joker | bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63

Analysis

max time kernel
152s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2022 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe
Size

31KB
MD5

6f855b0dcaf12e609058030cedf4c030
SHA1

58a5630e99669bc1b35e55dcb7ed5d104f60b905
SHA256

bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63
SHA512

be69cee35355589582665a96a941d77ea00f35bacd2e982c35cf4d7a48b418fb1319c81a3bad341834fdb5b54280d0ee5938cba2bd4c251eee80b27fb1c70dfc
SSDEEP

768:rg8q0xXJrLL/tvdUkTRQ75c0RJG7JxsLoIvCYR/9m:r7Z5HL1CkdQFc0RJpJL

Score

10^/10

joker bootkit infostealer persistence trojan upx

Malware Config

Extracted

Family

joker

http://tttie.oss-cn-shenzhen.aliyuncs.com

Signatures

joker
Joker is an Android malware that targets billing and SMS fraud.
infostealer trojan joker

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000500000000072f-141.dat	acprotect

Downloads MZ/PE file

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\KAVBase.sys	kinst_1_335.exe

Executes dropped EXE 2 IoCs

pid	Process
4452	kinst_1_335.exe
1604	KDbCIHelper.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000500000000072f-141.dat	upx
behavioral2/memory/4452-142-0x0000000010000000-0x000000001019D000-memory.dmp	upx
behavioral2/memory/4452-143-0x0000000010000000-0x000000001019D000-memory.dmp	upx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe

Loads dropped DLL 1 IoCs

pid	Process
4452	kinst_1_335.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	kinst_1_335.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\recommendctrl.config	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\config3a.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\inject.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\floatskin\skinicon\jijian_skin_img.png	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_main.htm	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_weibo.htm	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\installdk.ini	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\ksedset.ini	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\denyip.krf	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kavlog2.exe	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksde\klengine.dll	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\krcmdbase.dll	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\uninstall\scan_virus.png	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kae\karchive.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\operation\cas\kfmt.datx	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kdrvmgr.exe	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kdefendpop.dll	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\duba123.ico	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ksedset.ini	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\fnsign.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kae\kaearchb.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore_sp.xcf	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ressrc\chs\push_msg_city_list.ini	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\vinfo.ini	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kae\kaecore.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\kpld.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ressrc\chs\uplive.svr	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\uninstall\computer_acc.png	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\floatskin\skinicon\wendujishrink_skin_img.png	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\clear.xml	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ressrc\chs\game.xml	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe.bak	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\bredirect.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\productinfo.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kavpid.kid	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kwsprotect64.exe	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kupdata.exe	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kfloatwin.dll	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ressrc\chs\web\kingsoft_duba.htm	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe.bak	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\config\ksesysfiles.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\khackfix.kid	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\krmcdm.krf	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\uninstall\reinstall_duba.png	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\speedtest.xml	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\ksfilter.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\netbank.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksde\kislog.dll	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\knetworkpanel.dll	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ressrc\chs\kismain.ini	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\deswitch.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\krecycle.exe	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\jsonv6.dll	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksde\kmctrl.dll	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\floatskin\config.ini	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\floatskin\tianshizhiyi.skin	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kslaunch.exe	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\uninstall\lockpage.png	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\duba123ie.ico	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\kaccclear.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kismain.exe	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kavmenu64.dll	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kdh.dat	kinst_1_335.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kwsu.dat	kinst_1_335.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
2296	taskkill.exe

Modifies registry class 15 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}\guid = "5B14113ED0FA419D98E9D574B9033239"	kinst_1_335.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}	kinst_1_335.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}	kinst_1_335.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}\idno = "0"	kinst_1_335.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}	kinst_1_335.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories	kinst_1_335.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories	kinst_1_335.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}\idno = "1"	kinst_1_335.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}\svrid	kinst_1_335.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}\idex = "43968a0bdb892d0bfdbffef114ba698d"	kinst_1_335.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}\svrid = "sghhss5dv8pqaxluig2rhm58wvys"	kinst_1_335.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	kinst_1_335.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	kinst_1_335.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}	kinst_1_335.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}\did = "AD5BDF26D232EEAF2AE172D754D111DA"	kinst_1_335.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4452	kinst_1_335.exe
4452	kinst_1_335.exe
4452	kinst_1_335.exe
4452	kinst_1_335.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2296	taskkill.exe
Token: SeDebugPrivilege	4452	kinst_1_335.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 4452	4984	bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe	89
PID 4984 wrote to memory of 4452	4984	bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe	89
PID 4984 wrote to memory of 4452	4984	bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe	89
PID 4984 wrote to memory of 4344	4984	bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe	90
PID 4984 wrote to memory of 4344	4984	bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe	90
PID 4984 wrote to memory of 4344	4984	bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe	90
PID 4344 wrote to memory of 2296	4344	cmd.exe	92
PID 4344 wrote to memory of 2296	4344	cmd.exe	92
PID 4344 wrote to memory of 2296	4344	cmd.exe	92
PID 4452 wrote to memory of 1604	4452	kinst_1_335.exe	93
PID 4452 wrote to memory of 1604	4452	kinst_1_335.exe	93
PID 4452 wrote to memory of 1604	4452	kinst_1_335.exe	93

