bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb

Analysis

max time kernel
151s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 17:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe
Size

399KB
MD5

6b536c7f28c331c46c88e5e1827f83d0
SHA1

c55b37d2fcbe8c5178f065b7fb08395aafd68dc9
SHA256

bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb
SHA512

7e22107cb788c71459510aef25a2123c058855e03c7c4ea6530f457246b7d84aad965b8cce90ed305d94f66ca8e9699d26e80b03572b13e710738dc77112d5e0
SSDEEP

6144:XKiYJL+K7EQ5vrt5AVfL8haEK4sDzLPFZcEOkCybEaQRXr9HNdvOa:LqEU0Vf4ha0sDzDOkx2LIa

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\CYL43yt.sys	rdpsign.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation	bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe

Executes dropped EXE 2 IoCs

pid	Process
1540	b9de8270
548	rdpsign.exe

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	114.114.114.114

Drops file in System32 directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	b9de8270
File created	C:\Windows\system32\ \Windows\System32\VGfNGtuR.sys	rdpsign.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_DD02D25E799024F48A93E8EE3BDDA41A	b9de8270
File created	C:\Windows\SysWOW64\b9de8270	bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_DD02D25E799024F48A93E8EE3BDDA41A	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DED9969D7ED2C6E555C5C9254A43EDE4	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DED9969D7ED2C6E555C5C9254A43EDE4	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E	b9de8270
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	b9de8270

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\rdpsign.exe	Explorer.EXE
File opened for modification	C:\Program Files\rdpsign.exe	Explorer.EXE

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\1a5d88	b9de8270
File created	C:\Windows\KqT11CK.sys	rdpsign.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	rdpsign.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	rdpsign.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	rdpsign.exe

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
708	timeout.exe
2468	timeout.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Desktop\WindowMetrics\Shell Icon Size = "31"	rdpsign.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Desktop\WindowMetrics\Shell Icon Size = "32"	rdpsign.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	b9de8270
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	b9de8270
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	b9de8270
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	b9de8270
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	b9de8270
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	b9de8270
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	b9de8270
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	b9de8270
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	b9de8270

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Explorer.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Explorer.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Explorer.EXE

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1540	b9de8270
1540	b9de8270
1540	b9de8270
1540	b9de8270
1540	b9de8270
1540	b9de8270
1540	b9de8270
1540	b9de8270
1540	b9de8270
1540	b9de8270
3172	Explorer.EXE
3172	Explorer.EXE
3172	Explorer.EXE
3172	Explorer.EXE
1540	b9de8270
1540	b9de8270

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3172	Explorer.EXE

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
652	Process not Found
652	Process not Found
652	Process not Found

Suspicious use of AdjustPrivilegeToken 31 IoCs

description	pid	Process
Token: SeDebugPrivilege	2196	bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe
Token: SeTcbPrivilege	2196	bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe
Token: SeDebugPrivilege	1540	b9de8270
Token: SeTcbPrivilege	1540	b9de8270
Token: SeDebugPrivilege	1540	b9de8270
Token: SeDebugPrivilege	3172	Explorer.EXE
Token: SeDebugPrivilege	3172	Explorer.EXE
Token: SeDebugPrivilege	1540	b9de8270
Token: SeIncBasePriorityPrivilege	2196	bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe
Token: SeDebugPrivilege	548	rdpsign.exe
Token: SeDebugPrivilege	548	rdpsign.exe
Token: SeDebugPrivilege	548	rdpsign.exe
Token: SeShutdownPrivilege	3172	Explorer.EXE
Token: SeCreatePagefilePrivilege	3172	Explorer.EXE
Token: SeIncBasePriorityPrivilege	1540	b9de8270
Token: SeShutdownPrivilege	3172	Explorer.EXE
Token: SeCreatePagefilePrivilege	3172	Explorer.EXE
Token: SeShutdownPrivilege	3172	Explorer.EXE
Token: SeCreatePagefilePrivilege	3172	Explorer.EXE
Token: SeShutdownPrivilege	3172	Explorer.EXE
Token: SeCreatePagefilePrivilege	3172	Explorer.EXE
Token: SeShutdownPrivilege	3172	Explorer.EXE
Token: SeCreatePagefilePrivilege	3172	Explorer.EXE
Token: SeShutdownPrivilege	3172	Explorer.EXE
Token: SeCreatePagefilePrivilege	3172	Explorer.EXE
Token: SeShutdownPrivilege	3172	Explorer.EXE
Token: SeCreatePagefilePrivilege	3172	Explorer.EXE
Token: SeShutdownPrivilege	3172	Explorer.EXE
Token: SeCreatePagefilePrivilege	3172	Explorer.EXE
Token: SeShutdownPrivilege	3172	Explorer.EXE
Token: SeCreatePagefilePrivilege	3172	Explorer.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3172	Explorer.EXE
3172	Explorer.EXE

