c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15-10-2023 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe
Size

566KB
MD5

fbece2de63a9c06d1a08b40cd1c59146
SHA1

b47e8bf135dbd6d59d9c3cbfeaaf599369f12473
SHA256

c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab
SHA512

54d8e5d1a9db33b833dd32b5b49898ebfbf127712bb9ee58626cd0de35d7835e6ad9c48ce2bc54ef11199fcf6a36d213466172a513dcd2a2e7c445f0cc2c3cfd
SSDEEP

12288:OLc+Gl3DflwlLrfw+fZdI+eN9K61cNiSvSGtTnOmyMcp7YJhnRw:Ec+qILkOdIdcN/vvtTObMceJhRw

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
468	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2300	Logo1_.exe
2056	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe

Loads dropped DLL 1 IoCs

pid	Process
468	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\te\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ca\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\DVDMaker.exe	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\oc\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\cmm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Defender\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\tnameserv.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Hearts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d11\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\applet\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe
File created	C:\Windows\Logo1_.exe	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2300	Logo1_.exe
2300	Logo1_.exe
2300	Logo1_.exe
2300	Logo1_.exe
2300	Logo1_.exe
2300	Logo1_.exe
2300	Logo1_.exe
2300	Logo1_.exe
2300	Logo1_.exe
2300	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 468	3052	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe	28
PID 3052 wrote to memory of 468	3052	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe	28
PID 3052 wrote to memory of 468	3052	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe	28
PID 3052 wrote to memory of 468	3052	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe	28
PID 3052 wrote to memory of 2300	3052	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe	30
PID 3052 wrote to memory of 2300	3052	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe	30
PID 3052 wrote to memory of 2300	3052	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe	30
PID 3052 wrote to memory of 2300	3052	c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe	30
PID 468 wrote to memory of 2056	468	cmd.exe	32
PID 468 wrote to memory of 2056	468	cmd.exe	32
PID 468 wrote to memory of 2056	468	cmd.exe	32
PID 468 wrote to memory of 2056	468	cmd.exe	32
PID 2300 wrote to memory of 1620	2300	Logo1_.exe	31
PID 2300 wrote to memory of 1620	2300	Logo1_.exe	31
PID 2300 wrote to memory of 1620	2300	Logo1_.exe	31
PID 2300 wrote to memory of 1620	2300	Logo1_.exe	31
PID 1620 wrote to memory of 2220	1620	net.exe	34
PID 1620 wrote to memory of 2220	1620	net.exe	34
PID 1620 wrote to memory of 2220	1620	net.exe	34
PID 1620 wrote to memory of 2220	1620	net.exe	34
PID 2300 wrote to memory of 1368	2300	Logo1_.exe	17
PID 2300 wrote to memory of 1368	2300	Logo1_.exe	17

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1368
- C:\Users\Admin\AppData\Local\Temp\c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe
  "C:\Users\Admin\AppData\Local\Temp\c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$aC0CF.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe
      "C:\Users\Admin\AppData\Local\Temp\c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe"
      4⤵
      Executes dropped EXE
      PID:2056
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2300
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1620
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$aC0CF.bat

Filesize
722B

MD5
25c185cac5b61b224b8c8c80d1c03d59

SHA1
99504b7508b01b3c55ced5de93080b508b8808c0

SHA256
6e62f47b91e6e5a9bf768bf33e5b3e0b80cffe3ff35c22c233ea35923a3cb08d

SHA512
f4f828e6c5c48ac7f61c2a15d413346cc4f7730477ce765faf6ce0c4446198b7eded86e1c96b3c0080dbc285315289a4898e3abc8aa3fbf67a98ed2b7d9a64a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aC0CF.bat

Filesize
722B

MD5
25c185cac5b61b224b8c8c80d1c03d59

SHA1
99504b7508b01b3c55ced5de93080b508b8808c0

SHA256
6e62f47b91e6e5a9bf768bf33e5b3e0b80cffe3ff35c22c233ea35923a3cb08d

SHA512
f4f828e6c5c48ac7f61c2a15d413346cc4f7730477ce765faf6ce0c4446198b7eded86e1c96b3c0080dbc285315289a4898e3abc8aa3fbf67a98ed2b7d9a64a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe

