Overview

overview

10

Static

static

1

NEAS.567d8...JC.msi

windows7-x64

10

NEAS.567d8...JC.msi

windows10-2004-x64

6

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    24-10-2023 19:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.567d828dab1022eda84f90592d6d95e331e0f2696e79ed7d86ddc095bb2efdc8msi_JC.msi

  • Size

    9.1MB

  • MD5

    f90e30df61aec134fba71d66a87326c1

  • SHA1

    593efb526ecc12d7020c35645cce6ad3a1774e6a

  • SHA256

    567d828dab1022eda84f90592d6d95e331e0f2696e79ed7d86ddc095bb2efdc8

  • SHA512

    cf377981323a1f87e421b3c4f42a4df9ddff7ba72ad0a0a7ad77e1835a68d748437252a83328a9503dec2208d63d0a9e56ee2ad2ff340a97b11377fb5a41648c

  • SSDEEP

    196608:BhbWzPMCeNrs0rczeuNr/QnMOsaB9QVuHSzdUupBqbHSDjs6cvUOzZx:XbWzPM5HCZNrgMVw6wyZUupkjSPcvXx

Score
10/10
darkgateuser_871236672discoverystealer

Malware Config

Extracted

Family

darkgate

Botnet

user_871236672

C2

http://voodmastrelinux.com

Attributes
  • alternative_c2_port

    8080

  • anti_analysis

    true

  • anti_debug

    true

  • anti_vm

    true

  • c2_port

    2351

  • check_disk

    true

  • check_ram

    true

  • check_xeon

    true

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_rawstub

    true

  • crypto_key

    vBojMjKiOxwdob

  • internal_mutex

    txtMut

  • minimum_disk

    35

  • minimum_ram

    6000

  • ping_interval

    4

  • rootkit

    true

  • startup_persistence

    true

  • username

    user_871236672

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
    discovery
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 11 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 53 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 34 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\NEAS.567d828dab1022eda84f90592d6d95e331e0f2696e79ed7d86ddc095bb2efdc8msi_JC.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2356
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 1CDF0FDB17D93C5CA7E98124C056E9CE
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Windows\SysWOW64\ICACLS.EXE
        "C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
        3⤵
        • Modifies file permissions
        PID:1672
      • C:\Windows\SysWOW64\EXPAND.EXE
        "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
        3⤵
        • Drops file in Windows directory
        PID:432
      • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\windbg.exe
        "C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\windbg.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:3056
        • \??\c:\tmpa\Autoit3.exe
          c:\tmpa\Autoit3.exe c:\tmpa\script.au3
          4⤵
          • Executes dropped EXE
          • Checks processor information in registry
          PID:1988
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files"
        3⤵
          PID:2844
        • C:\Windows\SysWOW64\ICACLS.EXE
          "C:\Windows\system32\ICACLS.EXE" "C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\." /SETINTEGRITYLEVEL (CI)(OI)LOW
          3⤵
          • Modifies file permissions
          PID:972
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2840
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003C4" "00000000000003C8"
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:2964

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files.cab
      Filesize

      8.8MB

      MD5

      f79676fd70a348f3e9d4c7ef51858036

      SHA1

      879cc80d5419e47dc136d3c2245a8edee1b96b6c

      SHA256

      e64392063436432103ad283ac152ad842d2729f1e2ccb23e4e15c8a08893e690

      SHA512

      dcaaaeadcffd634dc2ae202fa95ee067b0bfd58485c90286182d5e5fb0196d8c54a6a244070face5341ed98cf4e1a15636e4e6bbc7216abbdcdcc19910a17b86

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\00001-~1.PNG
      Filesize

      1.1MB

      MD5

      fd49f38e666f94abdbd9cc0bb842c29b

      SHA1

      36a00401a015d0719787d5a65c86784760ee93ff

      SHA256

      1f5620bf07b2c25dd18fea78288c48fb2f7b5f0a5cfc1ee6c8d8dbf6029c442f

      SHA512

      2fc40f776e84574f915e418c4b946097234faceb9902239015d2b80e683fe61d623035644055dddb6f7b92160b3c8663795f8a27bf16c5b137c7053cc9f4f612