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3172	Explorer.EXE

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 3172	1540	b9de8270	39
PID 1540 wrote to memory of 3172	1540	b9de8270	39
PID 1540 wrote to memory of 3172	1540	b9de8270	39
PID 1540 wrote to memory of 3172	1540	b9de8270	39
PID 1540 wrote to memory of 3172	1540	b9de8270	39
PID 3172 wrote to memory of 548	3172	Explorer.EXE	88
PID 3172 wrote to memory of 548	3172	Explorer.EXE	88
PID 3172 wrote to memory of 548	3172	Explorer.EXE	88
PID 3172 wrote to memory of 548	3172	Explorer.EXE	88
PID 3172 wrote to memory of 548	3172	Explorer.EXE	88
PID 3172 wrote to memory of 548	3172	Explorer.EXE	88
PID 3172 wrote to memory of 548	3172	Explorer.EXE	88
PID 1540 wrote to memory of 584	1540	b9de8270	3
PID 1540 wrote to memory of 584	1540	b9de8270	3
PID 1540 wrote to memory of 584	1540	b9de8270	3
PID 1540 wrote to memory of 584	1540	b9de8270	3
PID 1540 wrote to memory of 584	1540	b9de8270	3
PID 2196 wrote to memory of 2412	2196	bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe	91
PID 2196 wrote to memory of 2412	2196	bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe	91
PID 2196 wrote to memory of 2412	2196	bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe	91
PID 2412 wrote to memory of 708	2412	cmd.exe	93
PID 2412 wrote to memory of 708	2412	cmd.exe	93
PID 2412 wrote to memory of 708	2412	cmd.exe	93
PID 1540 wrote to memory of 4604	1540	b9de8270	96
PID 1540 wrote to memory of 4604	1540	b9de8270	96
PID 1540 wrote to memory of 4604	1540	b9de8270	96
PID 4604 wrote to memory of 2468	4604	cmd.exe	98
PID 4604 wrote to memory of 2468	4604	cmd.exe	98
PID 4604 wrote to memory of 2468	4604	cmd.exe	98

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:584

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Users\Admin\AppData\Local\Temp\bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe
  "C:\Users\Admin\AppData\Local\Temp\bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe"
  2⤵
  - Checks computer location settings
  - Drops file in System32 directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2196
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c timeout /t 1 & del /Q /F "C:\Users\Admin\AppData\Local\Temp\bc082e85f4f4ea47b3a27d31690c78bdffec1444a5d548b12442f8d73bf524eb.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 1
      4⤵
      Delays execution with timeout.exe
      PID:708
- C:\Program Files\rdpsign.exe
  "C:\Program Files\rdpsign.exe"
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies Control Panel
  - Suspicious use of AdjustPrivilegeToken
  PID:548

C:\Windows\Syswow64\b9de8270
C:\Windows\Syswow64\b9de8270
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c timeout /t 1 & del /Q /F "C:\Windows\Syswow64\b9de8270"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4604
- - C:\Windows\SysWOW64\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\rdpsign.exe

Filesize
98KB

MD5
a85f09a9d65752c5ea50eba8431b87af

SHA1
578655a959acb372602b6715e6589ded4ad45032

SHA256
8cb8a09b32c56c8e1c7bca6b2ef24c9705fb494ec2ca834256b56ec378c90159

SHA512
781acb6bbd7fe53a2c6e80839c4c7168a1f0919df06d296953f7a4f25c891c346041f82f4517941b0c4cac976a91697002e5a441aab012674ced8343fd80dc2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IcoC776.exe

Filesize
145KB

MD5
d2a1752df6431ac0b448cc8f25d0b3d4

SHA1
87afaeb38c8bec3278830a470f94ef39726fb26c

SHA256
9f4665e08fbfb72b2317bafa85b9ed9491f7df32dd9d818ca726d6d2ae2d4f35

SHA512
8411240eea9dd8b048da8a8023f87a2e3411ab67e8f2961ca5098b9df7ba27a5d2b31e339bb2d122a18880633dac569bbf3b6061619656a2582fe5fb16293688

Download Submit
C:\Users\Admin\AppData\Local\Temp\IcoDE1C.tmp

Filesize
183KB

MD5
e00fb9f91bcbbccb56a2455456d2b70a

SHA1
9ad3517db35b63ac08185f395a34980eea5d0840

SHA256
07b1a5e314075499de803a074a431ac7376121412b190c1f2deae5976b55403f

SHA512
ea3c303976e0ad18a0071c8d16570153ad03f257cc3f5bc59ac3ca3d680a18e714f9711938aa0ebba45532fa4a2b43863f6d210a7ef67ce95d576dd5153cdd20

