f492027c646554f4c1de3743c0719ca5877c9dd0403b11be685d0a1b7da163ce

Analysis

max time kernel
64s
max time network
73s
platform
windows10-2004_x64
resource
win10v2004-20240412-de
resource tags

arch:x64arch:x86image:win10v2004-20240412-delocale:de-deos:windows10-2004-x64systemwindows
submitted
15-04-2024 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dl_scripts and new NmsSpt/nmsspt-1.1.0-win.amd64.setup.exe
Size

10.9MB
MD5

fd90f5774eb45ccb0a20ac3409cf7cb4
SHA1

a3772ec4d377963862a8f3bd54f05035c5d47091
SHA256

603da6519505a65526f1e6bef27fb7ef7b5e9a2926fb6e2257c0d1774da26e36
SHA512

6d225f6f329e9667835afccf8c98a433bb6a3d72c9d9ee15425e3f0a0c7c9190654a74577eb13e08338212b371117cd02618f314237ac94309cfd13b54a5b3a1
SSDEEP

196608:JSof1Uooys+cxWb1CARE013Zn+uCQSvK6TqiHwzAVM/CJkMVCO2NigfWXjcM:JSo9UHyspWb19z+uCvtTZHwASkLQOZj1

Score

7^/10

discovery pyinstaller

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2944	nmsspt-1.1.0-win.amd64.setup.tmp
4724	NmsSpt.exe
512	NmsSpt.exe

Loads dropped DLL 21 IoCs

pid	Process
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe
512	NmsSpt.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Hytera\NMS\nmsspt\cfg\is-6GIQR.tmp	nmsspt-1.1.0-win.amd64.setup.tmp
File opened for modification	C:\Program Files (x86)\Hytera\NMS\nmsspt\unins000.dat	nmsspt-1.1.0-win.amd64.setup.tmp
File opened for modification	C:\Program Files (x86)\Hytera\NMS\nmsspt\NmsSpt.exe	nmsspt-1.1.0-win.amd64.setup.tmp
File created	C:\Program Files (x86)\Hytera\NMS\nmsspt\unins000.dat	nmsspt-1.1.0-win.amd64.setup.tmp
File created	C:\Program Files (x86)\Hytera\NMS\nmsspt\is-SNFQT.tmp	nmsspt-1.1.0-win.amd64.setup.tmp
File created	C:\Program Files (x86)\Hytera\NMS\nmsspt\is-ED4NT.tmp	nmsspt-1.1.0-win.amd64.setup.tmp
File created	C:\Program Files (x86)\Hytera\NMS\nmsspt\is-1PNN6.tmp	nmsspt-1.1.0-win.amd64.setup.tmp

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral2/files/0x0007000000023410-28.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2944	nmsspt-1.1.0-win.amd64.setup.tmp
2944	nmsspt-1.1.0-win.amd64.setup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2944	nmsspt-1.1.0-win.amd64.setup.tmp

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 2944	4240	nmsspt-1.1.0-win.amd64.setup.exe	85
PID 4240 wrote to memory of 2944	4240	nmsspt-1.1.0-win.amd64.setup.exe	85
PID 4240 wrote to memory of 2944	4240	nmsspt-1.1.0-win.amd64.setup.exe	85
PID 4724 wrote to memory of 512	4724	NmsSpt.exe	97
PID 4724 wrote to memory of 512	4724	NmsSpt.exe	97

C:\Users\Admin\AppData\Local\Temp\dl_scripts and new NmsSpt\nmsspt-1.1.0-win.amd64.setup.exe
"C:\Users\Admin\AppData\Local\Temp\dl_scripts and new NmsSpt\nmsspt-1.1.0-win.amd64.setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Users\Admin\AppData\Local\Temp\is-NRG40.tmp\nmsspt-1.1.0-win.amd64.setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NRG40.tmp\nmsspt-1.1.0-win.amd64.setup.tmp" /SL5="$9011A,10564152,831488,C:\Users\Admin\AppData\Local\Temp\dl_scripts and new NmsSpt\nmsspt-1.1.0-win.amd64.setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2944

C:\Program Files (x86)\Hytera\NMS\nmsspt\NmsSpt.exe
"C:\Program Files (x86)\Hytera\NMS\nmsspt\NmsSpt.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files (x86)\Hytera\NMS\nmsspt\NmsSpt.exe
  "C:\Program Files (x86)\Hytera\NMS\nmsspt\NmsSpt.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Hytera\NMS\nmsspt\NmsSpt.exe