Filesize
537KB

MD5
eee6800b67e4ce6b023081d9dba3bf63

SHA1
5d72812c2bece8c43ecdcb84fb34f3d7c838eb0e

SHA256
8999f0f948e48667ebd2db8a65bea0dc30f459da5f76f91843675ec083eef7e1

SHA512
7c55f5aa17d25189d1c149e5afe00752787f516ebd52a858c6d12c9973e58be2d5db093b64b34a10147fa74df0afe6ddb2fd86a495739fb3ab51c77c8d5f8240

Download Submit
C:\Users\Admin\AppData\Local\Temp\c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe.exe

Filesize
537KB

MD5
eee6800b67e4ce6b023081d9dba3bf63

SHA1
5d72812c2bece8c43ecdcb84fb34f3d7c838eb0e

SHA256
8999f0f948e48667ebd2db8a65bea0dc30f459da5f76f91843675ec083eef7e1

SHA512
7c55f5aa17d25189d1c149e5afe00752787f516ebd52a858c6d12c9973e58be2d5db093b64b34a10147fa74df0afe6ddb2fd86a495739fb3ab51c77c8d5f8240

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
bd4d03d0663ad65daca8204d0fa15746

SHA1
1b6720d10b1c8b960fd2b58e7d9a710c4a4166fa

SHA256
dfcbb4d0e1a3bcd55b675bd13433726b4d0c7690f43576e6da4affbd312cf889

SHA512
ad71397d08c57c7f501c9e373eca6e38c64c3afd31bee12cad14403233b9ac920733d965917c31c18d417a4130489c790da9358edf20a6b5819be387fc67aee2

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
bd4d03d0663ad65daca8204d0fa15746

SHA1
1b6720d10b1c8b960fd2b58e7d9a710c4a4166fa

SHA256
dfcbb4d0e1a3bcd55b675bd13433726b4d0c7690f43576e6da4affbd312cf889

SHA512
ad71397d08c57c7f501c9e373eca6e38c64c3afd31bee12cad14403233b9ac920733d965917c31c18d417a4130489c790da9358edf20a6b5819be387fc67aee2

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
bd4d03d0663ad65daca8204d0fa15746

SHA1
1b6720d10b1c8b960fd2b58e7d9a710c4a4166fa

SHA256
dfcbb4d0e1a3bcd55b675bd13433726b4d0c7690f43576e6da4affbd312cf889

SHA512
ad71397d08c57c7f501c9e373eca6e38c64c3afd31bee12cad14403233b9ac920733d965917c31c18d417a4130489c790da9358edf20a6b5819be387fc67aee2

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
bd4d03d0663ad65daca8204d0fa15746

SHA1
1b6720d10b1c8b960fd2b58e7d9a710c4a4166fa

SHA256
dfcbb4d0e1a3bcd55b675bd13433726b4d0c7690f43576e6da4affbd312cf889

SHA512
ad71397d08c57c7f501c9e373eca6e38c64c3afd31bee12cad14403233b9ac920733d965917c31c18d417a4130489c790da9358edf20a6b5819be387fc67aee2

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-3185155662-718608226-894467740-1000\_desktop.ini

Filesize
10B

MD5
3fa5f43b227b96d6334e4649982d21b7

SHA1
aaca225fe44f532099d2d7d7b00d80ebc3dd003b

SHA256
d8fdb800da5ad9cc8b64df32df8c6006127fb46c590ee39f84bfd8b4f8912358

SHA512
2bf18238a4b94cb61fdd22c61007bc5cbb7fc712b69685cc03efc548622dc365f07159a6599192b1aed0c2ffa9911fbeb321323f7bf24c8706d52adff07e432e

Download Submit
\Users\Admin\AppData\Local\Temp\c038fedd008ce775c61b71cec90758f08ce7488f8ebcf72c3eadd65b482021ab.exe

Filesize
537KB

MD5
eee6800b67e4ce6b023081d9dba3bf63

SHA1
5d72812c2bece8c43ecdcb84fb34f3d7c838eb0e

SHA256
8999f0f948e48667ebd2db8a65bea0dc30f459da5f76f91843675ec083eef7e1

SHA512
7c55f5aa17d25189d1c149e5afe00752787f516ebd52a858c6d12c9973e58be2d5db093b64b34a10147fa74df0afe6ddb2fd86a495739fb3ab51c77c8d5f8240

Download Submit
memory/1368-29-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/2300-208-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2300-31-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2300-19-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2300-39-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2300-45-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2300-91-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2300-97-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2300-575-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2300-1643-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2300-1852-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3052-12-0x00000000002C0000-0x00000000002F6000-memory.dmp

Filesize
216KB

Download
memory/3052-16-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3052-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download