a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 03:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe
Size

248KB
MD5

72de072b89b4d53079beaf16c4b50e28
SHA1

57b60afcfee6cf8089234884b25a3041f4ee14a4
SHA256

a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876
SHA512

d8e88814edd11641d84a28e3c546dbece75e9a9a03fecbb2c2066ec2fb7dc00df3e100079d28c1276f20ccd4529deb4ad28ebc800c7daada41fd6d5b49c773c8
SSDEEP

6144:7uJ//26kJC3oghja3DpYGaYxKrNV0eS0HeMQTtF:lC4gNobaYoN2eS0WZF

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3500	Logo1_.exe
4668	a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\F:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\pages\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ru-ru\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\pt-br\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\is\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\az\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-GB\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\uk-ua\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Microsoft.MicrosoftSolitaireCollection.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\hi_contrast\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\fmui\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Security\BrowserCore\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\plugin2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account-select\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\configuration\org.eclipse.update\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square310x310\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\he-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Security\BrowserCore\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\root\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Portable Devices\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\vi-VN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe
File created	C:\Windows\Logo1_.exe	a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe
3500	Logo1_.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2224	2088	a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe	80
PID 2088 wrote to memory of 2224	2088	a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe	80
PID 2088 wrote to memory of 2224	2088	a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe	80
PID 2088 wrote to memory of 3500	2088	a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe	81
PID 2088 wrote to memory of 3500	2088	a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe	81
PID 2088 wrote to memory of 3500	2088	a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe	81
PID 3500 wrote to memory of 1844	3500	Logo1_.exe	83
PID 3500 wrote to memory of 1844	3500	Logo1_.exe	83
PID 3500 wrote to memory of 1844	3500	Logo1_.exe	83
PID 1844 wrote to memory of 224	1844	net.exe	85
PID 1844 wrote to memory of 224	1844	net.exe	85
PID 1844 wrote to memory of 224	1844	net.exe	85
PID 2224 wrote to memory of 4668	2224	cmd.exe	86
PID 2224 wrote to memory of 4668	2224	cmd.exe	86
PID 2224 wrote to memory of 4668	2224	cmd.exe	86
PID 3500 wrote to memory of 2648	3500	Logo1_.exe	39
PID 3500 wrote to memory of 2648	3500	Logo1_.exe	39

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2648
- C:\Users\Admin\AppData\Local\Temp\a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe
  "C:\Users\Admin\AppData\Local\Temp\a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a7E0E.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe
      "C:\Users\Admin\AppData\Local\Temp\a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe"
      4⤵
      Executes dropped EXE
      PID:4668
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3500
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1844
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a7E0E.bat

Filesize
722B

MD5
dfbba7a7a1792a0907a5a77a423e4d99

SHA1
b53b7c595437392c378895c9364c690775bc5c37

SHA256
0f80fbab1482de357d41261c0f4f3f142929c63f3b547543e75c31467db627cb

SHA512
88abd4f15f02097ba4da3c61a2e493362ccfa2534221cdcb60e115a5d83ae739c31e414d8d8a91b3953e84c2c8ecb14e9f68a62d3f36a79890cb3c3b453e89bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe

Filesize
219KB

MD5
547ad163f7a06703b439d11c4710d53a

SHA1
e22644fb3321d031111b018899fbb3b8fa51a2e1

SHA256
21bfa40ebac55a0195dd0323aaba6eab25a4acd49ad3b6252ed77a5556c4928e

SHA512
01e30945f77f60f25111d5dc7af858876e6ffc3a84071c1917ffd4b7bff19aa9c7b0cc053aa99d41ba370063bfae6308f040b13f368d31abad1ad0e405b0d51e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a930b5698e8c74b31cf13d47611ad192aa841516e9ba35b4ff1645b59debe876.exe.exe

Filesize
219KB

MD5
547ad163f7a06703b439d11c4710d53a

SHA1
e22644fb3321d031111b018899fbb3b8fa51a2e1

SHA256
21bfa40ebac55a0195dd0323aaba6eab25a4acd49ad3b6252ed77a5556c4928e

SHA512
01e30945f77f60f25111d5dc7af858876e6ffc3a84071c1917ffd4b7bff19aa9c7b0cc053aa99d41ba370063bfae6308f040b13f368d31abad1ad0e405b0d51e

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
b74ebaff81a1ab6d6d71795c0c5247d4

SHA1
08e8ed0b70413dda93bac71087cebdda93a8f9a3

SHA256
0b6419cc4ffd5710dab5b08c41c9aa240f104680e76a4fdf2d4d57110b0a9922

SHA512
fae8d2097638ace772e806dc1a5de7619cb13b6cbbab6c0484178711c07d68b482e0c502fcc0322fedbb06dd1dd781dffa8b0dd68fc8cedcb68c60a3b01d7946

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
b74ebaff81a1ab6d6d71795c0c5247d4

SHA1
08e8ed0b70413dda93bac71087cebdda93a8f9a3

SHA256
0b6419cc4ffd5710dab5b08c41c9aa240f104680e76a4fdf2d4d57110b0a9922

SHA512
fae8d2097638ace772e806dc1a5de7619cb13b6cbbab6c0484178711c07d68b482e0c502fcc0322fedbb06dd1dd781dffa8b0dd68fc8cedcb68c60a3b01d7946

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
b74ebaff81a1ab6d6d71795c0c5247d4

SHA1
08e8ed0b70413dda93bac71087cebdda93a8f9a3

SHA256
0b6419cc4ffd5710dab5b08c41c9aa240f104680e76a4fdf2d4d57110b0a9922

SHA512
fae8d2097638ace772e806dc1a5de7619cb13b6cbbab6c0484178711c07d68b482e0c502fcc0322fedbb06dd1dd781dffa8b0dd68fc8cedcb68c60a3b01d7946

Download Submit
memory/2088-136-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2088-132-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3500-145-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3500-146-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download