Filesize
9.5MB

MD5
7df42d52a781a9acc0d5c75332992dac

SHA1
6e3cebb909f07a359ad5731584a9f5d7102c4c64

SHA256
de850ef5c888141f9289b2ef8458b5c855430066a8db990651f875356d91610e

SHA512
a59a55890641d28368da35c2a748e4350b767fcd6507e0a55d6f943b73203e2e2b41a024df4c4cd01126389f8773e17da4d27a30f705b9d86167c796ee4a6628

Download Submit
C:\Program Files (x86)\Hytera\NMS\nmsspt\cfg\log.ini

Filesize
1KB

MD5
ef99ccf6098bd5304c49e12d4db68cf9

SHA1
45e46fd175ecf528dc607ef6629fea5908ed65e1

SHA256
d4a56473c8804c5028fa88d11b4c9b6abe648fd6290c118e09189eb3c1dd63b3

SHA512
076e622ead9b55556e1fc447e54af859f852d2a6b1af8c0855ddac54293e5b7115f4b6a839ab6313dc793a5a563016943bd1317185bafb6907d3bc3728945c72

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\VCRUNTIME140.dll

Filesize
93KB

MD5
4a365ffdbde27954e768358f4a4ce82e

SHA1
a1b31102eee1d2a4ed1290da2038b7b9f6a104a3

SHA256
6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c

SHA512
54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_asyncio.pyd

Filesize
63KB

MD5
0400b1958d0f7aa0d2ad409ea12ffec7

SHA1
ce1a5c61192ffe489a53f029ac0a95d4abb3d2b9

SHA256
6e25aa5931f175b971dfd05aab7a24cef29edd8f4b524341c414d0577c07a200

SHA512
8790f3f9c69823d55350ea63a1b8ebb3dad64942b6e6752109d2932b3bb848a5101e2a9a4645e93a476a8c4e5c8b27e15eb39b33fcc772a876b0e8ab9fd5eefa

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_bz2.pyd

Filesize
85KB

MD5
a49c5f406456b79254eb65d015b81088

SHA1
cfc2a2a89c63df52947af3610e4d9b8999399c91

SHA256
ce4ef8ed1e72c1d3a6082d500a17a009eb6e8ed15022bf3b68a22291858feced

SHA512
bbafeff8c101c7425dc9b8789117fe4c5e516d217181d3574d9d81b8fec4b0bd34f1e1fe6e406ae95584dc671f788cd7b05c8d700baf59fbf21de9c902edf7ae

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_cffi_backend.cp38-win_amd64.pyd

Filesize
177KB

MD5
77b5d28b725596b08d4393786d98bd27

SHA1
e3f00478de1d28bc7d2e9f0b552778be3e32d43b

SHA256
f7a00ba343d6f1ea8997d95b242fbbd70856ec2b98677d5f8b52921b8658369c

SHA512
d44415d425f7423c3d68df22b72687a2d0da52966952e20d215553aa83de1e7a5192ec918a3d570d6c2362eb5500b56b87e3ffbc0b768bfa064585aea2a30e9d

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_ctypes.pyd

Filesize
124KB

MD5
291a0a9b63bae00a4222a6df71a22023

SHA1
7a6a2aad634ec30e8edb2d2d8d0895c708d84551

SHA256
820e840759eed12e19f3c485fd819b065b49d9dc704ae3599a63077416d63324

SHA512
d43ef6fc2595936b17b0a689a00be04968f11d7c28945af4c3a74589bd05f415bf4cb3b4e22ac496490daff533755999a69d5962ccffd12e09c16130ed57fd09

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_decimal.pyd

Filesize
262KB

MD5
a2b554d61e6cf63c6e5bbafb20ae3359

SHA1
26e043efdaaa52e9034602cebeb564d4f9714a7f

SHA256
30eea56a4d1dd78f9d65fcb6168ab189cfa8098c38aad47ee770756a056749ca

SHA512
5ea99fa23e7657e9f01dc155741d5f93945a2e6c90f1494873aa7c35a8da0001815b31b387b239ef7de1695b8f416028166dd94db259d246d8dc10a37e20da97

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_hashlib.pyd

Filesize
46KB

MD5
5e5af52f42eaf007e3ac73fd2211f048

SHA1
1a981e66ab5b03f4a74a6bac6227cd45df78010b

SHA256
a30cf1a40e0b09610e34be187f1396ac5a44dcfb27bc7ff9b450d1318b694c1b

SHA512
bc37625005c3dad1129b158a2f1e91628d5c973961e0efd61513bb6c7b97d77922809afca8039d08c11903734450bc098c6e7b63655ff1e9881323e5cfd739fd

