23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c

Analysis

max time kernel
243s
max time network
285s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe
Size

765KB
MD5

1d3cef21a6de0f25b68e036f6668f485
SHA1

1d486312343806006f3b7150cdb912ca4e6c212a
SHA256

23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c
SHA512

010c9e93e4fcf9db5bbbaaede358a4643e4d125be2374bc6eacceb4dca2068a303dbb43e8ad5c3f4ed1bf6816a7105398d041202cfee4257362b5ce1d472b662
SSDEEP

12288:C7+6FICuICWaK+iYMWcHHlhXlga3gbsD9nofaNydMAYe:C7V6v9iYMHFhVbgbETy6s

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2724	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2712	Logo1_.exe
2368	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe

Loads dropped DLL 2 IoCs

pid	Process
2724	cmd.exe
2724	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\meta\art\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\More Games\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\intf\modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\policytool.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\rmiregistry.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Defender\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Journal\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Minesweeper\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ks_IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\km\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\oc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\am\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Journal\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Mail\wab.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe
File created	C:\Windows\Logo1_.exe	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2712	Logo1_.exe
2712	Logo1_.exe
2712	Logo1_.exe
2712	Logo1_.exe
2712	Logo1_.exe
2712	Logo1_.exe
2712	Logo1_.exe
2712	Logo1_.exe
2712	Logo1_.exe
2712	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2724	3048	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe	28
PID 3048 wrote to memory of 2724	3048	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe	28
PID 3048 wrote to memory of 2724	3048	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe	28
PID 3048 wrote to memory of 2724	3048	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe	28
PID 3048 wrote to memory of 2712	3048	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe	27
PID 3048 wrote to memory of 2712	3048	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe	27
PID 3048 wrote to memory of 2712	3048	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe	27
PID 3048 wrote to memory of 2712	3048	23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe	27
PID 2712 wrote to memory of 2684	2712	Logo1_.exe	30
PID 2712 wrote to memory of 2684	2712	Logo1_.exe	30
PID 2712 wrote to memory of 2684	2712	Logo1_.exe	30
PID 2712 wrote to memory of 2684	2712	Logo1_.exe	30
PID 2724 wrote to memory of 2368	2724	cmd.exe	32
PID 2724 wrote to memory of 2368	2724	cmd.exe	32
PID 2724 wrote to memory of 2368	2724	cmd.exe	32
PID 2724 wrote to memory of 2368	2724	cmd.exe	32
PID 2684 wrote to memory of 2788	2684	net.exe	33
PID 2684 wrote to memory of 2788	2684	net.exe	33
PID 2684 wrote to memory of 2788	2684	net.exe	33
PID 2684 wrote to memory of 2788	2684	net.exe	33
PID 2712 wrote to memory of 1300	2712	Logo1_.exe	13
PID 2712 wrote to memory of 1300	2712	Logo1_.exe	13

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1300
- C:\Users\Admin\AppData\Local\Temp\23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe
  "C:\Users\Admin\AppData\Local\Temp\23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3048
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2684
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2788
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a3A81.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe
      "C:\Users\Admin\AppData\Local\Temp\23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe"
      4⤵
      Executes dropped EXE
      PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a3A81.bat

Filesize
722B

MD5
3821a8339e994a12ef0490050d6eb8aa

SHA1
2bb55d653d0eb94bfb26367f8b5e392fc143c061

SHA256
51867da459a41e357b1b1bba29ae87c68ea5b15e8f66dd65194eaf233f821b97

SHA512
92d9c951fcf39e8be68b8e255fb79bd1aa866303540752feb8a8491ff013cb76a7b3ff665b8abed56498e7330f7470cf2968547108e54e0ae1cd2ccfadbc10be

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3A81.bat

Filesize
722B

MD5
3821a8339e994a12ef0490050d6eb8aa

SHA1
2bb55d653d0eb94bfb26367f8b5e392fc143c061

SHA256
51867da459a41e357b1b1bba29ae87c68ea5b15e8f66dd65194eaf233f821b97

SHA512
92d9c951fcf39e8be68b8e255fb79bd1aa866303540752feb8a8491ff013cb76a7b3ff665b8abed56498e7330f7470cf2968547108e54e0ae1cd2ccfadbc10be

Download Submit
C:\Users\Admin\AppData\Local\Temp\23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe

Filesize
739KB

MD5
7bb4069d375f5319909637e4a533fa51

SHA1
1df98286f33cc32695d92ce7f2177d46344b90df

SHA256
f2b06c5e66586c24e406c218a529656bc117b1fddb1947719e4c1f729090370b

SHA512
2809875bb28021ccbdb5e090a88794c2ee9fad5d2cedc80892edee1e9cb19f9b7d22250e65c78149b5a9bd534080e73ac9b7c99406454719484a284409b81b3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe.exe

