Overview

overview

10

Static

static

10

b93bd15835...2c.exe

windows7-x64

10

b93bd15835...2c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 01:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b93bd158355c7fb53b409241f3ecbd16f0e65d67dc38765a1352a9b03c595a2c.exe

  • Size

    255KB

  • MD5

    784ca39bd620e09f428f473f68b6b3b0

  • SHA1

    e1d757386b645059e944145b3ac0b6dbfbebb1a5

  • SHA256

    b93bd158355c7fb53b409241f3ecbd16f0e65d67dc38765a1352a9b03c595a2c

  • SHA512

    effbdb85d52cc58f57f2dfd9f86bf7b7823981240db70180b63b36d114019c7a77c8db187a1dd0b8dae50b839b84c2e0a7660b56841f39f9f771d4a7be262831

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJm:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIh

Score
10/10
evasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • UPX dump on OEP (original entry point) 64 IoCs
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 64 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 60 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 13 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b93bd158355c7fb53b409241f3ecbd16f0e65d67dc38765a1352a9b03c595a2c.exe
    "C:\Users\Admin\AppData\Local\Temp\b93bd158355c7fb53b409241f3ecbd16f0e65d67dc38765a1352a9b03c595a2c.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Windows\SysWOW64\gofyeqrsyu.exe
      gofyeqrsyu.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1640
      • C:\Windows\SysWOW64\dmuoiopx.exe
        C:\Windows\system32\dmuoiopx.exe
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3168
    • C:\Windows\SysWOW64\hhhmgyhqvxqnyau.exe
      hhhmgyhqvxqnyau.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1840
    • C:\Windows\SysWOW64\dmuoiopx.exe
      dmuoiopx.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4312
    • C:\Windows\SysWOW64\ifsflfznzgynd.exe
      ifsflfznzgynd.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4624
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:2412

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
          Filesize

          256KB

          MD5

          31703ca3a21f6e2c32af7280b0f03d90

          SHA1

          2e8154949ced1ebd646914f6b3a50bc0043ad0c0

          SHA256

          19803d975edc795896c1c816c6dcfe6c4d8eb79e2ec8be5f26a58320223a84ca

          SHA512

          aeeb64d0ffde44cfa51fc4f800c7f8548401d3845762bd93d5cd7cd3f8678fe79a78c393cccb43ab441980393e26bfe7330d10aad6c3987c93b9109ad0a35342

          Download Submit

        • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
          Filesize

          256KB

          MD5

          d0694c4d6e59bbec704eb8942b6732ca

          SHA1

          7d4290f6cde33fc2a2d1d31d41f3ade37c63df70

          SHA256

          33f31bc5747e2226e5d10af9e56656f7f3549608f55b283ed91aac4802bbd8a8

          SHA512

          90dc115d394dae4335d8b3ff6646068cbe1ab11f1705a62322370434d3daae468818f3b3a90121632cb2f886c6bd961f1ea3a3182fc20288bae64f1a5482fe99

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TCD8651.tmp\gb.xsl
          Filesize

          262KB

          MD5

          51d32ee5bc7ab811041f799652d26e04

          SHA1

          412193006aa3ef19e0a57e16acf86b830993024a

          SHA256

          6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

          SHA512

          5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
          Filesize

          239B

          MD5

          12b138a5a40ffb88d1850866bf2959cd

          SHA1

          57001ba2de61329118440de3e9f8a81074cb28a2

          SHA256

          9def83813762ad0c5f6fdd68707d43b7ccd26633b2123254272180d76bc3faaf

          SHA512

          9f69865a791d09dec41df24d68ad2ab8292d1b5beeca8324ba02feba71a66f1ca4bb44954e760c0037c8db1ac00d71581cab4c77acbc3fb741940b17ccc444eb

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
          Filesize

          3KB

          MD5

          78ab31b9e1a600dc4d7f8f32687ae76f

          SHA1

          4bae0f4a87e44ff525ce8791caf86600777c3491

          SHA256

          a93bbafc605cc7720e8bc9795a914feff65823dd613f1b35d4c3c301e0a8069a

          SHA512

          385fea4848bb48deb3fe185161e32460a8a884e32c980d18ae205a83dbe1689d8a1a18290bf488cd20f784f81d959aa6c75d06b4e501a1c029c0182e968b664f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
          Filesize

          3KB

          MD5

          ddbb640d7423e6c1afa76ea3b49c4807

          SHA1

          6d656f17c690a730930edc83e4c2d4d73f23bcec

          SHA256

          e10832611caef2d8ff229e710868c0609b175dcfee9c48c9e2ec31c5c08181be

          SHA512

          ca9c5a470475d3034481e7ec1aca063efff935836690c4abff5d2912beb82f3d44c5dabf66637a6b82da474cec083ee268603c3ad9d4a347e279c1eab188e133

          Download Submit

        • C:\Windows\SysWOW64\dmuoiopx.exe
          Filesize

          255KB

          MD5

          73c481acf365e9bdd79162bd34096468

          SHA1

          ed9b94931f7931097cb387faa18987c4081be15e

          SHA256

          9a09bbe8420f34465470d6eb582f83a5e8b38f8eaffb44f9701aa318ec5b97ef

          SHA512

          11da7af0cec93b9d13f70ea1e4524b8c189f87ecd0e2b830615559d2cb160cb917fca5a5df37084ed00557d68cb67c26e7920a7fa2a54eb61106ff32d9d56501