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_lzma.pyd

Filesize
159KB

MD5
cf9fd17b1706f3044a8f74f6d398d5f1

SHA1
c5cd0debbde042445b9722a676ff36a0ac3959ad

SHA256
9209ccc60115727b192bf7771551040ca6fdd50f9bf8c3d2eacbfd424e8245e4

SHA512
5fe922c00c6f7fd3cd9bc56fc51de1f44adffbdb0afc0583f1bb08008be628b9ac16f8560b0c3ba16138e1cdcaf1c525ef24241bed804804cdeb5961aed6385a

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_multiprocessing.pyd

Filesize
29KB

MD5
5cadb7186df07ca4ca5a8654cb00c9f1

SHA1
513b9160a849a3d7d510f59ffa5e201809d0161b

SHA256
54c28dcf2f2a72fc854f49c76fb021bbf2b53675fe5b5ed021c61efe9467197b

SHA512
f853c618ca243b5da04e53079d3e6a0c6a9e4e358bb5020196b49638f28bf4171a487db7ce0e5e2c46df6a643c04434f967f1c614086121d1edddcf891f5a409

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_overlapped.pyd

Filesize
45KB

MD5
7d5bb2a3e4fbceaddfeef929a21e610c

SHA1
942b69e716ee522ef01bde792434c638e3d5497a

SHA256
5f92c163b9fe6abb0f8b106a972f6a86f84271b2e32c67f95737387c85719837

SHA512
8c44f1683fdea0d8121ff2fe36f2582313980ef20ee1985af7ff36acb022acbb7617e85d2dd3b8e75715444dc0cfc4487c81b43d0222bd832aac867875afbe30

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_queue.pyd

Filesize
28KB

MD5
dd146e2fa08302496b15118bf47703cf

SHA1
d06813e2fcb30cbb00bb3893f30c2661686cf4b7

SHA256
67e4e888559ea2c62ff267b58d7a7e95c2ec361703b5aa232aa8b2a1f96a2051

SHA512
5b93a782c9562370fc5b3f289ca422b4d1a1c532e81bd6c95a0063f2e3889ecf828003e42b674439fc7cd0fa72f64ad607bab6910abe9d959a4fb9fb08df263c

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_socket.pyd

Filesize
78KB

MD5
4827652de133c83fa1cae839b361856c

SHA1
182f9a04bdc42766cfd5fb352f2cb22e5c26665e

SHA256
87832a3b89e2ada8f704a8f066013660d591d9ce01ce901cc57a3b973f0858ba

SHA512
8d66d68613fdba0820257550de3c39b308b1dce659dca953d10a95ff2cf89c31afe512d30ed44422b31117058dc9fa15279e5ac84694da89b47f99b0ad7e338a

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\_ssl.pyd

Filesize
152KB

MD5
d4dfd8c2894670e9f8d6302c09997300

SHA1
c3a6cc8d8079a06a4cac8950e0baba2b43fb1f8e

SHA256
0a721fc230eca278a69a2006e13dfa00e698274281378d4df35227e1f68ea3e0

SHA512
1422bf45d233e2e3f77dce30ba0123625f2a511f73dfdf42ee093b1755963d9abc371935111c28f0d2c02308c5e82867de2546d871c35e657da32a7182026048

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\base_library.zip

Filesize
824KB

MD5
80eee789524f0074aa721b507fb6d844

SHA1
fee6ffe1fb3d59d4efa8740752ee3d2b84eafd02

SHA256
c4d3964dd8d78b31a14d76e2c81a54b0980692bf4f1e6bdd6d8be0bf4ecedc72

SHA512
8b5186c4825bec7576d9f742c25b54563aadac053a6cf1aeba3acf7b2b5fe4250c510833d29e4b66fa3f265c4eb42c606dfefa53eb189f604aeb565993fff7eb

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\bcrypt\_bcrypt.pyd

Filesize
309KB

MD5
fd87df0742d668ed4cea71fcf4b5aad3

SHA1
a957d7eee5ee3ad3b6c04fe1ccc26431a1b5728e

SHA256
509c53bab0744e99cfe0c81787b245fdc3b08701d33479a5bdbdb6bbd57d5394

SHA512
6d4eee5288da257ff9bbe58e4dc2bbed15d6e53cabb2a8bfe49f44a47734571e8ea35a3a12ff4672ba320550b9f984d78a0e5c4af31035d7fcc0c7fd513e6f61

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\cryptography\hazmat\bindings\_rust.pyd

Filesize
6.9MB

MD5
7072c434ab64b6c382593881f5d63136

SHA1
065038ee2daa039ce38979b6755435dbf575328b

SHA256
3d3929a714160be56cce3dfb83393a01c5d1a185cddfac83a51cbaab7b315056

SHA512
dea5708aecc5d9d399bb8c3f278466253d8a32c0e9bfa198737e4317800ccc6a49ee17f074835409e61651b95809d595a37dcf5e2972314d16a33539f6ced931

