47fa46225cb6d870ea5ea794f703efc73e21e6e01b7283dac5be3d5280e553b922521e32bc7db591bf471bd7673a1a0b62b198073b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp530.tmp
Filesize
1KB

MD5
69205b6fe40fa23999a04b23ea035c75

SHA1
4e2d00326877f9efb65620b06908d7940b7dc680

SHA256
69a91b8e543adac6033878816745c720d934c349a54a4d120937c5d819b786a5

SHA512
bb6bbffa51788255f2cb2030658c4272ac0e14c356c514c5c9108bea361e53ea15a0e51359841be401166a2e03c9ebbefc10d8bbedfd885b9419a15fff4f9f0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpFEE.tmp
Filesize
1KB

MD5
808c6e96c170c90d0db522e8947eb2bd

SHA1
44583694c3c23410d637bb96c0df0921363533ad

SHA256
c6b75fb7740d34d55d74b8664ff1ea778638a4916c2b52348ea34de60edd3afc

SHA512
928b85e9fddfd7c93623e954dc53367aaf355f74a14601d77e45612ebdb77f3d6c0fc853e154f91f61e64306361885467c16fc211cf1bbdc023658ad35dba1eb

Download Submit
memory/220-193-0x0000000000000000-mapping.dmp

Download
memory/1076-153-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-184-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-119-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-120-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-121-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-122-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-123-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-124-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-125-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-126-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-127-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-155-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-129-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-130-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-131-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-132-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-133-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-134-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-135-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-136-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-137-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-139-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-138-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-140-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-141-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-142-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-143-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-144-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-145-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-146-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-147-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-148-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-149-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-157-0x0000000005130000-0x00000000051CC000-memory.dmp

Filesize
624KB

Download
memory/1076-151-0x0000000000670000-0x0000000000768000-memory.dmp

Filesize
992KB

Download
memory/1076-152-0x0000000005590000-0x0000000005A8E000-memory.dmp

Filesize
5.0MB

Download
memory/1076-117-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-154-0x0000000004F90000-0x0000000005022000-memory.dmp

Filesize
584KB

Download
memory/1076-128-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-118-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-150-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-158-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-159-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-160-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-161-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-162-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-163-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-164-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-165-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-166-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-167-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-168-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-169-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-170-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-171-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-172-0x0000000004F70000-0x0000000004F7A000-memory.dmp

Filesize
40KB

Download
memory/1076-173-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-174-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-175-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-176-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-177-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-178-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-179-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-180-0x00000000050F0000-0x00000000050FA000-memory.dmp

Filesize
40KB

Download
memory/1076-181-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-182-0x00000000079B0000-0x0000000007A3C000-memory.dmp

Filesize
560KB

Download
memory/1076-183-0x0000000009F50000-0x0000000009F8A000-memory.dmp

Filesize
232KB

Download
memory/1076-156-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-185-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-186-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-187-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/1076-188-0x0000000077DD0000-0x0000000077F5E000-memory.dmp

Filesize
1.6MB

Download
memory/3140-295-0x0000000000000000-mapping.dmp

Download
memory/3400-214-0x000000000041E792-mapping.dmp

Download
memory/3400-252-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/3400-322-0x0000000009500000-0x000000000950A000-memory.dmp

Filesize
40KB

Download
memory/3400-327-0x000000000A010000-0x000000000A02E000-memory.dmp

Filesize
120KB

Download
memory/3400-333-0x000000000A240000-0x000000000A24A000-memory.dmp

Filesize
40KB

Download
memory/3720-276-0x0000000000000000-mapping.dmp

Download