          Download Submit

        • C:\Windows\SysWOW64\gofyeqrsyu.exe
          Filesize

          255KB

          MD5

          24a067c65c3f45f6802d77f858a112cb

          SHA1

          43fea49cdde5025c66f8a6689aa073bf7d55a473

          SHA256

          f67ddd5e7b37c497ebda11dedd9c7c2f011873ee66c46468b886dffef124a161

          SHA512

          908ad727662294d4d180d90786f84ca628b0d50337db338999f409464914d15c2bc10a078eecceaae0233f8e6654e8186aba998472b39972cb3fbed02411db5e

          Download Submit

        • C:\Windows\SysWOW64\hhhmgyhqvxqnyau.exe
          Filesize

          255KB

          MD5

          ce666d7edeae4c4eaac8d374ffb1fe1e

          SHA1

          0ef7c6cd49144e5611d82efdfd07dc23d468c758

          SHA256

          c7df6802b4470a93b3aea918fea5962bf7e2496573cf7e0c73d554d4cbe51f26

          SHA512

          17796855592d73f60cf453ae6e0f495bf130e849fc93a5f56dcfa771e793ed8a90384f2915d54136e57974fbab0b07322d85e0c2916f8f4440422fb069351bfd

          Download Submit

        • C:\Windows\SysWOW64\ifsflfznzgynd.exe
          Filesize

          255KB

          MD5

          b13b5d626c3c3623e50b70bb2c4344ff

          SHA1

          f16b5833a0715055490c85863adce2181d64404a

          SHA256

          b5cac0944f6c329d728ba0688a1828edb49ede497c9445e9e4c10950c9e6cac5

          SHA512

          53a5553ea2ffca78e53d21b03617fb5d7f232bc582a52fb450e7d9947b8827a79d5d4d4000ad328c79e8658150de455577228ee5ae01e5829bb1cd6e15d18303

          Download Submit

        • C:\Windows\mydoc.rtf
          Filesize

          223B

          MD5

          06604e5941c126e2e7be02c5cd9f62ec

          SHA1

          4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

          SHA256

          85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

          SHA512

          803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

          Download Submit

        • \??\c:\Users\Admin\Downloads\SkipSuspend.doc.exe
          Filesize

          256KB

          MD5

          076dde90efb129f01cb31becb690923f

          SHA1

          2118c4d06ad0a293389f80f006bd355fa6a92342

          SHA256

          6fa67d8b32ef4e0d8d4f9b1a2d5e1a248d0f763473ed64754653dae1578315b8

          SHA512

          67c037fe169cbd293b0d9431033198446a87a165109d0a82a8fa6b0954eec6670021616ab2b4054c22820918bd5a9c7e56ff39d428970ed32cadd5e555350b3a

          Download Submit

        • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
          Filesize

          256KB

          MD5

          393df446511fec67283ccdc257676753

          SHA1

          71b758a70aee3e2c3b13dc166690043de7d3e30c

          SHA256

          62f676ed593601227d78f4669f1cf0ca2d3512a18723d208d6397a0939122c9f

          SHA512

          67f0dbab08c98cdd4e2f6c1d3fe23697979bb4a5fe6866d102fe8b108da328b8e88f950fd81921e34b051a1d2bd13e387f7b22583832be689ed10da502273bac

          Download Submit

        • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
          Filesize

          256KB

          MD5

          2073349e5671659e2148fbad3d8f0ad9

          SHA1

          076b8eaeeb370e6bc3421ade6ccd365a87139094

          SHA256

          1f1ac23f9748d200108a53b9023f86ed5c7d24241b157bed4881ea7d814f60ec

          SHA512

          214c36e701226da28727bbf19662fcba5da6476b8137609f731c59e150e5be91f8168cfd2bb7489037ab5a258a66b98b3b3faac9f969eade9e03318ad3edfc31

          Download Submit

        • memory/1640-595-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-633-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-642-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-636-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-616-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-105-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-628-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-603-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-85-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-672-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-666-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-639-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-611-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1640-669-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-670-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-673-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-637-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-667-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-86-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-596-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-599-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-607-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-629-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-612-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-643-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-617-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-640-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-634-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/1840-23-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/2412-41-0x00007FFA60030000-0x00007FFA60040000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2412-662-0x00007FFA60030000-0x00007FFA60040000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2412-663-0x00007FFA60030000-0x00007FFA60040000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2412-665-0x00007FFA60030000-0x00007FFA60040000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2412-664-0x00007FFA60030000-0x00007FFA60040000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2412-44-0x00007FFA5D7E0000-0x00007FFA5D7F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2412-43-0x00007FFA5D7E0000-0x00007FFA5D7F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2412-36-0x00007FFA60030000-0x00007FFA60040000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2412-39-0x00007FFA60030000-0x00007FFA60040000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2412-37-0x00007FFA60030000-0x00007FFA60040000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2412-38-0x00007FFA60030000-0x00007FFA60040000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3168-610-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3168-42-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3168-620-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3168-623-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3168-602-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3168-89-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3168-615-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/3168-600-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4036-0-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4036-35-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4312-27-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4312-613-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4312-608-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4312-87-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4312-618-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4312-624-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4312-597-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-641-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-644-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-601-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-598-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-609-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-88-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-32-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-668-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-614-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-638-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-671-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-635-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-619-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-674-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download

        • memory/4624-630-0x0000000000400000-0x00000000004A0000-memory.dmp

          Filesize

          640KB

          Download