863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045

Analysis

max time kernel
149s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe
Size

27KB
MD5

0ef8be9c4880f1bcbb844f5b70c8b016
SHA1

e86003f9fd1aba6a476a7d9aa3123d9d889b62b1
SHA256

863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045
SHA512

96808066e59b5cf23fe96542032236b341830947dd5046ab487432059a88fbac8f5e745eb45d9018a21eeb21330c557602e6ecae5da93f53ec154805dd526c84
SSDEEP

768:pm31ODKAaDMG8H92RwZNQSwcfymNBg+g61GoL:pmlfgLdQAQfcfymN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3220	Logo1_.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-black\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\de-de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ru-ru\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\misc\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\Install\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Uninstall Information\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Speech\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\pl-pl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\it-it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\zh-cn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\eo\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactNative\Tracing\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\tr-tr\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\de\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tt\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Extensions\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pl-pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\de-de\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\es-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ca-ES\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe
File created	C:\Windows\Logo1_.exe	863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe
3220	Logo1_.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 3828	3360	863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe	84
PID 3360 wrote to memory of 3828	3360	863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe	84
PID 3360 wrote to memory of 3828	3360	863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe	84
PID 3360 wrote to memory of 3220	3360	863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe	85
PID 3360 wrote to memory of 3220	3360	863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe	85
PID 3360 wrote to memory of 3220	3360	863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe	85
PID 3220 wrote to memory of 1376	3220	Logo1_.exe	86
PID 3220 wrote to memory of 1376	3220	Logo1_.exe	86
PID 3220 wrote to memory of 1376	3220	Logo1_.exe	86
PID 1376 wrote to memory of 1116	1376	net.exe	89
PID 1376 wrote to memory of 1116	1376	net.exe	89
PID 1376 wrote to memory of 1116	1376	net.exe	89
PID 3220 wrote to memory of 3340	3220	Logo1_.exe	57
PID 3220 wrote to memory of 3340	3220	Logo1_.exe	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3340
- C:\Users\Admin\AppData\Local\Temp\863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe
  "C:\Users\Admin\AppData\Local\Temp\863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3360
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a3642.bat
    3⤵
    PID:3828
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3220
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1376
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:1116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
9ab1db7dabb16cd716c50906ab861f9b

SHA1
013b7ccc09009a77cc61a72f5aa1f386cbff4aab

SHA256
4f49c9c5948d2594c93a203c9f8cd3953b48b23579b72937222840ac71d027b6

SHA512
72d45e988e6410b467aa65d4dff4f335221303e11e6db123c10bed962a2bd159be21861f89b159f2fd4da147f9ca25bd9116876553082386e23b82dc20838a52

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
570KB

MD5
98261e678855243f25b4309f2475f6a2

SHA1
62502ee1ecf4ad9e4195cb5e6dfecb0c13284549

SHA256
79fb30570bafd1f8e4d20c44c0938b0611bcd750e9608aaadcb1fd3307b3fdfe

SHA512
df06a6cdb0b77ca688d7123e9c5e1b9f6a27061b0d8b30f2c82f5024465d067bd9ca61a36319fd255e812000dd3016a21b3f6283eb6638a35166f646c9bfb126

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
636KB

MD5
6cf165502a215ab4350d88910a9f8e37

SHA1
c601564135e9ac9d4597d4155ba9e342047f42cb

SHA256
2324bfe2065509b9c05ab9e694908a46db1016ff7073f83e06ad52b22262a655

SHA512
e18461dfe6d2ce9b25f96531286d6430c50e3d9d5279cc6c48c666ddbe641b8d89e785404911cc9edf70221b2753ffadb0c7de29578015554b6e6bd4ed175bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a3642.bat

Filesize
722B

MD5
03c8e0c40ead82d3fdcf86786c95b4e4

SHA1
aef757f6edf38be019524ab8a2b94f0c0adbcfc4

SHA256
88705429c51de110e9e2a9408b864fbf5a53393cc5bcba931d7c2f67beda174d

SHA512
a33f06795008e202428061cf201a84ff10ac50049a231b23bd5e8d23fe4466448d42e235b73ebe743de51125e5c64503a887387c4a479b9b2930937b9e9d8393

Download Submit
C:\Users\Admin\AppData\Local\Temp\863540861260956ec6b96769a7acf854d4242caa70220b3175365d8ed22d7045.exe.exe

Filesize
544B

MD5
e8956547dc8a032556475e5922508574

SHA1
f4739558e6f237918b333916c1c89981c10b8c8e

SHA256
f87a2969d8835244f6c007e7f4405abf127c142da4dc71a8fd2b426a2728bb95

SHA512
a9b6ddd028148ab588c54d4eb9abc18f6cbfc0c9813a6fddc68368005afd687f006c2a6645865a5e16af82b4976c456b2593eb35967ae07583cf4e57607e694e

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
4ce72835d52440e39f0547c5de7bd69a

SHA1
35f77a5e5c0be7d3b58cd78fe5194d417e72f8c1

SHA256
61154b48d22a8f73d2f6ec32b00fe898068c85bd27dd6b5ed28f7c887842d651

SHA512
3a5dc4ec443c84f81b6b22dae04b0bcaad3f7d04ee718ee41b150b5476190803cc21831e63e3dc61447f3d070109600e1a72508090049f2d35f9abd54ada5fd0

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-1132431369-515282257-1998160155-1000\_desktop.ini

Filesize
9B

MD5
72b7e38c6ba037d117f32b55c07b1a9c

SHA1
35e2435e512e17ca2be885e17d75913f06b90361

SHA256
e9719e3c653627668046bac84b77097bfb0cd018d68465c17130ed31d6d6eca6

SHA512
2bebd814b81ad2dc547802d42891d833caaad81d004758ec4373f9c7af2971eb822f0a559d2d5d4fca499912fea95e25bab22e92cb0c149d6a4c692eee6ee46a

Download Submit
memory/3220-25-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3220-31-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3220-35-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3220-18-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3220-1225-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3220-4791-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3220-12-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3220-5230-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3360-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3360-11-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download