C:\Users\Admin\AppData\Local\Temp\bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe
"C:\Users\Admin\AppData\Local\Temp\bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Users\Admin\AppData\Local\Temp\sbnimb.tmp\dtstop.tmp\kinst_1_335.exe
  "C:\Users\Admin\AppData\Local\Temp\sbnimb.tmp\dtstop.tmp\kinst_1_335.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4452
- - C:\Users\Admin\AppData\Local\Temp\KDbCIHelper.exe
    "C:\Users\Admin\AppData\Local\Temp\KDbCIHelper.exe" -release
    3⤵
    - Executes dropped EXE
    PID:1604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4344
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2296

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\30E04CC.dll

Filesize
18.7MB

MD5
f85489fffc65d8758751bff49ec5fe61

SHA1
334f2f3b984ed5dd28b2c492d483f7b10340f4da

SHA256
8a857847ee8a5dcbe64050312cd225935d73d1537a2bf5c4e0038b782e4fb4d3

SHA512
550d4f12a85551d484ab4f2e09261a716062ff2899eeb4b6865b202aa18c6490cbb9c5bef7c34c149ad3f5143626a802cbb582d0d87ff9a42e5e957fe02991d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\KDbCIHelper.exe

Filesize
270KB

MD5
6a0416c9d15d5bbfa03c85a96eadad90

SHA1
ec383f7104112d92f95c31d0e365db6dd2cd4462

SHA256
72e1f20807ed445c506d264d9da2e3687a8b2f4b503f352f1d363d7a5dce73ea

SHA512
dfbca32f535b9a39576c653ff731ce5bff087d625dfb2e4498aade783ed1faf9784dd06266a582d4e9d8218b13cf5b9bb4057e4cc3dace05646e1a26d865f3dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\KDbCIHelper.exe

Filesize
270KB

MD5
6a0416c9d15d5bbfa03c85a96eadad90

SHA1
ec383f7104112d92f95c31d0e365db6dd2cd4462

SHA256
72e1f20807ed445c506d264d9da2e3687a8b2f4b503f352f1d363d7a5dce73ea

SHA512
dfbca32f535b9a39576c653ff731ce5bff087d625dfb2e4498aade783ed1faf9784dd06266a582d4e9d8218b13cf5b9bb4057e4cc3dace05646e1a26d865f3dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\bdada64813dbe03408c4826a9b90a5f07beca58e1036df5a1aaf179bbecb1a63.exe.bat

Filesize
330B

MD5
a1ad8aaf5b3424949370911b1a684a5b

SHA1
d3465e4ba29682a37e9a910fc1a71acc1bc31615

SHA256
6bc8795bdd45eaf1de03545ebb9caea21fd3635d7f64d219fc1a965000f1d10a

SHA512
64bd4bedcb684f610d4af0a634fff0b54f3e2d9f982015d3a8be13f4816456af2aefbf6a59c066c739e112e3685e2a59ce1e2bd313a52796fcfd16d4a4bdb539

Download Submit
C:\Users\Admin\AppData\Local\Temp\sbnimb.tmp\dtstop.tmp\kinst_1_335.exe

Filesize
1.1MB

MD5
3035693137f153ef3e1213a945d33e00

SHA1
175f680ed04a381663a594189750b450a1f86229

SHA256
646be34566c6b635f9d32fdd54ae7824255a363de2a12d084a1797c3c43ad3a1

SHA512
802553d8bd67880efb346ca188b5e7b17d95feafe65018b1d87d372d146c5bbf417040493c527bad1fcbe32c62b6639b00220340226c1cae1ed6640cf94f155c

Download Submit
C:\Users\Admin\AppData\Local\Temp\sbnimb.tmp\dtstop.tmp\kinst_1_335.exe

Filesize
1.1MB

MD5
3035693137f153ef3e1213a945d33e00

SHA1
175f680ed04a381663a594189750b450a1f86229

SHA256
646be34566c6b635f9d32fdd54ae7824255a363de2a12d084a1797c3c43ad3a1

SHA512
802553d8bd67880efb346ca188b5e7b17d95feafe65018b1d87d372d146c5bbf417040493c527bad1fcbe32c62b6639b00220340226c1cae1ed6640cf94f155c

Download Submit
memory/4452-142-0x0000000010000000-0x000000001019D000-memory.dmp

Filesize
1.6MB

Download
memory/4452-143-0x0000000010000000-0x000000001019D000-memory.dmp

Filesize
1.6MB

Download
memory/4984-132-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4984-140-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4984-133-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download