1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe
Size

176KB
MD5

401e8a990286a11259321ecbf63b09bd
SHA1

f8fc744fa28f1e35f138ac39f3ae3638635f7e4a
SHA256

1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5
SHA512

505bfa7147e982068ba29d91bcc8e00c5024bd48e801f93fa0860d849ab7a3a60da8b08ff4786e0099a2103b5f29dc57f4fcc06087be1cf6192998f29497a041
SSDEEP

3072:CftffjmNzzQpgLQHVdLoSewS7fRlDvggtJ6xYlcv9Wielt5WWD/3FMo+S8ovOGaL:SVfjmNzzIB0ZqNv

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3036	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
3016	Logo1_.exe
2416	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe

Loads dropped DLL 5 IoCs

pid	Process
3036	cmd.exe
3036	cmd.exe
328	dw20.exe
328	dw20.exe
328	dw20.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\pa\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1049\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\Accessories\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\browser\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\vi\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EVRGREEN\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\misc.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pl\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\PROOF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\EDGE\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\TableTextService\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\skins\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Templates\1033\Access\WSS\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Synchronization Services\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\BrightYellow\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Mail\de-DE\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe
File created	C:\Windows\Logo1_.exe	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3016	Logo1_.exe
3016	Logo1_.exe
3016	Logo1_.exe
3016	Logo1_.exe
3016	Logo1_.exe
3016	Logo1_.exe
3016	Logo1_.exe
3016	Logo1_.exe
3016	Logo1_.exe
3016	Logo1_.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 3036	2868	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	28
PID 2868 wrote to memory of 3036	2868	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	28
PID 2868 wrote to memory of 3036	2868	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	28
PID 2868 wrote to memory of 3036	2868	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	28
PID 2868 wrote to memory of 3016	2868	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	29
PID 2868 wrote to memory of 3016	2868	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	29
PID 2868 wrote to memory of 3016	2868	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	29
PID 2868 wrote to memory of 3016	2868	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	29
PID 3016 wrote to memory of 2660	3016	Logo1_.exe	31
PID 3016 wrote to memory of 2660	3016	Logo1_.exe	31
PID 3016 wrote to memory of 2660	3016	Logo1_.exe	31
PID 3016 wrote to memory of 2660	3016	Logo1_.exe	31
PID 2660 wrote to memory of 2588	2660	net.exe	33
PID 2660 wrote to memory of 2588	2660	net.exe	33
PID 2660 wrote to memory of 2588	2660	net.exe	33
PID 2660 wrote to memory of 2588	2660	net.exe	33
PID 3036 wrote to memory of 2416	3036	cmd.exe	34
PID 3036 wrote to memory of 2416	3036	cmd.exe	34
PID 3036 wrote to memory of 2416	3036	cmd.exe	34
PID 3036 wrote to memory of 2416	3036	cmd.exe	34
PID 2416 wrote to memory of 328	2416	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	35
PID 2416 wrote to memory of 328	2416	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	35
PID 2416 wrote to memory of 328	2416	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	35
PID 2416 wrote to memory of 328	2416	1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe	35
PID 3016 wrote to memory of 1192	3016	Logo1_.exe	21
PID 3016 wrote to memory of 1192	3016	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1192
- C:\Users\Admin\AppData\Local\Temp\1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe
  "C:\Users\Admin\AppData\Local\Temp\1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a77BF.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe
      "C:\Users\Admin\AppData\Local\Temp\1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2416
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
        
        dw20.exe -x -s 1084
        5⤵
        Loads dropped DLL
        
        PID:328
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3016
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
33be0187f1e633adbe0c5ae9ad53c7a9

SHA1
fd306ea070094d58e75a29b6066d3f4ed84edf59

SHA256
ea29b7e76640bdb1fa6a67be00730246a1e9d8d7626c57555ecc1509ef669f5f

SHA512
ae2b8cb4c835657e3af39a46cbc5de310f498703c19c9dd925403a63c6e0351d54bfefe1da87de7d4bacbf49878986758c7b51b70c80b9832081af4a4844d515

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_F83C7CE432EB2A0104CE0F63B9A54C4E

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a77BF.bat

Filesize
722B

MD5
e09ce876deaee0d37999669916213461

SHA1
098e244ec3137cca65bf02ed581cb6c793ee5a22

SHA256
c9a5b83122ad2d61fa1869adbb1b79b4d2d404c12908506a8415c4f6042eb08c

SHA512
8bda44ca3e7aee42416ed07321dcc28b7e093ae4a720f7156ccfaaf3a4d8e298b8fbab91c2cb2a73aed59f594249d7ecd658fbccef21721d4b54de91570bebc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\1abbb3947ae01ad0babb9ae82b5875f976c8df1da25d14838a31e285c0aa07f5.exe.exe

Filesize
149KB

MD5
ac103c73e45cbc6dd14e41e1e709def6

SHA1
e729ff31404ddaeb5ce6da5f0999626031f8738c

SHA256
2e71a66d3b9f0e520d344ee2f9500fa43598de6a1964facbc994f3b1b3a9af08

SHA512
4f7793d3eea2ccea2a2e41760b1202686c45c68cf5c93a65dd9b6638096eb8a8d1d05ea7ac394e1248241313105c58150dbb0058d4ce38ae49c4ec1a8a0ec868

Download Submit
C:\Windows\Logo1_.exe

Filesize
26KB

MD5
2d1828590bf5c5a319a997cb08b9bb77

SHA1
ba869be4bf8ed88f35a57796f51a8cad6460dcdf

SHA256
f18e2ef8f2c1a498f3f19f74b6e68b2c34fcb1c6ffc076374442ea99c975b259

SHA512
9cc414143383061bfd54dcc4675dc06976d0ea0411d8ade40dcc4c60ecddc75ca3e0fb68193bd88aba2010eda8e1dadd4f8f6208cfcdf2a5e5bdebbb435b9549

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\_desktop.ini

Filesize
9B

MD5
4d28283e4d415600ffc2f8fda6d8c91e

SHA1
053dcb8d5d84b75459bc82d8740ee4684d680016

SHA256
b855effeaf01610130d3f38de35bc7f98bfc6643d98d4198af18534f048e8df7

SHA512
73a758cd5e5ac48d62dd89719be604214895e0cc9a10ff7464a6cf9161a37fd27d15dd2d2565f18198b381ac6442bcb36f38614df7b1176061a83616517a7edb

Download Submit
memory/1192-55-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2416-66-0x00000000747A0000-0x0000000074D4B000-memory.dmp

Filesize
5.7MB

Download
memory/2416-30-0x00000000747A0000-0x0000000074D4B000-memory.dmp

Filesize
5.7MB

Download
memory/2416-31-0x00000000747A0000-0x0000000074D4B000-memory.dmp

Filesize
5.7MB

Download
memory/2416-29-0x00000000747A1000-0x00000000747A2000-memory.dmp

Filesize
4KB

Download
memory/2868-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2868-16-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3016-58-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3016-72-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3016-118-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3016-124-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3016-707-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3016-1877-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3016-65-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3016-3337-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3016-18-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download