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\libcrypto-1_1.dll

Filesize
3.2MB

MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\libssl-1_1.dll

Filesize
674KB

MD5
50bcfb04328fec1a22c31c0e39286470

SHA1
3a1b78faf34125c7b8d684419fa715c367db3daa

SHA256
fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

SHA512
370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\nacl\_sodium.pyd

Filesize
340KB

MD5
9d1b8bad0e17e63b9d8e441cdc15baee

SHA1
0c5a62135b072d1951a9d6806b9eff7aa9c897a3

SHA256
d733c23c6a4b21625a4ff07f6562ba882bcbdb0f50826269419d8de0574f88cd

SHA512
49e7f6ab825d5047421641ed4618ff6cb2a8d22a8a4ae1bd8f2deefe7987d80c8e0acc72b950d02214f7b41dc4a42df73a7f5742ebc96670d1c5a28c47b97355

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\pyexpat.pyd

Filesize
187KB

MD5
2ae23047648257afa90d0ca96811979f

SHA1
0833cf7ccae477faa4656c74d593d0f59844cadd

SHA256
5caf51f12406bdb980db1361fab79c51be8cac0a2a0071a083adf4d84f423e95

SHA512
13052eb183bb7eb8bb2740ff39f63805b69e920f2e21b482657a9995aa002579a88296b81ec415942511d2ed146689d1868b446f7e698e72da22f5c182706030

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\python3.dll

Filesize
58KB

MD5
c9f0b55fce50c904dff9276014cef6d8

SHA1
9f9ae27df619b695827a5af29414b592fc584e43

SHA256
074b06ae1d0a0b5c26f0ce097c91e2f24a5d38b279849115495fc40c6c10117e

SHA512
8dd188003d8419a25de7fbb37b29a4bc57a6fd93f2d79b5327ad2897d4ae626d7427f4e6ac84463c158bcb18b6c1e02e83ed49f347389252477bbeeb864ac799

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\python38.dll

Filesize
4.0MB

MD5
26ba25d468a778d37f1a24f4514d9814

SHA1
b64fe169690557656ede3ae50d3c5a197fea6013

SHA256
2f3e368f5bcc1dda5e951682008a509751e6395f7328fd0f02c4e1a11f67c128

SHA512
80471bfeeab279ce4adfb9ee1962597fb8e1886b861e31bdff1e3aa0df06d93afeb3a3398e9519bab7152d4bd7d88fa9b328a2d7eb50a91eb60fead268912080

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\select.pyd

Filesize
27KB

MD5
e21cff76db11c1066fd96af86332b640

SHA1
e78ef7075c479b1d218132d89bf4bec13d54c06a

SHA256
fcc2e09a2355a5546922874fb4cac92ee00a33c0ed6adbc440d128d1e9f4ec28

SHA512
e86dba2326ca5ea3f5ef3af2abd3c23d5b29b6211acc865b6be5a51d5c8850b7cda8c069e6f631ac62f2047224c4b675bbe6ac97c7ba781de5b8016ebaffd46f

Download Submit
C:\Users\Admin\AppData\Local\NmsSpt.exe\_MEI47242\unicodedata.pyd

Filesize
1.0MB

MD5
601aee84e12b87ca66826dfc7ca57231

SHA1
3a7812433ca7d443d4494446a9ced24b6774ceca

SHA256
d8091e62c74e1b2b648086f778c3c41ce01f09661a75ea207d3fea2cf26a8762

SHA512
7c2d64623c6cfd66d6729f59909c90aa944e810ff6514c58b2b3142ee90e8660b7ddf7fa187389dd333e47efe8b19e935dd4e9119c15375b69b4880d043877d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NRG40.tmp\nmsspt-1.1.0-win.amd64.setup.tmp

Filesize
3.0MB

MD5
84c8b7f351988136ef0335ee8dbd88d6

SHA1
c768b4a0d466bf741de538952a836b9bc50795df

SHA256
b6633f234d1d15fd74c3245a50d617202581e43ee327b20b66d886af5bcf645e

SHA512
613343fe765d97eab96a285284469f5302a41903773e1d5097a20207b767092adf9841189c65a1ba206bae7c29824be6514f63a86817d71ec7bc366956ff7c70

Download Submit
memory/2944-36-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/2944-11-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/2944-9-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/2944-12-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/2944-6-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/2944-40-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/4240-41-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4240-8-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4240-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download