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\00002-~1.PNG
      Filesize

      1.0MB

      MD5

      f68d2ca13e1268dd79e95591b976ec45

      SHA1

      588454301e3c25065349740573282145aa0a5c7b

      SHA256

      af008f94fe42c29b1c7da7abe02e5edaaf9b89b1c8383e646ccfc8e0e7a66460

      SHA512

      a34b648c8453df91b88d7143237e5decf84a979bfe19a98ae5cff2d37081683236502ad2f62b585409cefae98da89e92acfc8665af40d3f7c9ece4c90e32ebae

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\00003-~1.PNG
      Filesize

      1.1MB

      MD5

      7dbe5e4b98d7601585cfb9697f265e0f

      SHA1

      da8477a2494b1436664c535d7c854bf778942a76

      SHA256

      c3c4c040c61bbf8432d4450e34b7101110de26e5e4671736d64535b06189a288

      SHA512

      38e8d0e103096fee998aae33179ad15eee50acc57236bb75bf115f99bd7fa1e1d5fe386ab9a3adcced910f5114c36459c06b55b2218e8020832066eea3755d9e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\00004-~1.PNG
      Filesize

      1.0MB

      MD5

      85da5b7fd4b6983fffe78853c5276c03

      SHA1

      49a68d92beabfdfce7b2939f35a7b3e4bdc2bc96

      SHA256

      ff2a43f449bf81510c74eee9cd867bef4226c9c909b698e636ca8c56135d57ba

      SHA512

      c1d19bde8f9d434e29322edb8ac8892a475385bf97b5afd2f655175f1da6ce3ebc9df196585f3ea6a2a1755a1ec0fba2b60f203408ceebbea7801f4d1ab92f5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\00005-~1.PNG
      Filesize

      1.0MB

      MD5

      602b44b5e0a94c61c7ae501966eb4fd5

      SHA1

      853f5c83bedd4523cb72ca127cc6c269ac99e2d9

      SHA256

      2e3feac0a21a7fa351458ef1fed86f6f7a282c15fbc7f21cac29f874db9da4f3

      SHA512

      e7fe6c8965a35faecb3ab7bf6a3f8ed7a58aba891c5d5a2addec6aeda4a6790cef78a7874a386d89327d6bcb1e90ad376444d37d44fd0c604d6905dbd7ac6c97

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\00007-~1.PNG
      Filesize

      1.1MB

      MD5

      9a40cf65a81a8f618a4f562e2494a557

      SHA1

      3b06e119cc017bbe99c06906779f40f2d04b08ad

      SHA256

      087b59e3bfe212a96303f20122e9b9636753956fedaf2e1c8336e2e08c39f4e6

      SHA512

      745722fdeeb9d5f9011825d4826fb3c7c0fdeb0751a156a396b537c458854c376aac60a4709036ebf78e6d2d27cfeb302ef52ecfb1bfa3a6c238240d98839920

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\00008-~1.PNG
      Filesize

      1.1MB

      MD5

      452b0afd9436be767a0ee61e98ef0356

      SHA1

      736f12f84f8af0bd04f5b207f31cba8dd359ae03

      SHA256

      0348e5297e8040b2cc3e83e2c6edf6ccbfa122af0b3880ebd079c0dda3286c9a

      SHA512

      2fc4deaadd35f691aca0af4fb2e36201a2f68e7f7dcda9fe4da01d0b72c4cb8e448ca69d90d1cb230abfc2dc795ff785c1a1b2e95b5ab8fc0833d86013660338

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\data.bin
      Filesize

      92KB

      MD5

      8b305b67e45165844d2f8547a085d782

      SHA1

      92b8ed7652e61fdf3acb4ce74f48bcc9ed14b722

      SHA256

      776622a88a71b989ae022dae2bfbe52d5f00024970548a465046b742089aa50b

      SHA512

      2bd688ab072464ed54ea111a07e44f130a6db2c51e6f5ede1d8583b31791ad3eb2ea51114e6ac624a50118f17dfd3ec3d72c7df00d8be3b4ef4dcd7b72a0dfe6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\data2.bin
      Filesize

