1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c

Analysis

max time kernel
149s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 02:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe
Size

66KB
MD5

3264faa47240c1e10b2aeb7e66c430fe
SHA1

ba505d5a242c50cff6681aad0bf0d99c27f57a26
SHA256

1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c
SHA512

1332d768b6c79cec221f3ef372e1e4b02bff3d3e507a40a55ea184841133477c8ed2783916c7bee95503d005f58cf41c4bb7836d2f67ba2a7032fe9033081473
SSDEEP

1536:pmyEO3SHuJV9NBriw+d9bHrkT5gUHz7FxtJ:pmyEOkuJVLBrBkfkT5xHzD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2456	Logo1_.exe
1816	1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\da-dk\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\meta\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_split.scale-100_8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nb-no\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre8\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lo\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\MicrosoftEdgeUpdate.exe	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsPowerShell\Modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_2019.904.1644.0_neutral_~_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ko-kr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ro-ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\ml-IN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\nb-no\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\SmartSelect\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ca-es\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\it\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ca-es\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\uk-UA\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\sl-si\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ar-ae\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nl-nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\en-il\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lt\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\loc_archives\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\sr-cyrl-cs\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\lt-LT\View3d\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\ja-jp\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk-1.8\lib\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\he-il\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\en-US\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe
File created	C:\Windows\Logo1_.exe	1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe
2456	Logo1_.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 556	1556	1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe	80
PID 1556 wrote to memory of 556	1556	1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe	80
PID 1556 wrote to memory of 556	1556	1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe	80
PID 1556 wrote to memory of 2456	1556	1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe	81
PID 1556 wrote to memory of 2456	1556	1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe	81
PID 1556 wrote to memory of 2456	1556	1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe	81
PID 2456 wrote to memory of 4552	2456	Logo1_.exe	82
PID 2456 wrote to memory of 4552	2456	Logo1_.exe	82
PID 2456 wrote to memory of 4552	2456	Logo1_.exe	82
PID 4552 wrote to memory of 5060	4552	net.exe	85
PID 4552 wrote to memory of 5060	4552	net.exe	85
PID 4552 wrote to memory of 5060	4552	net.exe	85
PID 556 wrote to memory of 1816	556	cmd.exe	86
PID 556 wrote to memory of 1816	556	cmd.exe	86
PID 2456 wrote to memory of 3596	2456	Logo1_.exe	56
PID 2456 wrote to memory of 3596	2456	Logo1_.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3596
- C:\Users\Admin\AppData\Local\Temp\1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe
  "C:\Users\Admin\AppData\Local\Temp\1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a53AE.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe
      "C:\Users\Admin\AppData\Local\Temp\1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe"
      4⤵
      Executes dropped EXE
      PID:1816
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4552
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.exe

Filesize
573KB

MD5
f997c69bd7f4443d14cd3e39fe7c3138

SHA1
7e706b5c161508bfafb1a8de0a05a405927f682e

SHA256
2d4cba314c6f75f31427323901c5b807f4613a2017e334eea68b9657fbe4370a

SHA512
a94e9751d5faf393136ba892bc20413ba286aadf5f6d07fc6da208a810da6c1ef2a5c3594c96360ff13266e599f3237b1f1df28dbf40590541b2e83ed46e00e9

Download Submit
C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

Filesize
639KB

MD5
8c24f57e8169cb30b43a16a13aad3e15

SHA1
d3d0c15c85d32f552f5f4eff910667046d886596

SHA256
ad49a43e57cff5d23ed2e5467974579f711015fa6fd80196991e873a94f37801

SHA512
28a856a62a7cd6af5fd50811421a665bb7fe2c1d41bc2675de6cdbc4b33d2b308e568d27daf7f738923bdb6f812bd1f2db7eeccb629fe2ffe56921655093a645

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a53AE.bat

Filesize
722B

MD5
b396a1dc4fd7d7acdf62fe3f4ca16380

SHA1
49e5c88cc401f2750a5b263862d6c817edcdcbec

SHA256
17704b408fd9f7b8addfa3061b563ccff57d3a4ee0d195c6b5f9b00e57b8f421

SHA512
fe98df7cca94b5f1a00a58ffc94a4cdf409c7638953b26b3491e39d4abc553031b02127649f86da018bbfb5b4fd15eb188a0f2498ac30dd105c0e35efe07dfcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\1fe3e6deebd78029dac704c455ac6c80ec4ae3b0589313d12c4592e729f3db0c.exe.exe

Filesize
36KB

MD5
9f498971cbe636662f3d210747d619e1

SHA1
44b8e2732fa1e2f204fc70eaa1cb406616250085

SHA256
8adf6748981c3e7b62f5dbca992be6675574fffbce7673743f2d7fe787d56a41

SHA512
b73083c2f7b028d2946cb8f7b4fe2289fedaa4175364a2aac37db0aeff4602aede772ccc9eba7e6dcfcb7276e52604ca45d8021952201b5834485b48bca3dc93

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
2236c190c6eefa4f9989253ccd774f23

SHA1
b6b9ed304b1e97fd0603babb56630b579a19ce1b

SHA256
fe84771a73ad3c7ff5219a169fb089e31af2f491a4ba3a573a62f6ea57eb41be

SHA512
804c6b1458c038dbbe809775d22df84cc1bc52eead5a083887c4d426edb2a214d1d518405f99ca88cd3c58043998d8a0d5735fee884aeee98cd5cfd79b1aa976

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2539840389-1261165778-1087677076-1000\_desktop.ini

Filesize
8B

MD5
d970a2bfcaa076939c06270d1a48dec8

SHA1
7a558f4d64c3e98bcfd2af83f28e6fbd207a39e1

SHA256
bdc6872f9a0a011a670907f0fedad9b88e283c5af545cf9f6bd73c3709967d44

SHA512
ea4c16930628455852ce343f8ae248b6df869b8da10b10928ebb802129f73d9761971811de317c7d3121b815340027782ec15d385d1d2d7df8fd0a46b62974c2

Download Submit
memory/1556-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1556-12-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2456-27-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2456-33-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2456-37-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2456-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2456-1231-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2456-4787-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2456-13-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2456-5226-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download