Download Submit
C:\Users\Admin\Desktop\Íæ´«ÆæÇëµãÎÒ.lnk

Filesize
1KB

MD5
fbde3b58e62193a9ab361622026c866a

SHA1
08fb1e1a42bca541bf9eb1c2f139ab824e570247

SHA256
d171bf7d203bf38b882776ded1482f7a6ae6fa5de63b5f91c44dee9e291d6369

SHA512
64fa8b59523b2e00b78128dca68324c87d769d37cd7f04e21d5c3ed856325b3d2ed88a08e1c1f900a18eba8df8714fe8d099a7b970446eef1330e2ab3ff89377

Download Submit
C:\Windows\SysWOW64\b9de8270

Filesize
399KB

MD5
96e1bdff0b93a2b3b55c270933efcbe5

SHA1
3b976d555733d10026c2dfcae146f119ff7d6596

SHA256
38f71d47fa8ba9eded1309e2b7930e03ea814eea417f0efc5542e94c523693a4

SHA512
917ffe3c482cf62e669ee1190e65441c614edeed7419e624665d80e366f1493099ac6a3560560babac629e15a16d28e26a3fac252af7c9671ac934c2bb36e9f2

Download Submit
C:\Windows\SysWOW64\b9de8270

Filesize
399KB

MD5
96e1bdff0b93a2b3b55c270933efcbe5

SHA1
3b976d555733d10026c2dfcae146f119ff7d6596

SHA256
38f71d47fa8ba9eded1309e2b7930e03ea814eea417f0efc5542e94c523693a4

SHA512
917ffe3c482cf62e669ee1190e65441c614edeed7419e624665d80e366f1493099ac6a3560560babac629e15a16d28e26a3fac252af7c9671ac934c2bb36e9f2

Download Submit
memory/548-19-0x0000020CE0EB0000-0x0000020CE0F7B000-memory.dmp

Filesize
812KB

Download
memory/548-68-0x0000020CE1CB0000-0x0000020CE1D67000-memory.dmp

Filesize
732KB

Download
memory/548-18-0x0000020CDF420000-0x0000020CDF423000-memory.dmp

Filesize
12KB

Download
memory/548-21-0x0000020CE0EB0000-0x0000020CE0F7B000-memory.dmp

Filesize
812KB

Download
memory/548-64-0x0000020CDF6F0000-0x0000020CDF6F1000-memory.dmp

Filesize
4KB

Download
memory/548-22-0x00007FFA247D0000-0x00007FFA247E0000-memory.dmp

Filesize
64KB

Download
memory/548-69-0x0000020CE1090000-0x0000020CE1091000-memory.dmp

Filesize
4KB

Download
memory/548-70-0x0000020CE10A0000-0x0000020CE10A1000-memory.dmp

Filesize
4KB

Download
memory/548-73-0x0000020CE1CB0000-0x0000020CE1D67000-memory.dmp

Filesize
732KB

Download
memory/548-67-0x0000020CE1080000-0x0000020CE1081000-memory.dmp

Filesize
4KB

Download
memory/548-60-0x00007FFA247D0000-0x00007FFA247E0000-memory.dmp

Filesize
64KB

Download
memory/548-66-0x0000020CE10A0000-0x0000020CE10A1000-memory.dmp

Filesize
4KB

Download
memory/548-62-0x0000020CE0EB0000-0x0000020CE0F7B000-memory.dmp

Filesize
812KB

Download
memory/548-63-0x0000020CE1090000-0x0000020CE1091000-memory.dmp

Filesize
4KB

Download
memory/584-27-0x0000022C20A20000-0x0000022C20A48000-memory.dmp

Filesize
160KB

Download
memory/584-65-0x0000022C20A60000-0x0000022C20A61000-memory.dmp

Filesize
4KB

Download
memory/584-26-0x0000022C20A60000-0x0000022C20A61000-memory.dmp

Filesize
4KB

Download
memory/584-24-0x0000022C20A10000-0x0000022C20A13000-memory.dmp

Filesize
12KB

Download
memory/3172-61-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/3172-47-0x0000000008700000-0x00000000087F7000-memory.dmp

Filesize
988KB

Download
memory/3172-11-0x0000000002410000-0x0000000002413000-memory.dmp

Filesize
12KB

Download
memory/3172-13-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/3172-12-0x0000000008700000-0x00000000087F7000-memory.dmp

Filesize
988KB

Download
memory/3172-10-0x0000000002410000-0x0000000002413000-memory.dmp

Filesize
12KB

Download
memory/3172-8-0x0000000002410000-0x0000000002413000-memory.dmp

Filesize
12KB

Download