      1.8MB

      MD5

      67d9ff2c54906e6de543f0d0c0c02d24

      SHA1

      7d22a89a4502dd7c9106c00ff379aa516df00616

      SHA256

      aeae977f8a8f82fd520c74f3df4e817cc1d118c95a4183ec15116273236c8745

      SHA512

      ea4166c5ef0f5b213713b369e956e40bd05db4eff3d7cf1cd2eca5c342c2d5ea64bb1dc5af03a07848e72ca3b97a8894c43e5ab389e0f1ab8238a643e676d4ca

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\dbgeng.dll
      Filesize

      542KB

      MD5

      a1defa998f5984c7819cffd68664e00a

      SHA1

      9b0b17a2d660a2a51c8188186f394f8fe1650552

      SHA256

      abbb1d098f8ee24b0881278bee4228a59bb021242aba16af593c944c489e829f

      SHA512

      792ef593f78ffc453500f413640dee030bcf2bdd383697b01dc343f5e02e2b0f31b75ad68860fd7cfcae355e450e0d532ba99d1a912de7b47ced76fbc68fea24

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\windbg.exe
      Filesize

      474KB

      MD5

      04ec4f58a1f4a87b5eeb1f4b7afc48e0

      SHA1

      58dcb1cbbec071d036a07f0e8feb858e4c5b96e7

      SHA256

      bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4

      SHA512

      5b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\windbg.exe
      Filesize

      474KB

      MD5

      04ec4f58a1f4a87b5eeb1f4b7afc48e0

      SHA1

      58dcb1cbbec071d036a07f0e8feb858e4c5b96e7

      SHA256

      bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4

      SHA512

      5b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\msiwrapper.ini
      Filesize

      1010B

      MD5

      b1a5475789eba3e15c4e51093c017da9

      SHA1

      9c5e1b84ed5b378eb9b1086e0a41f4103f10e788

      SHA256

      c4cb78a494e12e475cebeeb7c595c0adfaa9d78d8117da03e719f48c55bb8e73

      SHA512

      8ec00106ce7040e10ee5b7ad69ccebefbd29b756b797079d89416672f81fe25d9801febb5fe8c2ae88759f81814b3d0698cdd03dfce5e7a5d8d30d9bf4bdabdd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\msiwrapper.ini
      Filesize

      1KB

      MD5

      6751717c77ed730e426307b8c81de11b

      SHA1

      e62e102f60762a0ea97da72d6cf9b15f9f0bc177

      SHA256

      d36c8de2e1227ca45c9da0278d01ccf4d1d38e923e652205ca1d9fae01ed139a

      SHA512

      a73cf81a614c785686738e1e670eff0edd7edfe5db0b96c30c76bb2ac7044b5c578356934fdac0632c953b594d3d332f83982ff3453273f09bf43a1211656ebe

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\msiwrapper.ini
      Filesize

      1KB

      MD5

      6751717c77ed730e426307b8c81de11b

      SHA1

      e62e102f60762a0ea97da72d6cf9b15f9f0bc177

      SHA256

      d36c8de2e1227ca45c9da0278d01ccf4d1d38e923e652205ca1d9fae01ed139a

      SHA512

      a73cf81a614c785686738e1e670eff0edd7edfe5db0b96c30c76bb2ac7044b5c578356934fdac0632c953b594d3d332f83982ff3453273f09bf43a1211656ebe