Filesize
739KB

MD5
7bb4069d375f5319909637e4a533fa51

SHA1
1df98286f33cc32695d92ce7f2177d46344b90df

SHA256
f2b06c5e66586c24e406c218a529656bc117b1fddb1947719e4c1f729090370b

SHA512
2809875bb28021ccbdb5e090a88794c2ee9fad5d2cedc80892edee1e9cb19f9b7d22250e65c78149b5a9bd534080e73ac9b7c99406454719484a284409b81b3d

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
df539598cb788ec692b681b7daeae7a5

SHA1
97d7641e81c39be17bb61d06b3dd681cb3610461

SHA256
490673d10696887de5bee92453e384cd8ee8007a9e7327f24a497a750182b00a

SHA512
8be252c7c9427fa9871861b1c37d6c2d42f25d4df3612ec5b00f2542918c56b66a1f326ffd19523b34bdef2b8dcbacdfc50b5a88e106a780cf77b4450e4bc7d5

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
df539598cb788ec692b681b7daeae7a5

SHA1
97d7641e81c39be17bb61d06b3dd681cb3610461

SHA256
490673d10696887de5bee92453e384cd8ee8007a9e7327f24a497a750182b00a

SHA512
8be252c7c9427fa9871861b1c37d6c2d42f25d4df3612ec5b00f2542918c56b66a1f326ffd19523b34bdef2b8dcbacdfc50b5a88e106a780cf77b4450e4bc7d5

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
df539598cb788ec692b681b7daeae7a5

SHA1
97d7641e81c39be17bb61d06b3dd681cb3610461

SHA256
490673d10696887de5bee92453e384cd8ee8007a9e7327f24a497a750182b00a

SHA512
8be252c7c9427fa9871861b1c37d6c2d42f25d4df3612ec5b00f2542918c56b66a1f326ffd19523b34bdef2b8dcbacdfc50b5a88e106a780cf77b4450e4bc7d5

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
df539598cb788ec692b681b7daeae7a5

SHA1
97d7641e81c39be17bb61d06b3dd681cb3610461

SHA256
490673d10696887de5bee92453e384cd8ee8007a9e7327f24a497a750182b00a

SHA512
8be252c7c9427fa9871861b1c37d6c2d42f25d4df3612ec5b00f2542918c56b66a1f326ffd19523b34bdef2b8dcbacdfc50b5a88e106a780cf77b4450e4bc7d5

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3750544865-3773649541-1858556521-1000\_desktop.ini

Filesize
10B

MD5
b00c1a89b15effd3d1fb2de4fdc7bee5

SHA1
0c3a4f06bcd397d1d3a63ab2ca05e64cc7ae554d

SHA256
0767fccea7e57d6427b0a9b440f28687f4b835409c5dcdeb337a479009222cd9

SHA512
b50a3c1df331ecd7dbbd88c202c7b7b8fe6ece8df96249d88f40138952fb3c523f6f133a2d12daa2fd892643b53e4c19b39bcb16ef810f789c996e00bad03bc0

Download Submit
\Users\Admin\AppData\Local\Temp\23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe

Filesize
739KB

MD5
7bb4069d375f5319909637e4a533fa51

SHA1
1df98286f33cc32695d92ce7f2177d46344b90df

SHA256
f2b06c5e66586c24e406c218a529656bc117b1fddb1947719e4c1f729090370b

SHA512
2809875bb28021ccbdb5e090a88794c2ee9fad5d2cedc80892edee1e9cb19f9b7d22250e65c78149b5a9bd534080e73ac9b7c99406454719484a284409b81b3d

Download Submit
\Users\Admin\AppData\Local\Temp\23d750c1617ea8230783e849bb5873d18a8303843c55e61861132a7a7b43358c.exe

Filesize
739KB

MD5
7bb4069d375f5319909637e4a533fa51

SHA1
1df98286f33cc32695d92ce7f2177d46344b90df

SHA256
f2b06c5e66586c24e406c218a529656bc117b1fddb1947719e4c1f729090370b

SHA512
2809875bb28021ccbdb5e090a88794c2ee9fad5d2cedc80892edee1e9cb19f9b7d22250e65c78149b5a9bd534080e73ac9b7c99406454719484a284409b81b3d

Download Submit
memory/1300-35-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/2368-31-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2368-50-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2368-32-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2712-30-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2712-21-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2712-51-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2712-57-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2712-103-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2712-107-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2712-110-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2712-1116-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2712-1731-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2712-1772-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3048-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3048-15-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3048-16-0x0000000000440000-0x0000000000474000-memory.dmp

Filesize
208KB

Download