      Download Submit

    • C:\Windows\Installer\MSIB117.tmp
      Filesize

      208KB

      MD5

      d82b3fb861129c5d71f0cd2874f97216

      SHA1

      f3fe341d79224126e950d2691d574d147102b18d

      SHA256

      107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

      SHA512

      244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

      Download Submit

    • C:\tmpa\Autoit3.exe
      Filesize

      872KB

      MD5

      c56b5f0201a3b3de53e561fe76912bfd

      SHA1

      2a4062e10a5de813f5688221dbeb3f3ff33eb417

      SHA256

      237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

      SHA512

      195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

      Download Submit

    • \??\c:\tmpa\script.au3
      Filesize

      490KB

      MD5

      47254a9762ec3d0d2840db3c509775fe

      SHA1

      b56ae57e7feac10d839d960f130f3a7caddd175b

      SHA256

      25d76801735b5b7b49a7fa3f4dcfc13536832a354a7200458099c120d4faa7b6

      SHA512

      54e761e26cb5721cbc24f2ee4e9e138530d7c89b0cd9d731ab6551153dc76999056031e6436faaf357524afe655a596d7e490f37a1a4ba20ecc9e7496f53c13d

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\dbgeng.dll
      Filesize

      542KB

      MD5

      a1defa998f5984c7819cffd68664e00a

      SHA1

      9b0b17a2d660a2a51c8188186f394f8fe1650552

      SHA256

      abbb1d098f8ee24b0881278bee4228a59bb021242aba16af593c944c489e829f

      SHA512

      792ef593f78ffc453500f413640dee030bcf2bdd383697b01dc343f5e02e2b0f31b75ad68860fd7cfcae355e450e0d532ba99d1a912de7b47ced76fbc68fea24

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\windbg.exe
      Filesize

      474KB

      MD5

      04ec4f58a1f4a87b5eeb1f4b7afc48e0

      SHA1

      58dcb1cbbec071d036a07f0e8feb858e4c5b96e7

      SHA256

      bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4

      SHA512

      5b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\windbg.exe
      Filesize

      474KB

      MD5

      04ec4f58a1f4a87b5eeb1f4b7afc48e0

      SHA1

      58dcb1cbbec071d036a07f0e8feb858e4c5b96e7

      SHA256

      bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4

      SHA512

      5b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\windbg.exe
      Filesize

      474KB

      MD5

      04ec4f58a1f4a87b5eeb1f4b7afc48e0

      SHA1

      58dcb1cbbec071d036a07f0e8feb858e4c5b96e7

      SHA256

      bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4

      SHA512

      5b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80

      Download Submit

    • \Users\Admin\AppData\Local\Temp\MW-c5ab6a16-979b-4847-9eee-ec5736b22255\files\windbg.exe
      Filesize

      474KB

      MD5

      04ec4f58a1f4a87b5eeb1f4b7afc48e0

      SHA1

      58dcb1cbbec071d036a07f0e8feb858e4c5b96e7

      SHA256

      bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4

      SHA512

      5b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80

      Download Submit

    • \Windows\Installer\MSIB117.tmp
      Filesize

      208KB

      MD5

      d82b3fb861129c5d71f0cd2874f97216

      SHA1

      f3fe341d79224126e950d2691d574d147102b18d

      SHA256

      107b32c5b789be9893f24d5bfe22633d25b7a3cae80082ef37b30e056869cc5c

      SHA512

      244b7675e70ab12aa5776f26e30577268573b725d0f145bfc6b848d2bd8f014c9c6eab0fc0e4f0a574ed9ca1d230b2094dd88a2146ef0a6db70dbd815f9a5f5b

      Download Submit

    • \tmpa\Autoit3.exe
      Filesize

      872KB

      MD5

      c56b5f0201a3b3de53e561fe76912bfd

      SHA1

      2a4062e10a5de813f5688221dbeb3f3ff33eb417

      SHA256

      237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

      SHA512

      195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

      Download Submit

    • memory/1988-117-0x0000000000820000-0x0000000000C20000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1988-126-0x0000000000820000-0x0000000000C20000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/1988-127-0x0000000002EB0000-0x00000000031DA000-memory.dmp

      Filesize

      3.2MB

      Download

    • memory/1988-128-0x0000000000820000-0x0000000000C20000-memory.dmp

      Filesize

      4.0MB

      Download

    • memory/3056-113-0x0000000000400000-0x000000000048D000-memory.dmp

      Filesize

      564KB

      Download

    • memory/3056-106-0x0000000000250000-0x0000000000350000-memory.dmp

      Filesize

      1024KB

      Download